archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed GH-15547: curl_multi_wait expects a signed int for timeout.

Browse source 
confusion might come from the previous argument type.
PHP expects ms so we check it fits integer boundaries before the cast.
raising a warning at least for stable branches.

close GH-15548
This commit is contained in:
David Carlier 2024-08-22 22:41:39 +01:00
parent 5947db6bb8
commit cc67220ea3
No known key found for this signature in database
GPG key ID: 8486F847B4B94EF1
3 changed files with 42 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -12,6 +12,10 @@ PHP NEWS
. Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). . Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
(Bernd Kuhls, Thomas Petazzoni) (Bernd Kuhls, Thomas Petazzoni)
- Curl:
. FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
(David Carlier)
- DOM: - DOM:
. Fixed bug GH-15551 (Segmentation fault (access null pointer) in . Fixed bug GH-15551 (Segmentation fault (access null pointer) in
ext/dom/xml_common.h). (nielsdos) ext/dom/xml_common.h). (nielsdos)

10
ext/curl/multi.c
View file

@ -187,7 +187,15 @@ PHP_FUNCTION(curl_multi_select)
mh = Z_CURL_MULTI_P(z_mh); mh = Z_CURL_MULTI_P(z_mh);
error = curl_multi_wait(mh->multi, NULL, 0, (unsigned long) (timeout * 1000.0), &numfds); if (!(timeout >= 0.0 && timeout <= ((double)INT_MAX / 1000.0))) {
php_error_docref(NULL, E_WARNING, "timeout must be between 0 and %d", (int)ceilf((double)INT_MAX / 1000));
#ifdef CURLM_BAD_FUNCTION_ARGUMENT
SAVE_CURLM_ERROR(mh, CURLM_BAD_FUNCTION_ARGUMENT);
#endif
RETURN_LONG(-1);
}
error = curl_multi_wait(mh->multi, NULL, 0, (int) (timeout * 1000.0), &numfds);
if (CURLM_OK != error) { if (CURLM_OK != error) {
SAVE_CURLM_ERROR(mh, error); SAVE_CURLM_ERROR(mh, error);
RETURN_LONG(-1); RETURN_LONG(-1);

29
ext/curl/tests/gh15547.phpt Normal file
View file

@ -0,0 +1,29 @@
--TEST--
GH-15547 - curl_multi_select overflow on timeout argument
--EXTENSIONS--
curl
--FILE--
<?php
$mh = curl_multi_init();
var_dump(curl_multi_select($mh, -2500000));
var_dump(curl_multi_strerror(curl_multi_errno($mh)));
curl_multi_close($mh);
$mh = curl_multi_init();
var_dump(curl_multi_select($mh, 2500000));
var_dump(curl_multi_strerror(curl_multi_errno($mh)));
curl_multi_close($mh);
$mh = curl_multi_init();
var_dump(curl_multi_select($mh, 1000000));
var_dump(curl_multi_strerror(curl_multi_errno($mh)));
?>
--EXPECTF--
Warning: curl_multi_select(): timeout must be between 0 and %d in %s on line %d
int(-1)
%s
Warning: curl_multi_select(): timeout must be between 0 and %d in %s on line %d
int(-1)
%s
int(0)
string(8) "No error"