diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-06-30 17:28:47 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-06-30 17:32:42 +0200 |
commit | 187a72d563914a0f9a0f97d26956aff4fb5c3fe6 (patch) | |
tree | 707c403ef626c87d9ceebc92c6c69291036082e2 /Zend | |
parent | fc6f53d426bde3e3ab4e73d44abba54fdb9891f7 (diff) | |
download | php-git-187a72d563914a0f9a0f97d26956aff4fb5c3fe6.tar.gz |
Remove bogus generator iterator dtor
Fixes a use-after-free encountered in Symfony's SecurityBundle.
I don't have a reproducer for this, and believe the issue can only
occur if we leak an iterator (the leak is a separate issue).
We should not free the generator iterator here, because we do not
own it. The code that fetched the iterator is responsible for
releasing it. In the rare case where we do hit this code-path,
we cause a use-after-free.
Diffstat (limited to 'Zend')
-rw-r--r-- | Zend/zend_generators.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c index ee7ae5c463..4ccb57907f 100644 --- a/Zend/zend_generators.c +++ b/Zend/zend_generators.c @@ -253,10 +253,6 @@ static void zend_generator_free_storage(zend_object *object) /* {{{ */ } zend_object_std_dtor(&generator->std); - - if (generator->iterator) { - zend_iterator_dtor(generator->iterator); - } } /* }}} */ |