Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
php7.5911
php-CVE-2016-9936.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-9936.patch of Package php7.5911
--- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -1036,6 +1036,7 @@ PHP_FUNCTION(unserialize) const unsigned char *p; php_unserialize_data_t var_hash; zval *options = NULL, *classes = NULL; + zval *retval; HashTable *class_hash = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &options) == FAILURE) { @@ -1067,22 +1068,21 @@ PHP_FUNCTION(unserialize) } } - if (!php_var_unserialize_ex(return_value, &p, p + buf_len, &var_hash, class_hash)) { + retval = var_tmp_var(&var_hash); + if (!php_var_unserialize_ex(retval, &p, p + buf_len, &var_hash, class_hash)) { PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (class_hash) { zend_hash_destroy(class_hash); FREE_HASHTABLE(class_hash); } - zval_ptr_dtor(return_value); if (!EG(exception)) { php_error_docref(NULL, E_NOTICE, "Error at offset " ZEND_LONG_FMT " of %zd bytes", (zend_long)((char*)p - buf), buf_len); } RETURN_FALSE; } - /* We should keep an reference to return_value to prevent it from being dtor - in case nesting calls to unserialize */ - var_push_dtor(&var_hash, return_value); + + ZVAL_COPY(return_value, retval); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (class_hash) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor