From fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6 Mon Sep 17 00:00:00 2001
From: Kalle Sommer Nielsen <kalle@php.net>
Date: Mon, 29 Dec 2014 11:04:23 +0100
Subject: Fixed bug #68676 (Explicit Double Free)

---
 NEWS                | 3 ++-
 Zend/zend_ts_hash.c | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 8d6fdff92b..8bcb236ef9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-PHP                                                                        NEWS
+PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2014, PHP 5.5.21
 
@@ -16,6 +16,7 @@ PHP                                                                        NEWS
   . Fixed bug #68583 (Crash in timeout thread). (Anatol)
   . Fixed bug #68594 (Use after free vulnerability in unserialize()).
     (CVE-2014-8142) (Stefan Esser)
+  . Fixed bug #68676 (Explicit Double Free). (Kalle)
 
 - cURL:
   . Fixed bug #67643 (curl_multi_getcontent returns '' when
diff --git a/Zend/zend_ts_hash.c b/Zend/zend_ts_hash.c
index 6f2eb8185c..bf6ed4f2f1 100644
--- a/Zend/zend_ts_hash.c
+++ b/Zend/zend_ts_hash.c
@@ -151,7 +151,7 @@ ZEND_API void zend_ts_hash_graceful_destroy(TsHashTable *ht)
 
 #ifdef ZTS
 	tsrm_mutex_free(ht->mx_reader);
-	tsrm_mutex_free(ht->mx_reader);
+	tsrm_mutex_free(ht->mx_writer);
 #endif
 }
 
-- 
cgit v1.2.1