From 780222f97f47644a6a118ada86a269a96a1e8134 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 17 Mar 2015 13:20:22 -0700
Subject: [PATCH] Fixed bug #68976 - Use After Free Vulnerability in
 unserialize()

---
 ext/standard/var_unserializer.re | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index 0b8a8ccf16..cfb116a447 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -396,6 +396,8 @@ string_key:
 			return 0;
 		}
 
+		var_push_dtor(var_hash, data);
+
 		if (elements && *(*p-1) != ';' && *(*p-1) != '}') {
 			(*p)--;
 			return 0;
-- 
2.40.0