Send a blank email to [email protected] to get a copy of this message
Pull Request: https://github.com/php/php-src/pull/20254
Author: arnaud-lb
Typed references may be modified while assigning to them, during coercion:
* The reference may be freed, resulting in UAF
* The type source list maybe freed or reallocated, resulting in UAF
* Some newly added types may skipped, resulting in incorrect typing
Here we fix these issues.
Freeing is avoided by increasing the refcount during assignment.
Source list issues are fixed by updating the iteration code, and modifying the list in append-only
mode during assignment.
TODO: more tests