Skip to content

Commit a583357

Browse files
iluuu1994iluuu1994
committed
Merge branch 'PHP-8.3'
* PHP-8.3: Fix in-place modification of filename in php_message_handler_for_zend
2 parents e0a6dbc + 05a8153 commit a583357

File tree

2 files changed

+28
-6
lines changed

2 files changed

+28
-6
lines changed

Zend/tests/oss_fuzz_64209.phpt

+13
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
--TEST--
2+
oss-fuzz #64209: Fix in-place modification of filename in php_message_handler_for_zend
3+
--FILE--
4+
<?php
5+
require '://@';
6+
?>
7+
--EXPECTF--
8+
Warning: require(://@): Failed to open stream: No such file or directory in %s on line %d
9+
10+
Fatal error: Uncaught Error: Failed opening required '://@' (include_path='%s') in %s:%d
11+
Stack trace:
12+
#0 {main}
13+
thrown in %s on line %d

main/main.c

+15-6
Original file line numberDiff line numberDiff line change
@@ -1611,15 +1611,24 @@ static void php_free_request_globals(void)
16111611
static ZEND_COLD void php_message_handler_for_zend(zend_long message, const void *data)
16121612
{
16131613
switch (message) {
1614-
case ZMSG_FAILED_INCLUDE_FOPEN:
1615-
php_error_docref("function.include", E_WARNING, "Failed opening '%s' for inclusion (include_path='%s')", php_strip_url_passwd((char *) data), STR_PRINT(PG(include_path)));
1614+
case ZMSG_FAILED_INCLUDE_FOPEN: {
1615+
char *tmp = estrdup((char *) data);
1616+
php_error_docref("function.include", E_WARNING, "Failed opening '%s' for inclusion (include_path='%s')", php_strip_url_passwd(tmp), STR_PRINT(PG(include_path)));
1617+
efree(tmp);
16161618
break;
1617-
case ZMSG_FAILED_REQUIRE_FOPEN:
1618-
zend_throw_error(NULL, "Failed opening required '%s' (include_path='%s')", php_strip_url_passwd((char *) data), STR_PRINT(PG(include_path)));
1619+
}
1620+
case ZMSG_FAILED_REQUIRE_FOPEN: {
1621+
char *tmp = estrdup((char *) data);
1622+
zend_throw_error(NULL, "Failed opening required '%s' (include_path='%s')", php_strip_url_passwd(tmp), STR_PRINT(PG(include_path)));
1623+
efree(tmp);
16191624
break;
1620-
case ZMSG_FAILED_HIGHLIGHT_FOPEN:
1621-
php_error_docref(NULL, E_WARNING, "Failed opening '%s' for highlighting", php_strip_url_passwd((char *) data));
1625+
}
1626+
case ZMSG_FAILED_HIGHLIGHT_FOPEN: {
1627+
char *tmp = estrdup((char *) data);
1628+
php_error_docref(NULL, E_WARNING, "Failed opening '%s' for highlighting", php_strip_url_passwd(tmp));
1629+
efree(tmp);
16221630
break;
1631+
}
16231632
case ZMSG_MEMORY_LEAK_DETECTED:
16241633
case ZMSG_MEMORY_LEAK_REPEATED:
16251634
#if ZEND_DEBUG

0 commit comments

Comments
 (0)