summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikita Popov <nikita.ppv@gmail.com>2019-10-09 17:00:47 +0200
committerNikita Popov <nikita.ppv@gmail.com>2019-10-09 17:00:55 +0200
commit91eb6324728e576b65ff0d55672bc77ac104af9b (patch)
tree98b295b4b0bfd03b26475023d15862395e17d2c6
parenta4d7f4c3e17431d6229a15d4218d1c91eb69ed6c (diff)
parent6fd6ad8f53f68154fa23de25f400d89ae29d54d0 (diff)
downloadphp-git-91eb6324728e576b65ff0d55672bc77ac104af9b.tar.gz
Merge branch 'PHP-7.3' into PHP-7.4
Diffstat
-rw-r--r--NEWS1
-rw-r--r--Zend/tests/bug78658.phpt14
-rw-r--r--Zend/zend_closures.c2
3 files changed, 16 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 2a54015954..43791a4b7e 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ PHP NEWS
checking priv. methods). (Nikita)
. Fixed bug #78644 (SEGFAULT in ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER).
(Nikita)
+ . Fixed bug #78658 (Memory corruption using Closure::bindTo). (Nikita)
- COM:
. Fixed bug #78650 (new COM Crash). (cmb)
diff --git a/Zend/tests/bug78658.phpt b/Zend/tests/bug78658.phpt
new file mode 100644
index 0000000000..3445b98b09
--- /dev/null
+++ b/Zend/tests/bug78658.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #78658: Memory corruption using Closure::bindTo()
+--FILE--
+<?php
+
+$c = function(){};
+
+$scope = "AAAA";
+$scope = "{$scope}BBBB";
+$c->bindTo(new stdClass, $scope);
+
+?>
+--EXPECTF--
+Warning: Class 'AAAABBBB' not found in %s on line %d
diff --git a/Zend/zend_closures.c b/Zend/zend_closures.c
index ae22ea3ecd..de80902852 100644
--- a/Zend/zend_closures.c
+++ b/Zend/zend_closures.c
@@ -216,7 +216,7 @@ ZEND_METHOD(Closure, bind)
ce = closure->func.common.scope;
} else if ((ce = zend_lookup_class(class_name)) == NULL) {
zend_error(E_WARNING, "Class '%s' not found", ZSTR_VAL(class_name));
- zend_string_release_ex(class_name, 0);
+ zend_tmp_string_release(tmp_class_name);
RETURN_NULL();
}
zend_tmp_string_release(tmp_class_name);
View Lorry Controller Status