diff options
| author | Stanislav Malyshev <stas@php.net> | 2014-03-17 01:17:09 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2014-03-17 01:19:02 -0700 |
| commit | 66bf216c66b36c3a5379368747f21470b4dd3d27 (patch) | |
| tree | b2491c0e48ca5e2c113599f81daf529552c06da5 | |
| parent | 80fa2ff646f804951a72a580976d09ca28a98444 (diff) | |
| download | php-git-66bf216c66b36c3a5379368747f21470b4dd3d27.tar.gz | |
Fix bug #66873: check if obj->src is set
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | ext/intl/converter/converter.c | 22 | ||||
| -rw-r--r-- | ext/intl/tests/uconverter_bug66873.phpt | 11 |
3 files changed, 32 insertions, 7 deletions
@@ -29,11 +29,15 @@ PHP NEWS . hash_pbkdf2() now works correctly if the $length argument is not specified. (Nikita) +- Intl: + . Fixed bug #66873 (A reproductible crash in UConverter when given invalid + encoding) (Stas) + - Mail: . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) - MySQLi: - . Fixed bug #66762i (Segfault in mysqli_stmt::bind_result() when link closed) + . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi) - OPCache diff --git a/ext/intl/converter/converter.c b/ext/intl/converter/converter.c index 5f2d1e7fa7..a3381bf78e 100644 --- a/ext/intl/converter/converter.c +++ b/ext/intl/converter/converter.c @@ -57,6 +57,8 @@ static inline void php_converter_throw_failure(php_converter_object *objval, UEr /* {{{ php_converter_default_callback */ static void php_converter_default_callback(zval *return_value, zval *zobj, long reason, zval *error TSRMLS_DC) { + zval_dtor(error); + ZVAL_LONG(error, U_ZERO_ERROR); /* Basic functionality so children can call parent::toUCallback() */ switch (reason) { case UCNV_UNASSIGNED: @@ -66,7 +68,16 @@ static void php_converter_default_callback(zval *return_value, zval *zobj, long php_converter_object *objval = (php_converter_object*)CONV_GET(zobj); char chars[127]; int8_t chars_len = sizeof(chars); - UErrorCode error = U_ZERO_ERROR; + UErrorCode uerror = U_ZERO_ERROR; + if(!objval->src) { + php_converter_throw_failure(objval, U_INVALID_STATE_ERROR TSRMLS_CC, "Source Converter has not been initialized yet"); + chars[0] = 0x1A; + chars[1] = 0; + chars_len = 1; + ZVAL_LONG(error, U_INVALID_STATE_ERROR); + RETVAL_STRINGL(chars, chars_len, 1); + return; + } /* Yes, this is fairly wasteful at first glance, * but considering that the alternative is to store @@ -75,18 +86,17 @@ static void php_converter_default_callback(zval *return_value, zval *zobj, long * I'd rather take the CPU hit here, than waste time * storing a value I'm unlikely to use. */ - ucnv_getSubstChars(objval->src, chars, &chars_len, &error); - if (U_FAILURE(error)) { - THROW_UFAILURE(objval, "ucnv_getSubstChars", error); + ucnv_getSubstChars(objval->src, chars, &chars_len, &uerror); + if (U_FAILURE(uerror)) { + THROW_UFAILURE(objval, "ucnv_getSubstChars", uerror); chars[0] = 0x1A; chars[1] = 0; chars_len = 1; + ZVAL_LONG(error, uerror); } RETVAL_STRINGL(chars, chars_len, 1); } } - zval_dtor(error); - ZVAL_LONG(error, U_ZERO_ERROR); } /* }}} */ diff --git a/ext/intl/tests/uconverter_bug66873.phpt b/ext/intl/tests/uconverter_bug66873.phpt new file mode 100644 index 0000000000..aa1045ec35 --- /dev/null +++ b/ext/intl/tests/uconverter_bug66873.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #66873 - crash in UConverter with invalid encoding +--SKIPIF-- +<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?> +--FILE-- +<?php + $o = new UConverter(1, 1); + $o->toUCallback(1, 1, 1, $b); + var_dump($o->getErrorCode()); +--EXPECT-- +int(27) |