Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:80625 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 59775 invoked from network); 16 Jan 2015 08:30:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Jan 2015 08:30:18 -0000 Authentication-Results: pb1.pair.com smtp.mail=honey@internot.info; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=honey@internot.info; sender-id=pass Received-SPF: pass (pb1.pair.com: domain internot.info designates 185.57.82.47 as permitted sender) X-PHP-List-Original-Sender: honey@internot.info X-Host-Fingerprint: 185.57.82.47 mail.internot.info Received: from [185.57.82.47] ([185.57.82.47:59368] helo=mail.internot.info) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C6/F3-39838-91CC8B45 for ; Fri, 16 Jan 2015 03:30:18 -0500 Message-ID: <54B8CC11.9080903@internot.info> Date: Fri, 16 Jan 2015 19:30:09 +1100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 To: internals@lists.php.net References: <1421396060-13451-1-git-send-email-git@internot.info> <54B8CA9F.6050800@gmail.com> In-Reply-To: <54B8CA9F.6050800@gmail.com> OpenPGP: id=296E6003; url=https://internot.info/docs/gpg_pubkey.asc.gpg Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W5IjvfumCWEQdwRnA8nXSwRIfdQkFU4i2" Subject: Re: [PHP-DEV] [PATCH] Fix null pointer dereference(s) -- From: honey@internot.info (Joshua Rogers) --W5IjvfumCWEQdwRnA8nXSwRIfdQkFU4i2 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 16/01/15 19:23, Stanislav Malyshev wrote: > No C++ comments please. Fixed.(Will push afterwards) >> > if (buf.c) { >> > - *pbuf =3D buf.c; >> > + if(pbuf) { >> > + *pbuf =3D buf.c; >> > + } >> > result =3D buf.len; > I think if pbuf is null, it should return 0 immediately. The code you > provided would result in a memory leak if pbuf is NULL, since the > pointer to buf.c would be lost as soon as vspprintf exits. So, at the start of the code, have if(!pbuf) { return 0; }? i.e; --snip-- PHPAPI size_t vspprintf(char **pbuf, size_t max_len, const char *format, va_list ap) /* {{{ */ { if(!pbuf) { return 0; } smart_string buf =3D {0}; size_t result; xbuf_format_converter(&buf, 1, format, ap); --snip-- ? Let me know. Thanks, --=20 -- Joshua Rogers --W5IjvfumCWEQdwRnA8nXSwRIfdQkFU4i2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUuMwSAAoJEJCcj5QpbmADMagP/33oKVBXyhpEuQAj+Wf6dsjm xVeW7qL4hCkYypWdoF1IHrHpPiOGrN7e+aCNt10H24cUmL9ells6+OZMdlOiCCLO eyRY0g2rHvRMO8BouRU+BI5dO58ByefpJaM5I5bIil3qfCfWDE8Era/v/7SjVYUK iW3dVNJmqCq2YaK9GdebA/cFm+VuQSg++Ynb52kTRS0ZdxnncTWlqowjLq71rSlA EiSQbRXxdk++5tYfHomco6ocyxsXBJXU/iZYW7Rp4Oc7YF3wRTTkfXgGylDEwIzx n1nXlVhViwJk0lwptUSIQS0YJjpkVwShwrLa6UdQwufMb7adwFz+dNsVk6IF65OO gUszbiywOJbnElrzuXddHjyST76CxxZ+YB87iNCwSpaFYnMJPGFW1Vh4rDST71TL GHrcCNAXQm2gphshHjMKAh8iJUwV4Lj6kWJyCXFyzSftDO0R22wjAMgcK0C9LXKW /70kvdwhxkMHiQDOos5+5Oa3hm1ow4IxVfj2UZpN0C8u3S7EiXv7ApaY9plfUVAq iOWKC4g6jGWnTs/yFAmtZoGWw4OvTdV2GrcAfVA/nsKnuURBfH+l77AoWXhGsI7w 12JbOYoa5hFZ+2/LP8lnkYJQAArWDE+r2DBnHpAU+kyMTUDNBrSklG6F+SXBKe4x bisP7ILSMNcC9e96sb+L =QqAT -----END PGP SIGNATURE----- --W5IjvfumCWEQdwRnA8nXSwRIfdQkFU4i2--