archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-8.3' into PHP-8.4

Browse source 
* PHP-8.3:
  Fix GH-17162: zend_array_try_init() with dtor can cause engine UAF
This commit is contained in:
Niels Dossche 2024-12-15 20:12:12 +01:00
commit 08b14a57b8
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
3 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Zend/zend_API.h
View file

@ -1485,7 +1485,10 @@ static zend_always_inline zval *zend_try_array_init_size(zval *zv, uint32_t size
}
zv = &ref->val;
}
zval_ptr_dtor(zv);
zval garbage;
ZVAL_COPY_VALUE(&garbage, zv);
ZVAL_NULL(zv);
zval_ptr_dtor(&garbage);
ZVAL_ARR(zv, arr);
return zv;
}