archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix json_validate double free in parser when discarding lookahead (#9696)

Browse source
This commit is contained in:
Ilija Tovilo 2022-10-09 21:03:06 +01:00 committed by GitHub
parent 3e9fcb5a9e
commit 08e886235a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
ext/json/json_parser.y
View file

@ -280,13 +280,17 @@ static int php_json_parser_object_update_validate(php_json_parser *parser, zval
static int php_json_yylex(union YYSTYPE *value, php_json_parser *parser) static int php_json_yylex(union YYSTYPE *value, php_json_parser *parser)
{ {
int token = php_json_scan(&parser->scanner); int token = php_json_scan(&parser->scanner);
value->value = parser->scanner.value;
if (parser->methods.array_create == php_json_parser_array_create_validate bool validate = parser->methods.array_create == php_json_parser_array_create_validate
&& parser->methods.array_append == php_json_parser_array_append_validate && parser->methods.array_append == php_json_parser_array_append_validate
&& parser->methods.object_create == php_json_parser_object_create_validate && parser->methods.object_create == php_json_parser_object_create_validate
&& parser->methods.object_update == php_json_parser_object_update_validate) { && parser->methods.object_update == php_json_parser_object_update_validate;
if (validate) {
zval_ptr_dtor_str(&(parser->scanner.value)); zval_ptr_dtor_str(&(parser->scanner.value));
ZVAL_UNDEF(&value->value);
} else {
value->value = parser->scanner.value;
} }
return token; return token;