From: Rob Richards Date: Sat, 9 Dec 2006 10:53:05 +0000 (+0000) Subject: MFB: fix heap corruption when adding/caching typelib (also fixes bug 39606) X-Git-Tag: RELEASE_1_0_0RC1~746 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fb2db6e6b1d3b0efad56082514b9a615fe112e11;p=php MFB: fix heap corruption when adding/caching typelib (also fixes bug 39606) add test --- diff --git a/ext/com_dotnet/com_typeinfo.c b/ext/com_dotnet/com_typeinfo.c index 004b6de73b..c4941e03e8 100644 --- a/ext/com_dotnet/com_typeinfo.c +++ b/ext/com_dotnet/com_typeinfo.c @@ -220,8 +220,8 @@ PHPAPI int php_com_import_typelib(ITypeLib *TL, int mode, int codepage TSRMLS_DC /* Type-library stuff */ void php_com_typelibrary_dtor(void *pDest) { - ITypeLib *Lib = (ITypeLib*)pDest; - ITypeLib_Release(Lib); + ITypeLib **Lib = (ITypeLib**)pDest; + ITypeLib_Release(*Lib); } PHPAPI ITypeLib *php_com_load_typelib_via_cache(char *search_string, @@ -249,7 +249,7 @@ PHPAPI ITypeLib *php_com_load_typelib_via_cache(char *search_string, if (TL) { if (SUCCESS == zend_ts_hash_update(&php_com_typelibraries, - search_string, l+1, (void*)TL, sizeof(ITypeLib*), NULL)) { + search_string, l+1, (void*)&TL, sizeof(ITypeLib*), NULL)) { /* add a reference for the hash table */ ITypeLib_AddRef(TL); } diff --git a/ext/com_dotnet/tests/bug39606.phpt b/ext/com_dotnet/tests/bug39606.phpt new file mode 100644 index 0000000000..4487c1d8cb --- /dev/null +++ b/ext/com_dotnet/tests/bug39606.phpt @@ -0,0 +1,22 @@ +--TEST-- +COM: Loading typelib corrupts memory +--SKIPIF-- + +--FILE-- + +===DONE=== +--EXPECT-- +bool(true) +bool(true) +===DONE=== \ No newline at end of file