php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-04 14:42:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix SOAP bailout handling

Browse Source 
This code was reusing the _bailout variable from
SOAP_CLIENT_BEGIN/END_CODE(). As _bailout is not volatile, modifying
it after the setjmp call and then reading it back on return is
illegal. Use a separate local bailout variable instead.

This fixes the miscompile introduced by marking zend_bailout() as
noreturn.
This commit is contained in:
Nikita Popov
2019-04-12 12:47:39 +02:00
parent 3744533468
commit 4f28bbda51
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ext/soap/soap.c
View File

@@ -2597,6 +2597,7 @@ static void do_soap_call(zend_execute_data *execute_data,
int old_features;
HashTable *old_typemap, *typemap = NULL;
smart_str action = {0};
int bailout = 0;
SOAP_CLIENT_BEGIN_CODE();
@@ -2763,7 +2764,7 @@ static void do_soap_call(zend_execute_data *execute_data,
}
} zend_catch {
_bailout = 1;
bailout = 1;
} zend_end_try();
if (SOAP_GLOBAL(encoding) != NULL) {
@@ -2775,12 +2776,11 @@ static void do_soap_call(zend_execute_data *execute_data,
SOAP_GLOBAL(class_map) = old_class_map;
SOAP_GLOBAL(encoding) = old_encoding;
SOAP_GLOBAL(sdl) = old_sdl;
if (_bailout) {
if (bailout) {
smart_str_free(&action);
if (request) {
xmlFreeDoc(request);
}
_bailout = 0;
zend_bailout();
}
SOAP_CLIENT_END_CODE();