From b73ac1a57a58a08c519a0e7856f7ee6ee6dc3497 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 11 Aug 2009 22:46:07 +0000 Subject: [PATCH] fix potential memory issue on serialization # When internal class uses zend_mangle_property_name it's malloc() # so it should be freed with free() --- ext/standard/var.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ext/standard/var.c b/ext/standard/var.c index 3f363cd5b2..d568561e43 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -599,19 +599,19 @@ static void php_var_serialize_class(smart_str *buf, zval *struc, zval *retval_pt zend_mangle_property_name(&priv_name, &prop_name_length, ce->name, ce->name_length, Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type & ZEND_INTERNAL_CLASS); if (zend_hash_find(Z_OBJPROP_P(struc), priv_name, prop_name_length + 1, (void *) &d) == SUCCESS) { php_var_serialize_string(buf, priv_name, prop_name_length); - efree(priv_name); + pefree(priv_name, ce->type & ZEND_INTERNAL_CLASS); php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC); break; } - efree(priv_name); + pefree(priv_name, ce->type & ZEND_INTERNAL_CLASS); zend_mangle_property_name(&prot_name, &prop_name_length, "*", 1, Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type & ZEND_INTERNAL_CLASS); if (zend_hash_find(Z_OBJPROP_P(struc), prot_name, prop_name_length + 1, (void *) &d) == SUCCESS) { php_var_serialize_string(buf, prot_name, prop_name_length); - efree(prot_name); + pefree(prot_name, ce->type & ZEND_INTERNAL_CLASS); php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC); break; } - efree(prot_name); + pefree(prot_name, ce->type & ZEND_INTERNAL_CLASS); php_error_docref(NULL TSRMLS_CC, E_NOTICE, "\"%s\" returned as member variable from __sleep() but does not exist", Z_STRVAL_PP(name)); php_var_serialize_string(buf, Z_STRVAL_PP(name), Z_STRLEN_PP(name)); php_var_serialize_intern(buf, nvalp, var_hash TSRMLS_CC); -- 2.49.0