| |
@@ -0,0 +1,42 @@
|
| |
+ From c4a2ad579a2fe5d357f2d6486c1afe84ef18a029 Mon Sep 17 00:00:00 2001
|
| |
+ From: Arne Welzel <arne.welzel@gmail.com>
|
| |
+ Date: Sun, 8 Dec 2019 12:59:45 +0100
|
| |
+ Subject: [PATCH] php: Properly zero initialize zend_file_handle
|
| |
+
|
| |
+ In the PHP bugtracker [1], the stacktrace included a bogus pointer value
|
| |
+ being passed to `_efree`. The ASCII value of the pointer is "02.11.81"
|
| |
+ which heavily pointed at usage of non-initialized data.
|
| |
+
|
| |
+ #1 0x00007f8fe07e9e96 in _efree (ptr=0x30322e31312e3831) at /data/work/php-src-php-7.4.0RC6/Zend/zend_alloc.c:2549
|
| |
+
|
| |
+ The solution is to use an open-coded version of`zend_stream_init_filename()` [2].
|
| |
+ Maybe we could actually use the above helper, but I'm not familiar enough
|
| |
+ with PHP/versions/compat, so the proposed change seems safer.
|
| |
+
|
| |
+ Should fix #2096.
|
| |
+
|
| |
+ [1] https://bugs.php.net/bug.php?id=78828
|
| |
+ [2] https://github.com/php/php-src/blob/bc6e4b6c574261188519a1e83ba49998ffbcb12b/Zend/zend_stream.c#L70
|
| |
+ ---
|
| |
+ plugins/php/php_plugin.c | 3 +--
|
| |
+ 1 file changed, 1 insertion(+), 2 deletions(-)
|
| |
+
|
| |
+ diff --git a/plugins/php/php_plugin.c b/plugins/php/php_plugin.c
|
| |
+ index 72c39022..1690fb60 100644
|
| |
+ --- a/plugins/php/php_plugin.c
|
| |
+ +++ b/plugins/php/php_plugin.c
|
| |
+ @@ -1115,10 +1115,9 @@ secure3:
|
| |
+
|
| |
+ SG(request_info).path_translated = wsgi_req->file;
|
| |
+
|
| |
+ + memset(&file_handle, 0, sizeof(zend_file_handle));
|
| |
+ file_handle.type = ZEND_HANDLE_FILENAME;
|
| |
+ file_handle.filename = real_filename;
|
| |
+ - file_handle.free_filename = 0;
|
| |
+ - file_handle.opened_path = NULL;
|
| |
+
|
| |
+ if (php_request_startup(TSRMLS_C) == FAILURE) {
|
| |
+ uwsgi_500(wsgi_req);
|
| |
+ --
|
| |
+ 2.26.2
|
| |
+
|
| |
This backports Arne Welzel's upstream PR #2105 [0] to 2.0.18, in order to fix a bug that causes uwsgi's php plugin to segfault when used with PHP 7.4 [1].
I've tested the resulting package locally on F32, it fixes the issue for me & seems to cause no other problems.
The PR is already merged upstream, so this patch should no longer be needed after the next uwsgi release.
[0] https://github.com/unbit/uwsgi/pull/2105
[1] https://github.com/unbit/uwsgi/issues/2096