PHP :: Bug #23803 :: disp_invokeex won't work with multiple args.

Bug #23803	disp_invokeex won't work with multiple args.
Submitted:	2003-05-25 14:46 UTC	Modified:	2003-08-17 15:23 UTC
From:	eddie at omegaware dot com	Assigned:	wez (profile)
Status:	Wont fix	Package:	COM related
PHP Version:	4.3.3-dev	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

[2003-05-25 14:46 UTC] eddie at omegaware dot com

dispatch.c line 292 in function
static HRESULT STDMETHODCALLTYPE disp_invokdeex
will not give the expected results..

I found this while writing my own function to use call_user_function_ex to call a function with params.. And was searching through the PHP code to see how it was called elsewhere.. and this function is doing it the same way I was doing it.. which doesn't work..

in line 270 a zval *zarg is allocated. then it is initialized once for each argument.. the argument is assigned to the zarg then the address of the zarg is stored in the **params[] array.
The problem is the *zarg has the same address for each iteration.. so every params[i]=&zarg will assign the same address for every parameter "i". so all the paramters will be the last parameter passed..

a zval ** needs to be allocated instead of a zval *..  so the address is different for each parameter..
since I capped the maximum number of params I just allocate a zval *zarg[4]; but a more dynamic solution would be better.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2003-05-25 22:00 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

[2003-05-25 22:23 UTC] eddie at omegaware dot com

The source code there looks exactly the same as my revision and the code in http://cvs.php.net/co.php/php4/ext/rpc/com/dispatch.c?login=2&r=1.7
I have just observed this problem from auditing the source as I don't use this extension.. I ran my code which was using the same "for loop" structure that the said function uses (initing the same zval for each parameter and assigning it to the **params[] array) and it doens't work there due to the problem that I mentioned..

[2003-05-26 14:52 UTC] wez@php.net

It's my mess, I'll clean it up

[2003-08-17 15:23 UTC] iliaa@php.net

The com extension has been completely rewritten in PHP5 and the PHP4 com extension is no longer being maintained. If you find bugs with the com extension in PHP5 please report them.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Mon Jun 16 21:01:33 2025 UTC