Overview

File php-CVE-2016-3141.patch of Package php5.openSUSE_Leap_42.1_Update

X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fwddx%2Fwddx.c;h=da3424695b299a3ed40715498ec07b79afe845da;hp=7267ee1e94bb63bcaf3cb048e837105644b873ad;hb=b1bd4119bcafab6f9a8f84d92cd65eec3afeface;hpb=377d353c9f8aad6f79f3cf84aad3e2f6d65fa456

Index: ext/wddx/wddx.c
===================================================================
--- ext/wddx/wddx.c.orig	2016-03-14 10:47:45.864129492 +0100
+++ ext/wddx/wddx.c	2016-03-14 10:48:17.356129724 +0100
@@ -942,6 +942,16 @@
 		!strcmp(name, EL_DATETIME)) {
 		wddx_stack_top(stack, (void**)&ent1);
 
+		if (!ent1->data) {
+			if (stack->top > 1) {
+				stack->top--;
+			} else {
+				stack->done = 1;
+			}
+			efree(ent1);
+			return;
+		}
+
 		if (!strcmp(name, EL_BINARY)) {
 			int new_len=0;
 			unsigned char *new_str;
@@ -1037,6 +1047,7 @@
 		}
 	} else if (!strcmp(name, EL_VAR) && stack->varname) {
 		efree(stack->varname);
+		stack->varname = NULL;
 	} else if (!strcmp(name, EL_FIELD)) {
 		st_entry *ent;
 		wddx_stack_top(stack, (void **)&ent);
@@ -1056,7 +1067,7 @@
 
 	if (!wddx_stack_is_empty(stack) && !stack->done) {
 		wddx_stack_top(stack, (void**)&ent);
-		switch (Z_TYPE_P(ent)) {
+		switch (ent->type) {
 			case ST_STRING: 
 				if (Z_STRLEN_P(ent->data) == 0) {
 					STR_FREE(Z_STRVAL_P(ent->data));
@@ -1095,11 +1106,11 @@
 				} else if (!strcmp(s, "false")) {
 					Z_LVAL_P(ent->data) = 0;
 				} else {
-					stack->top--;
 					zval_ptr_dtor(&ent->data);
-					if (ent->varname)
+					if (ent->varname) {
 						efree(ent->varname);
-					efree(ent);
+					}
+					ent->data = NULL;
 				}
 				break;
openSUSE Build Service is sponsored by
Places