|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2008-06-25 16:57 UTC] mikael at synd dot info
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Mon Apr 29 16:01:31 2024 UTC |
Description: ------------ The function php_mmc_store doesn't check for required parameters, just segfaults. In fact, parameter checking isn't done on some other functions too. PS: I can't select PHP 5.2.6 which I'm using, so that's why I selected 5.2.5. Fix: poison@netlog:/usr/src$ diff -ruN memcache-3.0.1-orig/memcache.c memcache-3.0.1/memcache.c --- memcache-3.0.1-orig/memcache.c 2008-02-05 21:00:12.000000000 +0100 +++ memcache-3.0.1/memcache.c 2008-06-17 02:26:49.000000000 +0200 @@ -380,11 +380,13 @@ long flags = 0, exptime = 0, cas = 0; if (mmc_object == NULL) { + if(ZEND_NUM_ARGS() < 3) WRONG_PARAM_COUNT; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Oz|zlll", &mmc_object, memcache_pool_ce, &keys, &value, &flags, &exptime, &cas) == FAILURE) { return; } } else { + if(ZEND_NUM_ARGS() < 2) WRONG_PARAM_COUNT; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z|zlll", &keys, &value, &flags, &exptime, &cas) == FAILURE) { return; } Reproduce code: --------------- <?php $mc = new Memcache (); if ($mc->addServer ('netlog', 11211, TRUE, 1, 1, 1, TRUE, '__errorCallback') === FALSE) { die ("Unable to connect\n"); } $mc->set ('key'); function __errorCallback ($host, $tcpPort, $udpPort, $error, $errno) { die ("Memcache error '$host' '$tcpPort' '$udpPort' '$error' '$errno'\n"); } ?> Expected result: ---------------- Warning: Wrong parameter count for MemcachePool::set() in /home/jakob/src/testmc2.php on line 9 Actual result: -------------- Segmentation fault