Fixed access to uninitialized data and attempt to double free

diff --git a/ext/gmp/gmp.c b/ext/gmp/gmp.c
index df7c912938d6bd1a05d33f0523509a187a47354f..e2ece55869cfcf33cddb1a0f1f6b3cf2452cbd9a 100644 (file)
--- a/ext/gmp/gmp.c
+++ b/ext/gmp/gmp.c
@@ -565,6 +565,7 @@ static int gmp_unserialize(zval *object, zend_class_entry *ce, const unsigned ch
        int retval = FAILURE;
        php_unserialize_data_t unserialize_data = (php_unserialize_data_t) data;
 
+       ZVAL_UNDEF(&zv);
        PHP_VAR_UNSERIALIZE_INIT(unserialize_data);
        gmp_create(object, &gmpnum TSRMLS_CC);
 
@@ -579,6 +580,7 @@ static int gmp_unserialize(zval *object, zend_class_entry *ce, const unsigned ch
                goto exit;
        }
        zval_dtor(&zv);
+       ZVAL_UNDEF(&zv);
 
        if (!php_var_unserialize(&zv, &p, max, &unserialize_data TSRMLS_CC)
                || Z_TYPE(zv) != IS_ARRAY