From b2cf3f064b8f5efef89bb084521b61318c71781b Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Thu, 29 Jan 2015 00:00:09 +0800
Subject: [PATCH] Fixed bug #68901 (use after free)

---
 NEWS                   | 3 +++
 ext/phar/phar_object.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

Index: php5-5.3.10/ext/phar/phar_object.c
===================================================================
--- php5-5.3.10.orig/ext/phar/phar_object.c	2015-03-16 13:56:47.878348393 -0400
+++ php5-5.3.10/ext/phar/phar_object.c	2015-03-16 13:56:47.826347993 -0400
@@ -2320,8 +2320,8 @@
 	}
 its_ok:
 	if (SUCCESS == php_stream_stat_path(newpath, &ssb)) {
-		efree(oldpath);
 		zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "phar \"%s\" exists and must be unlinked prior to conversion", newpath);
+		efree(oldpath);
 		return NULL;
 	}
 	if (!phar->is_data) {