Patch bug_74310_decrement_after_alloc for Reproducible crash Bug #74310
Patch version 2017-03-26 17:08 UTC
Return to Bug #74310 |
Download this patch
Patch Revisions:
Developer: bwoebi@php.net
diff --git a/Zend/zend_string.h b/Zend/zend_string.h
index 77dd083..fd28611 100644
--- a/Zend/zend_string.h
+++ b/Zend/zend_string.h
@@ -208,11 +208,12 @@ static zend_always_inline zend_string *zend_string_realloc(zend_string *s, size_
ZSTR_LEN(ret) = len;
zend_string_forget_hash_val(ret);
return ret;
- } else {
- GC_REFCOUNT(s)--;
}
+ ret = zend_string_alloc(len, persistent);
+ GC_REFCOUNT(s)--;
+ } else {
+ ret = zend_string_alloc(len, persistent);
}
- ret = zend_string_alloc(len, persistent);
memcpy(ZSTR_VAL(ret), ZSTR_VAL(s), MIN(len, ZSTR_LEN(s)) + 1);
return ret;
}
@@ -228,11 +229,12 @@ static zend_always_inline zend_string *zend_string_extend(zend_string *s, size_t
ZSTR_LEN(ret) = len;
zend_string_forget_hash_val(ret);
return ret;
- } else {
- GC_REFCOUNT(s)--;
}
+ ret = zend_string_alloc(len, persistent);
+ GC_REFCOUNT(s)--;
+ } else {
+ ret = zend_string_alloc(len, persistent);
}
- ret = zend_string_alloc(len, persistent);
memcpy(ZSTR_VAL(ret), ZSTR_VAL(s), ZSTR_LEN(s) + 1);
return ret;
}
@@ -248,11 +250,12 @@ static zend_always_inline zend_string *zend_string_truncate(zend_string *s, size
ZSTR_LEN(ret) = len;
zend_string_forget_hash_val(ret);
return ret;
- } else {
- GC_REFCOUNT(s)--;
}
+ ret = zend_string_alloc(len, persistent);
+ GC_REFCOUNT(s)--;
+ } else {
+ ret = zend_string_alloc(len, persistent);
}
- ret = zend_string_alloc(len, persistent);
memcpy(ZSTR_VAL(ret), ZSTR_VAL(s), len + 1);
return ret;
}
@@ -270,8 +273,11 @@ static zend_always_inline zend_string *zend_string_safe_realloc(zend_string *s,
} else {
GC_REFCOUNT(s)--;
}
+ ret = zend_string_safe_alloc(n, m, l, persistent);
+ GC_REFCOUNT(s)--;
+ } else {
+ ret = zend_string_safe_alloc(n, m, l, persistent);
}
- ret = zend_string_safe_alloc(n, m, l, persistent);
memcpy(ZSTR_VAL(ret), ZSTR_VAL(s), MIN((n * m) + l, ZSTR_LEN(s)) + 1);
return ret;
}
|