File php-CVE-2016-7131,7132.patch of Package php7

Index: php-7.0.7/ext/wddx/wddx.c
===================================================================
--- php-7.0.7.orig/ext/wddx/wddx.c	2016-09-05 12:42:57.467317317 +0200
+++ php-7.0.7/ext/wddx/wddx.c	2016-09-05 12:45:28.529889892 +0200
@@ -880,10 +880,10 @@ static void php_wddx_pop_element(void *u
 		if (Z_TYPE(ent1->data) == IS_UNDEF) {
 			if (stack->top > 1) {
 				stack->top--;
+				efree(ent1);
 			} else {
 				stack->done = 1;
 			}
-			efree(ent1);
 			return;
 		}
 
@@ -911,7 +911,7 @@ static void php_wddx_pop_element(void *u
 			wddx_stack_top(stack, (void**)&ent2);
 
 			/* if non-existent field */
-			if (ent2->type == ST_FIELD && Z_ISUNDEF(ent2->data)) {
+			if (Z_ISUNDEF(ent2->data)) {
 				zval_ptr_dtor(&ent1->data);
 				efree(ent1);
 				return;
@@ -1071,8 +1071,12 @@ int php_wddx_deserialize_ex(const char *
 
 	if (stack.top == 1) {
 		wddx_stack_top(&stack, (void**)&ent);
-		ZVAL_COPY(return_value, &ent->data);
-		retval = SUCCESS;
+		if(Z_ISUNDEF(ent->data)) {
+			retval = FAILURE;
+		} else {
+			ZVAL_COPY(return_value, &ent->data);
+			retval = SUCCESS;
+		}
 	} else {
 		retval = FAILURE;
 	}
openSUSE Build Service is sponsored by