Fix #78761: Zend memory heap corruption with preload and casting

We have to reset `FFI_G(persistent)` back to zero when preloading has finished.
2024-09-21 18:07:23 +00:00 · 2019-10-30 18:05:10 +01:00 · 2019-10-30 18:05:10 +01:00 · 0055f1e3dc
commit 0055f1e3dc
parent 1e2d3d58a8
5 changed files with 23 additions and 0 deletions
--- a/2
+++ b/2
@ -19,6 +19,8 @@ PHP                                                                        NEWS
  . Fixed bug #78716 (Function name mangling is wrong for some parameter 
    types). (cmb)
  . Fixed bug #78762 (Failing FFI::cast() may leak memory). (cmb)
+  . Fixed bug #78761 (Zend memory heap corruption with preload and casting).
+    (cmb)
  . Implement FR #78270 (Support __vectorcall convention with FFI). (cmb)

 - FPM:
--- a/ext/ffi/ffi.c
+++ b/ext/ffi/ffi.c
@ -3340,6 +3340,7 @@ static zend_ffi *zend_ffi_load(const char *filename, zend_bool preload) /* {{{ *
 	efree(code);
 	FFI_G(symbols) = NULL;
 	FFI_G(tags) = NULL;
+	FFI_G(persistent) = 0;

 	return ffi;

--- a/ext/ffi/tests/bug78761.phpt
+++ b/ext/ffi/tests/bug78761.phpt
@ -0,0 +1,17 @@
+--TEST--
+Bug #78761 (Zend memory heap corruption with preload and casting)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--INI--
+opcache.enable_cli=1
+opcache.preload={PWD}/bug78761_preload.php
+--FILE--
+<?php
+try {
+    FFI::cast('char[10]', FFI::new('char[1]'));
+} catch (FFI\Exception $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+attempt to cast to larger type
--- a/ext/ffi/tests/bug78761_preload.h
+++ b/ext/ffi/tests/bug78761_preload.h
--- a/ext/ffi/tests/bug78761_preload.php
+++ b/ext/ffi/tests/bug78761_preload.php
@ -0,0 +1,3 @@
+<?php
+
+FFI::load(__DIR__ . '/bug78761_preload.h');