Invalid free of CG(interned_empty_string)

On failure php_escape_html_entities returns STR_EMPTY_ALLOC which is an
alias of CG(interned_empty_string) if interned strings are enabled.
Make sure we don't free this.

diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 6a250baf58bfe598821241e18016836afa2a09f2..b739d338d9a45a3e815d04d169ffc582b9a0d5f8 100644 (file)
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -4004,7 +4004,7 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function
                                } else {        
                                        xmlNodeSetContentLen(node, BAD_CAST(str), (int)new_len);
                                }
-                               efree(str);
+                               str_efree(str);
                        }
                        if (zend_hash_find(prop, "faultstring", sizeof("faultstring"), (void**)&tmp) == SUCCESS) {
                                xmlNodePtr node = master_to_xml(get_conversion(IS_STRING), *tmp, SOAP_LITERAL, param TSRMLS_CC);
@@ -4029,7 +4029,7 @@ static xmlDocPtr serialize_response_call(sdlFunctionPtr function, char *function
                                } else {        
                                        xmlNodeSetContentLen(node, BAD_CAST(str), (int)new_len);
                                }
-                               efree(str);
+                               str_efree(str);
                        }
                        if (zend_hash_find(prop, "faultstring", sizeof("faultstring"), (void**)&tmp) == SUCCESS) {
                                xmlNodePtr node = xmlNewChild(param, ns, BAD_CAST("Reason"), NULL);

diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c
index 4e91c18d59132ea0d97e8e359014f7996ae21fdb..0e96b364f954cabe1cfc0c4f579049134aa2dd1f 100644 (file)
--- a/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@ -409,7 +409,7 @@ static void php_wddx_serialize_string(wddx_packet *packet, zval *var TSRMLS_DC)
 
                php_wddx_add_chunk_ex(packet, buf, buf_len);
 
-               efree(buf);
+               str_efree(buf);
        }
        php_wddx_add_chunk_static(packet, WDDX_STRING_E);
 }
@@ -635,7 +635,7 @@ void php_wddx_serialize_var(wddx_packet *packet, zval *var, char *name, int name
                snprintf(tmp_buf, name_esc_len + sizeof(WDDX_VAR_S), WDDX_VAR_S, name_esc);
                php_wddx_add_chunk(packet, tmp_buf);
                efree(tmp_buf);
-               efree(name_esc);
+               str_efree(name_esc);
        }
        
        switch(Z_TYPE_P(var)) {

diff --git a/main/main.c b/main/main.c
index 16dc370ca1d7612a3dc580f45eefdae53837e3d8..331849cfc269d7df999317db7a1afe428a7efa03 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -918,7 +918,7 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
        } else {
                spprintf(&message, 0, "%s: %s", origin, buffer);
        }
-       efree(origin);
+       str_efree(origin);
        if (docref_buf) {
                efree(docref_buf);
        }