[Pkg-php-commits] [php/debian-sid] Cherry pick fix for leaks and possible crash introduced by NULL poisoning patch
Ondřej Surý
ondrej at sury.org
Wed Jan 5 10:06:14 UTC 2011
---
...sh-introduced-by-the-null-poisoning-patch.patch | 61 ++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 62 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
diff --git a/debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch b/debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
new file mode 100644
index 0000000..6f7c414
--- /dev/null
+++ b/debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
@@ -0,0 +1,61 @@
+--- a/ext/sqlite/sqlite.c
++++ b/ext/sqlite/sqlite.c
+@@ -1641,8 +1641,10 @@ PHP_FUNCTION(sqlite_open)
+ }
+
+ if (strlen(filename) != filename_len) {
++ zend_restore_error_handling(&error_handling TSRMLS_CC);
+ RETURN_FALSE;
+ }
++
+ if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
+ /* resolve the fully-qualified path name to use as the hash key */
+ if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+@@ -1697,6 +1699,7 @@ PHP_FUNCTION(sqlite_factory)
+ }
+
+ if (strlen(filename) != filename_len) {
++ zend_restore_error_handling(&error_handling TSRMLS_CC);
+ RETURN_FALSE;
+ }
+
+--- /dev/null
++++ b/ext/soap/tests/error_handler.phpt
+@@ -0,0 +1,17 @@
++--TEST--
++Bug #46760 (SoapClient doRequest fails when proxy is used)
++--SKIPIF--
++<?php require_once('skipif.inc');
++if (!extension_loaded('sqlite')) die('skip squilite extension not available');
++?>
++--FILE--
++<?php
++echo "blllllllllaaaaaaa\n";
++$var475 = sqlite_factory("\x00");
++$var147 = use_soap_error_handler();
++$var477 = flock(false,false);dump($client->_proxy_port);
++
++echo "OK";
++?>
++--EXPECT--
++OK
+--- a/ext/xsl/xsltprocessor.c
++++ b/ext/xsl/xsltprocessor.c
+@@ -643,6 +643,7 @@ PHP_FUNCTION(xsl_xsltprocessor_transform
+ ret = -1;
+ if (newdocp) {
+ if (strlen(uri) != uri_len) {
++ xmlFreeDoc(newdocp);
+ RETURN_FALSE;
+ }
+ ret = xsltSaveResultToFilename(uri, newdocp, sheetp, 0);
+--- a/ext/pspell/pspell.c
++++ b/ext/pspell/pspell.c
+@@ -403,6 +403,7 @@ static PHP_FUNCTION(pspell_new_personal)
+ #endif
+
+ if (strlen(personal) != personal_len) {
++ delete_pspell_config(config);
+ RETURN_FALSE;
+ }
+
diff --git a/debian/patches/series b/debian/patches/series
index 7a9ff72..fa8cd3c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -81,3 +81,4 @@ fix-crash-if-aa-steps-are-invalid.patch
fix-crash-with-entity-declarations-in-simplexml.patch
fix-for-NULL-deref-in-zend_language_scanner.patch
fix-integer-overflow-in-SdnToJulian.patch
+fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list