Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash in git_transport_register #82

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Crash in git_transport_register #82

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3af04f4
transport register: allocate memory for callback to avoid segfault wh…
MagicalTux Jun 25, 2015
f14f167
do not free callback as we are to use it again
MagicalTux Jun 25, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions helper.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,35 @@ int php_git2_cb_init(php_git2_cb_t **out, zend_fcall_info *fci, zend_fcall_info_
cb->payload = payload;
cb->fci = fci;
cb->fcc = fcc;
cb->is_copy = 0;
GIT2_TSRMLS_SET2(cb, TSRMLS_C);

*out = cb;
return 0;
}

int php_git2_cb_init_copy(php_git2_cb_t **out, zend_fcall_info *fci, zend_fcall_info_cache *fcc, void *payload TSRMLS_DC)
{
php_git2_cb_t *cb;

cb = (struct php_git2_cb_t*)emalloc(sizeof(php_git2_cb_t));
if (cb == NULL) {
return 1;
}

cb->payload = payload;
// use fci->size instead of sizeof?
cb->fci = (zend_fcall_info*)emalloc(sizeof(zend_fcall_info));
cb->fcc = (zend_fcall_info_cache*)emalloc(sizeof(zend_fcall_info_cache));
memcpy(cb->fci, fci, sizeof(zend_fcall_info));
memcpy(cb->fcc, fcc, sizeof(zend_fcall_info_cache));
Z_ADDREF_P(cb->fci->function_name);
#if PHP_VERSION_ID >= 50300
if (cb->fci->object_ptr) {
Z_ADDREF_P(cb->fci->object_ptr);
}
#endif
cb->is_copy = 1;
GIT2_TSRMLS_SET2(cb, TSRMLS_C);

*out = cb;
Expand All @@ -225,6 +254,14 @@ int php_git2_cb_init(php_git2_cb_t **out, zend_fcall_info *fci, zend_fcall_info_

void php_git2_cb_free(php_git2_cb_t *target)
{
if (target->is_copy) {
Z_DELREF_P(target->fci->function_name);
#if PHP_VERSION_ID >= 50300
if (target->fci->object_ptr) {
Z_DELREF_P(target->fci->object_ptr);
}
#endif
}
efree(target);
}

Expand Down
4 changes: 3 additions & 1 deletion helper.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ int php_git2_call_function_v(

int php_git2_cb_init(php_git2_cb_t **out, zend_fcall_info *fci, zend_fcall_info_cache *fcc, void *payload TSRMLS_DC);

int php_git2_cb_init_copy(php_git2_cb_t **out, zend_fcall_info *fci, zend_fcall_info_cache *fcc, void *payload TSRMLS_DC);

void php_git2_cb_free(php_git2_cb_t *target);

void php_git2_array_to_strarray(git_strarray *out, zval *array TSRMLS_DC);
Expand Down Expand Up @@ -100,4 +102,4 @@ void php_git2_fcall_info_wrapper(zval *target, zend_fcall_info **out_fci, zend_f

void php_git2_fcall_info_wrapper2(zval *target, zend_fcall_info *fci, zend_fcall_info_cache *fcc TSRMLS_DC);

#endif
#endif
1 change: 1 addition & 0 deletions php_git2.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,7 @@ typedef struct php_git2_cb_t {
zval *payload;
zend_fcall_info *fci;
zend_fcall_info_cache *fcc;
int is_copy;
GIT2_TSRMLS_DECL
} php_git2_cb_t;

Expand Down
3 changes: 1 addition & 2 deletions transport.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,10 @@ PHP_FUNCTION(git_transport_register)
return;
}

if (php_git2_cb_init(&cb, &fci, &fcc, param TSRMLS_CC)) {
if (php_git2_cb_init_copy(&cb, &fci, &fcc, param TSRMLS_CC)) {
RETURN_FALSE;
}
result = git_transport_register(prefix, priority, php_git2_transport_cb, cb);
php_git2_cb_free(cb);
RETURN_LONG(result);
}
/* }}} */
Expand Down