From 992ac1c25a790d413a8029ed052a1436cc8f50a1 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 26 Oct 2024 12:24:28 +0200 Subject: [PATCH] Fix GH-16591: Assertion error in shm_put_var Closes GH-16610. Suggested-by: "Christoph M. Becker" --- NEWS | 3 +++ ext/sysvshm/sysvshm.c | 6 ++++++ ext/sysvshm/tests/gh16591.phpt | 25 +++++++++++++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 ext/sysvshm/tests/gh16591.phpt diff --git a/NEWS b/NEWS index bc9fc62ec11..f373d962e41 100644 --- a/NEWS +++ b/NEWS @@ -110,6 +110,9 @@ PHP NEWS . Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled). (ilutov) +- SysVShm: + . Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb) + - XMLReader: . Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c). (nielsdos) diff --git a/ext/sysvshm/sysvshm.c b/ext/sysvshm/sysvshm.c index 717c75337bb..2339a85476c 100644 --- a/ext/sysvshm/sysvshm.c +++ b/ext/sysvshm/sysvshm.c @@ -257,6 +257,12 @@ PHP_FUNCTION(shm_put_var) php_var_serialize(&shm_var, arg_var, &var_hash); PHP_VAR_SERIALIZE_DESTROY(var_hash); + if (UNEXPECTED(!shm_list_ptr->ptr)) { + smart_str_free(&shm_var); + zend_throw_error(NULL, "Shared memory block has been destroyed by the serialization function"); + RETURN_THROWS(); + } + /* insert serialized variable into shared memory */ ret = php_put_shm_data(shm_list_ptr->ptr, shm_key, shm_var.s? ZSTR_VAL(shm_var.s) : NULL, shm_var.s? ZSTR_LEN(shm_var.s) : 0); diff --git a/ext/sysvshm/tests/gh16591.phpt b/ext/sysvshm/tests/gh16591.phpt new file mode 100644 index 00000000000..d3ece7cd796 --- /dev/null +++ b/ext/sysvshm/tests/gh16591.phpt @@ -0,0 +1,25 @@ +--TEST-- +GH-16591 (Assertion error in shm_put_var) +--EXTENSIONS-- +sysvshm +--FILE-- + 'b']; + } +} + +$mem = shm_attach(1); +try { + shm_put_var($mem, 1, new C); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} + +?> +--EXPECT-- +Shared memory block has been destroyed by the serialization function