[Pkg-php-commits] [php/debian-sid] Cherry pick fix for leaks and possible crash introduced by NULL poisoning patch

Ondřej Surý ondrej at sury.org
Wed Jan 5 10:06:14 UTC 2011


---
 ...sh-introduced-by-the-null-poisoning-patch.patch |   61 ++++++++++++++++++++
 debian/patches/series                              |    1 +
 2 files changed, 62 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch

diff --git a/debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch b/debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
new file mode 100644
index 0000000..6f7c414
--- /dev/null
+++ b/debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
@@ -0,0 +1,61 @@
+--- a/ext/sqlite/sqlite.c
++++ b/ext/sqlite/sqlite.c
+@@ -1641,8 +1641,10 @@ PHP_FUNCTION(sqlite_open)
+ 	}
+ 
+ 	if (strlen(filename) != filename_len) {
++		zend_restore_error_handling(&error_handling TSRMLS_CC);
+ 		RETURN_FALSE;
+ 	}
++
+ 	if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
+ 		/* resolve the fully-qualified path name to use as the hash key */
+ 		if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
+@@ -1697,6 +1699,7 @@ PHP_FUNCTION(sqlite_factory)
+ 	}
+ 
+ 	if (strlen(filename) != filename_len) {
++		zend_restore_error_handling(&error_handling TSRMLS_CC);
+ 		RETURN_FALSE;
+ 	}
+ 
+--- /dev/null
++++ b/ext/soap/tests/error_handler.phpt
+@@ -0,0 +1,17 @@
++--TEST--
++Bug #46760 (SoapClient doRequest fails when proxy is used)
++--SKIPIF--
++<?php require_once('skipif.inc'); 
++if (!extension_loaded('sqlite')) die('skip squilite extension not available');
++?>
++--FILE--
++<?php
++echo "blllllllllaaaaaaa\n";
++$var475 = sqlite_factory("\x00");
++$var147 = use_soap_error_handler();
++$var477 = flock(false,false);dump($client->_proxy_port);
++
++echo "OK";
++?>
++--EXPECT--
++OK
+--- a/ext/xsl/xsltprocessor.c
++++ b/ext/xsl/xsltprocessor.c
+@@ -643,6 +643,7 @@ PHP_FUNCTION(xsl_xsltprocessor_transform
+ 	ret = -1;
+ 	if (newdocp) {
+ 		if (strlen(uri) != uri_len) {
++			xmlFreeDoc(newdocp);
+ 			RETURN_FALSE;
+ 		}
+ 		ret = xsltSaveResultToFilename(uri, newdocp, sheetp, 0);
+--- a/ext/pspell/pspell.c
++++ b/ext/pspell/pspell.c
+@@ -403,6 +403,7 @@ static PHP_FUNCTION(pspell_new_personal)
+ #endif
+ 
+ 	if (strlen(personal) != personal_len) {
++		delete_pspell_config(config);
+ 		RETURN_FALSE;
+ 	}
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 7a9ff72..fa8cd3c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -81,3 +81,4 @@ fix-crash-if-aa-steps-are-invalid.patch
 fix-crash-with-entity-declarations-in-simplexml.patch
 fix-for-NULL-deref-in-zend_language_scanner.patch
 fix-integer-overflow-in-SdnToJulian.patch
+fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
-- 
1.7.1





More information about the Pkg-php-commits mailing list