archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix NULL arithmetic in System V shared memory emulation

Browse source 
For the first child process execution, `TWG(shm)` is `NULL`; we need to
catch that to avoid undefined behavior.

Closes GH-17550.
This commit is contained in:
Christoph M. Becker 2025-01-23 16:29:35 +01:00
parent 3a52aba20c
commit 2e02cdfb5f
No known key found for this signature in database
GPG key ID: D66C9593118BCCB6
2 changed files with 15 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -15,6 +15,8 @@ PHP NEWS
. Fixed bug GH-17408 (Assertion failure Zend/zend_exceptions.c).
(nielsdos, ilutov)
. Fix may_have_extra_named_args flag for ZEND_AST_UNPACK. (nielsdos)
. Fix NULL arithmetic in System V shared memory emulation for Windows. (cmb)
- DOM:
. Fixed bug GH-17500 (Segfault with requesting nodeName on nameless doctype).

24
TSRM/tsrm_win32.c
View file

@ -402,19 +402,21 @@ static shm_pair *shm_get(key_t key, void *addr)
shm_pair *ptr;
shm_pair *newptr;
for (ptr = TWG(shm); ptr < (TWG(shm) + TWG(shm_size)); ptr++) {
if (!ptr->descriptor) {
continue;
if (TWG(shm) != NULL) {
for (ptr = TWG(shm); ptr < (TWG(shm) + TWG(shm_size)); ptr++) {
if (!ptr->descriptor) {
continue;
}
if (!addr && ptr->descriptor->shm_perm.key == key) {
break;
} else if (ptr->addr == addr) {
break;
}
}
if (!addr && ptr->descriptor->shm_perm.key == key) {
break;
} else if (ptr->addr == addr) {
break;
}
}
if (ptr < (TWG(shm) + TWG(shm_size))) {
return ptr;
if (ptr < (TWG(shm) + TWG(shm_size))) {
return ptr;
}
}
newptr = (shm_pair*)realloc((void*)TWG(shm), (TWG(shm_size)+1)*sizeof(shm_pair));