Merge branch 'PHP-7.0'

* PHP-7.0: update NEWS Fixed bug #70914 zend_throw_or_error() format string vulnerability
2026-04-01 05:02:27 +02:00 · 2015-11-14 23:49:59 +01:00
parent e02aea5590 e3d19e81a2
commit 7901bee575
2 changed files with 18 additions and 1 deletions
--- a/Zend/tests/bug70914.phpt
+++ b/Zend/tests/bug70914.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #70895 null ptr deref and segfault with crafted callable
+--SKIPIF--
+<?php
+if (!extension_loaded("pdo_sqlite")) {
+	die("skip pdo_sqlite required");
+}
+?>
+--FILE--
+<?php
+
+$db = new PDO('sqlite::memory:');
+$st = $db->query('SELECT 1');
+$re = $st->fetchObject('%Z');
+?>
+--EXPECTREGEX--
+Fatal error: Class '%Z' not found in .+bug70914.php on line \d+
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -220,7 +220,7 @@ static void zend_throw_or_error(int fetch_type, zend_class_entry *exception_ce,
 	if (fetch_type & ZEND_FETCH_CLASS_EXCEPTION) {
 		zend_throw_error(exception_ce, message);
 	} else {
-		zend_error(E_ERROR, message);
+		zend_error(E_ERROR, "%s", message);
 	}

 	efree(message);