You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "grayson (JIRA)" <ji...@apache.org> on 2014/01/16 11:13:19 UTC
[jira] [Created] (THRIFT-2321) thrift php extension,when giving
data not a correct type,it will seperate it,but when running function
"SEPARATE_ZVAL()",the real data pointer is changed,real data will loss.
grayson created THRIFT-2321:
-------------------------------
Summary: thrift php extension,when giving data not a correct type,it will seperate it,but when running function "SEPARATE_ZVAL()",the real data pointer is changed,real data will loss.
Key: THRIFT-2321
URL: https://issues.apache.org/jira/browse/THRIFT-2321
Project: Thrift
Issue Type: Bug
Components: C++ - Compiler, C++ - Library
Affects Versions: 0.9
Environment: PHP 5.2.9
Zend Engine v2.2.0
g++ (SUSE Linux) 4.3.2 [gcc-4_3-branch revision 141291]
Reporter: grayson
code position:
file::thrift-0.9.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp
void binary_serialize(.....)
{
.
.
.
if (Z_TYPE_PP(value) != IS_LONG) {
SEPARATE_ZVAL(value);
convert_to_long(*value);
}
.
.
.
}
php client have a function:
$lmflag = array("3");
public function GetStaet($lmflag)
thrift file define this function:
ReturnResult GetState(1:list<i32> lmflag);
now we use php extension(thrift_protocol.so) to call function "GetState()",as parameter lmflag data type inconsistent,so the extension will seperate it use function "SEPARATE_ZVAL(value)", then the pointer "value" will change it point,now we can find that real data pointer is missing,the real data is lost.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)