From 5ec88f863ec519052083edc0cfe7e375bb60a473 Mon Sep 17 00:00:00 2001 From: Antony Dovgal Date: Mon, 10 Oct 2005 12:59:47 +0000 Subject: [PATCH] MF51: fix #34810 (mysqli::init() and others use wrong $this pointer without checks) --- ext/mysqli/mysqli_api.c | 2 +- ext/mysqli/mysqli_nonapi.c | 2 +- ext/mysqli/mysqli_warning.c | 4 ++-- ext/mysqli/php_mysqli.h | 2 +- ext/mysqli/tests/bug34810.phpt | 38 ++++++++++++++++++++++++++++++++++ 5 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 ext/mysqli/tests/bug34810.phpt diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 203bbbde7c..1b9a56482d 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1033,7 +1033,7 @@ PHP_FUNCTION(mysqli_init) mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource->ptr = (void *)mysql; - if (!getThis()) { + if (!getThis() || !instanceof_function(Z_OBJCE_P(getThis()), mysqli_link_class_entry TSRMLS_CC)) { MYSQLI_RETURN_RESOURCE(mysqli_resource, mysqli_link_class_entry); } else { ((mysqli_object *) zend_object_store_get_object(getThis() TSRMLS_CC))->ptr = mysqli_resource; diff --git a/ext/mysqli/mysqli_nonapi.c b/ext/mysqli/mysqli_nonapi.c index c5ff87f33d..bef10913a7 100644 --- a/ext/mysqli/mysqli_nonapi.c +++ b/ext/mysqli/mysqli_nonapi.c @@ -112,7 +112,7 @@ PHP_FUNCTION(mysqli_connect) mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource->ptr = (void *)mysql; - if (!object) { + if (!object || !instanceof_function(Z_OBJCE_P(object), mysqli_link_class_entry TSRMLS_CC)) { MYSQLI_RETURN_RESOURCE(mysqli_resource, mysqli_link_class_entry); } else { ((mysqli_object *) zend_object_store_get_object(object TSRMLS_CC))->ptr = mysqli_resource; diff --git a/ext/mysqli/mysqli_warning.c b/ext/mysqli/mysqli_warning.c index 3029d827cf..3ea578f6c7 100644 --- a/ext/mysqli/mysqli_warning.c +++ b/ext/mysqli/mysqli_warning.c @@ -201,8 +201,8 @@ PHP_METHOD(mysqli_warning, __construct) mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource->ptr = mysqli_resource->info = (void *)w; - if (!getThis()) { - MYSQLI_RETURN_RESOURCE(mysqli_resource, mysqli_link_class_entry); + if (!getThis() || !instanceof_function(Z_OBJCE_P(getThis()), mysqli_warning_class_entry TSRMLS_CC)) { + MYSQLI_RETURN_RESOURCE(mysqli_resource, mysqli_warning_class_entry); } else { ((mysqli_object *) zend_object_store_get_object(getThis() TSRMLS_CC))->ptr = mysqli_resource; ((mysqli_object *) zend_object_store_get_object(getThis() TSRMLS_CC))->valid = 1; diff --git a/ext/mysqli/php_mysqli.h b/ext/mysqli/php_mysqli.h index 4298ebf851..5999d12551 100644 --- a/ext/mysqli/php_mysqli.h +++ b/ext/mysqli/php_mysqli.h @@ -191,7 +191,7 @@ PHP_MYSQLI_EXPORT(zend_object_value) mysqli_objects_new(zend_class_entry * TSRML #define MYSQLI_REGISTER_RESOURCE(__ptr, __ce) \ {\ zval *object = getThis();\ - if (!object) {\ + if (!object || !instanceof_function(Z_OBJCE_P(object), mysqli_link_class_entry TSRMLS_CC)) {\ object = return_value;\ Z_TYPE_P(object) = IS_OBJECT;\ (object)->value.obj = mysqli_objects_new(__ce TSRMLS_CC);\ diff --git a/ext/mysqli/tests/bug34810.phpt b/ext/mysqli/tests/bug34810.phpt new file mode 100644 index 0000000000..12d6ce2e9a --- /dev/null +++ b/ext/mysqli/tests/bug34810.phpt @@ -0,0 +1,38 @@ +--TEST-- +bug #34810 (mysqli::init() and others use wrong $this pointer without checks) +--SKIPIF-- + +--FILE-- +query("DROP TABLE IF EXISTS test_warnings"); + $mysql->query("CREATE TABLE test_warnings (a int not null)"); + $mysql->query("INSERT INTO test_warnings VALUES (1),(2),(NULL)"); + var_dump(mysqli_warning::__construct($mysql)); + } +} + +$db = new DbConnection(); +$db->connect(); + +echo "Done\n"; +?> +--EXPECTF-- +object(mysqli)#%d (0) { +} +object(mysqli)#%d (0) { +} +object(mysqli_warning)#%d (0) { +} +Done -- 2.40.0