mirror of
https://github.com/php/php-src.git
synced 2024-09-21 09:57:23 +00:00
Fixed bug #70912 (Null ptr dereference instantiating class with invalid array property)
This commit is contained in:
parent
a03786f773
commit
25de928df7
2
NEWS
2
NEWS
@ -3,6 +3,8 @@ PHP NEWS
|
||||
?? ??? 2015, PHP 7.0.1
|
||||
|
||||
- Core:
|
||||
. Fixed bug #70912 (Null ptr dereference instantiating class with invalid
|
||||
array property). (Laruence)
|
||||
. Fixed bug #70898, #70895 (null ptr deref and segfault with crafted callable).
|
||||
(Anatol, Laruence)
|
||||
|
||||
|
10
Zend/tests/bug70912.phpt
Normal file
10
Zend/tests/bug70912.phpt
Normal file
@ -0,0 +1,10 @@
|
||||
--TEST--
|
||||
Bug #70912 (Null ptr dereference when class property is initialised to a dereferenced value)
|
||||
--FILE--
|
||||
<?php
|
||||
class A {
|
||||
public $a=[][];
|
||||
}
|
||||
?>
|
||||
--EXPECTF--
|
||||
Fatal error: Cannot use [] for reading in %sbug70912.php on line %d
|
@ -7381,12 +7381,15 @@ void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
|
||||
case ZEND_AST_DIM:
|
||||
{
|
||||
/* constant expression should be always read context ... */
|
||||
|
||||
zval *container, *dim;
|
||||
|
||||
if (ast->child[1] == NULL) {
|
||||
zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");
|
||||
}
|
||||
|
||||
zend_eval_const_expr(&ast->child[0]);
|
||||
zend_eval_const_expr(&ast->child[1]);
|
||||
if (!ast->child[0] || !ast->child[1] || ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
|
||||
if (ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user