Fix #78761: Zend memory heap corruption with preload and casting

cmb69 · cmb69 · commit 0055f1e3dc7e · 2019-10-30T19:49:39.000+01:00
We have to reset `FFI_G(persistent)` back to zero when preloading has
finished.
diff --git a/NEWS b/NEWS
@@ -19,6 +19,8 @@ PHP                                                                        NEWS
   . Fixed bug #78716 (Function name mangling is wrong for some parameter 
     types). (cmb)
   . Fixed bug #78762 (Failing FFI::cast() may leak memory). (cmb)
+  . Fixed bug #78761 (Zend memory heap corruption with preload and casting).
+    (cmb)
   . Implement FR #78270 (Support __vectorcall convention with FFI). (cmb)
 
 - FPM:
diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c
@@ -3340,6 +3340,7 @@ static zend_ffi *zend_ffi_load(const char *filename, zend_bool preload) /* {{{ *
 	efree(code);
 	FFI_G(symbols) = NULL;
 	FFI_G(tags) = NULL;
+	FFI_G(persistent) = 0;
 
 	return ffi;
 
diff --git a/ext/ffi/tests/bug78761.phpt b/ext/ffi/tests/bug78761.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78761 (Zend memory heap corruption with preload and casting)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--INI--
+opcache.enable_cli=1
+opcache.preload={PWD}/bug78761_preload.php
+--FILE--
+<?php
+try {
+    FFI::cast('char[10]', FFI::new('char[1]'));
+} catch (FFI\Exception $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+attempt to cast to larger type
diff --git a/ext/ffi/tests/bug78761_preload.h b/ext/ffi/tests/bug78761_preload.h
diff --git a/ext/ffi/tests/bug78761_preload.php b/ext/ffi/tests/bug78761_preload.php
@@ -0,0 +1,3 @@
+<?php
+
+FFI::load(__DIR__ . '/bug78761_preload.h');
