From 13842eda375a87543650fbf95ffc64f00f3586fc Mon Sep 17 00:00:00 2001 From: dinosaur Date: Tue, 14 Apr 2020 07:46:34 +0800 Subject: [PATCH] Fixed bug #79468 Close the stream filter resources when removing them from the stream. --- NEWS | 2 ++ ext/standard/tests/filters/bug79468.phpt | 21 +++++++++++++++++++++ main/streams/streams.c | 6 ++++++ 3 files changed, 29 insertions(+) create mode 100644 ext/standard/tests/filters/bug79468.phpt diff --git a/NEWS b/NEWS index 7e551b1d09..a1530faa03 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP NEWS ?? ??? 2020, PHP 7.2.30 - Standard: + . Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter + appended). (dinosaur) . Fixed bug #79330 (shell_exec() silently truncates after a null byte). (stas) . Fixed bug #79465 (OOB Read in urldecode()). (stas) diff --git a/ext/standard/tests/filters/bug79468.phpt b/ext/standard/tests/filters/bug79468.phpt new file mode 100644 index 0000000000..60a848ec01 --- /dev/null +++ b/ext/standard/tests/filters/bug79468.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #79468 SIGSEGV when closing stream handle with a stream filter appended +--SKIPIF-- + +--FILE-- +getMessage()); +} +?> +--EXPECTF-- +Warning: stream_filter_remove(): Invalid resource given, not a stream filter in %s on line %d diff --git a/main/streams/streams.c b/main/streams/streams.c index b504711db3..bf9537d33c 100644 --- a/main/streams/streams.c +++ b/main/streams/streams.c @@ -477,9 +477,15 @@ fprintf(stderr, "stream_free: %s:%p[%s] preserve_handle=%d release_cast=%d remov if (close_options & PHP_STREAM_FREE_RELEASE_STREAM) { while (stream->readfilters.head) { + if (stream->readfilters.head->res != NULL) { + zend_list_close(stream->readfilters.head->res); + } php_stream_filter_remove(stream->readfilters.head, 1); } while (stream->writefilters.head) { + if (stream->writefilters.head->res != NULL) { + zend_list_close(stream->writefilters.head->res); + } php_stream_filter_remove(stream->writefilters.head, 1); } -- 2.40.0