|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2004-07-27 04:02 UTC] wez@php.net
[2004-07-27 04:40 UTC] wez@php.net
[2004-07-28 00:20 UTC] wez@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 13:01:29 2024 UTC |
Description: ------------ Trying to echo a COM object results in crash. When zend_call_function() is called to lookup "__tostring" in a COM object, it calls into com_method_get(). In turn this calls ITypeComp_Bind to lookup the method. If the method is not found the result is DESCKIND_NONE, but the switch(kind) statement isn't testing for this. As a result com_method_get() returns a zend_internal_function with an invalid handler. The handler is called and PHP crashes. I came up with this possible code as the response to a DESCKIND_NONE: case DESCKIND_NONE: ITypeComp_Release(comp); efree(olename); return NULL; but I'm not too confident about it. It does stop the crash in my test case, but there may be a better solution. Reproduce code: --------------- $c = new COM("ADODB.Connection"); echo $c; Expected result: ---------------- Either error on trying to echo object with no __toString() method, or nothing. Actual result: -------------- The instruction at "0x00e5c208" referenced memory at "0x0000000". The memory could not be "written".