From 8bee0fbd37c8eee0a17abe4a0afd69ad9ac7105a Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Sat, 10 Oct 2020 14:09:07 +0200 Subject: [PATCH] Fix #80213: imap_mail_compose() segfaults on certain $bodies We have to cater to non-associative arrays where the key may be `NULL`; we just skip these elements. Closes GH-6315. --- NEWS | 3 +++ ext/imap/php_imap.c | 4 ++++ ext/imap/tests/bug80213.phpt | 21 +++++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 ext/imap/tests/bug80213.phpt diff --git a/NEWS b/NEWS index 17a77b3460..eae20bd22d 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ PHP NEWS - Calendar: . Fixed bug #80185 (jdtounix() fails after 2037). (cmb) +- IMAP: + . Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies). (cmb) + - MySQLnd: . Fixed bug #80115 (mysqlnd.debug doesn't recognize absolute paths with slashes). (cmb) diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 5511b2c1c4..8e0cea4ef7 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -3645,6 +3645,7 @@ PHP_FUNCTION(imap_mail_compose) if(Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); @@ -3677,6 +3678,7 @@ PHP_FUNCTION(imap_mail_compose) if (Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); @@ -3745,6 +3747,7 @@ PHP_FUNCTION(imap_mail_compose) if (Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); @@ -3777,6 +3780,7 @@ PHP_FUNCTION(imap_mail_compose) if (Z_TYPE_P(pvalue) == IS_ARRAY) { disp_param = tmp_param = NULL; ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) { + if (key == NULL) continue; disp_param = mail_newbody_parameter(); disp_param->attribute = cpystr(ZSTR_VAL(key)); convert_to_string_ex(disp_data); diff --git a/ext/imap/tests/bug80213.phpt b/ext/imap/tests/bug80213.phpt new file mode 100644 index 0000000000..9a7961df77 --- /dev/null +++ b/ext/imap/tests/bug80213.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #80213 (imap_mail_compose() segfaults on certain $bodies) +--SKIPIF-- + +--FILE-- + ['param'], + 'disposition' => ['disp'], +], [ + 'type.parameters' => ['param'], + 'disposition' => ['disp'], +]]; +imap_mail_compose($envelope, $body); +echo "done\n"; +?> +--EXPECT-- +done -- 2.40.0