]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1e2d3d5)
Fix #78761: Zend memory heap corruption with preload and casting
authorChristoph M. Becker <cmbecker69@gmx.de>
Wed, 30 Oct 2019 17:05:10 +0000 (18:05 +0100)
committerChristoph M. Becker <cmbecker69@gmx.de>
Wed, 30 Oct 2019 18:49:39 +0000 (19:49 +0100)
We have to reset `FFI_G(persistent)` back to zero when preloading has
finished.

NEWS patch | blob | history
ext/ffi/ffi.c patch | blob | history
ext/ffi/tests/bug78761.phpt [new file with mode: 0644] patch | blob
ext/ffi/tests/bug78761_preload.h [new file with mode: 0644] patch | blob
ext/ffi/tests/bug78761_preload.php [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 17dd4756c12b4c62832b0d12b7f05c7d950b7d99..b63d82438c81b58fb64392460e209779d8ffe7b4 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@ PHP                                                                        NEWS
   . Fixed bug #78716 (Function name mangling is wrong for some parameter 
     types). (cmb)
   . Fixed bug #78762 (Failing FFI::cast() may leak memory). (cmb)
+  . Fixed bug #78761 (Zend memory heap corruption with preload and casting).
+    (cmb)
   . Implement FR #78270 (Support __vectorcall convention with FFI). (cmb)
 
 - FPM:
diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c
index 08117cba83697b020330663b9dd593ad569f2c20..369e6531ace3750565e924f1580d3a73d425edff 100644 (file)
--- a/ext/ffi/ffi.c
+++ b/ext/ffi/ffi.c
@@ -3340,6 +3340,7 @@ static zend_ffi *zend_ffi_load(const char *filename, zend_bool preload) /* {{{ *
        efree(code);
        FFI_G(symbols) = NULL;
        FFI_G(tags) = NULL;
+       FFI_G(persistent) = 0;
 
        return ffi;
 
diff --git a/ext/ffi/tests/bug78761.phpt b/ext/ffi/tests/bug78761.phpt
new file mode 100644 (file)
index 0000000..1db977a
--- /dev/null
+++ b/ext/ffi/tests/bug78761.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78761 (Zend memory heap corruption with preload and casting)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--INI--
+opcache.enable_cli=1
+opcache.preload={PWD}/bug78761_preload.php
+--FILE--
+<?php
+try {
+    FFI::cast('char[10]', FFI::new('char[1]'));
+} catch (FFI\Exception $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+attempt to cast to larger type
diff --git a/ext/ffi/tests/bug78761_preload.h b/ext/ffi/tests/bug78761_preload.h
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/ext/ffi/tests/bug78761_preload.php b/ext/ffi/tests/bug78761_preload.php
new file mode 100644 (file)
index 0000000..207b7c3
--- /dev/null
+++ b/ext/ffi/tests/bug78761_preload.php
@@ -0,0 +1,3 @@
+<?php
+
+FFI::load(__DIR__ . '/bug78761_preload.h');
Unnamed repository; edit this file 'description' to name the repository.