From: Nikita Popov <nikic@php.net>
Date: Mon, 5 May 2014 17:56:05 +0000 (+0200)
Subject: Fix use after free for doc_comment persist
X-Git-Tag: POST_PHPNG_MERGE~412^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b9438a1ec7a2548e05b938f8034f74f9c7d490f0;p=php

Fix use after free for doc_comment persist
---

diff --git a/ext/opcache/zend_persist.c b/ext/opcache/zend_persist.c
index 601849b012..ca3c1882d9 100644
--- a/ext/opcache/zend_persist.c
+++ b/ext/opcache/zend_persist.c
@@ -402,7 +402,12 @@ static void zend_persist_op_array_ex(zend_op_array *op_array, zend_persistent_sc
 
 	if (op_array->doc_comment) {
 		if (ZCG(accel_directives).save_comments) {
-			zend_accel_store_string(op_array->doc_comment);
+			if (already_stored) {
+				op_array->doc_comment = zend_shared_alloc_get_xlat_entry(op_array->doc_comment);
+				ZEND_ASSERT(op_array->doc_comment != NULL);
+			} else {
+				zend_accel_store_string(op_array->doc_comment);
+			}
 		} else {
 			if (!already_stored) {
 				STR_RELEASE(op_array->doc_comment);