diff options
author | Dmitry Stogov <dmitry@zend.com> | 2018-03-06 01:00:14 +0300 |
---|---|---|
committer | Dmitry Stogov <dmitry@zend.com> | 2018-03-06 01:00:14 +0300 |
commit | b48d2f6d10c73aca9b77894e5c94ab580fe703d2 (patch) | |
tree | 2f5112268e412bb06bdf93f65cb37b98f5b033a7 | |
parent | b7ebf90221bd0a912ad2c6567371b9ee66fac335 (diff) | |
parent | b711a96acb36cd1bf6191552d9876194f9dc15a4 (diff) | |
download | php-git-b48d2f6d10c73aca9b77894e5c94ab580fe703d2.tar.gz |
Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Don't keep HashTable.pDestructor in SHM and always set it into ZVAL_PTR_DTOR in zval_array_dup(). Keeping pointer to a function in SHM is not safe because of ASLR.
-rw-r--r-- | Zend/zend_hash.c | 2 | ||||
-rw-r--r-- | ext/opcache/zend_persist.c | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/Zend/zend_hash.c b/Zend/zend_hash.c index 0a7de61c9b..f1b0c9b86c 100644 --- a/Zend/zend_hash.c +++ b/Zend/zend_hash.c @@ -1764,7 +1764,7 @@ ZEND_API HashTable* ZEND_FASTCALL zend_array_dup(HashTable *source) GC_TYPE_INFO(target) = IS_ARRAY | (GC_COLLECTABLE << GC_FLAGS_SHIFT); target->nTableSize = source->nTableSize; - target->pDestructor = source->pDestructor; + target->pDestructor = ZVAL_PTR_DTOR; if (source->nNumUsed == 0) { target->u.flags = (source->u.flags & ~(HASH_FLAG_INITIALIZED|HASH_FLAG_PACKED|HASH_FLAG_PERSISTENT|ZEND_HASH_APPLY_COUNT_MASK)) | HASH_FLAG_APPLY_PROTECTION | HASH_FLAG_STATIC_KEYS; diff --git a/ext/opcache/zend_persist.c b/ext/opcache/zend_persist.c index ef474b133a..79e9944ff5 100644 --- a/ext/opcache/zend_persist.c +++ b/ext/opcache/zend_persist.c @@ -86,6 +86,8 @@ static void zend_hash_persist(HashTable *ht, zend_persist_func_t pPersistElement uint32_t idx, nIndex; Bucket *p; + ht->pDestructor = NULL; + if (!(ht->u.flags & HASH_FLAG_INITIALIZED)) { HT_SET_DATA_ADDR(ht, &uninitialized_bucket); return; @@ -170,6 +172,8 @@ static void zend_hash_persist_immutable(HashTable *ht) uint32_t idx, nIndex; Bucket *p; + ht->pDestructor = NULL; + if (!(ht->u.flags & HASH_FLAG_INITIALIZED)) { HT_SET_DATA_ADDR(ht, &uninitialized_bucket); return; |