From 1ffed972d5494d8253e71f7d8ac0e1335378cdc8 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Wed, 30 Oct 2019 18:05:10 +0100
Subject: [PATCH] Fix #78761: Zend memory heap corruption with preload and
 casting

We have to reset `FFI_G(persistent)` back to zero when preloading has
finished.
---
 ext/ffi/ffi.c                      |  1 +
 ext/ffi/tests/bug78761.phpt        | 17 +++++++++++++++++
 ext/ffi/tests/bug78761_preload.h   |  0
 ext/ffi/tests/bug78761_preload.php |  3 +++
 4 files changed, 21 insertions(+)
 create mode 100644 ext/ffi/tests/bug78761.phpt
 create mode 100644 ext/ffi/tests/bug78761_preload.h
 create mode 100644 ext/ffi/tests/bug78761_preload.php

diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c
index 08117cba83697..369e6531ace37 100644
--- a/ext/ffi/ffi.c
+++ b/ext/ffi/ffi.c
@@ -3340,6 +3340,7 @@ static zend_ffi *zend_ffi_load(const char *filename, zend_bool preload) /* {{{ *
 	efree(code);
 	FFI_G(symbols) = NULL;
 	FFI_G(tags) = NULL;
+	FFI_G(persistent) = 0;
 
 	return ffi;
 
diff --git a/ext/ffi/tests/bug78761.phpt b/ext/ffi/tests/bug78761.phpt
new file mode 100644
index 0000000000000..1db977a841c3e
--- /dev/null
+++ b/ext/ffi/tests/bug78761.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78761 (Zend memory heap corruption with preload and casting)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--INI--
+opcache.enable_cli=1
+opcache.preload={PWD}/bug78761_preload.php
+--FILE--
+<?php
+try {
+    FFI::cast('char[10]', FFI::new('char[1]'));
+} catch (FFI\Exception $ex) {
+    echo $ex->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+attempt to cast to larger type
diff --git a/ext/ffi/tests/bug78761_preload.h b/ext/ffi/tests/bug78761_preload.h
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/ext/ffi/tests/bug78761_preload.php b/ext/ffi/tests/bug78761_preload.php
new file mode 100644
index 0000000000000..207b7c3ec8417
--- /dev/null
+++ b/ext/ffi/tests/bug78761_preload.php
@@ -0,0 +1,3 @@
+<?php
+
+FFI::load(__DIR__ . '/bug78761_preload.h');