[Pkg-php-commits] r1195 - in php5/trunk/debian: . patches
Sean Finney
seanius at alioth.debian.org
Sun Jan 11 20:23:54 UTC 2009
Author: seanius
Date: 2009-01-11 20:23:54 +0000 (Sun, 11 Jan 2009)
New Revision: 1195
Added:
php5/trunk/debian/patches/zend_object_handlers-invalid-write.patch
Modified:
php5/trunk/debian/changelog
php5/trunk/debian/patches/series
Log:
backported fixes from 5.2.8, 2/2
Modified: php5/trunk/debian/changelog
===================================================================
--- php5/trunk/debian/changelog 2009-01-11 19:40:50 UTC (rev 1194)
+++ php5/trunk/debian/changelog 2009-01-11 20:23:54 UTC (rev 1195)
@@ -10,6 +10,8 @@
them up.
- Upstream bug #46157 (PDOStatement::fetchObject prototype error)
Patch: pdo-fetchobject-prototype-error.patch
+ - Upstream bug #46308 (Invalid write in zend object handler / getter)
+ Patch: zend_object_handlers-invalid-write.patch
* Security related fixes:
- Incorporate fix from 5.3 for proper initialization of uid/gid for
apache2 sapi.
Modified: php5/trunk/debian/patches/series
===================================================================
--- php5/trunk/debian/patches/series 2009-01-11 19:40:50 UTC (rev 1194)
+++ php5/trunk/debian/patches/series 2009-01-11 20:23:54 UTC (rev 1195)
@@ -41,3 +41,4 @@
BG-initializing-fix.patch
CVE-2008-5557.patch
pdo-fetchobject-prototype-error.patch
+zend_object_handlers-invalid-write.patch
Added: php5/trunk/debian/patches/zend_object_handlers-invalid-write.patch
===================================================================
--- php5/trunk/debian/patches/zend_object_handlers-invalid-write.patch (rev 0)
+++ php5/trunk/debian/patches/zend_object_handlers-invalid-write.patch 2009-01-11 20:23:54 UTC (rev 1195)
@@ -0,0 +1,63 @@
+fix for http://bugs.php.net/bug.php?id=46308
+downloaded from http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_object_handlers.c?r1=1.135.2.6.2.28&r2=1.135.2.6.2.29&view=patch
+--- php5-5.2.6.dfsg.1.orig/Zend/zend_object_handlers.c
++++ php5-5.2.6.dfsg.1/Zend/zend_object_handlers.c
+@@ -328,6 +328,7 @@ zval *zend_std_read_property(zval *objec
+ zend_get_property_guard(zobj, property_info, member, &guard) == SUCCESS &&
+ !guard->in_get) {
+ /* have getter - try with it! */
++ ZVAL_ADDREF(object);
+ guard->in_get = 1; /* prevent circular getting */
+ rv = zend_std_call_getter(object, member TSRMLS_CC);
+ guard->in_get = 0;
+@@ -352,6 +353,7 @@ zval *zend_std_read_property(zval *objec
+ } else {
+ retval = &EG(uninitialized_zval_ptr);
+ }
++ zval_ptr_dtor(&object);
+ } else {
+ if (!silent) {
+ zend_error(E_NOTICE,"Undefined property: %s::$%s", zobj->ce->name, Z_STRVAL_P(member));
+@@ -422,12 +424,14 @@ static void zend_std_write_property(zval
+ if (zobj->ce->__set &&
+ zend_get_property_guard(zobj, property_info, member, &guard) == SUCCESS &&
+ !guard->in_set) {
++ ZVAL_ADDREF(object);
+ guard->in_set = 1; /* prevent circular setting */
+ if (zend_std_call_setter(object, member, value TSRMLS_CC) != SUCCESS) {
+ /* for now, just ignore it - __set should take care of warnings, etc. */
+ }
+ setter_done = 1;
+ guard->in_set = 0;
++ zval_ptr_dtor(&object);
+ }
+ if (!setter_done && property_info) {
+ zval **foo;
+@@ -602,9 +606,11 @@ static void zend_std_unset_property(zval
+ zend_get_property_guard(zobj, property_info, member, &guard) == SUCCESS &&
+ !guard->in_unset) {
+ /* have unseter - try with it! */
++ ZVAL_ADDREF(object);
+ guard->in_unset = 1; /* prevent circular unsetting */
+ zend_std_call_unsetter(object, member TSRMLS_CC);
+ guard->in_unset = 0;
++ zval_ptr_dtor(&object);
+ }
+ }
+
+@@ -1020,6 +1026,7 @@ static int zend_std_has_property(zval *o
+ zval *rv;
+
+ /* have issetter - try with it! */
++ ZVAL_ADDREF(object);
+ guard->in_isset = 1; /* prevent circular getting */
+ rv = zend_std_call_issetter(object, member TSRMLS_CC);
+ if (rv) {
+@@ -1037,6 +1044,7 @@ static int zend_std_has_property(zval *o
+ }
+ }
+ guard->in_isset = 0;
++ zval_ptr_dtor(&object);
+ }
+ } else {
+ switch (has_set_exists) {
More information about the Pkg-php-commits
mailing list