Avoid uninitialized entries in properties_info_table

nikic · nikic · commit e6e9bea25798 · 2019-02-15T14:43:37.000+01:00
Also don't place it into xlat, there's only ever one user.
diff --git a/Zend/zend_inheritance.c b/Zend/zend_inheritance.c
@@ -855,19 +855,22 @@ static void do_inherit_class_constant(zend_string *name, zend_class_constant *pa
 void zend_build_properties_info_table(zend_class_entry *ce)
 {
 	zend_property_info **table, *prop;
+	size_t size;
 	if (ce->default_properties_count == 0) {
 		return;
 	}
 
 	ZEND_ASSERT(ce->properties_info_table == NULL);
+	size = sizeof(zend_property_info *) * ce->default_properties_count;
 	if (ce->type == ZEND_USER_CLASS) {
-		ce->properties_info_table = table = zend_arena_alloc(&CG(arena),
-			sizeof(zend_property_info *) * ce->default_properties_count);
+		ce->properties_info_table = table = zend_arena_alloc(&CG(arena), size);
 	} else {
-		ce->properties_info_table = table = pemalloc(
-			sizeof(zend_property_info *) * ce->default_properties_count, 1);
+		ce->properties_info_table = table = pemalloc(size, 1);
 	}
 
+	/* Dead slots may be left behind during inheritance. Make sure these are NULLed out. */
+	memset(table, 0, size);
+
 	if (ce->parent && ce->parent->default_properties_count != 0) {
 		zend_property_info **parent_table = ce->parent->properties_info_table;
 		memcpy(
diff --git a/ext/opcache/zend_persist.c b/ext/opcache/zend_persist.c
@@ -860,16 +860,20 @@ static void zend_persist_class_entry(zval *zv)
 			int i;
 
 			size_t size = sizeof(zend_property_info *) * ce->default_properties_count;
+			ZEND_ASSERT(ce->ce_flags & ZEND_ACC_LINKED);
 			if (ZCG(is_immutable_class)) {
-				ce->properties_info_table = zend_shared_memdup_put(
+				ce->properties_info_table = zend_shared_memdup(
 					ce->properties_info_table, size);
 			} else {
-				ce->properties_info_table = zend_shared_memdup_arena_put(
+				ce->properties_info_table = zend_shared_memdup_arena(
 					ce->properties_info_table, size);
 			}
 
 			for (i = 0; i < ce->default_properties_count; i++) {
-				ce->properties_info_table[i] = zend_shared_alloc_get_xlat_entry(ce->properties_info_table[i]);
+				if (ce->properties_info_table[i]) {
+					ce->properties_info_table[i] = zend_shared_alloc_get_xlat_entry(
+						ce->properties_info_table[i]);
+				}
 			}
 		}
 
