1 CVE-2015-2787

     2 Community BUG:

     3 https://bugs.php.net/bug.php?id=68976

     4 Community CODE:

     5 https://gist.github.com/smalyshev/eea9eafc7c88a4a6d10d

     6 Below is the community patch.

     7 

     8 

     9 diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c

    10 index f114080..c7749a4 100644

    11 --- a/ext/standard/var_unserializer.c

    12 +++ b/ext/standard/var_unserializer.c

    13 @@ -349,6 +349,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long

    14  			zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,

    15  					sizeof data, NULL);

    16  		}

    17 +		var_push_dtor(var_hash, &data);

    18  		

    19  		zval_dtor(key);

    20  		FREE_ZVAL(key);

    21 diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re

    22 index f04fc74..abac77c 100644

    23 --- a/ext/standard/var_unserializer.re

    24 +++ b/ext/standard/var_unserializer.re

    25 @@ -353,6 +353,7 @@ static inline int process_nested_data(UNSERIALIZE_PARAMETER, HashTable *ht, long

    26  			zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,

    27  					sizeof data, NULL);

    28  		}

    29 +		var_push_dtor(var_hash, &data);

    30  		

    31  		zval_dtor(key);

    32  		FREE_ZVAL(key);