From dcbac8ade6d45ee4a34dfaec0f20aa7700e84dad Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Wed, 7 Mar 2018 10:21:51 +0300
Subject: [PATCH] Fixed use-after-free.

---
 ext/opcache/zend_persist.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/ext/opcache/zend_persist.c b/ext/opcache/zend_persist.c
index 890ba47c26..15e8bc5fe0 100644
--- a/ext/opcache/zend_persist.c
+++ b/ext/opcache/zend_persist.c
@@ -882,13 +882,6 @@ static void zend_accel_persist_class_table(HashTable *class_table)
 zend_persistent_script *zend_accel_script_persist(zend_persistent_script *script, const char **key, unsigned int key_length, int for_shm)
 {
 	script->mem = ZCG(mem);
-	script->corrupted = 0;
-	ZCG(current_persistent_script) = script;
-
-	if (!for_shm) {
-		/* script is not going to be saved in SHM */
-		script->corrupted = 1;
-	}
 
 	ZEND_ASSERT(((zend_uintptr_t)ZCG(mem) & 0x7) == 0); /* should be 8 byte aligned */
 	zend_shared_alloc_clear_xlat_table();
@@ -897,6 +890,15 @@ zend_persistent_script *zend_accel_script_persist(zend_persistent_script *script
 	if (key && *key) {
 		*key = zend_accel_memdup(*key, key_length + 1);
 	}
+
+	script->corrupted = 0;
+	ZCG(current_persistent_script) = script;
+
+	if (!for_shm) {
+		/* script is not going to be saved in SHM */
+		script->corrupted = 1;
+	}
+
 	zend_accel_store_interned_string(script->script.filename);
 
 #if defined(__AVX__) || defined(__SSE2__)
-- 
2.50.1