fix bug #63369

(un)serialize() leaves dangling pointers, causes crashes
author: Antony Dovgal <tony2001@php.net> 2012-10-26 16:36:47 +0400
committer: Antony Dovgal <tony2001@php.net> 2012-10-26 16:41:14 +0400
commit: f2bffdc2e48174e38a059d425953e8b1c08dd4bf (patch)
tree: 06576b44cbd8a2067112d2a49bbfa2a9e1331354
parent: 4f4d77805c6afdddce0c8184ee6b1dddab7da6a7 (diff)
download: php-git-f2bffdc2e48174e38a059d425953e8b1c08dd4bf.tar.gz
2 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 10694f6cbc..c846798da9 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence)
+  . Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes).
+    (Tony, Andrew Sitnikov)
 
 - Curl:
   . Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST).
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 72f1dc3c76..0f60b711a6 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -3684,6 +3684,11 @@ PHP_MSHUTDOWN_FUNCTION(basic) /* {{{ */
 PHP_RINIT_FUNCTION(basic) /* {{{ */
 {
 	memset(BG(strtok_table), 0, 256);
+
+	BG(serialize_lock) = 0;
+	memset(&BG(serialize), 0, sizeof(BG(serialize)));
+	memset(&BG(unserialize), 0, sizeof(BG(unserialize)));
+
 	BG(strtok_string) = NULL;
 	BG(strtok_zval) = NULL;
 	BG(strtok_last) = NULL;
author	Antony Dovgal <tony2001@php.net>	2012-10-26 16:36:47 +0400
committer	Antony Dovgal <tony2001@php.net>	2012-10-26 16:41:14 +0400
commit	f2bffdc2e48174e38a059d425953e8b1c08dd4bf (patch)
tree	06576b44cbd8a2067112d2a49bbfa2a9e1331354
parent	4f4d77805c6afdddce0c8184ee6b1dddab7da6a7 (diff)
download	php-git-f2bffdc2e48174e38a059d425953e8b1c08dd4bf.tar.gz