php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64825 Invalid free when unserializing DateTimeZone
Submitted: 2013-05-12 19:26 UTC Modified: 2013-05-12 19:38 UTC
From: ab@php.net Assigned: ab
Status: Closed Package: date_time (PECL)
PHP Version: 5.5Git-2013-05-12 (Git) OS: Windows x64
Private report: No CVE-ID:
 [2013-05-12 19:26 UTC] ab@php.net
Description:
------------
Here's the BT

	msvcr110d.dll!_free_dbg_nolock(void * pUserData, int nBlockUse) Line 
1368	C++
 	msvcr110d.dll!_free_dbg(void * pUserData, int nBlockUse) Line 1265	
C++
 	php5_debug.dll!php_date_timezone_initialize_from_hash(_zval_struct * * 
return_value, _php_timezone_obj * * tzobj, _hashtable * myht) Line 3724	C
 	php5_debug.dll!zim_DateTimeZone___wakeup(int ht, _zval_struct * 
return_value, _zval_struct * * return_value_ptr, _zval_struct * this_ptr, int 
return_value_used) Line 3775	C
 	php5_debug.dll!zend_call_function(_zend_fcall_info * fci, 
_zend_fcall_info_cache * fci_cache) Line 960	C
 	php5_debug.dll!call_user_function_ex(_hashtable * function_table, 
_zval_struct * * object_pp, _zval_struct * function_name, _zval_struct * * 
retval_ptr_ptr, unsigned int param_count, _zval_struct * * * params, int 
no_separation, _hashtable * symbol_table) Line 730	C
 	php5_debug.dll!object_common2(_zval_struct * * rval, const unsigned char 
* * p, const unsigned char * max, php_unserialize_data * * var_hash, long 
elements) Line 400	C
 	php5_debug.dll!php_var_unserialize(_zval_struct * * rval, const unsigned 
char * * p, const unsigned char * max, php_unserialize_data * * var_hash) Line 
776	C
 	php5_debug.dll!zif_unserialize(int ht, _zval_struct * return_value, 
_zval_struct * * return_value_ptr, _zval_struct * this_ptr, int 
return_value_used) Line 967	C
 	php5_debug.dll!zend_do_fcall_common_helper_SPEC(_zend_execute_data * 
execute_data) Line 544	C
 	php5_debug.dll!ZEND_DO_FCALL_SPEC_CONST_HANDLER(_zend_execute_data * 
execute_data) Line 2323	C
 	php5_debug.dll!execute_ex(_zend_execute_data * execute_data) Line 356	
C
 	php5_debug.dll!zend_execute(_zend_op_array * op_array) Line 382	C
 	php5_debug.dll!zend_execute_scripts(int type, _zval_struct * * retval, 
int file_count, ...) Line 1317	C
 	php5_debug.dll!php_execute_script(_zend_file_handle * primary_file) Line 
2479	C

Test script:
---------------
ext\date\tests\DateTimeZone_serialize_type_1.phpt


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-05-12 19:31 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e44849b0f466212f8101e165ce56cf73e8a5bc4c
Log: Fixed bug #64825 Invalid free unserializing DateTimeZone
 [2013-05-12 19:31 UTC] ab@php.net
-Status: Open +Status: Closed
 [2013-05-12 19:38 UTC] ab@php.net
-Assigned To: +Assigned To: ab
 [2013-05-12 19:38 UTC] ab@php.net
that was caused by tricky code, like  char **s; s = malloc(...); *s = some other 
string ...
 [2013-11-17 09:31 UTC] laruence@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e44849b0f466212f8101e165ce56cf73e8a5bc4c
Log: Fixed bug #64825 Invalid free unserializing DateTimeZone
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 16:02:23 2014 UTC