From: Stanislav Malyshev <stas@php.net>
Date: Tue, 17 Mar 2015 20:20:22 +0000 (-0700)
Subject: Fixed bug #68976 - Use After Free Vulnerability in unserialize()
X-Git-Tag: PRE_PHP7_NSAPI_REMOVAL~615
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=780222f97f47644a6a118ada86a269a96a1e8134;p=php

Fixed bug #68976 - Use After Free Vulnerability in unserialize()
---

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index 0b8a8ccf16..cfb116a447 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -396,6 +396,8 @@ string_key:
 			return 0;
 		}
 
+		var_push_dtor(var_hash, data);
+
 		if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
 			(*p)--;
 			return 0;