]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 12b79fc)
Fix use after free with opcache (interned strings)
authorBob Weinand <bobwei9@hotmail.com>
Sun, 5 Jul 2015 00:00:38 +0000 (02:00 +0200)
committerBob Weinand <bobwei9@hotmail.com>
Sun, 5 Jul 2015 00:00:52 +0000 (02:00 +0200)
Zend/zend_compile.c patch | blob | history

diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index eb1a318ea517f8faf1866d9d25dd72ebf3aa10bf..2d41f3fda6c209632e16df27dd1d3d1d127ba9d8 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -5074,7 +5074,8 @@ void zend_compile_class_decl(zend_ast *ast) /* {{{ */
                name = zend_new_interned_string(name);
                lcname = zend_new_interned_string(lcname);
        } else {
-               lcname = name = zend_generate_anon_class_name(decl->lex_pos);
+               name = zend_generate_anon_class_name(decl->lex_pos);
+               lcname = zend_string_copy(name); /* this normally is an interned string, except with opcache. We need a proper copy here or opcache will fail with use after free. */
        }
 
        ce->type = ZEND_USER_CLASS;
Unnamed repository; edit this file 'description' to name the repository.