diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-01-24 13:45:27 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-01-24 13:45:27 +0100 |
commit | 08c5679380115962c31f3df0bc317eb2018eb514 (patch) | |
tree | 32dfe59eebec1df8285b9bf9d88d92964f6f5e35 | |
parent | cce2e33c846b8653d589a680bdf83a6f8409ecd9 (diff) | |
parent | 73f222d722460bebb98a1d2f11f891eefe4defde (diff) | |
download | php-git-08c5679380115962c31f3df0bc317eb2018eb514.tar.gz |
Merge remote-tracking branch 'php-src/PHP-7.2' into PHP-7.2
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | Zend/tests/bug77494.phpt | 16 | ||||
-rw-r--r-- | Zend/zend_API.c | 11 |
3 files changed, 29 insertions, 0 deletions
@@ -4,6 +4,8 @@ PHP NEWS - Core: . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry) + . Fixed bug #77494 (Disabling class causes segfault on member access). + (Dmitry) - Curl: . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães) diff --git a/Zend/tests/bug77494.phpt b/Zend/tests/bug77494.phpt new file mode 100644 index 0000000000..1793f6b219 --- /dev/null +++ b/Zend/tests/bug77494.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #77494 (Disabling class causes segfault on member access) +--SKIPIF-- +<?php if (!extension_loaded("curl")) exit("skip curl extension not loaded"); ?> +--INI-- +disable_classes=CURLFile +--FILE-- +<?php +$a = new CURLFile(); +var_dump($a->name); +?> +--EXPECTF-- +Warning: CURLFile() has been disabled for security reasons in %sbug77494.php on line 2 + +Notice: Undefined property: CURLFile::$name in %sbug77494.php on line 3 +NULL diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 600520552c..d4b1502734 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -2855,6 +2855,17 @@ static zend_object *display_disabled_class(zend_class_entry *class_type) /* {{{ zend_object *intern; intern = zend_objects_new(class_type); + + /* Initialize default properties */ + if (EXPECTED(class_type->default_properties_count != 0)) { + zval *p = intern->properties_table; + zval *end = p + class_type->default_properties_count; + do { + ZVAL_UNDEF(p); + p++; + } while (p != end); + } + zend_error(E_WARNING, "%s() has been disabled for security reasons", ZSTR_VAL(class_type->name)); return intern; } |