Fixed a possible resource destruction issues in shm_put_var()

2 files changed, 8 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 64ff3f81b5..a7b4a6b1da 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,8 @@ PHP                                                                        NEWS
 - Fixed very rare memory leak in mysqlnd, when binding thousands of columns.
   (Andrey)
 
+- Fixed a possible resource destruction issues in shm_put_var()
+  Reported by Stefan Esser (Dmitry)
 - Fixed a possible information leak because of interruption of XOR operator.
   Reported by Stefan Esser (Dmitry)
 - Fixed a possible memory corruption because of unexpected call-time pass by
diff --git a/ext/sysvshm/sysvshm.c b/ext/sysvshm/sysvshm.c
index 520b7b798e..a66d85e4c3 100644
--- a/ext/sysvshm/sysvshm.c
+++ b/ext/sysvshm/sysvshm.c
@@ -251,13 +251,18 @@ PHP_FUNCTION(shm_put_var)
 	if (SUCCESS != zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rlz", &shm_id, &shm_key, &arg_var)) {
 		return;
 	}
-	SHM_FETCH_RESOURCE(shm_list_ptr, shm_id);
 	
 	/* setup string-variable and serialize */
 	PHP_VAR_SERIALIZE_INIT(var_hash);
 	php_var_serialize(&shm_var, &arg_var, &var_hash TSRMLS_CC);
 	PHP_VAR_SERIALIZE_DESTROY(var_hash);
 	
+	shm_list_ptr = zend_fetch_resource(&shm_id TSRMLS_CC, -1, PHP_SHM_RSRC_NAME, NULL, 1, php_sysvshm.le_shm);
+	if (!shm_list_ptr) {
+		smart_str_free(&shm_var);
+		RETURN_FALSE;
+	}
+
 	/* insert serialized variable into shared memory */
 	ret = php_put_shm_data(shm_list_ptr->ptr, shm_key, shm_var.c, shm_var.len);