From 3280a29ee5194a6e627f8eb87492b64ff1959a0e Mon Sep 17 00:00:00 2001
From: Bob Weinand <bobwei9@hotmail.com>
Date: Sat, 1 Oct 2016 10:46:21 +0100
Subject: Fix invalid access to interned strings after they are freed in phpdbg

---
 sapi/phpdbg/phpdbg_list.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'sapi/phpdbg/phpdbg_list.c')

diff --git a/sapi/phpdbg/phpdbg_list.c b/sapi/phpdbg/phpdbg_list.c
index 6895bea43e..74d35c7ce9 100644
--- a/sapi/phpdbg/phpdbg_list.c
+++ b/sapi/phpdbg/phpdbg_list.c
@@ -316,6 +316,17 @@ zend_op_array *phpdbg_init_compile_file(zend_file_handle *file, int type) {
 	dataptr = zend_hash_str_find_ptr(&PHPDBG_G(file_sources), filename, strlen(filename));
 	ZEND_ASSERT(dataptr != NULL);
 
+	if (op_array->vars) {
+		int i;
+		/* un-intern these strings to prevent zend_restore_strings from invalidating our string pointers too early */
+		for (i = 0; i < op_array->last_var; i++) {
+			zend_string **s = op_array->vars + i;
+			if (ZSTR_IS_INTERNED(*s)) {
+				*s = zend_string_init(ZSTR_VAL(*s), ZSTR_LEN(*s), 0);
+			}
+		}
+	}
+
 	dataptr->op_array = *op_array;
 	if (dataptr->op_array.refcount) {
 		++*dataptr->op_array.refcount;
-- 
cgit v1.2.1