File php-CVE-2015-6832.patch of Package php5.3013

Overview Repositories Revisions Requests Users Attributes Meta

File php-CVE-2015-6832.patch of Package php5.3013

https://gist.githubusercontent.com/smalyshev/c08cacf74c3bc381452c/raw/180a70d296ebf3c5a0a3fece5e3a0503d6b59af1/70068.diff
Index: ext/spl/spl_array.c
===================================================================
--- ext/spl/spl_array.c.orig	2015-08-20 15:40:25.190035728 +0200
+++ ext/spl/spl_array.c	2015-08-20 15:41:44.443163795 +0200
@@ -1770,14 +1770,12 @@
 
 	ALLOC_INIT_ZVAL(pflags);
 	if (!php_var_unserialize(&pflags, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pflags) != IS_LONG) {
-		zval_ptr_dtor(&pflags);
 		goto outexcept;
 	}
 
 	var_push_dtor(&var_hash, &pflags);
 	--p; /* for ';' */
 	flags = Z_LVAL_P(pflags);
-	zval_ptr_dtor(&pflags);
 	/* flags needs to be verified and we also need to verify whether the next
 	 * thing we get is ';'. After that we require an 'm' or somethign else
 	 * where 'm' stands for members and anything else should be an array. If
@@ -1829,10 +1827,16 @@
 	/* done reading $serialized */
 
 	PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
+	if (pflags) {
+		zval_ptr_dtor(&pflags);
+	}
 	return;
 
 outexcept:
 	PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
+	if (pflags) {
+		zval_ptr_dtor(&pflags);
+	}
 	zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC, "Error at offset %ld of %d bytes", (long)((char*)p - buf), buf_len);
 	return;

Places

File php-CVE-2015-6832.patch of Package php5.3013

Places