Fix invalid access to interned strings after they are freed in phpdbg

author: Bob Weinand <bobwei9@hotmail.com> 2016-10-01 10:46:21 +0100
committer: Bob Weinand <bobwei9@hotmail.com> 2016-10-01 10:46:21 +0100
commit: 3280a29ee5194a6e627f8eb87492b64ff1959a0e (patch)
tree: 9d44c963e1368d53ea226165d6d63a195321e524
parent: 12967bc3465cd469bb0a130173b17d7b2b3bf755 (diff)
download: php-git-3280a29ee5194a6e627f8eb87492b64ff1959a0e.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/sapi/phpdbg/phpdbg_list.c b/sapi/phpdbg/phpdbg_list.c
index 6895bea43e..74d35c7ce9 100644
--- a/sapi/phpdbg/phpdbg_list.c
+++ b/sapi/phpdbg/phpdbg_list.c
@@ -316,6 +316,17 @@ zend_op_array *phpdbg_init_compile_file(zend_file_handle *file, int type) {
 	dataptr = zend_hash_str_find_ptr(&PHPDBG_G(file_sources), filename, strlen(filename));
 	ZEND_ASSERT(dataptr != NULL);
 
+	if (op_array->vars) {
+		int i;
+		/* un-intern these strings to prevent zend_restore_strings from invalidating our string pointers too early */
+		for (i = 0; i < op_array->last_var; i++) {
+			zend_string **s = op_array->vars + i;
+			if (ZSTR_IS_INTERNED(*s)) {
+				*s = zend_string_init(ZSTR_VAL(*s), ZSTR_LEN(*s), 0);
+			}
+		}
+	}
+
 	dataptr->op_array = *op_array;
 	if (dataptr->op_array.refcount) {
 		++*dataptr->op_array.refcount;
author	Bob Weinand <bobwei9@hotmail.com>	2016-10-01 10:46:21 +0100
committer	Bob Weinand <bobwei9@hotmail.com>	2016-10-01 10:46:21 +0100
commit	3280a29ee5194a6e627f8eb87492b64ff1959a0e (patch)
tree	9d44c963e1368d53ea226165d6d63a195321e524
parent	12967bc3465cd469bb0a130173b17d7b2b3bf755 (diff)
download	php-git-3280a29ee5194a6e627f8eb87492b64ff1959a0e.tar.gz