mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-23 09:54:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix default_object_handlers pointing to invalid memory with file_cache

Browse Source 
Closes GH-9596
This commit is contained in:
Ilija Tovilo 2022-09-22 14:07:51 +02:00
parent d10a04b391
commit 3daa8a93ee
No known key found for this signature in database
GPG Key ID: A4F5D403F118200A
3 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Zend/zend_enum.c
View File

@ -34,8 +34,7 @@
ZEND_API zend_class_entry *zend_ce_unit_enum;
ZEND_API zend_class_entry *zend_ce_backed_enum;
static zend_object_handlers enum_handlers;
ZEND_API zend_object_handlers zend_enum_object_handlers;
zend_object *zend_enum_new(zval *result, zend_class_entry *ce, zend_string *case_name, zval *backing_value_zv)
{
@ -157,9 +156,9 @@ void zend_register_enum_ce(void)
zend_ce_backed_enum = register_class_BackedEnum(zend_ce_unit_enum);
zend_ce_backed_enum->interface_gets_implemented = zend_implement_backed_enum;
memcpy(&enum_handlers, &std_object_handlers, sizeof(zend_object_handlers));
enum_handlers.clone_obj = NULL;
enum_handlers.compare = zend_objects_not_comparable;
memcpy(&zend_enum_object_handlers, &std_object_handlers, sizeof(zend_object_handlers));
zend_enum_object_handlers.clone_obj = NULL;
zend_enum_object_handlers.compare = zend_objects_not_comparable;
}
void zend_enum_add_interfaces(zend_class_entry *ce)
@ -183,7 +182,7 @@ void zend_enum_add_interfaces(zend_class_entry *ce)
ce->interface_names[num_interfaces_before + 1].lc_name = zend_string_init("backedenum", sizeof("backedenum") - 1, 0);
}
ce->default_object_handlers = &enum_handlers;
ce->default_object_handlers = &zend_enum_object_handlers;
}
zend_result zend_enum_build_backed_enum_table(zend_class_entry *ce)

1
Zend/zend_enum.h
View File

@ -26,6 +26,7 @@ BEGIN_EXTERN_C()
extern ZEND_API zend_class_entry *zend_ce_unit_enum;
extern ZEND_API zend_class_entry *zend_ce_backed_enum;
extern ZEND_API zend_object_handlers zend_enum_object_handlers;
void zend_register_enum_ce(void);
void zend_enum_add_interfaces(zend_class_entry *ce);

5
ext/opcache/zend_file_cache.c
View File

@ -23,6 +23,7 @@
#include "zend_interfaces.h"
#include "zend_attributes.h"
#include "zend_system_id.h"
#include "zend_enum.h"
#include "php.h"
#ifdef ZEND_WIN32
@ -1714,6 +1715,10 @@ static void zend_file_cache_unserialize_class(zval *zv,
ZEND_MAP_PTR_INIT(ce->mutable_data, NULL);
ZEND_MAP_PTR_INIT(ce->static_members_table, NULL);
}
// Memory addresses of object handlers are not stable. They can change due to ASLR or order of linking dynamic. To
// avoid pointing to invalid memory we relink default_object_handlers here.
ce->default_object_handlers = ce->ce_flags & ZEND_ACC_ENUM ? &zend_enum_object_handlers : &std_object_handlers;
}
static void zend_file_cache_unserialize_warnings(zend_persistent_script *script, void *buf)