php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #62744 dangling pointers made by zend_disable_class
Submitted: 2012-08-04 02:29 UTC Modified: 2012-08-12 02:33 UTC
From: laruence@php.net Assigned: laruence (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3.15 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: laruence@php.net
New email:
PHP Version: OS:

 

 [2012-08-04 02:29 UTC] laruence@php.net
Description:
------------
this bug is found by digging bug #62737

Extensions use zend_register_internal_class to register class, and they often 
preserved the return value and reuse that pointer instead of search in class table 
when that class will be used.

but when user specific disable_classes in php.ini

zend_disable_class will delete the corresponding class entry, then make the 
pointer which is preserved by extension become a wild pointer.

http://lxr.php.net/xref/PHP_5_3/Zend/zend_API.c#2348

Test script:
---------------
similar as #62733

Expected result:
----------------
none

Actual result:
--------------
none

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-08-04 02:37 UTC] laruence@php.net
-Summary: Wild pointers made by zend_disable_class +Summary: dangling pointers made by zend_disable_class
 [2012-08-04 02:41 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)
 [2012-08-04 03:24 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)
 [2012-08-04 03:27 UTC] laruence@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)
 [2012-08-11 20:34 UTC] felipe@php.net
Have it been already fixed?
 [2012-08-11 20:34 UTC] felipe@php.net
-Assigned To: +Assigned To: laruence
 [2012-08-12 02:33 UTC] laruence@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2012-08-12 02:33 UTC] laruence@php.net
-Status: Assigned +Status: Closed
 [2014-10-07 23:23 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)
 [2014-10-07 23:34 UTC] stas@php.net
Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 22:01:28 2024 UTC