From: Dmitry Stogov <dmitry@zend.com>
Date: Tue, 13 May 2014 08:57:42 +0000 (+0400)
Subject: Fixed access to uninitialized data and attempt to double free
X-Git-Tag: POST_PHPNG_MERGE~374^2~9
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f1720348ca7cfea9e88a294faf0ec077c66786f1;p=php

Fixed access to uninitialized data and attempt to double free
---

diff --git a/ext/gmp/gmp.c b/ext/gmp/gmp.c
index df7c912938..e2ece55869 100644
--- a/ext/gmp/gmp.c
+++ b/ext/gmp/gmp.c
@@ -565,6 +565,7 @@ static int gmp_unserialize(zval *object, zend_class_entry *ce, const unsigned ch
 	int retval = FAILURE;
 	php_unserialize_data_t unserialize_data = (php_unserialize_data_t) data;
 
+	ZVAL_UNDEF(&zv);
 	PHP_VAR_UNSERIALIZE_INIT(unserialize_data);
 	gmp_create(object, &gmpnum TSRMLS_CC);
 
@@ -579,6 +580,7 @@ static int gmp_unserialize(zval *object, zend_class_entry *ce, const unsigned ch
 		goto exit;
 	}
 	zval_dtor(&zv);
+	ZVAL_UNDEF(&zv);
 
 	if (!php_var_unserialize(&zv, &p, max, &unserialize_data TSRMLS_CC)
 		|| Z_TYPE(zv) != IS_ARRAY