Fix changin get_iterator pointer with aslr

iluuu1994 · iluuu1994 · commit 6e45add7686d · 2024-07-11T14:24:50.000+02:00
diff --git a/ext/opcache/zend_file_cache.c b/ext/opcache/zend_file_cache.c
@@ -186,6 +186,8 @@ static int zend_file_cache_flock(int fd, int type)
 	} \
 } while (0)
 
+#define HOOKED_ITERATOR_PLACEHOLDER ((void*)1)
+
 static const uint32_t uninitialized_bucket[-HT_MIN_MASK] =
 	{HT_INVALID_IDX, HT_INVALID_IDX};
 
@@ -903,6 +905,11 @@ static void zend_file_cache_serialize_class(zval                     *zv,
 	ZEND_MAP_PTR_INIT(ce->mutable_data, NULL);
 
 	ce->inheritance_cache = NULL;
+
+	if (ce->get_iterator) {
+		ZEND_ASSERT(ce->get_iterator == zend_hooked_object_get_iterator);
+		ce->get_iterator = HOOKED_ITERATOR_PLACEHOLDER;
+	}
 }
 
 static void zend_file_cache_serialize_warnings(
@@ -1751,6 +1758,11 @@ static void zend_file_cache_unserialize_class(zval                    *zv,
 		ZEND_MAP_PTR_INIT(ce->static_members_table, NULL);
 	}
 
+	if (ce->get_iterator) {
+		ZEND_ASSERT(ce->get_iterator == HOOKED_ITERATOR_PLACEHOLDER);
+		ce->get_iterator = zend_hooked_object_get_iterator;
+	}
+
 	// Memory addresses of object handlers are not stable. They can change due to ASLR or order of linking dynamic. To
 	// avoid pointing to invalid memory we relink default_object_handlers here.
 	ce->default_object_handlers = ce->ce_flags & ZEND_ACC_ENUM ? &zend_enum_object_handlers : &std_object_handlers;
