Merge branch 'PHP-7.0' into PHP-7.1

3 files changed, 28 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index e40a91e76e..50c862b64d 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@ PHP                                                                        NEWS
   . Fixed bug #73163 (PHP hangs if error handler throws while accessing undef
     const in default value). (Nikita)
   . Fixed bug #73172 (parse error: Invalid numeric literal). (Nikita, Anatol)
+  . Fixed bug #73181 (parse_str() without a second argument leads to crash).
+    (Nikita)
 
 - COM:
   . Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol)
diff --git a/Zend/tests/bug73181.phpt b/Zend/tests/bug73181.phpt
new file mode 100644
index 0000000000..2994e99b9f
--- /dev/null
+++ b/Zend/tests/bug73181.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #73181: parse_str() without a second argument leads to crash
+--FILE--
+<?php
+
+function x() {
+    parse_str("1&x");
+    var_dump(get_defined_vars());
+}
+
+x();
+
+?>
+--EXPECT--
+array(2) {
+  [1]=>
+  string(0) ""
+  ["x"]=>
+  string(0) ""
+}
diff --git a/Zend/zend_hash.c b/Zend/zend_hash.c
index 622d94a5f5..ec9a5ba486 100644
--- a/Zend/zend_hash.c
+++ b/Zend/zend_hash.c
@@ -1420,13 +1420,17 @@ ZEND_API void ZEND_FASTCALL zend_symtable_clean(HashTable *ht)
 		} else if (ht->nNumUsed == ht->nNumOfElements) {
 			do {
 				i_zval_ptr_dtor(&p->val ZEND_FILE_LINE_CC);
-				zend_string_release(p->key);
+				if (EXPECTED(p->key)) {
+					zend_string_release(p->key);
+				}
 			} while (++p != end);
 		} else {
 			do {
 				if (EXPECTED(Z_TYPE(p->val) != IS_UNDEF)) {
 					i_zval_ptr_dtor(&p->val ZEND_FILE_LINE_CC);
-					zend_string_release(p->key);
+					if (EXPECTED(p->key)) {
+						zend_string_release(p->key);
+					}
 				}
 			} while (++p != end);
 		}