Avoid uninitialized entries in properties_info_table

author Nikita Popov <nikita.ppv@gmail.com>

Fri, 15 Feb 2019 12:42:37 +0000 (13:42 +0100)

committer Nikita Popov <nikita.ppv@gmail.com>

Fri, 15 Feb 2019 13:43:37 +0000 (14:43 +0100)
author Nikita Popov <nikita.ppv@gmail.com>
Fri, 15 Feb 2019 12:42:37 +0000 (13:42 +0100)
committer Nikita Popov <nikita.ppv@gmail.com>
Fri, 15 Feb 2019 13:43:37 +0000 (14:43 +0100)
diff --git a/Zend/zend_inheritance.c b/Zend/zend_inheritance.c

index 2ce4df30495b5d1ed3fb3e648b36310092487593..67b8b849e49ea39209f1e5840c75f82414b6fbba 100644 (file)
--- a/Zend/zend_inheritance.c
+++ b/Zend/zend_inheritance.c
@@ -855,19 +855,22 @@ static void do_inherit_class_constant(zend_string *name, zend_class_constant *pa
  void zend_build_properties_info_table(zend_class_entry *ce)
  {
         zend_property_info **table, *prop;
+       size_t size;
         if (ce->default_properties_count == 0) {
                 return;
         }
  
         ZEND_ASSERT(ce->properties_info_table == NULL);
+       size = sizeof(zend_property_info *) * ce->default_properties_count;
         if (ce->type == ZEND_USER_CLASS) {
-               ce->properties_info_table = table = zend_arena_alloc(&CG(arena),
-                       sizeof(zend_property_info *) * ce->default_properties_count);
+               ce->properties_info_table = table = zend_arena_alloc(&CG(arena), size);
         } else {
-               ce->properties_info_table = table = pemalloc(
-                       sizeof(zend_property_info *) * ce->default_properties_count, 1);
+               ce->properties_info_table = table = pemalloc(size, 1);
         }
  
+       /* Dead slots may be left behind during inheritance. Make sure these are NULLed out. */
+       memset(table, 0, size);
+
         if (ce->parent && ce->parent->default_properties_count != 0) {
                 zend_property_info **parent_table = ce->parent->properties_info_table;
                 memcpy(
diff --git a/ext/opcache/zend_persist.c b/ext/opcache/zend_persist.c

index 1a22f12b4db61d927fa2ba5ec61e2e4b7519dc3e..ed0587299369083dfc7af4a23ee2403288f88941 100644 (file)
--- a/ext/opcache/zend_persist.c
+++ b/ext/opcache/zend_persist.c
@@ -860,16 +860,20 @@ static void zend_persist_class_entry(zval *zv)
                         int i;
  
                         size_t size = sizeof(zend_property_info *) * ce->default_properties_count;
+                       ZEND_ASSERT(ce->ce_flags & ZEND_ACC_LINKED);
                         if (ZCG(is_immutable_class)) {
-                               ce->properties_info_table = zend_shared_memdup_put(
+                               ce->properties_info_table = zend_shared_memdup(
                                         ce->properties_info_table, size);
                         } else {
-                               ce->properties_info_table = zend_shared_memdup_arena_put(
+                               ce->properties_info_table = zend_shared_memdup_arena(
                                         ce->properties_info_table, size);
                         }
  
                         for (i = 0; i < ce->default_properties_count; i++) {
-                               ce->properties_info_table[i] = zend_shared_alloc_get_xlat_entry(ce->properties_info_table[i]);
+                               if (ce->properties_info_table[i]) {
+                                       ce->properties_info_table[i] = zend_shared_alloc_get_xlat_entry(
+                                               ce->properties_info_table[i]);
+                               }
                         }
                 }
author	Nikita Popov <nikita.ppv@gmail.com>
	Fri, 15 Feb 2019 12:42:37 +0000 (13:42 +0100)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Fri, 15 Feb 2019 13:43:37 +0000 (14:43 +0100)
Zend/zend_inheritance.c		patch \| blob \| history
ext/opcache/zend_persist.c		patch \| blob \| history