[jira] [Commented] (THRIFT-4263) Fix use after free bug for thrown exceptions

Wed, 26 Jul 2017 09:26:19 -0700 

    [ 
https://issues.apache.org/jira/browse/THRIFT-4263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16101879#comment-16101879
 ] 

ASF GitHub Bot commented on THRIFT-4263:
----------------------------------------

GitHub user norrs opened a pull request:

    https://github.com/apache/thrift/pull/1314

    THRIFT-4263: Fix use after free bug for thrown exceptions

    Exceptions thrown through PHPExceptionWrapper are prematurely freed at the 
end
    of the catch block, even though zend_throw_exception_object expects to take
    ownership of the value.
    
    Ensure we free return_value in case of exceptions
    
    Test binary deserialization of insufficient data which verifies we can cast
    exception to string to verify against memory corruption when transport casts
    exceptions.
    
    Patch: Håkon Hitland <[email protected]>
    Patch: Roy Sindre Norangshol <[email protected]>
    
    This closes #4263

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/norrs/thrift THRIFT-4263

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/thrift/pull/1314.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1314
    
----
commit 7e64cc664170999e8224c7df4a689efebc55aea5
Author: Roy Sindre Norangshol <[email protected]>
Date:   2017-07-26T16:19:38Z

    THRIFT-4263: Test case for 'Fix use after free bug for thrown exceptions'
    
    Test binary deserialization of insufficient data which verifies we can cast
    exception to string to verify against memory corruption when transport casts
    exceptions.
    
    Patch: Håkon Hitland <[email protected]>
    Patch: Roy Sindre Norangshol <[email protected]>

----


> Fix use after free bug for thrown exceptions
> --------------------------------------------
>
>                 Key: THRIFT-4263
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4263
>             Project: Thrift
>          Issue Type: Bug
>          Components: PHP - Library
>    Affects Versions: 0.10.0, 0.11.0
>         Environment: Verified both on Debian unstable and Centos 7 under 
> valgrind
>            Reporter: Roy Sindre Norangshol
>            Priority: Critical
>
> Fix use after free bug for thrown exceptions
> Exceptions thrown through PHPExceptionWrapper are prematurely freed at
> the end of the catch block, even though zend_throw_exception_object
> expects to take ownership of the value.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to