PHP :: Bug #68906 :: Use after free

Bug #68906	Use after free
Submitted:	2015-01-24 19:58 UTC	Modified:	2015-01-24 21:47 UTC
From:	bugreports at internot dot info	Assigned:
Status:	Not a bug	Package:	opcache
PHP Version:	5.5.21	OS:	Linux Ubuntu 14.04
Private report:	No	CVE-ID:	None

View Developer Edit

[2015-01-24 19:58 UTC] bugreports at internot dot info

Description:
------------
Hi,

In /ext/opcache/zend_shared_alloc.c:

'source' is freed:

350                interned_efree((char*)source);
351        }

   but then used:
352        zend_shared_alloc_register_xlat_entry(source, retval);


thanks

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-01-24 21:47 UTC] stas@php.net

-Status: Open +Status: Not a bug

[2015-01-24 21:47 UTC] stas@php.net

I don't see any issue there - zend_shared_alloc_register_xlat_entry() does not dereference the pointer, only uses its value.

[2015-01-24 21:47 UTC] stas@php.net

-Type: Security +Type: Bug

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Apr 23 00:01:28 2025 UTC