Fix use after free with file cache and arena allocated strings

author Nikita Popov <nikita.ppv@gmail.com>

Tue, 1 Dec 2020 10:31:23 +0000 (11:31 +0100)

committer Nikita Popov <nikita.ppv@gmail.com>

Tue, 1 Dec 2020 10:31:23 +0000 (11:31 +0100)
author Nikita Popov <nikita.ppv@gmail.com>
Tue, 1 Dec 2020 10:31:23 +0000 (11:31 +0100)
committer Nikita Popov <nikita.ppv@gmail.com>
Tue, 1 Dec 2020 10:31:23 +0000 (11:31 +0100)
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c

index dbb21944371f49dc48d56e1bcd4aef0febd17b07..83942be57015c499583c21da11be8446f5711808 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -422,6 +422,9 @@ void init_compiler(void) /* {{{ */
  
  void shutdown_compiler(void) /* {{{ */
  {
+       /* Reset filename before destroying the arena, as file cache may use arena allocated strings. */
+       zend_restore_compiled_filename(NULL);
+
         zend_stack_destroy(&CG(loop_var_stack));
         zend_stack_destroy(&CG(delayed_oplines_stack));
         zend_stack_destroy(&CG(short_circuiting_opnums));
@@ -437,7 +440,6 @@ void shutdown_compiler(void) /* {{{ */
                 FREE_HASHTABLE(CG(delayed_autoloads));
                 CG(delayed_autoloads) = NULL;
         }
-       zend_restore_compiled_filename(NULL);
  }
  /* }}} */
author	Nikita Popov <nikita.ppv@gmail.com>
	Tue, 1 Dec 2020 10:31:23 +0000 (11:31 +0100)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Tue, 1 Dec 2020 10:31:23 +0000 (11:31 +0100)