diff options
| author | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-26 16:50:20 +0100 |
|---|---|---|
| committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-26 16:50:20 +0100 |
| commit | 7817fc07e150620be38a16dd29e50c71e51948a7 (patch) | |
| tree | 8926d8bdf094c642736210d741c46f086616f91c | |
| parent | be6d72b3a445a37f48b021e3e8e85e3a00924d71 (diff) | |
| download | php-git-7817fc07e150620be38a16dd29e50c71e51948a7.tar.gz | |
Deny cloning of fileinfo objects
Using a cloned finfo object will crash.
| -rw-r--r-- | ext/fileinfo/fileinfo.c | 1 | ||||
| -rw-r--r-- | ext/fileinfo/tests/clone_serialize.phpt | 27 |
2 files changed, 28 insertions, 0 deletions
diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index 5565964c20..2cb9f91aee 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -218,6 +218,7 @@ PHP_MINIT_FUNCTION(finfo) memcpy(&finfo_object_handlers, &std_object_handlers, sizeof(zend_object_handlers)); finfo_object_handlers.offset = XtOffsetOf(finfo_object, zo); finfo_object_handlers.free_obj = finfo_objects_free; + finfo_object_handlers.clone_obj = NULL; le_fileinfo = zend_register_list_destructors_ex(finfo_resource_destructor, NULL, "file_info", module_number); diff --git a/ext/fileinfo/tests/clone_serialize.phpt b/ext/fileinfo/tests/clone_serialize.phpt new file mode 100644 index 0000000000..5375526ee4 --- /dev/null +++ b/ext/fileinfo/tests/clone_serialize.phpt @@ -0,0 +1,27 @@ +--TEST-- +Cloning and serializing finfo is not supported +--FILE-- +<?php + +$finfo = new finfo; +var_dump($finfo->buffer("Test string")); +try { + $finfo2 = clone $finfo; + var_dump($finfo2->buffer("Test string")); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} +try { + $finfo3 = unserialize(serialize($finfo)); + var_dump($finfo3->buffer("Test string")); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} + +?> +--EXPECTF-- +string(%d) "%s" +Trying to clone an uncloneable object of class finfo + +Warning: finfo::buffer(): The invalid fileinfo object. in %s on line %d +bool(false) |