archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed possible use-after-free

Browse source
This commit is contained in:
Dmitry Stogov 2023-10-10 00:01:03 +03:00
parent 24e5e4ec0d
commit 2297e8c143
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ext/opcache/jit/zend_jit_trace.c
View file

@ -2713,15 +2713,15 @@ static zend_lifetime_interval** zend_jit_trace_allocate_registers(zend_jit_trace
ZEND_ASSERT(ssa->var_info != NULL); ZEND_ASSERT(ssa->var_info != NULL);
start = do_alloca(sizeof(int) * ssa->vars_count * 2 + start = do_alloca(sizeof(int) * ssa->vars_count * 2 +
ZEND_MM_ALIGNED_SIZE(sizeof(uint8_t) * ssa->vars_count) + ZEND_MM_ALIGNED_SIZE(sizeof(uint8_t) * ssa->vars_count),
ZEND_MM_ALIGNED_SIZE(sizeof(zend_op_array*) * ssa->vars_count),
use_heap); use_heap);
if (!start) { if (!start) {
return NULL; return NULL;
} }
end = start + ssa->vars_count; end = start + ssa->vars_count;
flags = (uint8_t*)(end + ssa->vars_count); flags = (uint8_t*)(end + ssa->vars_count);
vars_op_array = (const zend_op_array**)(flags + ZEND_MM_ALIGNED_SIZE(sizeof(uint8_t) * ssa->vars_count)); checkpoint = zend_arena_checkpoint(CG(arena));
vars_op_array = zend_arena_calloc(&CG(arena), ssa->vars_count, sizeof(zend_op_array*));
memset(start, -1, sizeof(int) * ssa->vars_count * 2); memset(start, -1, sizeof(int) * ssa->vars_count * 2);
memset(flags, 0, sizeof(uint8_t) * ssa->vars_count); memset(flags, 0, sizeof(uint8_t) * ssa->vars_count);
@ -3116,10 +3116,10 @@ static zend_lifetime_interval** zend_jit_trace_allocate_registers(zend_jit_trace
if (!count) { if (!count) {
free_alloca(start, use_heap); free_alloca(start, use_heap);
zend_arena_release(&CG(arena), checkpoint);
return NULL; return NULL;
} }
checkpoint = zend_arena_checkpoint(CG(arena));
intervals = zend_arena_calloc(&CG(arena), ssa->vars_count, sizeof(zend_lifetime_interval)); intervals = zend_arena_calloc(&CG(arena), ssa->vars_count, sizeof(zend_lifetime_interval));
memset(intervals, 0, sizeof(zend_lifetime_interval*) * ssa->vars_count); memset(intervals, 0, sizeof(zend_lifetime_interval*) * ssa->vars_count);
list = zend_arena_alloc(&CG(arena), sizeof(zend_lifetime_interval) * count); list = zend_arena_alloc(&CG(arena), sizeof(zend_lifetime_interval) * count);