archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Handle resource table reallocation during shutdown

Browse source 
New resources may be created while closing resources during
shutdown. This may result in a reallocation of arData and use
after free.

This problem was exposed by 7f7a90b2bc,
which creates one resources less, and thus moved the reallocation
to shutdown for a number of existing tests. However, the general
problem already existed previously.

We don't try to also close the newly added resources -- we will
later perform a graceful reverse destroy of the table, which will
catch any remaining cases.
This commit is contained in:
Nikita Popov 2021-08-20 15:37:46 +02:00
parent 05a217927a
commit 2ff496e871
1 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Zend/zend_list.c
View file

@ -213,13 +213,17 @@ void zend_init_rsrc_plist(void)
void zend_close_rsrc_list(HashTable *ht) void zend_close_rsrc_list(HashTable *ht)
{ {
zend_resource *res; /* Reload ht->arData on each iteration, as it may be reallocated. */
uint32_t i = ht->nNumUsed;
ZEND_HASH_REVERSE_FOREACH_PTR(ht, res) { while (i-- > 0) {
Bucket *p = &ht->arData[i];
if (Z_TYPE(p->val) != IS_UNDEF) {
zend_resource *res = Z_PTR(p->val);
if (res->type >= 0) { if (res->type >= 0) {
zend_resource_dtor(res); zend_resource_dtor(res);
} }
} ZEND_HASH_FOREACH_END(); }
}
} }