diff --git a/NEWS b/NEWS index 0961ddaa9fbf..71f67c39665f 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,8 @@ PHP NEWS string interpolation). (timwolla) . Fixed bug GH-22373 (AST pretty-printing drops meaningful parentheses surrounding property access). (timwolla) + . Fixed GH-22422 (zend_arena layout mismatch leaked memory in separately + built extensions under AddressSanitizer). (iliaal) - BCMath: . Added NUL-byte validation to BCMath functions. (jorgsowa) diff --git a/configure.ac b/configure.ac index b61b909b67b7..9014869fb94e 100644 --- a/configure.ac +++ b/configure.ac @@ -1539,8 +1539,10 @@ AS_VAR_IF([PHP_ADDRESS_SANITIZER], [yes], ]))]) AX_CHECK_COMPILE_FLAG([-fsanitize=address], [ - CFLAGS="$CFLAGS -fsanitize=address -DZEND_TRACK_ARENA_ALLOC" - CXXFLAGS="$CXXFLAGS -fsanitize=address -DZEND_TRACK_ARENA_ALLOC" + CFLAGS="$CFLAGS -fsanitize=address" + CXXFLAGS="$CXXFLAGS -fsanitize=address" + AC_DEFINE([ZEND_TRACK_ARENA_ALLOC], [1], + [Whether to track arena allocations individually for AddressSanitizer.]) ], [AC_MSG_ERROR([AddressSanitizer is not available])]) ]) diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c index 389e3c805681..7189954ec412 100644 --- a/ext/pdo_dblib/dblib_driver.c +++ b/ext/pdo_dblib/dblib_driver.c @@ -232,7 +232,7 @@ zend_string *dblib_handle_last_id(pdo_dbh_t *dbh, const zend_string *name) RETCODE ret; BYTE id[40]; - size_t len; + DBINT len; /* * Would use scope_identity() but it's not implemented on Sybase @@ -267,6 +267,10 @@ zend_string *dblib_handle_last_id(pdo_dbh_t *dbh, const zend_string *name) len = dbconvert(NULL, (dbcoltype(H->link, 1)) , (dbdata(H->link, 1)) , (dbdatlen(H->link, 1)), SQLCHAR, (BYTE *)id, (DBINT)sizeof(id)); dbcancel(H->link); + if (len < 0) { + return NULL; + } + return zend_string_init((const char *) id, len, 0); } diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c index c20969aac2b0..36f380b2122b 100644 --- a/ext/pdo_firebird/firebird_driver.c +++ b/ext/pdo_firebird/firebird_driver.c @@ -1389,6 +1389,10 @@ static int pdo_firebird_handle_factory(pdo_dbh_t *dbh, zval *driver_options) /* char const *dpb_values[] = { dbh->username, dbh->password, vars[1].optval, vars[2].optval }; char dpb_buffer[256] = { isc_dpb_version1 }, *dpb; + if (EG(exception)) { + break; + } + dpb = dpb_buffer + 1; /* loop through all the provided arguments and set dpb fields accordingly */ @@ -1425,7 +1429,7 @@ static int pdo_firebird_handle_factory(pdo_dbh_t *dbh, zval *driver_options) /* } } - if (!dbh->methods) { + if (!dbh->methods && !EG(exception)) { char errmsg[512]; const ISC_STATUS *s = H->isc_status; fb_interpret(errmsg, sizeof(errmsg),&s); diff --git a/ext/posix/posix.c b/ext/posix/posix.c index ff91c7ba9177..a9fe723f454b 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -688,7 +688,11 @@ static void php_posix_group_to_array(struct group *g, zval *array_group) /* {{{ array_init(&array_members); zend_hash_real_init_packed(Z_ARRVAL(array_members)); - add_assoc_string(array_group, "name", g->gr_name); + if (g->gr_name) { + add_assoc_string(array_group, "name", g->gr_name); + } else { + add_assoc_null(array_group, "name"); + } if (g->gr_passwd) { add_assoc_string(array_group, "passwd", g->gr_passwd); } else {