diff options
author | Felipe Pena <felipe@php.net> | 2011-02-20 16:33:53 +0000 |
---|---|---|
committer | Felipe Pena <felipe@php.net> | 2011-02-20 16:33:53 +0000 |
commit | 54a7e5d7c37d11cf186cb8b9107c88b1b5e08d5d (patch) | |
tree | 2b8f622cb1ae9ee91c0f29668e05054a3776554c | |
parent | 5b442c82f040ec49016d33c96c5908ee4b8e95a6 (diff) | |
download | php-git-54a7e5d7c37d11cf186cb8b9107c88b1b5e08d5d.tar.gz |
- Fixed memory leak in DirectoryIterator::getExtension() and SplFileInfo::getExtension()
-rw-r--r-- | NEWS | 8 | ||||
-rwxr-xr-x | ext/spl/spl_directory.c | 28 |
2 files changed, 26 insertions, 10 deletions
@@ -5,9 +5,13 @@ . Fixed bug #43512 (same parameter name can be used multiple times in method/function definition). (Felipe) -- Exif extension - . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). (Pierre). (CVE-2011-0708) +- Exif extension: + . Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). (Pierre) + (CVE-2011-0708) +- SPL extension: + . Fixed memory leak in DirectoryIterator::getExtension() and + SplFileInfo::getExtension(). (Felipe) 17 Feb 2011, PHP 5.3.6RC1 - Upgraded bundled Sqlite3 to version 3.7.4. (Ilia) - Upgraded bundled PCRE to version 8.11. (Ilia) diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c index c143cd0ead..f6a2750d06 100755 --- a/ext/spl/spl_directory.c +++ b/ext/spl/spl_directory.c @@ -854,7 +854,8 @@ SPL_METHOD(DirectoryIterator, getFilename) SPL_METHOD(SplFileInfo, getExtension) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); - char *fname, *p; + char *fname = NULL; + const char *p; size_t flen; int path_len, idx; @@ -877,10 +878,15 @@ SPL_METHOD(SplFileInfo, getExtension) p = zend_memrchr(fname, '.', flen); if (p) { idx = p - fname; - RETURN_STRINGL(fname + idx + 1, flen - idx - 1, 1); + RETVAL_STRINGL(fname + idx + 1, flen - idx - 1, 1); + efree(fname); + return; + } else { + if (fname) { + efree(fname); + } + RETURN_EMPTY_STRING(); } - - RETURN_EMPTY_STRING(); } /* }}}*/ @@ -889,7 +895,8 @@ SPL_METHOD(SplFileInfo, getExtension) SPL_METHOD(DirectoryIterator, getExtension) { spl_filesystem_object *intern = (spl_filesystem_object*)zend_object_store_get_object(getThis() TSRMLS_CC); - char *fname, *p; + char *fname = NULL; + const char *p; size_t flen; int idx; @@ -902,10 +909,15 @@ SPL_METHOD(DirectoryIterator, getExtension) p = zend_memrchr(fname, '.', flen); if (p) { idx = p - fname; - RETURN_STRINGL(fname + idx + 1, flen - idx - 1, 1); + RETVAL_STRINGL(fname + idx + 1, flen - idx - 1, 1); + efree(fname); + return; + } else { + if (fname) { + efree(fname); + } + RETURN_EMPTY_STRING(); } - - RETURN_EMPTY_STRING(); } /* }}} */ |