Fix GH-12962: Double free of init_file in phpdbg_prompt.c

See GH-12962 for analysis. Closes GH-12963.
2024-09-21 09:57:23 +00:00 · 2023-12-17 01:35:15 +01:00 · 2023-12-17 01:35:15 +01:00 · a6d17bffe1
commit a6d17bffe1
parent 40ccc8ea7e
4 changed files with 19 additions and 1 deletions
--- a/3
+++ b/3
@ -20,6 +20,9 @@ PHP                                                                        NEWS
  . Added workaround for SELinux mprotect execheap issue.
    See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov)

+- PHPDBG:
+  . Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos)
+
 21 Dec 2023, PHP 8.2.14

 - Core:
--- a/sapi/phpdbg/phpdbg_prompt.c
+++ b/sapi/phpdbg/phpdbg_prompt.c
@ -364,7 +364,7 @@ void phpdbg_init(char *init_file, size_t init_file_len, bool use_default) /* {{{
 			}

 			ZEND_IGNORE_VALUE(asprintf(&init_file, "%s/%s", scan_dir, PHPDBG_INIT_FILENAME));
-			phpdbg_try_file_init(init_file, strlen(init_file), 1);
+			phpdbg_try_file_init(init_file, strlen(init_file), 0);
 			free(init_file);
 			if (i == -1) {
 				break;
--- a/sapi/phpdbg/tests/gh12962.phpt
+++ b/sapi/phpdbg/tests/gh12962.phpt
@ -0,0 +1,13 @@
+--TEST--
+GH-12962 (Double free of init_file in phpdbg_prompt.c)
+--SKIPIF--
+<?php
+if (!getenv('TEST_PHPDBG_EXECUTABLE')) die("SKIP: No TEST_PHPDBG_EXECUTABLE specified");
+?>
+--FILE--
+<?php
+putenv('PHP_INI_SCAN_DIR='.__DIR__."/gh12962");
+passthru($_ENV['TEST_PHPDBG_EXECUTABLE'] . " -q");
+?>
+--EXPECT--
+Executed .phpdbginit
--- a/sapi/phpdbg/tests/gh12962/.phpdbginit
+++ b/sapi/phpdbg/tests/gh12962/.phpdbginit
@ -0,0 +1,2 @@
+ev "Executed .phpdbginit"
+q