From: Stanislav Malyshev Date: Tue, 17 Mar 2015 20:20:22 +0000 (-0700) Subject: Fixed bug #68976 - Use After Free Vulnerability in unserialize() X-Git-Tag: PRE_PHP7_NSAPI_REMOVAL~615 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=780222f97f47644a6a118ada86a269a96a1e8134;p=php Fixed bug #68976 - Use After Free Vulnerability in unserialize() --- diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 0b8a8ccf16..cfb116a447 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -396,6 +396,8 @@ string_key: return 0; } + var_push_dtor(var_hash, data); + if (elements && *(*p-1) != ';' && *(*p-1) != '}') { (*p)--; return 0;