diff options
author | Bob Weinand <bobwei9@hotmail.com> | 2016-10-01 10:46:21 +0100 |
---|---|---|
committer | Bob Weinand <bobwei9@hotmail.com> | 2016-10-01 10:46:21 +0100 |
commit | 3280a29ee5194a6e627f8eb87492b64ff1959a0e (patch) | |
tree | 9d44c963e1368d53ea226165d6d63a195321e524 | |
parent | 12967bc3465cd469bb0a130173b17d7b2b3bf755 (diff) | |
download | php-git-3280a29ee5194a6e627f8eb87492b64ff1959a0e.tar.gz |
Fix invalid access to interned strings after they are freed in phpdbg
-rw-r--r-- | sapi/phpdbg/phpdbg_list.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/sapi/phpdbg/phpdbg_list.c b/sapi/phpdbg/phpdbg_list.c index 6895bea43e..74d35c7ce9 100644 --- a/sapi/phpdbg/phpdbg_list.c +++ b/sapi/phpdbg/phpdbg_list.c @@ -316,6 +316,17 @@ zend_op_array *phpdbg_init_compile_file(zend_file_handle *file, int type) { dataptr = zend_hash_str_find_ptr(&PHPDBG_G(file_sources), filename, strlen(filename)); ZEND_ASSERT(dataptr != NULL); + if (op_array->vars) { + int i; + /* un-intern these strings to prevent zend_restore_strings from invalidating our string pointers too early */ + for (i = 0; i < op_array->last_var; i++) { + zend_string **s = op_array->vars + i; + if (ZSTR_IS_INTERNED(*s)) { + *s = zend_string_init(ZSTR_VAL(*s), ZSTR_LEN(*s), 0); + } + } + } + dataptr->op_array = *op_array; if (dataptr->op_array.refcount) { ++*dataptr->op_array.refcount; |