Fix invalid access to interned strings after they are freed in phpdbg

author Bob Weinand <bobwei9@hotmail.com>

Sat, 1 Oct 2016 09:46:21 +0000 (10:46 +0100)

committer Bob Weinand <bobwei9@hotmail.com>

Sat, 1 Oct 2016 09:46:21 +0000 (10:46 +0100)
author Bob Weinand <bobwei9@hotmail.com>
Sat, 1 Oct 2016 09:46:21 +0000 (10:46 +0100)
committer Bob Weinand <bobwei9@hotmail.com>
Sat, 1 Oct 2016 09:46:21 +0000 (10:46 +0100)
diff --git a/sapi/phpdbg/phpdbg_list.c b/sapi/phpdbg/phpdbg_list.c

index 6895bea43ef371ba48344a0e9913dcdfe043ad99..74d35c7ce916303f4dd6c5fbdd5ad9a07684a389 100644 (file)
--- a/sapi/phpdbg/phpdbg_list.c
+++ b/sapi/phpdbg/phpdbg_list.c
@@ -316,6 +316,17 @@ zend_op_array *phpdbg_init_compile_file(zend_file_handle *file, int type) {
         dataptr = zend_hash_str_find_ptr(&PHPDBG_G(file_sources), filename, strlen(filename));
         ZEND_ASSERT(dataptr != NULL);
  
+       if (op_array->vars) {
+               int i;
+               /* un-intern these strings to prevent zend_restore_strings from invalidating our string pointers too early */
+               for (i = 0; i < op_array->last_var; i++) {
+                       zend_string **s = op_array->vars + i;
+                       if (ZSTR_IS_INTERNED(*s)) {
+                               *s = zend_string_init(ZSTR_VAL(*s), ZSTR_LEN(*s), 0);
+                       }
+               }
+       }
+
         dataptr->op_array = *op_array;
         if (dataptr->op_array.refcount) {
                 ++*dataptr->op_array.refcount;
author	Bob Weinand <bobwei9@hotmail.com>
	Sat, 1 Oct 2016 09:46:21 +0000 (10:46 +0100)
committer	Bob Weinand <bobwei9@hotmail.com>
	Sat, 1 Oct 2016 09:46:21 +0000 (10:46 +0100)