Fix #81714: segfault when serializing finalized HashContext

We must not allow to serialize already finalized `HashContext`s, since the internal context is already freed. Since there is not much point in serializing finalized `HashContext`s, we just bail out in that case. Closes GH-8265.
php · Apr 5, 2022 · c2eafc2 · c2eafc2
1 parent 43f3745
commit c2eafc2
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/NEWS b/NEWS
@@ -18,6 +18,9 @@ PHP                                                                        NEWS
 - Filter:
   . Fixed signedness confusion in php_filter_validate_domain(). (cmb)
 
+- Hash:
+  . Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb)
+
 - Intl:
   . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier)
 

diff --git a/ext/hash/hash.c b/ext/hash/hash.c
@@ -227,6 +227,9 @@ PHP_HASH_API int php_hash_serialize_spec(const php_hashcontext_object *hash, zva
 	size_t pos = 0, max_alignment = 1;
 	unsigned char *buf = (unsigned char *) hash->context;
 	zval tmp;
+	if (buf == NULL) {
+		return FAILURE;
+	}
 	array_init(zv);
 	while (*spec != '\0' && *spec != '.') {
 		char spec_ch = *spec;

diff --git a/ext/hash/tests/bug81714.phpt b/ext/hash/tests/bug81714.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #81714 (segfault when serializing finalized HashContext)
+--FILE--
+<?php
+$h = hash_init('md5');
+hash_final($h);
+try {
+    serialize($h);
+} catch (Exception $ex) {
+    var_dump($ex->getMessage());
+}
+?>
+--EXPECTF--
+string(52) "HashContext for algorithm "md5" cannot be serialized"