Fix invalid access to interned strings after they are freed in phpdbg

ksmiley · Oct 1, 2016 · 3280a29 · 3280a29
1 parent 12967bc
commit 3280a29
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/sapi/phpdbg/phpdbg_list.c b/sapi/phpdbg/phpdbg_list.c
@@ -316,6 +316,17 @@ zend_op_array *phpdbg_init_compile_file(zend_file_handle *file, int type) {
 	dataptr = zend_hash_str_find_ptr(&PHPDBG_G(file_sources), filename, strlen(filename));
 	ZEND_ASSERT(dataptr != NULL);
 
+	if (op_array->vars) {
+		int i;
+		/* un-intern these strings to prevent zend_restore_strings from invalidating our string pointers too early */
+		for (i = 0; i < op_array->last_var; i++) {
+			zend_string **s = op_array->vars + i;
+			if (ZSTR_IS_INTERNED(*s)) {
+				*s = zend_string_init(ZSTR_VAL(*s), ZSTR_LEN(*s), 0);
+			}
+		}
+	}
+
 	dataptr->op_array = *op_array;
 	if (dataptr->op_array.refcount) {
 		++*dataptr->op_array.refcount;