mirror of
https://github.com/php/php-src.git
synced 2024-09-22 10:27:25 +00:00
fix potential memory issue on serialization
# When internal class uses zend_mangle_property_name it's malloc() # so it should be freed with free()
This commit is contained in:
parent
777fb4f911
commit
b73ac1a57a
@ -599,19 +599,19 @@ static void php_var_serialize_class(smart_str *buf, zval *struc, zval *retval_pt
|
||||
zend_mangle_property_name(&priv_name, &prop_name_length, ce->name, ce->name_length, Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
|
||||
if (zend_hash_find(Z_OBJPROP_P(struc), priv_name, prop_name_length + 1, (void *) &d) == SUCCESS) {
|
||||
php_var_serialize_string(buf, priv_name, prop_name_length);
|
||||
efree(priv_name);
|
||||
pefree(priv_name, ce->type & ZEND_INTERNAL_CLASS);
|
||||
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
|
||||
break;
|
||||
}
|
||||
efree(priv_name);
|
||||
pefree(priv_name, ce->type & ZEND_INTERNAL_CLASS);
|
||||
zend_mangle_property_name(&prot_name, &prop_name_length, "*", 1, Z_STRVAL_PP(name), Z_STRLEN_PP(name), ce->type & ZEND_INTERNAL_CLASS);
|
||||
if (zend_hash_find(Z_OBJPROP_P(struc), prot_name, prop_name_length + 1, (void *) &d) == SUCCESS) {
|
||||
php_var_serialize_string(buf, prot_name, prop_name_length);
|
||||
efree(prot_name);
|
||||
pefree(prot_name, ce->type & ZEND_INTERNAL_CLASS);
|
||||
php_var_serialize_intern(buf, *d, var_hash TSRMLS_CC);
|
||||
break;
|
||||
}
|
||||
efree(prot_name);
|
||||
pefree(prot_name, ce->type & ZEND_INTERNAL_CLASS);
|
||||
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "\"%s\" returned as member variable from __sleep() but does not exist", Z_STRVAL_PP(name));
|
||||
php_var_serialize_string(buf, Z_STRVAL_PP(name), Z_STRLEN_PP(name));
|
||||
php_var_serialize_intern(buf, nvalp, var_hash TSRMLS_CC);
|
||||
|
Loading…
Reference in New Issue
Block a user