Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/php/php56/patches/CVE-2015-6837_CVE-2015-6838.patch
changeset 5116 867d838118ad 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php/php56/patches/CVE-2015-6837_CVE-2015-6838.patch	Thu Nov 19 22:52:15 2015 -0800
@@ -0,0 +1,35 @@
+# Source: upstream
+# https://bugs.php.net/bug.php?id=69782
+# Official fix: https://github.com/php/php-src/commit/1744be2d17befc69bf00033993f4081852a747d6.patch
+# Clean patch: http://pastie.org/private/puvwu1gtr4qkextmrqmkmq
+# Patch adapted/regenerated.
+
+--- xsltprocessor.c.orig	2015-09-09 14:59:20.354579467 -0700
++++ php-5.6.8/ext/xsl/xsltprocessor.c	2015-09-09 15:01:03.737672429 -0700
+@@ -223,7 +223,10 @@
+ 	if (error == 1) {
+ 		for (i = nargs - 1; i >= 0; i--) {
+ 			obj = valuePop(ctxt);
+-			xmlXPathFreeObject(obj);
++
++			if (obj) {
++				xmlXPathFreeObject(obj);
++			}
+ 		}
+ 		return;
+ 	}
+@@ -302,9 +305,11 @@
+ 	fci.function_table = EG(function_table);
+ 	
+ 	obj = valuePop(ctxt);
+-	if (obj->stringval == NULL) {
+-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string");
+-		xmlXPathFreeObject(obj);
++	if (obj == NULL || obj->stringval == NULL) {
++		if (obj && obj->stringval == NULL) {
++			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string");
++			xmlXPathFreeObject(obj);
++		}
+ 		valuePush(ctxt, xmlXPathNewString(""));
+ 		if (fci.param_count > 0) {
+ 			for (i = 0; i < nargs - 1; i++) {
upstream/oracle/userland-gate