From: Stanislav Malyshev <stas@php.net>
Date: Wed, 26 Aug 2015 06:08:49 +0000 (-0700)
Subject: Merge branch 'PHP-5.4.45' into PHP-5.5.29
X-Git-Tag: php-5.5.29~9
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=24dda816d069a2e0cb5dc2985afd7f3269202946;p=php

Merge branch 'PHP-5.4.45' into PHP-5.5.29

* PHP-5.4.45:
  Fix bug #70219 (Use after free vulnerability in session deserializer)
  Fix for bug #69782
  5.4.45 next

Conflicts:
	configure.in
	ext/standard/var_unserializer.c
	ext/standard/var_unserializer.re
	main/php_version.h
---

24dda816d069a2e0cb5dc2985afd7f3269202946
diff --cc ext/standard/var_unserializer.c
index 188d2da1bd,ffaf680c51..1aa5ff3e64
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@@ -480,10 -481,10 +481,8 @@@ PHPAPI int php_var_unserialize(UNSERIAL
  
  	start = cursor;
  
- 	
- 	
  
 -
 -
 -#line 488 "ext/standard/var_unserializer.c"
 +#line 487 "ext/standard/var_unserializer.c"
  {
  	YYCTYPE yych;
  	static const unsigned char yybm[] = {
@@@ -1238,10 -1239,10 +1237,10 @@@ yy91
  	*rval = *rval_ref;
  	Z_ADDREF_PP(rval);
  	Z_UNSET_ISREF_PP(rval);
- 	
+ 
  	return 1;
  }
 -#line 1246 "ext/standard/var_unserializer.c"
 +#line 1245 "ext/standard/var_unserializer.c"
  yy95:
  	yych = *++YYCURSOR;
  	if (yych <= ',') {
@@@ -1282,12 -1283,12 +1281,12 @@@ yy97
  	*rval = *rval_ref;
  	Z_ADDREF_PP(rval);
  	Z_SET_ISREF_PP(rval);
- 	
+ 
  	return 1;
  }
 -#line 1290 "ext/standard/var_unserializer.c"
 +#line 1289 "ext/standard/var_unserializer.c"
  }
 -#line 841 "ext/standard/var_unserializer.re"
 +#line 840 "ext/standard/var_unserializer.re"
  
  
  	return 0;