diff options
| author | Stanislav Malyshev <stas@php.net> | 2015-03-17 13:20:22 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2015-03-17 16:31:52 -0700 |
| commit | 780222f97f47644a6a118ada86a269a96a1e8134 (patch) | |
| tree | c3a5e73ff8ab8e12caeee62e54d9ddf2afe5644a | |
| parent | 38e15d89d7b5efdabb599b2894219e3bd9739cfd (diff) | |
| download | php-git-780222f97f47644a6a118ada86a269a96a1e8134.tar.gz | |
Fixed bug #68976 - Use After Free Vulnerability in unserialize()
| -rw-r--r-- | ext/standard/var_unserializer.re | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 0b8a8ccf16..cfb116a447 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -396,6 +396,8 @@ string_key: return 0; } + var_push_dtor(var_hash, data); + if (elements && *(*p-1) != ';' && *(*p-1) != '}') { (*p)--; return 0; |