archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-7.4'

Browse source 
* PHP-7.4:
  Reset trampoline on executor startup
  Fix UAF in is_callable() and allocated trampoline
This commit is contained in:
Nikita Popov 2020-01-30 11:05:56 +01:00
commit cb7b21009b
3 changed files with 29 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Zend/zend_API.c
View file

@ -2963,12 +2963,7 @@ get_function_via_handler:
if (strict_class &&
(!fcc->function_handler->common.scope ||
!instanceof_function(ce_org, fcc->function_handler->common.scope))) {
if (fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) {
if (fcc->function_handler->common.function_name) {
zend_string_release_ex(fcc->function_handler->common.function_name, 0);
}
zend_free_trampoline(fcc->function_handler);
}
zend_release_fcall_info_cache(fcc);
} else {
retval = 1;
call_via_handler = (fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) != 0;