Avoid use-after-free in main thread

dstogov · dstogov · commit 0a24d7ba8f32 · 2018-10-29T16:25:49.000+03:00
diff --git a/Zend/zend.c b/Zend/zend.c
@@ -982,14 +982,17 @@ int zend_post_startup(void) /* {{{ */
 
 	zend_destroy_rsrc_list(&EG(persistent_list));
 	free(compiler_globals->function_table);
+	compiler_globals->function_table = NULL;
 	free(compiler_globals->class_table);
+	compiler_globals->class_table = NULL;
 	if ((script_encoding_list = (zend_encoding **)compiler_globals->script_encoding_list)) {
 		compiler_globals_ctor(compiler_globals);
 		compiler_globals->script_encoding_list = (const zend_encoding **)script_encoding_list;
 	} else {
 		compiler_globals_ctor(compiler_globals);
 	}
 	free(EG(zend_constants));
+	EG(zend_constants) = NULL;
 
 	executor_globals_ctor(executor_globals);
 	global_persistent_list = &EG(persistent_list);
diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c
@@ -3051,27 +3051,33 @@ static void preload_shutdown(void)
 	zval *zv;
 
 #if 0
-	ZEND_HASH_REVERSE_FOREACH_VAL(EG(zend_constants), zv) {
-		zend_constant *c = Z_PTR_P(zv);
-		if (ZEND_CONSTANT_FLAGS(c) & CONST_PERSISTENT) {
-			break;
-		}
-	} ZEND_HASH_FOREACH_END_DEL();
+    if (EG(zend_constants)) {
+		ZEND_HASH_REVERSE_FOREACH_VAL(EG(zend_constants), zv) {
+			zend_constant *c = Z_PTR_P(zv);
+			if (ZEND_CONSTANT_FLAGS(c) & CONST_PERSISTENT) {
+				break;
+			}
+		} ZEND_HASH_FOREACH_END_DEL();
+	}
 #endif
 
-	ZEND_HASH_REVERSE_FOREACH_VAL(EG(function_table), zv) {
-		zend_function *func = Z_PTR_P(zv);
-		if (func->type == ZEND_INTERNAL_FUNCTION) {
-			break;
-		}
-	} ZEND_HASH_FOREACH_END_DEL();
+    if (EG(function_table)) {
+		ZEND_HASH_REVERSE_FOREACH_VAL(EG(function_table), zv) {
+			zend_function *func = Z_PTR_P(zv);
+			if (func->type == ZEND_INTERNAL_FUNCTION) {
+				break;
+			}
+		} ZEND_HASH_FOREACH_END_DEL();
+	}
 
-	ZEND_HASH_REVERSE_FOREACH_VAL(EG(class_table), zv) {
-		zend_class_entry *ce = Z_PTR_P(zv);
-		if (ce->type == ZEND_INTERNAL_CLASS) {
-			break;
-		}
-	} ZEND_HASH_FOREACH_END_DEL();
+	if (EG(class_table)) {
+		ZEND_HASH_REVERSE_FOREACH_VAL(EG(class_table), zv) {
+			zend_class_entry *ce = Z_PTR_P(zv);
+			if (ce->type == ZEND_INTERNAL_CLASS) {
+				break;
+			}
+		} ZEND_HASH_FOREACH_END_DEL();
+	}
 }
 
 static void preload_activate(void)
