]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 592aa37)
Fix use after free for doc_comment persist
authorNikita Popov <nikic@php.net>
Mon, 5 May 2014 17:56:05 +0000 (19:56 +0200)
committerNikita Popov <nikic@php.net>
Mon, 5 May 2014 17:56:05 +0000 (19:56 +0200)
ext/opcache/zend_persist.c patch | blob | history

diff --git a/ext/opcache/zend_persist.c b/ext/opcache/zend_persist.c
index 601849b012358777370fe51b2b54089723e2cf9c..ca3c1882d957b11380bbeeda3aa88e50351f25b0 100644 (file)
--- a/ext/opcache/zend_persist.c
+++ b/ext/opcache/zend_persist.c
@@ -402,7 +402,12 @@ static void zend_persist_op_array_ex(zend_op_array *op_array, zend_persistent_sc
 
        if (op_array->doc_comment) {
                if (ZCG(accel_directives).save_comments) {
-                       zend_accel_store_string(op_array->doc_comment);
+                       if (already_stored) {
+                               op_array->doc_comment = zend_shared_alloc_get_xlat_entry(op_array->doc_comment);
+                               ZEND_ASSERT(op_array->doc_comment != NULL);
+                       } else {
+                               zend_accel_store_string(op_array->doc_comment);
+                       }
                } else {
                        if (!already_stored) {
                                STR_RELEASE(op_array->doc_comment);
Unnamed repository; edit this file 'description' to name the repository.