diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-22 10:32:28 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-22 10:32:59 +0100 |
commit | ab989441957956522c1663f1a0662067afbfdb6c (patch) | |
tree | 87be3019fe5ca3bd1fb1e96c00e751a5ffb4eaf9 /Zend/zend_execute.c | |
parent | ed4f90f0c7ba205defcbdd0079b14d883354eaa2 (diff) | |
download | php-git-ab989441957956522c1663f1a0662067afbfdb6c.tar.gz |
Fix trampoline leak on dynamic static call of non-static method
Fixes oss-fuzz #30317.
Diffstat (limited to 'Zend/zend_execute.c')
-rw-r--r-- | Zend/zend_execute.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index edf6c61794..f6b2a6f9be 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -4005,6 +4005,10 @@ static zend_never_inline zend_execute_data *zend_init_dynamic_call_string(zend_s if (UNEXPECTED(!(fbc->common.fn_flags & ZEND_ACC_STATIC))) { zend_non_static_method_call(fbc); + if (fbc->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) { + zend_string_release_ex(fbc->common.function_name, 0); + zend_free_trampoline(fbc); + } return NULL; } if (EXPECTED(fbc->type == ZEND_USER_FUNCTION) && UNEXPECTED(!RUN_TIME_CACHE(&fbc->op_array))) { @@ -4129,6 +4133,10 @@ static zend_never_inline zend_execute_data *zend_init_dynamic_call_array(zend_ar } if (!(fbc->common.fn_flags & ZEND_ACC_STATIC)) { zend_non_static_method_call(fbc); + if (fbc->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) { + zend_string_release_ex(fbc->common.function_name, 0); + zend_free_trampoline(fbc); + } return NULL; } object_or_called_scope = called_scope; |