Patch patch-zend_language_scanner.c.diff for Reproducible crash Bug #52797
Patch version 2010-09-08 13:19 UTC
Return to Bug #52797 |
Download this patch
Patch Revisions:
Developer: hossy421@yahoo.co.jp
--- Zend/zend_language_scanner.c.orig 2010-06-30 11:45:10.000000000 +0900
+++ Zend/zend_language_scanner.c 2010-09-04 16:55:48.000000000 +0900
@@ -153,6 +153,7 @@
CG(heredoc_len) = 0;
CG(doc_comment) = NULL;
CG(doc_comment_len) = 0;
+ SCNG(script_org) = NULL;
zend_stack_init(&SCNG(state_stack));
}
@@ -162,6 +163,10 @@
efree(CG(heredoc));
CG(heredoc_len)=0;
}
+ if (SCNG(script_org)) {
+ efree(SCNG(script_org));
+ SCNG(script_org) = NULL;
+ }
zend_stack_destroy(&SCNG(state_stack));
RESET_DOC_COMMENT();
}
@@ -184,7 +189,11 @@
lex_state->lineno = CG(zend_lineno);
#ifdef ZEND_MULTIBYTE
- lex_state->script_org = SCNG(script_org);
+ if (SCNG(script_org)) {
+ lex_state->script_org = estrdup(SCNG(script_org));
+ } else {
+ lex_state->script_org = NULL;
+ }
lex_state->script_org_size = SCNG(script_org_size);
lex_state->script_filtered = SCNG(script_filtered);
lex_state->script_filtered_size = SCNG(script_filtered_size);
@@ -429,6 +438,10 @@
SCNG(yy_start) = NULL;
#ifdef ZEND_MULTIBYTE
+ if (SCNG(script_org)) {
+ efree(SCNG(script_org));
+ SCNG(script_org) = NULL;
+ }
SCNG(script_org) = (unsigned char *)estrdup(str->value.str.val);
SCNG(script_org_size) = str->value.str.len;
|