Mirrors
/
php
mirror of https://github.com/php/php-src
3
0
Fork 0
Code Releases Activity
Browse Source

fix bug #55871 - Interruption in substr_replace()

pull/271/head
Stanislav Malyshev 14 years ago
parent
2a687aed1a
commit
cbcddcb02e
3 changed files with 290 additions and 229 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      NEWS
  2. 467
      ext/standard/string.c
  3. 47
      ext/standard/tests/strings/bug55871.phpt

5
NEWS
View File

@ -4,12 +4,13 @@ PHP NEWS
- Core:
. Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax). (Dmitry)
. Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
. Fixed bug #55871 (Interruption in substr_replace()). (Stas)
- SAPI:
. Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com)
. Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
(Stas)
. Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com)
- CLI SAPI:
. Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)

467
ext/standard/string.c
File diff suppressed because it is too large
View File

47
ext/standard/tests/strings/bug55871.phpt
View File

@ -0,0 +1,47 @@
--TEST--
Bug #55871 (Interruption in substr_replace())
--FILE--
<?php
class test1 {
public function __toString() {
preg_match('//', '', $GLOBALS['my_var']);
return '';
}
}
class test2 {
public function __toString() {
$GLOBALS['my_var'] += 0x08048000;
return '';
}
}
class test3 {
public function __toString() {
$GLOBALS['my_var'] .= "AAAAAAAA";
return '';
}
}
$my_var = str_repeat('A', 40);
$out = substr_replace(array(&$my_var), array(new test1), 40, 0);
var_dump($out);
$my_var = str_repeat('A', 40);
$out = substr_replace(array(&$my_var), array(new test2), 40, 0);
var_dump($out);
$my_var = str_repeat('A', 40);
$out = substr_replace(array(&$my_var), array(new test3), 40, 0);
var_dump($out);
--EXPECTF--
Warning: substr_replace(): Argument was modified while replacing in %s on line %d
array(0) {
}
Warning: substr_replace(): Argument was modified while replacing in %s on line %d
array(0) {
}
Warning: substr_replace(): Argument was modified while replacing in %s on line %d
array(0) {
}
Write Preview
Loading…
Cancel
Save