Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:80896 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 71962 invoked from network); 20 Jan 2015 20:28:21 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Jan 2015 20:28:21 -0000 Authentication-Results: pb1.pair.com smtp.mail=git@internot.info; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=git@internot.info; sender-id=pass Received-SPF: pass (pb1.pair.com: domain internot.info designates 185.57.82.47 as permitted sender) X-PHP-List-Original-Sender: git@internot.info X-Host-Fingerprint: 185.57.82.47 mail.internot.info Received: from [185.57.82.47] ([185.57.82.47:58541] helo=mail.internot.info) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 48/74-49046-46ABEB45 for ; Tue, 20 Jan 2015 15:28:21 -0500 To: internals@lists.php.net Cc: Joshua Rogers Date: Wed, 21 Jan 2015 07:28:08 +1100 Message-ID: <1421785688-23331-1-git-send-email-git@internot.info> Subject: [PATCH] Fix uninitalized variables reads. See CWE-457 for more info. From: git@internot.info (Joshua Rogers) --- ext/mbstring/mbstring.c | 8 ++++---- ext/reflection/php_reflection.c | 1 + main/main.c | 1 + 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index 7f2209f..504a5e6 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -3891,7 +3891,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t int state = 0; int crlf_state = -1; char *token = NULL; - size_t token_pos; + size_t token_pos = 0; zend_string *fld_name, *fld_val; ps = str; @@ -3917,7 +3917,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t } if (state == 0 || state == 1) { - if(token) { + if(token && token_pos > 0) { fld_name = zend_string_init(token, token_pos, 0); } state = 2; @@ -3983,7 +3983,7 @@ static int _php_mbstr_parse_mail_headers(HashTable *ht, const char *str, size_t case 3: if (crlf_state == -1) { - if(token) { + if(token && token_pos > 0) { fld_val = zend_string_init(token, token_pos, 0); } @@ -4032,7 +4032,7 @@ out: state = 3; } if (state == 3) { - if(token) { + if(token && token_pos > 0) { fld_val = zend_string_init(token, token_pos, 0); } if (fld_name != NULL && fld_val != NULL) { diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 3f5c7a9..1f5085c 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -3978,6 +3978,7 @@ static int _adddynproperty(zval *ptr, int num_args, va_list args, zend_hash_key if (zend_get_property_info(ce, hash_key->key, 1) == NULL) { zend_property_info property_info; + property_info.doc_comment = NULL; property_info.flags = ZEND_ACC_IMPLICIT_PUBLIC; property_info.name = hash_key->key; property_info.ce = ce; diff --git a/main/main.c b/main/main.c index 3aef805..50d0161 100644 --- a/main/main.c +++ b/main/main.c @@ -2255,6 +2255,7 @@ int php_module_startup(sapi_module_struct *sf, zend_module_entry *additional_mod zuv.html_errors = 1; zuv.import_use_extension = ".php"; + zuv.import_use_extension_length = (uint)strlen(zuv.import_use_extension); php_startup_auto_globals(); zend_set_utility_values(&zuv); php_startup_sapi_content_types(); -- 1.9.1