Merge branch 'PHP-8.3' into PHP-8.4

* PHP-8.3: Fix GH-16630: UAF in lexer with encoding translation and heredocs
2024-11-23 01:44:06 +08:00 · 2024-11-18 19:59:08 +01:00 · 2024-11-18 19:59:08 +01:00 · e00d684420
commit e00d684420
parent 997431dea2 6a632a2d60
2 changed files with 20 additions and 1 deletions
--- a/Zend/tests/gh16630.phpt
+++ b/Zend/tests/gh16630.phpt
@ -0,0 +1,19 @@
+--TEST--
+GH-16630 (UAF in lexer with encoding translation and heredocs)
+--EXTENSIONS--
+mbstring
+--INI--
+zend.multibyte=On
+zend.script_encoding=ISO-8859-1
+internal_encoding=EUC-JP
+--FILE--
+<?php
+$data3 = <<<CODE
+heredoc
+text
+CODE;
+echo $data3;
+?>
+--EXPECT--
+heredoc
+text
--- a/Zend/zend_language_scanner.l
+++ b/Zend/zend_language_scanner.l
@ -275,7 +275,7 @@ ZEND_API void zend_restore_lexical_state(zend_lex_state *lex_state)
 	CG(zend_lineno) = lex_state->lineno;
 	zend_restore_compiled_filename(lex_state->filename);

-	if (SCNG(script_filtered)) {
+	if (SCNG(script_filtered) && SCNG(script_filtered) != lex_state->script_filtered) {
 		efree(SCNG(script_filtered));
 		SCNG(script_filtered) = NULL;
 	}