diff options
author | Joe Watkins <krakjoe@php.net> | 2016-05-30 08:56:50 +0100 |
---|---|---|
committer | Joe Watkins <krakjoe@php.net> | 2016-05-30 08:56:50 +0100 |
commit | 1690dcb827e2b50eb575b1c6acadab0b8f248723 (patch) | |
tree | c4ed46b356566e019995dddd5eee7ab043d4dfcd | |
parent | 0c5bd4d445ab09fd457882c06eff436eebb4c9bf (diff) | |
download | php-git-1690dcb827e2b50eb575b1c6acadab0b8f248723.tar.gz |
fix #72155 (use-after-free caused by get_zval_xmlrpc_type)
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/xmlrpc/xmlrpc-epi-php.c | 4 |
2 files changed, 5 insertions, 2 deletions
@@ -32,6 +32,9 @@ PHP NEWS - XML: . Fixed #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe) +- XMLRPC: + . Fixed #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe) + 26 May 2016 PHP 7.0.7 - Core: diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c index ea62bdc9a9..8daf26257e 100644 --- a/ext/xmlrpc/xmlrpc-epi-php.c +++ b/ext/xmlrpc/xmlrpc-epi-php.c @@ -1368,10 +1368,10 @@ XMLRPC_VALUE_TYPE get_zval_xmlrpc_type(zval* value, zval* newvalue) /* {{{ */ if ((type == xmlrpc_base64 && Z_TYPE_P(value) == IS_OBJECT) || type == xmlrpc_datetime) { if ((val = zend_hash_str_find(Z_OBJPROP_P(value), OBJECT_VALUE_ATTR, sizeof(OBJECT_VALUE_ATTR) - 1)) != NULL) { - ZVAL_COPY_VALUE(newvalue, val); + ZVAL_COPY(newvalue, val); } } else { - ZVAL_COPY_VALUE(newvalue, value); + ZVAL_COPY(newvalue, value); } } } |