Fixed bug #70295 (Segmentation fault with setrawcookie)

bwoebi · bwoebi · commit 4df77a6c5852 · 2015-08-19T01:33:19.000+02:00
diff --git a/NEWS b/NEWS
@@ -5,6 +5,9 @@ PHP                                                                        NEWS
 - Core:
   . Fixed bug causing exception traces with anon classes to be truncated. (Bob)
 
+- Standard:
+  . Fixed bug #70295 (Segmentation fault with setrawcookie). (Bob)
+
 20 Aug 2015, PHP 7.0.0 RC 1
 
 - Core:
diff --git a/ext/standard/head.c b/ext/standard/head.c
@@ -141,7 +141,7 @@ PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires,
 			if (!p || *(p + 5) != ' ') {
 				zend_string_free(dt);
 				efree(cookie);
-				zend_string_free(encoded_value);
+				zend_string_release(encoded_value);
 				zend_error(E_WARNING, "Expiry date cannot have a year greater than 9999");
 				return FAILURE;
 			}
@@ -155,7 +155,7 @@ PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires,
 	}
 
 	if (encoded_value) {
-		zend_string_free(encoded_value);
+		zend_string_release(encoded_value);
 	}
 
 	if (path && ZSTR_LEN(path)) {

Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ PHPAPI int php_setcookie(zend_string name, zend_string value, time_t expires,`
`141`	`141`	`if (!p \|\| *(p + 5) != ' ') {`
`142`	`142`	`zend_string_free(dt);`
`143`	`143`	`efree(cookie);`
`144`		`- zend_string_free(encoded_value);`
	`144`	`+ zend_string_release(encoded_value);`
`145`	`145`	`zend_error(E_WARNING, "Expiry date cannot have a year greater than 9999");`
`146`	`146`	`return FAILURE;`
`147`	`147`	`}`
`@@ -155,7 +155,7 @@ PHPAPI int php_setcookie(zend_string name, zend_string value, time_t expires,`
`155`	`155`	`}`
`156`	`156`
`157`	`157`	`if (encoded_value) {`
`158`		`- zend_string_free(encoded_value);`
	`158`	`+ zend_string_release(encoded_value);`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`if (path && ZSTR_LEN(path)) {`