php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix GH-21023: CURLOPT_XFERINFOFUNCTION with invalid callback crash.

Browse Source 
we check the FCC is properly initialised beforehand in its handler.

close GH-21025
This commit is contained in:
David Carlier
2026-01-24 14:49:10 +00:00
parent 23f4b93523
commit b156471a30
3 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@@ -5,6 +5,10 @@ PHP NEWS
- Core:
. Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds). (Arnaud)
- Curl:
. Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback).
(David Carlier)
- PDO_PGSQL:
. Fixed bug GH-21055 (connection attribute status typo for GSS negotiation).
(lsaos)

10
ext/curl/interface.c
View File

@@ -621,6 +621,10 @@ static int curl_fnmatch(void *ctx, const char *pattern, const char *string)
zval argv[3];
zval retval;
if (!ZEND_FCC_INITIALIZED(ch->handlers.fnmatch)) {
return rval;
}
GC_ADDREF(&ch->std);
ZVAL_OBJ(&argv[0], &ch->std);
ZVAL_STRING(&argv[1], pattern);
@@ -652,6 +656,9 @@ static int curl_progress(void *clientp, double dltotal, double dlnow, double ult
fprintf(stderr, "curl_progress() called\n");
fprintf(stderr, "clientp = %x, dltotal = %f, dlnow = %f, ultotal = %f, ulnow = %f\n", clientp, dltotal, dlnow, ultotal, ulnow);
#endif
if (!ZEND_FCC_INITIALIZED(ch->handlers.progress)) {
return rval;
}
zval args[5];
zval retval;
@@ -690,6 +697,9 @@ static int curl_xferinfo(void *clientp, curl_off_t dltotal, curl_off_t dlnow, cu
fprintf(stderr, "curl_xferinfo() called\n");
fprintf(stderr, "clientp = %x, dltotal = %ld, dlnow = %ld, ultotal = %ld, ulnow = %ld\n", clientp, dltotal, dlnow, ultotal, ulnow);
#endif
if (!ZEND_FCC_INITIALIZED(ch->handlers.xferinfo)) {
return rval;
}
zval argv[5];
zval retval;

27
ext/curl/tests/gh21023.phpt Normal file
View File

@@ -0,0 +1,27 @@
--TEST--
GH-21023 (crash with CURLOPT_XFERINFOFUNCTION set with an invalid callback)
--EXTENSIONS--
curl
--FILE--
<?php
include 'server.inc';
$host = curl_cli_server_start();
$url = "{$host}/get.inc";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_NOPROGRESS, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_XFERINFOFUNCTION, null);
curl_exec($ch);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_PROGRESSFUNCTION, null);
curl_exec($ch);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_WILDCARDMATCH, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FNMATCH_FUNCTION, null);
curl_exec($ch);
echo "OK", PHP_EOL;
?>
--EXPECT--
OK