blob: c6d8d28f334ccbc0f19739584ca44e60862a62b8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From 9a88100573c40b9f59baa2f2d138809eb47b4317 Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Thu, 8 Jan 2015 16:32:20 +0800
Subject: [PATCH] Fixed bug #68677 (Use After Free in OPcache)
(cherry picked from commit 777c39f4042327eac4b63c7ee87dc1c7a09a3115)
---
zend_shared_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/zend_shared_alloc.c b/zend_shared_alloc.c
index bbe26e8..8880b88 100644
--- a/zend_shared_alloc.c
+++ b/zend_shared_alloc.c
@@ -346,10 +346,10 @@ void *_zend_shared_memdup(void *source, size_t size, zend_bool free_source TSRML
retval = ZCG(mem);;
ZCG(mem) = (void*)(((char*)ZCG(mem)) + ZEND_ALIGNED_SIZE(size));
memcpy(retval, source, size);
+ zend_shared_alloc_register_xlat_entry(source, retval);
if (free_source) {
interned_efree((char*)source);
}
- zend_shared_alloc_register_xlat_entry(source, retval);
return retval;
}
|
