php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23803 disp_invokeex won't work with multiple args.
Submitted: 2003-05-25 14:46 UTC Modified: 2003-08-17 15:23 UTC
From: eddie at omegaware dot com Assigned: wez (profile)
Status: Wont fix Package: COM related
PHP Version: 4.3.3-dev OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2003-05-25 14:46 UTC] eddie at omegaware dot com
dispatch.c line 292 in function
static HRESULT STDMETHODCALLTYPE disp_invokdeex
will not give the expected results..

I found this while writing my own function to use call_user_function_ex to call a function with params.. And was searching through the PHP code to see how it was called elsewhere.. and this function is doing it the same way I was doing it.. which doesn't work..

in line 270 a zval *zarg is allocated. then it is initialized once for each argument.. the argument is assigned to the zarg then the address of the zarg is stored in the **params[] array.
The problem is the *zarg has the same address for each iteration.. so every params[i]=&zarg will assign the same address for every parameter "i". so all the paramters will be the last parameter passed..

a zval ** needs to be allocated instead of a zval *..  so the address is different for each parameter..
since I capped the maximum number of params I just allocate a zval *zarg[4]; but a more dynamic solution would be better.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-25 22:23 UTC] eddie at omegaware dot com
The source code there looks exactly the same as my revision and the code in http://cvs.php.net/co.php/php4/ext/rpc/com/dispatch.c?login=2&r=1.7
I have just observed this problem from auditing the source as I don't use this extension.. I ran my code which was using the same "for loop" structure that the said function uses (initing the same zval for each parameter and assigning it to the **params[] array) and it doens't work there due to the problem that I mentioned..
 [2003-05-26 14:52 UTC] wez@php.net
It's my mess, I'll clean it up
 [2003-08-17 15:23 UTC] iliaa@php.net
The com extension has been completely rewritten in PHP5 and the PHP4 com extension is no longer being maintained. If you find bugs with the com extension in PHP5 please report them.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 11:01:27 2024 UTC