PHP :: Bug #62744 :: dangling pointers made by zend_disable

Bug #62744	dangling pointers made by zend_disable_class
Submitted:	2012-08-04 02:29 UTC	Modified:	2012-08-12 02:33 UTC
From:	laruence@php.net	Assigned:	laruence (profile)
Status:	Closed	Package:	Scripting Engine problem
PHP Version:	5.3.15	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

[2012-08-04 02:29 UTC] laruence@php.net

Description:
------------
this bug is found by digging bug #62737

Extensions use zend_register_internal_class to register class, and they often 
preserved the return value and reuse that pointer instead of search in class table 
when that class will be used.

but when user specific disable_classes in php.ini

zend_disable_class will delete the corresponding class entry, then make the 
pointer which is preserved by extension become a wild pointer.

http://lxr.php.net/xref/PHP_5_3/Zend/zend_API.c#2348

Test script:
---------------
similar as #62733

Expected result:
----------------
none

Actual result:
--------------
none

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-08-04 02:37 UTC] laruence@php.net

-Summary: Wild pointers made by zend_disable_class +Summary: dangling pointers made by zend_disable_class

[2012-08-04 02:41 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)

[2012-08-04 03:24 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)

[2012-08-04 03:27 UTC] laruence@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)

[2012-08-11 20:34 UTC] felipe@php.net

Have it been already fixed?

[2012-08-11 20:34 UTC] felipe@php.net

-Assigned To: +Assigned To: laruence

[2012-08-12 02:33 UTC] laruence@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2012-08-12 02:33 UTC] laruence@php.net

-Status: Assigned +Status: Closed

[2014-10-07 23:23 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)

[2014-10-07 23:34 UTC] stas@php.net

Automatic comment on behalf of laruence
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=03a1fcabf31210d3f304bfacf5096ce43c2b8f93
Log: Fixed bug #62744 (dangling pointers made by zend_disable_class)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 22:01:28 2024 UTC