mb_list_encodings_gc_uaf.phpt - OpenGrok history log for /php-src/ext/mbstring/tests/mb_list_encodings_gc

Revision		Date	Author	Comments
# 7364b7bc		29-Jul-2023	Ilija Tovilo	Fix uaf of MBSTRG(all_encodings_list) We need to remove the value from the GC buffer before freeing it. Otherwise shutdown will uaf when running the gc. Do that by switching from zen Fix uaf of MBSTRG(all_encodings_list) We need to remove the value from the GC buffer before freeing it. Otherwise shutdown will uaf when running the gc. Do that by switching from zend_hash_destroy to zend_array_destroy, which should also be faster for freeing members due to inlining of i_zval_ptr_dtor. Closes GH-11822 show more ...

Revision

Date

Author

Comments

# 7364b7bc

29-Jul-2023

Ilija Tovilo

Fix uaf of MBSTRG(all_encodings_list)

We need to remove the value from the GC buffer before freeing it. Otherwise
shutdown will uaf when running the gc. Do that by switching from
zen

Fix uaf of MBSTRG(all_encodings_list)

We need to remove the value from the GC buffer before freeing it. Otherwise
shutdown will uaf when running the gc. Do that by switching from
zend_hash_destroy to zend_array_destroy, which should also be faster for freeing
members due to inlining of i_zval_ptr_dtor.

Closes GH-11822