Blame SOURCES/php-5.5.21-CVE-2015-1351.patch
|
 |
8bac60 |
From 0a8f28b43212cc2ddbc1f2df710e37b1bec0addd Mon Sep 17 00:00:00 2001
|
|
|
8bac60 |
From: Xinchen Hui <laruence@php.net>
|
|
|
8bac60 |
Date: Thu, 8 Jan 2015 16:32:20 +0800
|
|
|
8bac60 |
Subject: [PATCH] Fixed bug #68677 (Use After Free in OPcache)
|
|
|
8bac60 |
|
|
|
8bac60 |
(cherry picked from commit 777c39f4042327eac4b63c7ee87dc1c7a09a3115)
|
|
|
8bac60 |
---
|
|
|
8bac60 |
ext/opcache/zend_shared_alloc.c | 2 +-
|
|
|
8bac60 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
8bac60 |
|
|
|
8bac60 |
diff --git a/ext/opcache/zend_shared_alloc.c b/ext/opcache/zend_shared_alloc.c
|
|
|
8bac60 |
index bbe26e8..8880b88 100644
|
|
|
8bac60 |
--- a/ext/opcache/zend_shared_alloc.c
|
|
|
8bac60 |
+++ b/ext/opcache/zend_shared_alloc.c
|
|
|
8bac60 |
@@ -346,10 +346,10 @@ void *_zend_shared_memdup(void *source, size_t size, zend_bool free_source TSRML
|
|
|
8bac60 |
retval = ZCG(mem);;
|
|
|
8bac60 |
ZCG(mem) = (void*)(((char*)ZCG(mem)) + ZEND_ALIGNED_SIZE(size));
|
|
|
8bac60 |
memcpy(retval, source, size);
|
|
|
8bac60 |
+ zend_shared_alloc_register_xlat_entry(source, retval);
|
|
|
8bac60 |
if (free_source) {
|
|
|
8bac60 |
interned_efree((char*)source);
|
|
|
8bac60 |
}
|
|
|
8bac60 |
- zend_shared_alloc_register_xlat_entry(source, retval);
|
|
|
8bac60 |
return retval;
|
|
|
8bac60 |
}
|
|
|
8bac60 |
|