diff options
| -rw-r--r-- | Zend/tests/bug75573.phpt | 64 | ||||
| -rw-r--r-- | Zend/zend_object_handlers.c | 12 | ||||
| -rw-r--r-- | ext/sodium/libsodium.c | 59 |
3 files changed, 92 insertions, 43 deletions
diff --git a/Zend/tests/bug75573.phpt b/Zend/tests/bug75573.phpt new file mode 100644 index 0000000000..476ff6e6cf --- /dev/null +++ b/Zend/tests/bug75573.phpt @@ -0,0 +1,64 @@ +--TEST-- +Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26) +--FILE-- +<?php + +class A +{ + var $_stdObject; + function initialize($properties = FALSE) { + $this->_stdObject = $properties ? (object) $properties : new stdClass(); + parent::initialize(); + } + function &__get($property) + { + if (isset($this->_stdObject->{$property})) { + $retval =& $this->_stdObject->{$property}; + return $retval; + } else { + return NULL; + } + } + function &__set($property, $value) + { + return $this->_stdObject->{$property} = $value; + } + function __isset($property_name) + { + return isset($this->_stdObject->{$property_name}); + } +} + +class B extends A +{ + function initialize($properties = array()) + { + parent::initialize($properties); + } + function &__get($property) + { + if (isset($this->settings) && isset($this->settings[$property])) { + $retval =& $this->settings[$property]; + return $retval; + } else { + return parent::__get($property); + } + } +} + +$b = new B(); +$b->settings = [ "foo" => "bar", "name" => "abc" ]; +var_dump($b->name); +var_dump($b->settings); +?> +--EXPECTF-- +Warning: Creating default object from empty value in %sbug75573.php on line %d + +Notice: Only variable references should be returned by reference in %sbug75573.php on line %d +string(3) "abc" +array(2) { + ["foo"]=> + string(3) "bar" + ["name"]=> + string(3) "abc" +} diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c index 6764e1f3e3..4a78d796fe 100644 --- a/Zend/zend_object_handlers.c +++ b/Zend/zend_object_handlers.c @@ -660,13 +660,11 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_ } zval_ptr_dtor(&tmp_object); goto exit; - } else { - if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) { - zval_ptr_dtor(&tmp_object); - zend_throw_error(NULL, "Cannot access property started with '\\0'"); - retval = &EG(uninitialized_zval); - goto exit; - } + } else if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) { + zval_ptr_dtor(&tmp_object); + zend_throw_error(NULL, "Cannot access property started with '\\0'"); + retval = &EG(uninitialized_zval); + goto exit; } } diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c index f08a272e04..06a763627d 100644 --- a/ext/sodium/libsodium.c +++ b/ext/sodium/libsodium.c @@ -233,19 +233,6 @@ ZEND_END_ARG_INFO() # undef crypto_secretstream_xchacha20poly1305_ABYTES #endif -#ifndef crypto_pwhash_OPSLIMIT_MIN -# define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_OPSLIMIT_INTERACTIVE -#endif -#ifndef crypto_pwhash_MEMLIMIT_MIN -# define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_MEMLIMIT_INTERACTIVE -#endif -#ifndef crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN -# define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE -#endif -#ifndef crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN -# define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE -#endif - const zend_function_entry sodium_functions[] = { PHP_FE(sodium_crypto_aead_aes256gcm_is_available, AI_None) #ifdef HAVE_AESGCM @@ -1852,12 +1839,12 @@ PHP_FUNCTION(sodium_crypto_pwhash) zend_throw_exception(sodium_exception_ce, "salt should be SODIUM_CRYPTO_PWHASH_SALTBYTES bytes", 0); return; } - if (opslimit < crypto_pwhash_OPSLIMIT_MIN) { - zend_error(E_ERROR, - "number of operations for the password hashing function is too low"); + if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) { + zend_error(E_WARNING, + "number of operations for the password hashing function is low"); } - if (memlimit < crypto_pwhash_MEMLIMIT_MIN) { - zend_error(E_ERROR, "maximum memory for the password hashing function is too low"); + if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) { + zend_error(E_WARNING, "maximum memory for the password hashing function is low"); } hash = zend_string_alloc((size_t) hash_len, 0); ret = -1; @@ -1915,13 +1902,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_str) if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (opslimit < crypto_pwhash_OPSLIMIT_MIN) { - zend_error(E_ERROR, - "number of operations for the password hashing function is too low"); + if (opslimit < crypto_pwhash_OPSLIMIT_INTERACTIVE) { + zend_error(E_WARNING, + "number of operations for the password hashing function is low"); } - if (memlimit < crypto_pwhash_MEMLIMIT_MIN) { - zend_error(E_ERROR, - "maximum memory for the password hashing function is too low"); + if (memlimit < crypto_pwhash_MEMLIMIT_INTERACTIVE) { + zend_error(E_WARNING, + "maximum memory for the password hashing function is low"); } hash_str = zend_string_alloc(crypto_pwhash_STRBYTES - 1, 0); if (crypto_pwhash_str @@ -2029,13 +2016,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256) 0); return; } - if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) { - zend_error(E_ERROR, - "number of operations for the scrypt function is too low"); + if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) { + zend_error(E_WARNING, + "number of operations for the scrypt function is low"); } - if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) { - zend_error(E_ERROR, - "maximum memory for the scrypt function is too low"); + if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) { + zend_error(E_WARNING, + "maximum memory for the scrypt function is low"); } hash = zend_string_alloc((size_t) hash_len, 0); if (crypto_pwhash_scryptsalsa208sha256 @@ -2076,13 +2063,13 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256_str) if (passwd_len <= 0) { zend_error(E_WARNING, "empty password"); } - if (opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE) { - zend_error(E_ERROR, - "number of operations for the scrypt function is too low"); + if (opslimit < crypto_pwhash_scryptsalsa208sha256_opslimit_interactive()) { + zend_error(E_WARNING, + "number of operations for the scrypt function is low"); } - if (memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) { - zend_error(E_ERROR, - "maximum memory for the scrypt function is too low"); + if (memlimit < crypto_pwhash_scryptsalsa208sha256_memlimit_interactive()) { + zend_error(E_WARNING, + "maximum memory for the scrypt function is low"); } hash_str = zend_string_alloc (crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1, 0); |