php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #71752 Several places in Zend code where invalid pointers can be dereferenced
Submitted: 2016-03-09 11:25 UTC Modified: 2018-11-23 09:22 UTC
From: dragondreamer at live dot com Assigned:
Status: Closed Package: *General Issues
PHP Version: 7.0.4 OS:
Private report: No CVE-ID: None
 [2016-03-09 11:25 UTC] dragondreamer at live dot com
Description:
------------
There're several places in Zend code where invalid (zero) pointers can be dereferenced.


1. zend_execute_API.c, zend_call_function function:

if (error) {
	zend_error(E_WARNING, "Invalid callback %s, %s", ZSTR_VAL(callable_name), error); // <-- Access to callable_name->val
	efree(error);
}
if (callable_name) { // <-- later check if callable_name is not NULL
	zend_string_release(callable_name);
}



2. zend_execute_API.c, zend_call_function function (again):

if (func->common.fn_flags & ZEND_ACC_ABSTRACT) {
	zend_throw_error(NULL, "Cannot call abstract method %s::%s()", ZSTR_VAL(func->common.scope->name), ZSTR_VAL(func->common.function_name)); // <-- Access to func->common.scope->name
	return FAILURE;
}
if (func->common.fn_flags & ZEND_ACC_DEPRECATED) {
	zend_error(E_DEPRECATED, "Function %s%s%s() is deprecated",
		func->common.scope ? ZSTR_VAL(func->common.scope->name) : "", // <-- Later check if func->common.scope is not NULL
		func->common.scope ? "::" : "",
		ZSTR_VAL(func->common.function_name));
}



3. zend_virtual_cwd.c, realpath_cache_key function:

const char *e = bucket_key + strlen(bucket_key); // <-- Access to bucket_key buffer

if (!bucket_key) { // <-- Later check if bucket_key is not NULL
	return 0;
}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-03-10 07:03 UTC] laruence@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7d5f71b0b125c89211e5a2a6d925deba938abd41
Log: tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752)
 [2016-03-10 07:03 UTC] laruence@php.net
-Status: Open +Status: Closed
 [2016-03-10 08:36 UTC] ab@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=67f0770036f866f6f0dadc044cdc8f94a5b9f030
Log: tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752)
 [2016-07-20 11:33 UTC] davey@php.net
Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7d5f71b0b125c89211e5a2a6d925deba938abd41
Log: tsrm_win32_get_path_sid_key might returns NULL (Partially fix bug #71752)
 [2018-11-23 09:22 UTC] dragondreamer at live dot com
-: temp at temp dot ru +: dragondreamer at live dot com
 [2018-11-23 09:22 UTC] dragondreamer at live dot com
Edit e-mail address
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 15:01:28 2024 UTC