summaryrefslogtreecommitdiffstats
path: root/php-bug75573.patch
diff options
context:
space:
mode:
Diffstat (limited to 'php-bug75573.patch')
-rw-r--r--php-bug75573.patch107
1 files changed, 107 insertions, 0 deletions
diff --git a/php-bug75573.patch b/php-bug75573.patch
new file mode 100644
index 0000000..46cf095
--- /dev/null
+++ b/php-bug75573.patch
@@ -0,0 +1,107 @@
+From 3b9ba7b6bd9e24bdbeca8e8e3f24cee2fccc51d8 Mon Sep 17 00:00:00 2001
+From: Xinchen Hui <laruence@gmail.com>
+Date: Wed, 29 Nov 2017 14:46:21 +0800
+Subject: [PATCH] Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
+
+---
+ NEWS | 1 +
+ Zend/tests/bug75573.phpt | 64 +++++++++++++++++++++++++++++++++++++++++++++
+ Zend/zend_object_handlers.c | 10 +++----
+ 3 files changed, 69 insertions(+), 6 deletions(-)
+ create mode 100644 Zend/tests/bug75573.phpt
+
+diff --git a/Zend/tests/bug75573.phpt b/Zend/tests/bug75573.phpt
+new file mode 100644
+index 0000000..476ff6e
+--- /dev/null
++++ b/Zend/tests/bug75573.phpt
+@@ -0,0 +1,64 @@
++--TEST--
++Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
++--FILE--
++<?php
++
++class A
++{
++ var $_stdObject;
++ function initialize($properties = FALSE) {
++ $this->_stdObject = $properties ? (object) $properties : new stdClass();
++ parent::initialize();
++ }
++ function &__get($property)
++ {
++ if (isset($this->_stdObject->{$property})) {
++ $retval =& $this->_stdObject->{$property};
++ return $retval;
++ } else {
++ return NULL;
++ }
++ }
++ function &__set($property, $value)
++ {
++ return $this->_stdObject->{$property} = $value;
++ }
++ function __isset($property_name)
++ {
++ return isset($this->_stdObject->{$property_name});
++ }
++}
++
++class B extends A
++{
++ function initialize($properties = array())
++ {
++ parent::initialize($properties);
++ }
++ function &__get($property)
++ {
++ if (isset($this->settings) && isset($this->settings[$property])) {
++ $retval =& $this->settings[$property];
++ return $retval;
++ } else {
++ return parent::__get($property);
++ }
++ }
++}
++
++$b = new B();
++$b->settings = [ "foo" => "bar", "name" => "abc" ];
++var_dump($b->name);
++var_dump($b->settings);
++?>
++--EXPECTF--
++Warning: Creating default object from empty value in %sbug75573.php on line %d
++
++Notice: Only variable references should be returned by reference in %sbug75573.php on line %d
++string(3) "abc"
++array(2) {
++ ["foo"]=>
++ string(3) "bar"
++ ["name"]=>
++ string(3) "abc"
++}
+diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
+index 10045b5..d9ebd84 100644
+--- a/Zend/zend_object_handlers.c
++++ b/Zend/zend_object_handlers.c
+@@ -668,13 +668,11 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_
+ }
+ zval_ptr_dtor(&tmp_object);
+ goto exit;
+- } else {
++ } else if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
+ zval_ptr_dtor(&tmp_object);
+- if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
+- zend_throw_error(NULL, "Cannot access property started with '\\0'");
+- retval = &EG(uninitialized_zval);
+- goto exit;
+- }
++ zend_throw_error(NULL, "Cannot access property started with '\\0'");
++ retval = &EG(uninitialized_zval);
++ goto exit;
+ }
+ }
+
+--
+2.1.4
+