[PATCH] 5.0 ISAPI cookie string free fix (#28929)

21 years ago by Michael Sisolak — view source

unread

I believe that a bug was introduced with version 1.3 of php5isapi.c.
The sapi_isapi_read_cookies() function used to return NULL when there
were no cookies, but was changed to return "" instead. That's fine,
but then HttpExtensionProc() attempts to free the non-ealloc'ed empty
string and dies with an Access Violation. I believe this is the issue
people are seeing in bug #28929.

I've attached a patch for the PHP_5_0 branch that has
sapi_isapi_read_cookes() return an empty_string constant, and uses
STR_FREE to call efree() to protect the case of the empty_string value.
For HEAD this patch would be easier becuase of the recent removal of
empty_string - just return STR_EMPTY_ALLOC() and keep the efree() as
is.

Michael Sisolak
msisolak@yahoo.com

Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

21 years ago by Andi Gutmans — view source

unread

You forgot to attach the patch...

At 02:55 PM 7/20/2004 -0700, Michael Sisolak wrote:

I believe that a bug was introduced with version 1.3 of php5isapi.c.
The sapi_isapi_read_cookies() function used to return NULL when there
were no cookies, but was changed to return "" instead. That's fine,
but then HttpExtensionProc() attempts to free the non-ealloc'ed empty
string and dies with an Access Violation. I believe this is the issue
people are seeing in bug #28929.

I've attached a patch for the PHP_5_0 branch that has
sapi_isapi_read_cookes() return an empty_string constant, and uses
STR_FREE to call efree() to protect the case of the empty_string value.
For HEAD this patch would be easier becuase of the recent removal of
empty_string - just return STR_EMPTY_ALLOC() and keep the efree() as
is.

Michael Sisolak
msisolak@yahoo.com

Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

21 years ago by Edin Kadribasic — view source

unread

Hi Micheal,

I have applied the fix to the CVS.

Edin

----- Original Message -----
From: "Michael Sisolak" msisolak@yahoo.com
To: internals@lists.php.net
Sent: Tuesday, July 20, 2004 11:55 PM
Subject: [PHP-DEV] [PATCH] 5.0 ISAPI cookie string free fix (#28929)

I believe that a bug was introduced with version 1.3 of php5isapi.c.
The sapi_isapi_read_cookies() function used to return NULL when there
were no cookies, but was changed to return "" instead. That's fine,
but then HttpExtensionProc() attempts to free the non-ealloc'ed empty
string and dies with an Access Violation. I believe this is the issue
people are seeing in bug #28929.

I've attached a patch for the PHP_5_0 branch that has
sapi_isapi_read_cookes() return an empty_string constant, and uses
STR_FREE to call efree() to protect the case of the empty_string value.
For HEAD this patch would be easier becuase of the recent removal of
empty_string - just return STR_EMPTY_ALLOC() and keep the efree() as
is.

Michael Sisolak
msisolak@yahoo.com

Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail