Ensure symtable exists before checking it

author: Nikita Popov <nikic@php.net> 2016-09-28 19:19:31 +0200
committer: Nikita Popov <nikic@php.net> 2016-09-28 19:20:17 +0200
commit: 4c0804c07de703826e38646bb6cc6d6ca633ddc4 (patch)
tree: c2cb5aaffcb57ed6f7ae38e55f750f42d7c77d8c
parent: e5d75d72688fb047ab1dbc7b19e51fe4a3dc0fc9 (diff)
download: php-git-4c0804c07de703826e38646bb6cc6d6ca633ddc4.tar.gz
2 files changed, 21 insertions, 1 deletions
diff --git a/ext/standard/tests/strings/parse_str_memory_error.phpt b/ext/standard/tests/strings/parse_str_memory_error.phpt
new file mode 100644
index 0000000000..0242d97d06
--- /dev/null
+++ b/ext/standard/tests/strings/parse_str_memory_error.phpt
@@ -0,0 +1,19 @@
+--TEST--
+parse_str() should not read uninitialized memory when checking for $this
+--FILE--
+<?php
+
+function test() {
+    // strlen("abcd") == 4 is relevant
+    parse_str('abcd=1', $array);
+    var_dump($array);
+}
+
+test();
+
+?>
+--EXPECT--
+array(1) {
+  ["abcd"]=>
+  string(1) "1"
+}
diff --git a/main/php_variables.c b/main/php_variables.c
index 7f0823af5a..a5256e7322 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -114,7 +114,8 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 
 		while (ex) {
 			if (ex->func && ZEND_USER_CODE(ex->func->common.type)) {
-				if (ex->symbol_table == symtable1) {
+				if ((ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_SYMBOL_TABLE)
+						&& ex->symbol_table == symtable1) {
 					if (memcmp(var, "this", sizeof("this")-1) == 0) {
 						zend_throw_error(NULL, "Cannot re-assign $this");
 						zval_dtor(val);
author	Nikita Popov <nikic@php.net>	2016-09-28 19:19:31 +0200
committer	Nikita Popov <nikic@php.net>	2016-09-28 19:20:17 +0200
commit	4c0804c07de703826e38646bb6cc6d6ca633ddc4 (patch)
tree	c2cb5aaffcb57ed6f7ae38e55f750f42d7c77d8c
parent	e5d75d72688fb047ab1dbc7b19e51fe4a3dc0fc9 (diff)
download	php-git-4c0804c07de703826e38646bb6cc6d6ca633ddc4.tar.gz