From e19deac4e414ec4388dab2fcfc8f0d61fc37c4fd Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker"
Date: Tue, 29 Mar 2022 11:48:40 +0200
Subject: [PATCH] Fix #81714: segfault when serializing finalized HashContext
We must not allow to serialize already finalized `HashContext`s, since
the internal context is already freed. Since there is not much point
in serializing finalized `HashContext`s, we just bail out in that case.
---
ext/hash/hash.c | 3 +++
ext/hash/tests/bug81714.phpt | 14 ++++++++++++++
2 files changed, 17 insertions(+)
create mode 100644 ext/hash/tests/bug81714.phpt
diff --git a/ext/hash/hash.c b/ext/hash/hash.c
index 4e3820f35e6b4..a1ce4ffd17063 100644
--- a/ext/hash/hash.c
+++ b/ext/hash/hash.c
@@ -227,6 +227,9 @@ PHP_HASH_API int php_hash_serialize_spec(const php_hashcontext_object *hash, zva
size_t pos = 0, max_alignment = 1;
unsigned char *buf = (unsigned char *) hash->context;
zval tmp;
+ if (buf == NULL) {
+ return FAILURE;
+ }
array_init(zv);
while (*spec != '\0' && *spec != '.') {
char spec_ch = *spec;
diff --git a/ext/hash/tests/bug81714.phpt b/ext/hash/tests/bug81714.phpt
new file mode 100644
index 0000000000000..a151bda6884e1
--- /dev/null
+++ b/ext/hash/tests/bug81714.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #81714 (segfault when serializing finalized HashContext)
+--FILE--
+getMessage());
+}
+?>
+--EXPECTF--
+string(52) "HashContext for algorithm "md5" cannot be serialized"