From df579adac7b91296e0bfe2d35e5afccfedc6b61d Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sat, 25 Feb 2023 13:42:45 +0100
Subject: [PATCH] Fix GH-10692: PHP crashes on Windows when an inexistent
 filename is executed

Fixes GH-10692

php_fopen_primary_script() does not initialize all fields of
zend_file_handle. So when it fails and when fastcgi is true, the
zend_destroy_file_handle() function will try to free uninitialized
pointers, causing a segmentation fault. Fix it by zero-initializing file
handles just like the zend_stream_init_fp() counterpart does.

Closes GH-10697.
---
 NEWS                  | 2 ++
 main/fopen_wrappers.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/NEWS b/NEWS
index 077cfcb8e38..76b9e953af3 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,8 @@ PHP                                                                        NEWS
     misleadingly with the wrong return type. (nielsdos)
   . Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer
     constant name). (nielsdos)
+  . Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle()
+    freeing dangling pointers on the handle as it was uninitialized. (nielsdos)
 
 - Curl:
   . Fixed deprecation warning at compile time. (Max Kellermann)
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index 12cc9c8b10c..efb110171b1 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -353,6 +353,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle)
 	size_t length;
 	bool orig_display_errors;
 
+	memset(file_handle, 0, sizeof(zend_file_handle));
+
 	path_info = SG(request_info).request_uri;
 #if HAVE_PWD_H
 	if (PG(user_dir) && *PG(user_dir) && path_info && '/' == path_info[0] && '~' == path_info[1]) {