Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:80624
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 58147 invoked from network); 16 Jan 2015 08:24:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Jan 2015 08:24:09 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.177 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.214.177 mail-ob0-f177.google.com  
Received: from [209.85.214.177] ([209.85.214.177:43798] helo=mail-ob0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 90/A3-39838-8AAC8B45 for <internals@lists.php.net>; Fri, 16 Jan 2015 03:24:09 -0500
Received: by mail-ob0-f177.google.com with SMTP id uy5so17315549obc.8
        for <internals@lists.php.net>; Fri, 16 Jan 2015 00:24:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=2PsAZXDDG6gUGvThtzuVs1flxaxeTYLkhcF9QhgLi74=;
        b=arEH8UQ0aBENMoczRTib1IwXR2Ze6eRgaljfnFWhBP4UlQNQ1sGYZwz/vNWi+e54Es
         07TwEBQA/2WAyPclvZ9cK1cbuAyNYuAWmb7nJOBRz0ll7aRd7JNoO/LsJPmguUqxaBLt
         OmZXRi++sSdA0vd85eICmX4ZjHnXAdNZczQNqOPfPFcdsLDZefyRcUmyrpwaz56SeXyW
         O+dZhihPDZPb8jLDNN7MPQbSkDPUsZPJgRSDCDlAGJggL2S4JMLf+9WkMHrwnRj2rojZ
         RrIktxo7cQX9FH6UO6MTvBaEkTiRhYt3Nqkqd+wwIUXZOVc0mIteI0xhr2P6aIkEafCC
         pqbQ==
X-Received: by 10.182.50.225 with SMTP id f1mr8574753obo.45.1421396645377;
        Fri, 16 Jan 2015 00:24:05 -0800 (PST)
Received: from Stas-Air.local (108-66-6-48.lightspeed.sntcca.sbcglobal.net. [108.66.6.48])
        by mx.google.com with ESMTPSA id wc6sm1332918obc.8.2015.01.16.00.24.04
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 16 Jan 2015 00:24:04 -0800 (PST)
Message-ID: <54B8CA9F.6050800@gmail.com>
Date: Fri, 16 Jan 2015 00:23:59 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Joshua Rogers <git@internot.info>, internals@lists.php.net
References: <1421396060-13451-1-git-send-email-git@internot.info>
In-Reply-To: <1421396060-13451-1-git-send-email-git@internot.info>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [PATCH] Fix null pointer dereference(s) --
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> +	//Test 'pbuf'(also known as 'error') against NULL, since it is called multiple places without checking against, causing null pointer dereferences.

No C++ comments please.

>  	if (buf.c) {
> -		*pbuf = buf.c;
> +		if(pbuf) {
> +			*pbuf = buf.c;
> +		}
>  		result = buf.len;

I think if pbuf is null, it should return 0 immediately. The code you
provided would result in a memory leak if pbuf is NULL, since the
pointer to buf.c would be lost as soon as vspprintf exits.

-- 
Stas Malyshev
smalyshev@gmail.com