php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch zend_interned_strings_shutdown_AV for Reproducible crash Bug #65338

Patch version 2013-07-25 17:30 UTC

Return to Bug #65338 | Download this patch
Patch Revisions:

Developer: ericsten@php.net

index ff7ee3f..ace5d7c 100644
--- a/Zend/zend_string.c
+++ b/Zend/zend_string.c
@@ -36,6 +36,7 @@ ZEND_API void (*zend_interned_strings_restore)(TSRMLS_D);
static const char *zend_new_interned_string_int(const char *str, int len, int free_src TSRMLS_DC);
static void zend_interned_strings_snapshot_int(TSRMLS_D);
static void zend_interned_strings_restore_int(TSRMLS_D);
+static void *zend_interned_strings_start_int = NULL;

void zend_interned_strings_init(TSRMLS_D)
{
@@ -47,6 +48,8 @@ void zend_interned_strings_init(TSRMLS_D)
#else
        CG(interned_strings_start) = malloc(size);
#endif
+    /* Remember our buffer, so we can free it later */
+    zend_interned_strings_start_int = CG(interned_strings_start);

        CG(interned_strings_top) = CG(interned_strings_start);
        CG(interned_strings_snapshot_top) = CG(interned_strings_start);
@@ -75,7 +78,8 @@ void zend_interned_strings_dtor(TSRMLS_D)
        mprotect(CG(interned_strings_start), CG(interned_strings_end) - CG(interned_strings_start),
#endif
        free(CG(interned_strings).arBuckets);
-       free(CG(interned_strings_start));
+       /* free(CG(interned_strings_start)); */
+    free(zend_interned_strings_start_int);
#endif
}
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 19:01:51 2014 UTC