diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/spl/php_spl.c | 2 | ||||
| -rw-r--r-- | ext/spl/tests/bug70290.phpt | 9 |
3 files changed, 14 insertions, 1 deletions
@@ -29,6 +29,10 @@ PHP NEWS - PCRE: . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb) + +- SPL: + . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via + ob_start). (hugh at allthethings dot co dot nz) - Standard: . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c index 6b886b7ef3..3424b90aea 100644 --- a/ext/spl/php_spl.c +++ b/ext/spl/php_spl.c @@ -358,7 +358,7 @@ PHP_FUNCTION(spl_autoload) * The "scope" is determined by an opcode, if it is ZEND_FETCH_CLASS we know function was called indirectly by * the Zend engine. */ - if (active_opline->opcode != ZEND_FETCH_CLASS) { + if (EG(opline_ptr) && active_opline->opcode != ZEND_FETCH_CLASS) { zend_throw_exception_ex(spl_ce_LogicException, 0 TSRMLS_CC, "Class %s could not be loaded", class_name); } else { php_error_docref(NULL TSRMLS_CC, E_ERROR, "Class %s could not be loaded", class_name); diff --git a/ext/spl/tests/bug70290.phpt b/ext/spl/tests/bug70290.phpt new file mode 100644 index 0000000000..0fd83c2d75 --- /dev/null +++ b/ext/spl/tests/bug70290.phpt @@ -0,0 +1,9 @@ +--TEST-- +Bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) +--INI-- +display_errors=2 +--FILE-- +<?php ob_start("spl_autoload"); ?> 1 +--EXPECT-- +Fatal error: Unknown: Class 1 + could not be loaded in Unknown on line 0 |