diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2020-02-17 12:54:11 +0300 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2020-02-17 12:54:11 +0300 |
| commit | 53fc8ef41d89e99a8c8fc40a3b0deb501e915141 (patch) | |
| tree | 2f8f59f657c50d9a6b035cfa63e2593dca496a9c | |
| parent | cf8407a2380ae827a0e9a63993d59b1927769eb7 (diff) | |
| parent | 54ecf57fe290f69a2112d4c2ea3a1e99208e2797 (diff) | |
| download | php-git-53fc8ef41d89e99a8c8fc40a3b0deb501e915141.tar.gz | |
Merge branch 'PHP-7.4'
* PHP-7.4:
Disable instantiation of zero size FFI\CData objects
Fix # 79171: heap-buffer-overflow in phar_extract_file
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
| -rw-r--r-- | ext/ffi/ffi.c | 6 | ||||
| -rw-r--r-- | ext/ffi/tests/023.phpt | 8 | ||||
| -rw-r--r-- | ext/ffi/tests/027.phpt | 2 | ||||
| -rw-r--r-- | ext/ffi/tests/045.phpt | 2 |
4 files changed, 14 insertions, 4 deletions
diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c index 482d7c1a61..0696512342 100644 --- a/ext/ffi/ffi.c +++ b/ext/ffi/ffi.c @@ -3657,6 +3657,12 @@ ZEND_METHOD(FFI, new) /* {{{ */ } } + if (type->size == 0) { + zend_throw_error(zend_ffi_exception_ce, "Cannot instantiate FFI\\CData of zero size"); + zend_ffi_type_dtor(type_ptr); + return; + } + ptr = pemalloc(type->size, flags & ZEND_FFI_FLAG_PERSISTENT); memset(ptr, 0, type->size); diff --git a/ext/ffi/tests/023.phpt b/ext/ffi/tests/023.phpt index 4e895d9931..651713bf2b 100644 --- a/ext/ffi/tests/023.phpt +++ b/ext/ffi/tests/023.phpt @@ -6,13 +6,17 @@ FFI 023: GCC struct extensions ffi.enable=1 --FILE-- <?php - var_dump(FFI::sizeof(FFI::new("struct {}"))); + try { + var_dump(FFI::sizeof(FFI::new("struct {}"))); + } catch (Throwable $e) { + echo get_class($e) . ": " . $e->getMessage() . "\n"; + } var_dump(FFI::sizeof(FFI::new("struct {int a}"))); var_dump(FFI::sizeof(FFI::new("struct {int a; int b}"))); ?> ok --EXPECT-- -int(0) +FFI\Exception: Cannot instantiate FFI\CData of zero size int(4) int(8) ok diff --git a/ext/ffi/tests/027.phpt b/ext/ffi/tests/027.phpt index aa4afe970a..cc40798478 100644 --- a/ext/ffi/tests/027.phpt +++ b/ext/ffi/tests/027.phpt @@ -81,7 +81,7 @@ FFI\ParserException: '[*]' not allowed in other than function prototype scope at FFI\ParserException: '[*]' not allowed in other than function prototype scope at line 1 FFI\ParserException: '[*]' not allowed in other than function prototype scope at line 1 ok -int(0) +FFI\Exception: Cannot instantiate FFI\CData of zero size FFI\ParserException: '[]' not allowed at line 1 FFI\ParserException: '[]' not allowed at line 1 ok diff --git a/ext/ffi/tests/045.phpt b/ext/ffi/tests/045.phpt index eb7f3b95f6..981b7c31d2 100644 --- a/ext/ffi/tests/045.phpt +++ b/ext/ffi/tests/045.phpt @@ -24,4 +24,4 @@ try { bool(true) bool(false) TypeError: FFI::isNull() expects parameter 1 to be FFI\CData, null given -FFI\Exception: FFI\Cdata is not a pointer +FFI\Exception: Cannot instantiate FFI\CData of zero size |