diff options
| author | Anatol Belski <ab@php.net> | 2016-12-11 17:06:55 +0100 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2016-12-11 17:06:55 +0100 |
| commit | 1d80fb2cdb996ea849d1667971788656a37e277d (patch) | |
| tree | f3fa7dfbc7c5c088f3b5d2bc100b5533031aed59 /ext/com_dotnet | |
| parent | 66ad7918b8e95e8e7d23ab67890f58d55aba5de2 (diff) | |
| download | php-git-1d80fb2cdb996ea849d1667971788656a37e277d.tar.gz | |
Fixed bug #73679 DOTNET read access violation using invalid codepage
Diffstat (limited to 'ext/com_dotnet')
| -rw-r--r-- | ext/com_dotnet/com_dotnet.c | 9 | ||||
| -rw-r--r-- | ext/com_dotnet/tests/bug73679.phpt | 20 |
2 files changed, 28 insertions, 1 deletions
diff --git a/ext/com_dotnet/com_dotnet.c b/ext/com_dotnet/com_dotnet.c index c8e2bc105b..a6b75cabef 100644 --- a/ext/com_dotnet/com_dotnet.c +++ b/ext/com_dotnet/com_dotnet.c @@ -196,6 +196,7 @@ PHP_FUNCTION(com_dotnet_create_instance) int ret = FAILURE; char *where = ""; IUnknown *unk = NULL; + zend_long cp = CP_ACP; php_com_initialize(); stuff = (struct dotnet_runtime_stuff*)COMG(dotnet_runtime_stuff); @@ -245,11 +246,17 @@ PHP_FUNCTION(com_dotnet_create_instance) if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS(), "ss|l", &assembly_name, &assembly_name_len, &datatype_name, &datatype_name_len, - &obj->code_page)) { + &cp)) { php_com_throw_exception(E_INVALIDARG, "Could not create .Net object - invalid arguments!"); return; } + if (Z_L(0) > cp || ZEND_LONG_INT_OVFL(cp)) { + php_com_throw_exception(E_INVALIDARG, "Could not create .Net object - invalid codepage!"); + return; + } + obj->code_page = (int)cp; + oletype = php_com_string_to_olestring(datatype_name, datatype_name_len, obj->code_page); oleassembly = php_com_string_to_olestring(assembly_name, assembly_name_len, obj->code_page); oletype_sys = SysAllocString(oletype); diff --git a/ext/com_dotnet/tests/bug73679.phpt b/ext/com_dotnet/tests/bug73679.phpt new file mode 100644 index 0000000000..6f46d87d7f --- /dev/null +++ b/ext/com_dotnet/tests/bug73679.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #73679 DOTNET read access violation using invalid codepage +--SKIPIF-- +<?php # vim:ft=php +if (!extension_loaded("com_dotnet")) print "skip COM/.Net support not present"; ?> +--FILE-- +<?php + +$stack = new DOTNET("mscorlib", "System.Collections.Stack", -2200000000); +$stack->Push(".Net"); +$stack->Push("Hello "); +echo $stack->Pop() . $stack->Pop(); + +?> +--EXPECTF-- +Fatal error: Uncaught com_exception: Could not create .Net object - invalid codepage! in %sbug73679.php:%d +Stack trace: +#0 %sbug73679.php(%d): dotnet->dotnet('mscorlib', 'System.Collecti...', -2200000000) +#1 {main} + thrown in %sbug73679.php on line %d |