From 1a75269c8eb2c82505856d507f409c8c2dafc8a2 Mon Sep 17 00:00:00 2001
From: ryancaicse <73822648+ryancaicse@users.noreply.github.com>
Date: Sun, 3 Apr 2022 23:28:44 +0800
Subject: [PATCH] Move locks in TSRM.c to prevent races

Closes GH-8298.
---
 NEWS        | 1 +
 TSRM/TSRM.c | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index 358fb5ca6f6..b3f4351316e 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,7 @@ PHP                                                                        NEWS
   . Fixed bug GH-8070 (memory leak of internal function attribute hash).
     (Tim Düsterhus)
   . Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek)
+  . Fixed potential race condition during resource ID allocation. (ryancaicse)
 
 - Filter:
   . Fixed signedness confusion in php_filter_validate_domain(). (cmb)
diff --git a/TSRM/TSRM.c b/TSRM/TSRM.c
index c2a9130b5d4..1401ab2d885 100644
--- a/TSRM/TSRM.c
+++ b/TSRM/TSRM.c
@@ -288,9 +288,9 @@ TSRM_API ts_rsrc_id ts_allocate_id(ts_rsrc_id *rsrc_id, size_t size, ts_allocate
 		tsrm_resource_type *_tmp;
 		_tmp = (tsrm_resource_type *) realloc(resource_types_table, sizeof(tsrm_resource_type)*id_count);
 		if (!_tmp) {
-			tsrm_mutex_unlock(tsmm_mutex);
 			TSRM_ERROR((TSRM_ERROR_LEVEL_ERROR, "Unable to allocate storage for resource"));
 			*rsrc_id = 0;
+			tsrm_mutex_unlock(tsmm_mutex);
 			return 0;
 		}
 		resource_types_table = _tmp;
@@ -331,10 +331,10 @@ TSRM_API ts_rsrc_id ts_allocate_fast_id(ts_rsrc_id *rsrc_id, size_t *offset, siz
 
 	size = TSRM_ALIGNED_SIZE(size);
 	if (tsrm_reserved_size - tsrm_reserved_pos < size) {
-		tsrm_mutex_unlock(tsmm_mutex);
 		TSRM_ERROR((TSRM_ERROR_LEVEL_ERROR, "Unable to allocate space for fast resource"));
 		*rsrc_id = 0;
 		*offset = 0;
+		tsrm_mutex_unlock(tsmm_mutex);
 		return 0;
 	}
 
@@ -346,9 +346,9 @@ TSRM_API ts_rsrc_id ts_allocate_fast_id(ts_rsrc_id *rsrc_id, size_t *offset, siz
 		tsrm_resource_type *_tmp;
 		_tmp = (tsrm_resource_type *) realloc(resource_types_table, sizeof(tsrm_resource_type)*id_count);
 		if (!_tmp) {
-			tsrm_mutex_unlock(tsmm_mutex);
 			TSRM_ERROR((TSRM_ERROR_LEVEL_ERROR, "Unable to allocate storage for resource"));
 			*rsrc_id = 0;
+			tsrm_mutex_unlock(tsmm_mutex);
 			return 0;
 		}
 		resource_types_table = _tmp;