bug81992b.phpt - OpenGrok history log for /php-src/ext/spl/tests/bug81992b.phpt

Revision		Date	Author	Comments
# b71c6b2c		13-Aug-2023	Niels Dossche <7771979+nielsdos@users.noreply.github.com>	Fix #81992: SplFixedArray::setSize() causes use-after-free Upon resizing, the elements are destroyed from lower index to higher index. When an element refers to an object with a destruct Fix #81992: SplFixedArray::setSize() causes use-after-free Upon resizing, the elements are destroyed from lower index to higher index. When an element refers to an object with a destructor, it can refer to a lower (i.e. already destroyed) element, causing a uaf. Set refcounted zvals to NULL after destroying them to avoid a uaf. Closes GH-11959. show more ...

Revision

Date

Author

Comments

# b71c6b2c

13-Aug-2023

Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix #81992: SplFixedArray::setSize() causes use-after-free

Upon resizing, the elements are destroyed from lower index to higher
index. When an element refers to an object with a destruct

Fix #81992: SplFixedArray::setSize() causes use-after-free

Upon resizing, the elements are destroyed from lower index to higher
index. When an element refers to an object with a destructor, it can
refer to a lower (i.e. already destroyed) element, causing a uaf.
Set refcounted zvals to NULL after destroying them to avoid a uaf.

Closes GH-11959.