From 8a9ff105a86d03433dc513753d9bd1622379f048 Mon Sep 17 00:00:00 2001
From: Christopher Engelhard <ce@lcts.de>
Date: May 04 2020 19:27:32 +0000
Subject: Merge upstream PR #2105


---

diff --git a/uwsgi.spec b/uwsgi.spec
index c1b988d..7c379c4 100644
--- a/uwsgi.spec
+++ b/uwsgi.spec
@@ -159,6 +159,8 @@ Patch7:         uwsgi_fix_mono.patch
 Patch9:         uwsgi-2.0.16-glfs.patch
 # https://github.com/unbit/uwsgi/pull/2141
 Patch10:        uwsgi_fix_psgi.patch
+# https://github.com/unbit/uwsgi/pull/2105
+Patch11:        uwsgi_fix_php_zend.patch
 
 BuildRequires:  curl, libxml2-devel, libuuid-devel, jansson-devel
 BuildRequires:  libyaml-devel, ruby-devel
@@ -1144,6 +1146,7 @@ cp -p %{SOURCE5} README.Fedora
 %if 0%{?fedora} >= 32
 %patch10 -p1
 %endif
+%patch11 -p1
 
 #disable plug-ins
 %if %{without mongodblibs}
diff --git a/uwsgi_fix_php_zend.patch b/uwsgi_fix_php_zend.patch
new file mode 100644
index 0000000..7a0266b
--- /dev/null
+++ b/uwsgi_fix_php_zend.patch
@@ -0,0 +1,42 @@
+From c4a2ad579a2fe5d357f2d6486c1afe84ef18a029 Mon Sep 17 00:00:00 2001
+From: Arne Welzel <arne.welzel@gmail.com>
+Date: Sun, 8 Dec 2019 12:59:45 +0100
+Subject: [PATCH] php: Properly zero initialize zend_file_handle
+
+In the PHP bugtracker [1], the stacktrace included a bogus pointer value
+being passed to `_efree`. The ASCII value of the pointer is "02.11.81"
+which heavily pointed at usage of non-initialized data.
+
+    #1  0x00007f8fe07e9e96 in _efree (ptr=0x30322e31312e3831) at /data/work/php-src-php-7.4.0RC6/Zend/zend_alloc.c:2549
+
+The solution is to use an open-coded version of`zend_stream_init_filename()` [2].
+Maybe we could actually use the above helper, but I'm not familiar enough
+with PHP/versions/compat, so the proposed change seems safer.
+
+Should fix #2096.
+
+[1] https://bugs.php.net/bug.php?id=78828
+[2] https://github.com/php/php-src/blob/bc6e4b6c574261188519a1e83ba49998ffbcb12b/Zend/zend_stream.c#L70
+---
+ plugins/php/php_plugin.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/plugins/php/php_plugin.c b/plugins/php/php_plugin.c
+index 72c39022..1690fb60 100644
+--- a/plugins/php/php_plugin.c
++++ b/plugins/php/php_plugin.c
+@@ -1115,10 +1115,9 @@ secure3:
+ 
+ 	SG(request_info).path_translated = wsgi_req->file;
+ 
++        memset(&file_handle, 0, sizeof(zend_file_handle));
+         file_handle.type = ZEND_HANDLE_FILENAME;
+         file_handle.filename = real_filename;
+-        file_handle.free_filename = 0;
+-        file_handle.opened_path = NULL;
+ 
+         if (php_request_startup(TSRMLS_C) == FAILURE) {
+ 		uwsgi_500(wsgi_req);
+-- 
+2.26.2
+