|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-10-10 17:38 UTC] iliaa@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Thu Oct 30 22:00:01 2025 UTC |
Description: ------------ I reported this bug a few weeks ago (#37975), but it's still not been assigned, despite having added a fix to the report. IDispatch_Invoke (ext\com_dotnet\com_com.c:346) is passed an uninitialized EXCEPINFO structure. If an exception occurs, as part of the exception handling process (wbemdisp!SetException), the string parameters of the EXCEPINFO structure are checked, and if they are non-zero, SysFreeString is called on the parameter. Since the passed EXCEPINFO structure is uninitialized the pointers are invalid and an access violation results. To fix this bug, the EXCEPINFO structure needs to be zeroed before IDispatch_Invoke is called. Reproduce code: --------------- Whilst this bug could presumably occur at any time due to the "random" nature of the data that may be contained in the uninitialized structure, the following code causes an exception on every execution: $wmiLocator = new COM("WbemScripting.SWbemLocator"); $wmi = $wmiLocator->ConnectServer(".","root/MicrosoftDNS"); $a_rr = $wmi->Get("MicrosoftDNS_AType"); $a_rr->CreateInstanceFromTextRepresentation("","example.com","[*already existent domain name*] IN A 127.0.0.1"); Expected result: ---------------- The final call should result in a "Generic Failure" com_exception. Actual result: -------------- PHP crashes with an access violation.