From e19deac4e414ec4388dab2fcfc8f0d61fc37c4fd Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Tue, 29 Mar 2022 11:48:40 +0200 Subject: [PATCH] Fix #81714: segfault when serializing finalized HashContext We must not allow to serialize already finalized `HashContext`s, since the internal context is already freed. Since there is not much point in serializing finalized `HashContext`s, we just bail out in that case. --- ext/hash/hash.c | 3 +++ ext/hash/tests/bug81714.phpt | 14 ++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 ext/hash/tests/bug81714.phpt diff --git a/ext/hash/hash.c b/ext/hash/hash.c index 4e3820f35e6b4..a1ce4ffd17063 100644 --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@ -227,6 +227,9 @@ PHP_HASH_API int php_hash_serialize_spec(const php_hashcontext_object *hash, zva size_t pos = 0, max_alignment = 1; unsigned char *buf = (unsigned char *) hash->context; zval tmp; + if (buf == NULL) { + return FAILURE; + } array_init(zv); while (*spec != '\0' && *spec != '.') { char spec_ch = *spec; diff --git a/ext/hash/tests/bug81714.phpt b/ext/hash/tests/bug81714.phpt new file mode 100644 index 0000000000000..a151bda6884e1 --- /dev/null +++ b/ext/hash/tests/bug81714.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #81714 (segfault when serializing finalized HashContext) +--FILE-- +getMessage()); +} +?> +--EXPECTF-- +string(52) "HashContext for algorithm "md5" cannot be serialized"