From 662184095182b2b9c23313350d99beda25eb3c39 Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Wed, 21 Jan 2015 06:14:56 +1100 Subject: [PATCH] Fix uninitalized variables reads. See CWE-457 for more info. --- ext/mbstring/mbstring.c | 8 ++++---- ext/reflection/php_reflection.c | 1 + main/main.c | 1 + 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index 7f2209fb12..504a5e697f 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -3891,7 +3891,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t int state = 0; int crlf_state = -1; char *token = NULL; - size_t token_pos; + size_t token_pos = 0; zend_string *fld_name, *fld_val; ps = str; @@ -3917,7 +3917,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t } if (state == 0 || state == 1) { - if(token) { + if(token && token_pos > 0) { fld_name = zend_string_init(token, token_pos, 0); } state = 2; @@ -3983,7 +3983,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t case 3: if (crlf_state == -1) { - if(token) { + if(token && token_pos > 0) { fld_val = zend_string_init(token, token_pos, 0); } @@ -4032,7 +4032,7 @@ out: state = 3; } if (state == 3) { - if(token) { + if(token && token_pos > 0) { fld_val = zend_string_init(token, token_pos, 0); } if (fld_name != NULL && fld_val != NULL) { diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 3f5c7a9062..1f5085cbf0 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -3978,6 +3978,7 @@ static int _adddynproperty(zval *ptr, int num_args, va_list args, zend_hash_key if (zend_get_property_info(ce, hash_key->key, 1) == NULL) { zend_property_info property_info; + property_info.doc_comment = NULL; property_info.flags = ZEND_ACC_IMPLICIT_PUBLIC; property_info.name = hash_key->key; property_info.ce = ce; diff --git a/main/main.c b/main/main.c index 3aef805580..50d0161b4c 100644 --- a/main/main.c +++ b/main/main.c @@ -2255,6 +2255,7 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod zuv.html_errors = 1; zuv.import_use_extension = ".php"; + zuv.import_use_extension_length = (uint)strlen(zuv.import_use_extension); php_startup_auto_globals(); zend_set_utility_values(&zuv); php_startup_sapi_content_types(); -- 2.40.0