From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 1 Dec 2020 10:31:23 +0000 (+0100)
Subject: Fix use after free with file cache and arena allocated strings
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5dfec886d67f01c4e7ea96ef8c26792cb1210047;p=php

Fix use after free with file cache and arena allocated strings
---

diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index dbb2194437..83942be570 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -422,6 +422,9 @@ void init_compiler(void) /* {{{ */
 
 void shutdown_compiler(void) /* {{{ */
 {
+	/* Reset filename before destroying the arena, as file cache may use arena allocated strings. */
+	zend_restore_compiled_filename(NULL);
+
 	zend_stack_destroy(&CG(loop_var_stack));
 	zend_stack_destroy(&CG(delayed_oplines_stack));
 	zend_stack_destroy(&CG(short_circuiting_opnums));
@@ -437,7 +440,6 @@ void shutdown_compiler(void) /* {{{ */
 		FREE_HASHTABLE(CG(delayed_autoloads));
 		CG(delayed_autoloads) = NULL;
 	}
-	zend_restore_compiled_filename(NULL);
 }
 /* }}} */