Merge branch 'PHP-7.0' into PHP-7.1

weltling · weltling · commit fb92116a5a01 · 2016-12-11T17:07:57.000+01:00
* PHP-7.0:
  Fixed bug #73679 DOTNET read access violation using invalid codepage
diff --git a/ext/com_dotnet/com_dotnet.c b/ext/com_dotnet/com_dotnet.c
@@ -196,6 +196,7 @@ PHP_FUNCTION(com_dotnet_create_instance)
 	int ret = FAILURE;
 	char *where = "";
 	IUnknown *unk = NULL;
+	zend_long cp = CP_ACP;
 
 	php_com_initialize();
 	stuff = (struct dotnet_runtime_stuff*)COMG(dotnet_runtime_stuff);
@@ -245,11 +246,17 @@ PHP_FUNCTION(com_dotnet_create_instance)
 	if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS(), "ss|l",
 			&assembly_name, &assembly_name_len,
 			&datatype_name, &datatype_name_len,
-			&obj->code_page)) {
+			&cp)) {
 		php_com_throw_exception(E_INVALIDARG, "Could not create .Net object - invalid arguments!");
 		return;
 	}
 
+	if (Z_L(0) > cp || ZEND_LONG_INT_OVFL(cp)) {
+		php_com_throw_exception(E_INVALIDARG, "Could not create .Net object - invalid codepage!");
+		return;
+	}
+	obj->code_page = (int)cp;
+
 	oletype = php_com_string_to_olestring(datatype_name, datatype_name_len, obj->code_page);
 	oleassembly = php_com_string_to_olestring(assembly_name, assembly_name_len, obj->code_page);
 	oletype_sys = SysAllocString(oletype);
diff --git a/ext/com_dotnet/tests/bug73679.phpt b/ext/com_dotnet/tests/bug73679.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #73679 DOTNET read access violation using invalid codepage 
+--SKIPIF--
+<?php # vim:ft=php
+if (!extension_loaded("com_dotnet")) print "skip COM/.Net support not present"; ?>
+--FILE--
+<?php
+
+$stack = new DOTNET("mscorlib", "System.Collections.Stack", -2200000000);
+$stack->Push(".Net");
+$stack->Push("Hello ");
+echo $stack->Pop() . $stack->Pop();
+
+?>
+--EXPECTF--
+Fatal error: Uncaught com_exception: Could not create .Net object - invalid codepage! in %sbug73679.php:%d
+Stack trace:
+#0 %sbug73679.php(%d): dotnet->dotnet('mscorlib', 'System.Collecti...', -2200000000)
+#1 {main}
+  thrown in %sbug73679.php on line %d
