Skip to content

Commit 2330be5

Browse files
dstogovdstogov
committed
Fixed possible crash because of race conditions on modifying constants in shared memory
1 parent 023d53f commit 2330be5

File tree

3 files changed

+34
-0
lines changed

3 files changed

+34
-0
lines changed

Zend/zend_execute.c

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -943,6 +943,26 @@ static inline zval* zend_assign_to_variable(zval **variable_ptr_ptr, zval *value
943943
}
944944
}
945945

946+
static void zval_deep_copy(zval **p)
947+
{
948+
zval *value;
949+
950+
ALLOC_ZVAL(value);
951+
*value = **p;
952+
if (Z_TYPE_P(value) == IS_ARRAY) {
953+
HashTable *ht;
954+
955+
ALLOC_HASHTABLE(ht);
956+
zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(value)), NULL, ZVAL_PTR_DTOR, 0);
957+
zend_hash_copy(ht, Z_ARRVAL_P(value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *));
958+
Z_ARRVAL_P(value) = ht;
959+
} else {
960+
zval_copy_ctor(value);
961+
}
962+
INIT_PZVAL(value);
963+
*p = value;
964+
}
965+
946966
/* Utility Functions for Extensions */
947967
static void zend_extension_statement_handler(const zend_extension *extension, zend_op_array *op_array TSRMLS_DC)
948968
{

Zend/zend_vm_def.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3422,6 +3422,13 @@ ZEND_VM_HANDLER(64, ZEND_RECV_INIT, ANY, CONST)
34223422
if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) {
34233423
Z_SET_REFCOUNT_P(assignment_value, 1);
34243424
zval_update_constant(&assignment_value, 0 TSRMLS_CC);
3425+
} else if (Z_TYPE_P(assignment_value) == IS_ARRAY) {
3426+
HashTable *ht;
3427+
3428+
ALLOC_HASHTABLE(ht);
3429+
zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0);
3430+
zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *));
3431+
Z_ARRVAL_P(assignment_value) = ht;
34253432
} else {
34263433
zval_copy_ctor(assignment_value);
34273434
}

Zend/zend_vm_execute.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1624,6 +1624,13 @@ static int ZEND_FASTCALL ZEND_RECV_INIT_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_
16241624
if (IS_CONSTANT_TYPE(Z_TYPE_P(assignment_value))) {
16251625
Z_SET_REFCOUNT_P(assignment_value, 1);
16261626
zval_update_constant(&assignment_value, 0 TSRMLS_CC);
1627+
} else if (Z_TYPE_P(assignment_value) == IS_ARRAY) {
1628+
HashTable *ht;
1629+
1630+
ALLOC_HASHTABLE(ht);
1631+
zend_hash_init(ht, zend_hash_num_elements(Z_ARRVAL_P(assignment_value)), NULL, ZVAL_PTR_DTOR, 0);
1632+
zend_hash_copy(ht, Z_ARRVAL_P(assignment_value), (copy_ctor_func_t) zval_deep_copy, NULL, sizeof(zval *));
1633+
Z_ARRVAL_P(assignment_value) = ht;
16271634
} else {
16281635
zval_copy_ctor(assignment_value);
16291636
}

0 commit comments

Comments
 (0)