fix bad access with interned strings

[m6w6/ext-raphf] / php_raphf.c

diff --git a/php_raphf.c b/php_raphf.c
index 1e4276bd6f78483565c3464e8f4db0c34a442f5f..3f27ab3e7e14f21479f682ae7bf118971e5e7efd 100644 (file)
--- a/php_raphf.c
+++ b/php_raphf.c
@@ -243,10 +243,15 @@ static inline php_persistent_handle_list_t *php_persistent_handle_list_find(
        }
 
        if ((list = php_persistent_handle_list_init(NULL))) {
-               zval p;
+               zval p, *rv;
+               zend_string *id;
 
                ZVAL_PTR(&p, list);
-               if (zend_symtable_update(&provider->list.free, ident, &p)) {
+               id = zend_string_init(ident->val, ident->len, 1);
+               rv = zend_symtable_update(&provider->list.free, id, &p);
+               zend_string_release(id);
+
+               if (rv) {
 #if PHP_RAPHF_DEBUG_PHANDLES
                        fprintf(stderr, "LSTFIND: %p (new)\n", list);
 #endif
@@ -305,15 +310,10 @@ ZEND_RESULT_CODE php_persistent_handle_provide(zend_string *name,
 #endif
 
                        ZVAL_PTR(&p, provider);
-                       if ((GC_FLAGS(name) & IS_STR_PERSISTENT)) {
-                               ns = name;
-                       } else {
-                               ns = zend_string_dup(name, 1);
-                       }
+                       ns = zend_string_init(name->val, name->len, 1);
                        rv = zend_symtable_update(&PHP_RAPHF_G->persistent_handle.hash, ns, &p);
-                       if (ns != name) {
-                               zend_string_release(ns);
-                       }
+                       zend_string_release(ns);
+
                        if (rv) {
                                return SUCCESS;
                        }