From 15beb140e5b066552ea6af3b2c6aa7300fbcbd9c Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Tue, 2 Sep 2025 17:21:22 +0200 Subject: [PATCH] Fix RC assertion in fpm when php_admin_value setting fails The value is temporarily duplicated. While the value is allocated persistently, it will be freed if the ini value can't be set. This is safe, given the value has not actually been stored. Exposed by GH-19619 Closes GH-19671 --- NEWS | 3 ++ sapi/fpm/fpm/fpm_php.c | 2 + sapi/fpm/tests/php_admin_value-failure.phpt | 48 +++++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 sapi/fpm/tests/php_admin_value-failure.phpt diff --git a/NEWS b/NEWS index 2e1ed8a2fda..d1327afee9a 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,9 @@ PHP NEWS . Fixed date_sunrise() and date_sunset() with partial-hour UTC offset. (ilutov) +- FPM: + . Fixed failed debug assertion when php_admin_value setting fails. (ilutov) + - OpenSSL: . Fixed bug GH-19245 (Success error message on TLS stream accept failure). (Jakub Zelenka) diff --git a/sapi/fpm/fpm/fpm_php.c b/sapi/fpm/fpm/fpm_php.c index 2463f4351b6..544188f2159 100644 --- a/sapi/fpm/fpm/fpm_php.c +++ b/sapi/fpm/fpm/fpm_php.c @@ -41,6 +41,8 @@ static int fpm_php_zend_ini_alter_master(char *name, int name_length, char *new_ ini_entry->modifiable = mode; } } else { + /* The string wasn't installed and won't be shared, it's safe to drop. */ + GC_MAKE_PERSISTENT_LOCAL(duplicate); zend_string_release_ex(duplicate, 1); } diff --git a/sapi/fpm/tests/php_admin_value-failure.phpt b/sapi/fpm/tests/php_admin_value-failure.phpt new file mode 100644 index 00000000000..dcac2e29c72 --- /dev/null +++ b/sapi/fpm/tests/php_admin_value-failure.phpt @@ -0,0 +1,48 @@ +--TEST-- +RC violation on failed php_admin_value +--SKIPIF-- + +--FILE-- +setUserIni($ini); +$tester->start(); +$tester->expectLogStartNotices(); +$tester->request()->expectBody(['string(2) "14"']); +$tester->terminate(); +$tester->close(); + +?> +Done +--EXPECT-- +Done +--CLEAN-- +