File tree Expand file tree Collapse file tree 2 files changed +9
-8
lines changed Expand file tree Collapse file tree 2 files changed +9
-8
lines changed Original file line number Diff line number Diff line change 99 extension code. (Sara)
1010 . Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1
1111 references). (Nicolas Grekas)
12+ . Fixed potential use after free in php_binary_init(). (Heiko Weber)
1213
1314- COM:
1415 . Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
Original file line number Diff line number Diff line change @@ -348,15 +348,15 @@ static void php_binary_init(void)
348348{
349349 char * binary_location = NULL ;
350350#ifdef PHP_WIN32
351- binary_location = (char * )malloc (MAXPATHLEN );
352- if (binary_location && GetModuleFileName (0 , binary_location , MAXPATHLEN ) == 0 ) {
353- free (binary_location );
354- PG ( php_binary ) = NULL ;
351+ binary_location = (char * )pemalloc (MAXPATHLEN , 1 );
352+ if (GetModuleFileName (0 , binary_location , MAXPATHLEN ) == 0 ) {
353+ pefree (binary_location , 1 );
354+ binary_location = NULL ;
355355 }
356356#else
357357 if (sapi_module .executable_location ) {
358- binary_location = (char * )malloc (MAXPATHLEN );
359- if (binary_location && !strchr (sapi_module .executable_location , '/' )) {
358+ binary_location = (char * )pemalloc (MAXPATHLEN , 1 );
359+ if (!strchr (sapi_module .executable_location , '/' )) {
360360 char * envpath , * path ;
361361 int found = 0 ;
362362
@@ -379,11 +379,11 @@ static void php_binary_init(void)
379379 efree (path );
380380 }
381381 if (!found ) {
382- free (binary_location );
382+ pefree (binary_location , 1 );
383383 binary_location = NULL ;
384384 }
385385 } else if (!VCWD_REALPATH (sapi_module .executable_location , binary_location ) || VCWD_ACCESS (binary_location , X_OK )) {
386- free (binary_location );
386+ pefree (binary_location , 1 );
387387 binary_location = NULL ;
388388 }
389389 }
You can’t perform that action at this time.
0 commit comments