fix #47
authorMichael Wallner <mike@php.net>
Wed, 13 Jul 2016 08:05:39 +0000 (10:05 +0200)
committerMichael Wallner <mike@php.net>
Wed, 13 Jul 2016 08:05:39 +0000 (10:05 +0200)
src/php_http_params.c
tests/gh-issue47.phpt [new file with mode: 0644]

index c722f06..c0071ac 100644 (file)
@@ -522,6 +522,10 @@ static void merge_param(HashTable *params, zval *zdata, zval ***current_param, z
 
 static void push_param(HashTable *params, php_http_params_state_t *state, const php_http_params_opts_t *opts TSRMLS_DC)
 {
+       if (!state->current.val) {
+               return;
+       }
+
        if (state->val.str) {
                if (0 < (state->val.len = state->input.str - state->val.str)) {
                        sanitize_value(opts->flags, state->val.str, state->val.len, *(state->current.val), state->rfc5987 TSRMLS_CC);
diff --git a/tests/gh-issue47.phpt b/tests/gh-issue47.phpt
new file mode 100644 (file)
index 0000000..6956588
--- /dev/null
@@ -0,0 +1,27 @@
+--TEST--
+Null pointer deref in sanitize_value
+--SKIPIF--
+<?php
+include "skipif.inc";
+?>
+--FILE--
+<?php
+echo "Test\n";
+
+$urls = [
+    "",
+    "? = ="
+];
+
+$url0=new http\Url($urls[0]);
+$url1=$url0->mod($urls[1]);
+
+echo $url1;
+
+?>
+
+===DONE===
+--EXPECTF--
+Test
+http://%s/
+===DONE===