diff options
author | Anatol Belski <ab@php.net> | 2016-08-18 14:15:10 +0200 |
---|---|---|
committer | Anatol Belski <ab@php.net> | 2016-08-18 14:15:10 +0200 |
commit | 67f8c14c297cf2c3d1fdf9f5143603b6d09ebbc5 (patch) | |
tree | 77370e3aab493d4530102ef52789d38cc6918a0d | |
parent | 7ecd4bb0a4af16ae322c1cfa31bba695a30d2fd8 (diff) | |
download | php-git-67f8c14c297cf2c3d1fdf9f5143603b6d09ebbc5.tar.gz |
Fixed bug #72858 shm_attach null dereference
-rw-r--r-- | TSRM/tsrm_win32.c | 10 | ||||
-rw-r--r-- | ext/sysvshm/tests/bug72858.phpt | 20 |
2 files changed, 30 insertions, 0 deletions
diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c index 6eba067c06..ab20e1f98b 100644 --- a/TSRM/tsrm_win32.c +++ b/TSRM/tsrm_win32.c @@ -665,6 +665,7 @@ TSRM_API int shmget(int key, int size, int flags) TSRM_API void *shmat(int key, const void *shmaddr, int flags) { shm_pair *shm = shm_get(key, NULL); + int err; if (!shm->segment) { return (void*)-1; @@ -676,6 +677,15 @@ TSRM_API void *shmat(int key, const void *shmaddr, int flags) shm->addr = MapViewOfFileEx(shm->segment, FILE_MAP_ALL_ACCESS, 0, 0, 0, NULL); + err = GetLastError(); + if (err) { + /* Catch more errors */ + if (ERROR_NOT_ENOUGH_MEMORY == err) { + _set_errno(ENOMEM); + } + return (void*)-1; + } + return shm->addr; } diff --git a/ext/sysvshm/tests/bug72858.phpt b/ext/sysvshm/tests/bug72858.phpt new file mode 100644 index 0000000000..087329e2df --- /dev/null +++ b/ext/sysvshm/tests/bug72858.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #72858 shm_attach null dereference +--SKIPIF-- +<?php +if (!extension_loaded("sysvshm")){ print 'skip'; } +if (4 < PHP_INT_SIZE) { print "skip 32-bit only"; } +if( substr(PHP_OS, 0, 3) != "WIN" ) { print "skip windows only" } +?> +--FILE-- +<?php + +$v1=100; +$v2=0xffffffff / 4 + 0x1337; +shm_attach($v1,$v2); + +?> +==DONE== +--EXPECTF-- +Warning: shm_attach(): failed for key 0x64: Not enough space in %s on line %d +==DONE== |