]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 54dbd3e) | patch
Handle memory limit error during string reallocation correctly
authorNikita Popov <nikita.ppv@gmail.com>
Thu, 3 Sep 2020 07:45:54 +0000 (09:45 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Thu, 3 Sep 2020 07:49:29 +0000 (09:49 +0200)
commit573ad182d21df2457a0a2f6fd3c075e1f0bfca44
tree027144874b94ed9a8cca790faa91a984defa9dfetree | snapshot
parent54dbd3eccc867f456f257ce11556b50fcbee2ccfcommit | diff
Handle memory limit error during string reallocation correctly

Do not decrement the refcount before allocating the new string,
as the allocation operation may bail out and cause a use-after-free
lateron. We can only decrement the refcount once the allocation
has succeeded.

Fixes oss-fuzz #25384.
Zend/zend_string.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.