gh17047.phpt - OpenGrok history log for /php-src/ext/iconv/tests/gh17047.phpt

Revision		Date	Author	Comments
# ddbd396a		05-Dec-2024	Niels Dossche <7771979+nielsdos@users.noreply.github.com>	Fix GH-17047: UAF on iconv filter failure The first while loop sets the bucket variable, and this is freed in out_failure. However, when the second "goto out_failure" is triggered th Fix GH-17047: UAF on iconv filter failure The first while loop sets the bucket variable, and this is freed in out_failure. However, when the second "goto out_failure" is triggered then bucket still refers to the bucket from the first while loop, causing a UAF. Fix this by separating the error paths. Closes GH-17058. show more ...

Revision

Date

Author

Comments

# ddbd396a

05-Dec-2024

Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix GH-17047: UAF on iconv filter failure

The first while loop sets the bucket variable, and this is freed in
out_failure. However, when the second "goto out_failure" is triggered
th

Fix GH-17047: UAF on iconv filter failure

The first while loop sets the bucket variable, and this is freed in
out_failure. However, when the second "goto out_failure" is triggered
then bucket still refers to the bucket from the first while loop,
causing a UAF.
Fix this by separating the error paths.

Closes GH-17058.