From: Dmitry Stogov <dmitry@zend.com>
Date: Mon, 5 Mar 2018 22:02:31 +0000 (+0300)
Subject: Merge branch 'PHP-7.2'
X-Git-Tag: php-7.3.0alpha1~250
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=47f5f878260ede087a780402e1853afbe8dbf6cb;p=php

Merge branch 'PHP-7.2'

* PHP-7.2:
  Don't keep HashTable.pDestructor in SHM and always set it into ZVAL_PTR_DTOR in zval_array_dup(). Keeping pointer to a function in SHM is not safe because of ASLR.
---

47f5f878260ede087a780402e1853afbe8dbf6cb
diff --cc Zend/zend_hash.c
index a33818edef,f1b0c9b86c..681588bc9a
--- a/Zend/zend_hash.c
+++ b/Zend/zend_hash.c
@@@ -1831,10 -1764,10 +1831,10 @@@ ZEND_API HashTable* ZEND_FASTCALL zend_
  	GC_TYPE_INFO(target) = IS_ARRAY | (GC_COLLECTABLE << GC_FLAGS_SHIFT);
  
  	target->nTableSize = source->nTableSize;
- 	target->pDestructor = source->pDestructor;
+ 	target->pDestructor = ZVAL_PTR_DTOR;
  
  	if (source->nNumUsed == 0) {
 -		target->u.flags = (source->u.flags & ~(HASH_FLAG_INITIALIZED|HASH_FLAG_PACKED|HASH_FLAG_PERSISTENT|ZEND_HASH_APPLY_COUNT_MASK)) | HASH_FLAG_APPLY_PROTECTION | HASH_FLAG_STATIC_KEYS;
 +		HT_FLAGS(target) = (HT_FLAGS(source) & ~(HASH_FLAG_INITIALIZED|HASH_FLAG_PACKED)) | HASH_FLAG_STATIC_KEYS;
  		target->nTableMask = HT_MIN_MASK;
  		target->nNumUsed = 0;
  		target->nNumOfElements = 0;
diff --cc ext/opcache/zend_persist.c
index 74015112e5,79e9944ff5..034067af09
--- a/ext/opcache/zend_persist.c
+++ b/ext/opcache/zend_persist.c
@@@ -88,9 -86,9 +88,10 @@@ static void zend_hash_persist(HashTabl
  	uint32_t idx, nIndex;
  	Bucket *p;
  
 +	HT_FLAGS(ht) |= HASH_FLAG_STATIC_KEYS;
+ 	ht->pDestructor = NULL;
  
 -	if (!(ht->u.flags & HASH_FLAG_INITIALIZED)) {
 +	if (!(HT_FLAGS(ht) & HASH_FLAG_INITIALIZED)) {
  		HT_SET_DATA_ADDR(ht, &uninitialized_bucket);
  		return;
  	}
@@@ -174,9 -172,9 +175,10 @@@ static void zend_hash_persist_immutable
  	uint32_t idx, nIndex;
  	Bucket *p;
  
 +	HT_FLAGS(ht) |= HASH_FLAG_STATIC_KEYS;
+ 	ht->pDestructor = NULL;
  
 -	if (!(ht->u.flags & HASH_FLAG_INITIALIZED)) {
 +	if (!(HT_FLAGS(ht) & HASH_FLAG_INITIALIZED)) {
  		HT_SET_DATA_ADDR(ht, &uninitialized_bucket);
  		return;
  	}