diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2019-10-30 18:05:10 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-10-30 19:49:39 +0100 |
| commit | 0055f1e3dc7ec27778d6d3bd22404319b3ceeeca (patch) | |
| tree | 119fc61ce62949a7690aa364415fa3c5e23d157c | |
| parent | 1e2d3d58a8b392385d926bdca11ba0a0bc2547b4 (diff) | |
| download | php-git-0055f1e3dc7ec27778d6d3bd22404319b3ceeeca.tar.gz | |
Fix #78761: Zend memory heap corruption with preload and casting
We have to reset `FFI_G(persistent)` back to zero when preloading has
finished.
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/ffi/ffi.c | 1 | ||||
| -rw-r--r-- | ext/ffi/tests/bug78761.phpt | 17 | ||||
| -rw-r--r-- | ext/ffi/tests/bug78761_preload.h | 0 | ||||
| -rw-r--r-- | ext/ffi/tests/bug78761_preload.php | 3 |
5 files changed, 23 insertions, 0 deletions
@@ -19,6 +19,8 @@ PHP NEWS . Fixed bug #78716 (Function name mangling is wrong for some parameter types). (cmb) . Fixed bug #78762 (Failing FFI::cast() may leak memory). (cmb) + . Fixed bug #78761 (Zend memory heap corruption with preload and casting). + (cmb) . Implement FR #78270 (Support __vectorcall convention with FFI). (cmb) - FPM: diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c index 08117cba83..369e6531ac 100644 --- a/ext/ffi/ffi.c +++ b/ext/ffi/ffi.c @@ -3340,6 +3340,7 @@ static zend_ffi *zend_ffi_load(const char *filename, zend_bool preload) /* {{{ * efree(code); FFI_G(symbols) = NULL; FFI_G(tags) = NULL; + FFI_G(persistent) = 0; return ffi; diff --git a/ext/ffi/tests/bug78761.phpt b/ext/ffi/tests/bug78761.phpt new file mode 100644 index 0000000000..1db977a841 --- /dev/null +++ b/ext/ffi/tests/bug78761.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #78761 (Zend memory heap corruption with preload and casting) +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--INI-- +opcache.enable_cli=1 +opcache.preload={PWD}/bug78761_preload.php +--FILE-- +<?php +try { + FFI::cast('char[10]', FFI::new('char[1]')); +} catch (FFI\Exception $ex) { + echo $ex->getMessage(), PHP_EOL; +} +?> +--EXPECT-- +attempt to cast to larger type diff --git a/ext/ffi/tests/bug78761_preload.h b/ext/ffi/tests/bug78761_preload.h new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/ext/ffi/tests/bug78761_preload.h diff --git a/ext/ffi/tests/bug78761_preload.php b/ext/ffi/tests/bug78761_preload.php new file mode 100644 index 0000000000..207b7c3ec8 --- /dev/null +++ b/ext/ffi/tests/bug78761_preload.php @@ -0,0 +1,3 @@ +<?php + +FFI::load(__DIR__ . '/bug78761_preload.h'); |