fix bug #63369

(un)serialize() leaves dangling pointers, causes crashes
2024-09-22 02:17:32 +00:00 · 2012-10-26 16:36:47 +04:00 · 2012-10-26 16:36:47 +04:00 · f2bffdc2e4
commit f2bffdc2e4
parent 4f4d77805c
2 changed files with 7 additions and 0 deletions
--- a/2
+++ b/2
@ -4,6 +4,8 @@ PHP                                                                        NEWS

 - Core:
  . Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence)
+  . Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes).
+    (Tony, Andrew Sitnikov)

 - Curl:
  . Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST).
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@ -3684,6 +3684,11 @@ PHP_MSHUTDOWN_FUNCTION(basic) /* {{{ */
 PHP_RINIT_FUNCTION(basic) /* {{{ */
 {
 	memset(BG(strtok_table), 0, 256);
+
+	BG(serialize_lock) = 0;
+	memset(&BG(serialize), 0, sizeof(BG(serialize)));
+	memset(&BG(unserialize), 0, sizeof(BG(unserialize)));
+
 	BG(strtok_string) = NULL;
 	BG(strtok_zval) = NULL;
 	BG(strtok_last) = NULL;