From 3c3ff434329d2f505b00a79bacfdef95ca96f0d2 Mon Sep 17 00:00:00 2001 From: krakjoe Date: Wed, 1 Jan 2014 12:58:18 +0000 Subject: [PATCH] fix #66375 bad logic in sapi header callback routine --- main/SAPI.c | 43 +++++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/main/SAPI.c b/main/SAPI.c index dcb2da6..9ffc258 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -137,6 +137,7 @@ PHP_FUNCTION(header_register_callback) efree(callback_name); RETURN_FALSE; } + efree(callback_name); if (SG(callback_func)) { @@ -144,10 +145,10 @@ PHP_FUNCTION(header_register_callback) SG(fci_cache) = empty_fcall_info_cache; } - Z_ADDREF_P(callback_func); - SG(callback_func) = callback_func; - + + Z_ADDREF_P(SG(callback_func)); + RETURN_TRUE; } /* }}} */ @@ -156,24 +157,30 @@ static void sapi_run_header_callback(TSRMLS_D) { int error; zend_fcall_info fci; + char *callback_name = NULL; + char *callback_error = NULL; zval *retval_ptr = NULL; - - fci.size = sizeof(fci); - fci.function_table = EG(function_table); - fci.object_ptr = NULL; - fci.function_name = SG(callback_func); - fci.retval_ptr_ptr = &retval_ptr; - fci.param_count = 0; - fci.params = NULL; - fci.no_separation = 0; - fci.symbol_table = NULL; - - error = zend_call_function(&fci, &SG(fci_cache) TSRMLS_CC); - if (error == FAILURE) { + + if (zend_fcall_info_init(SG(callback_func), 0, &fci, &SG(fci_cache), &callback_name, &callback_error TSRMLS_CC) == SUCCESS) { + fci.retval_ptr_ptr = &retval_ptr; + + error = zend_call_function(&fci, &SG(fci_cache) TSRMLS_CC); + if (error == FAILURE) { + goto callback_failed; + } else if (retval_ptr) { + zval_ptr_dtor(&retval_ptr); + } + } else { +callback_failed: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not call the sapi_header_callback"); - } else if (retval_ptr) { - zval_ptr_dtor(&retval_ptr); } + + if (callback_name) { + efree(callback_name); + } + if (callback_error) { + efree(callback_error); + } } SAPI_API void sapi_handle_post(void *arg TSRMLS_DC) -- 2.1.4