ID: 48619 Updated by: paj...@php.net Reported By: andy at webtatic dot com Status: Assigned Bug Type: IMAP related Operating System: CentOS 5.3 i386 PHP Version: 5.2.10 Assigned To: pajoye New Comment:
Sorry, I should have been more clear, this patch is not tested (did not even compile it, no vc at hand :), it was only for the idea. Yes, the free mode is also a constant as well as some other, so a bit comparison is necessary. That being said, I'm not sure to understand why we exposed SE_FREE in the 1st place... Previous Comments: ------------------------------------------------------------------------ [2009-06-20 21:26:44] andy at webtatic dot com SE_FREE is also a PHP constant, so the user (for some reason), might pass in the flag SE_FREE | SE_UID, which a direct != will not match SE_FREE on, causing the same issue. You should probably do a bitwise check for the flag in your case. ------------------------------------------------------------------------ [2009-06-20 21:15:49] paj...@php.net I made one already too, http://pastebin.com/m22b58a19 I prefer this way as there is no ambiguity, I also fixed the other locations where a similar situation can happen. I have to merge into head and it will committed. Thanks for your work! ------------------------------------------------------------------------ [2009-06-20 20:54:37] andy at webtatic dot com I've made a patch for it, as I'd like to have it patched in my rpms of 5.2.10. I can't see anywhere to upload files, so I'll post it here, only short: --- php-5.2.10/ext/imap/php_imap.c.pgmfree 2009-06-20 21:44:54.000000000 +0100 +++ php-5.2.10/ext/imap/php_imap.c 2009-06-20 21:45:16.000000000 +0100 @@ -3701,7 +3701,7 @@ flags = SE_FREE; } else { convert_to_long_ex(search_flags); - flags = Z_LVAL_PP(search_flags); + flags = Z_LVAL_PP(search_flags) & SE_FREE; if (argc == 4) { convert_to_string_ex(charset); } @@ -3712,10 +3712,6 @@ mail_search_full(imap_le_struct->imap_stream, (argc == 4 ? Z_STRVAL_PP(charset) : NIL), pgm, flags); - if (pgm) { - mail_free_searchpgm(&pgm); - } - if (IMAPG(imap_messages) == NIL) { efree(search_criteria); RETURN_FALSE; ------------------------------------------------------------------------ [2009-06-20 20:39:22] paj...@php.net Ah nice catch for this edge case. I will fix it soonish. Thanks :) ------------------------------------------------------------------------ [2009-06-20 20:34:39] andy at webtatic dot com Also looking at c-client's latest, the same internal free happens, so will cause the same problem. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/48619 -- Edit this bug report at http://bugs.php.net/?id=48619&edit=1
