diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-31 09:12:22 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-31 10:54:41 +0200 |
| commit | 1e0bc6e30f9fb327cd06383c8290a8afab1e484d (patch) | |
| tree | 0031ae5b38adff0949647b8b449350804a8bf1e8 /Zend/zend_builtin_functions.c | |
| parent | d95c53834cec1570b8f3e836cd514d6ae5901e68 (diff) | |
| download | php-git-1e0bc6e30f9fb327cd06383c8290a8afab1e484d.tar.gz | |
Fix #79919: Stack use-after-scope in define()
Instead of the temporary `rv`, we use the `val_free` which is there for
this purpose.
Diffstat (limited to 'Zend/zend_builtin_functions.c')
| -rw-r--r-- | Zend/zend_builtin_functions.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c index bc3649a622..468a7c3446 100644 --- a/Zend/zend_builtin_functions.c +++ b/Zend/zend_builtin_functions.c @@ -882,9 +882,7 @@ repeat: case IS_OBJECT: if (Z_TYPE(val_free) == IS_UNDEF) { if (Z_OBJ_HT_P(val)->get) { - zval rv; - val = Z_OBJ_HT_P(val)->get(val, &rv); - ZVAL_COPY_VALUE(&val_free, val); + val = Z_OBJ_HT_P(val)->get(val, &val_free); goto repeat; } else if (Z_OBJ_HT_P(val)->cast_object) { if (Z_OBJ_HT_P(val)->cast_object(val, &val_free, IS_STRING) == SUCCESS) { |