From fb2db6e6b1d3b0efad56082514b9a615fe112e11 Mon Sep 17 00:00:00 2001 From: Rob Richards Date: Sat, 9 Dec 2006 10:53:05 +0000 Subject: [PATCH] MFB: fix heap corruption when adding/caching typelib (also fixes bug 39606) add test --- ext/com_dotnet/com_typeinfo.c | 6 +++--- ext/com_dotnet/tests/bug39606.phpt | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 ext/com_dotnet/tests/bug39606.phpt diff --git a/ext/com_dotnet/com_typeinfo.c b/ext/com_dotnet/com_typeinfo.c index 004b6de73b..c4941e03e8 100644 --- a/ext/com_dotnet/com_typeinfo.c +++ b/ext/com_dotnet/com_typeinfo.c @@ -220,8 +220,8 @@ PHPAPI int php_com_import_typelib(ITypeLib *TL, int mode, int codepage TSRMLS_DC /* Type-library stuff */ void php_com_typelibrary_dtor(void *pDest) { - ITypeLib *Lib = (ITypeLib*)pDest; - ITypeLib_Release(Lib); + ITypeLib **Lib = (ITypeLib**)pDest; + ITypeLib_Release(*Lib); } PHPAPI ITypeLib *php_com_load_typelib_via_cache(char *search_string, @@ -249,7 +249,7 @@ PHPAPI ITypeLib *php_com_load_typelib_via_cache(char *search_string, if (TL) { if (SUCCESS == zend_ts_hash_update(&php_com_typelibraries, - search_string, l+1, (void*)TL, sizeof(ITypeLib*), NULL)) { + search_string, l+1, (void*)&TL, sizeof(ITypeLib*), NULL)) { /* add a reference for the hash table */ ITypeLib_AddRef(TL); } diff --git a/ext/com_dotnet/tests/bug39606.phpt b/ext/com_dotnet/tests/bug39606.phpt new file mode 100644 index 0000000000..4487c1d8cb --- /dev/null +++ b/ext/com_dotnet/tests/bug39606.phpt @@ -0,0 +1,22 @@ +--TEST-- +COM: Loading typelib corrupts memory +--SKIPIF-- + +--FILE-- + +===DONE=== +--EXPECT-- +bool(true) +bool(true) +===DONE=== \ No newline at end of file -- 2.50.1