And more fix for memory leaks by revision 323013 from PHP's repository.

Hopefully, these 18 minutes is allowed to avoid to PKGREVISION bump.

2 files changed, 37 insertions, 6 deletions

diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index b8e2c5a28e0..c196d28dbeb 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2012/02/02 16:00:40 taca Exp $
+$NetBSD: distinfo,v 1.34 2012/02/02 16:19:44 taca Exp $
 
 SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51
 RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6
@@ -17,6 +17,6 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
 SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
-SHA1 (patch-main_php__variables.c) = 2938bda56e51ddefd8b589035fc68ded9b83ab57
+SHA1 (patch-main_php__variables.c) = 94a3fe7d0c52bf98bf91666448bd5a629f25802d
 SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad
 SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23
diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c
index e262dd0ecf6..3640a7cfc5f 100644
--- a/lang/php53/patches/patch-main_php__variables.c
+++ b/lang/php53/patches/patch-main_php__variables.c
@@ -1,19 +1,50 @@
-$NetBSD: patch-main_php__variables.c,v 1.3 2012/02/02 16:00:40 taca Exp $
+$NetBSD: patch-main_php__variables.c,v 1.4 2012/02/02 16:19:44 taca Exp $
 
-Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable
-Collision DOS" by revision 323007 from PHP's repository.
+* Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable
+  Collision DOS" by revision 323007 from PHP's repository.
 
 http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
 
+* And more fix for memory leaks by revision 323013 from PHP's repository.
+
 --- main/php_variables.c.orig	2012-01-01 13:15:04.000000000 +0000
 +++ main/php_variables.c
-@@ -198,6 +198,9 @@ PHPAPI void php_register_variable_ex(cha
+@@ -182,7 +182,12 @@ PHPAPI void php_register_variable_ex(cha
+ 			if (!index) {
+ 				MAKE_STD_ZVAL(gpc_element);
+ 				array_init(gpc_element);
+-				zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
++				if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
++					zval_ptr_dtor(&gpc_element);
++					zval_dtor(val);
++					efree(var_orig);
++					return;
++				}
+ 			} else {
+ 				if (PG(magic_quotes_gpc)) {
+ 					escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
+@@ -198,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha
  						MAKE_STD_ZVAL(gpc_element);
  						array_init(gpc_element);
  						zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 +					} else {
++						if (index != escaped_index) {
++							efree(escaped_index);
++						}
++						zval_dtor(val);
 +						efree(var_orig);
 +						return;
  					}
  				}
  				if (index != escaped_index) {
+@@ -223,7 +235,9 @@ plain_var:
+ 		gpc_element->value = val->value;
+ 		Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
+ 		if (!index) {
+-			zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
++			if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
++				zval_ptr_dtor(&gpc_element);
++			}
+ 		} else {
+ 			if (PG(magic_quotes_gpc)) { 
+ 				escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);