From 35f6f9b0dbc683812badf3a8e38d1ec110fd7925 Mon Sep 17 00:00:00 2001 From: Yussuf Khalil Date: Wed, 10 Feb 2016 10:33:57 +0100 Subject: [PATCH 1/2] Fix use-after-free of ZCG(cwd) in Zend Optimizer --- ext/opcache/ZendAccelerator.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c index 66b54f2ebf2..0f66c56ea65 100644 --- a/ext/opcache/ZendAccelerator.c +++ b/ext/opcache/ZendAccelerator.c @@ -2370,6 +2370,11 @@ static void accel_deactivate(void) */ TSRMLS_FETCH(); + if (ZCG(cwd)) { + efree(ZCG(cwd)); + ZCG(cwd) = NULL; + } + if (!ZCG(enabled) || !accel_startup_ok) { return; } @@ -2383,12 +2388,6 @@ static void accel_deactivate(void) zend_accel_fast_shutdown(TSRMLS_C); } #endif - - if (ZCG(cwd)) { - efree(ZCG(cwd)); - ZCG(cwd) = NULL; - } - } static int accelerator_remove_cb(zend_extension *element1, zend_extension *element2) From 2b850e1565d69ff9e0e855a86f1b8662b827c55e Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Mon, 15 Feb 2016 10:31:37 +0800 Subject: [PATCH 2/2] Update NEWS: "Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache)" --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index a7760dac09b..07bdf235a46 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,10 @@ PHP NEWS . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup). (Matt Haught, Remi) +- Opcache: + . Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache). + (Yussuf Khalil) + - PDO MySQL: . Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita)