Fix segfault with __COMPILER_HALT_OFFSET__ and trailing {}

Fixes OSS-Fuzz #17895.
author: Nikita Popov <nikita.ppv@gmail.com> 2019-10-02 12:06:00 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2019-10-02 12:07:15 +0200
commit: a5d3620d937f69665d78ab8d21c757d3db17b5ec (patch)
tree: 87b54909a8349640f470e90e87fff3e018f52dcf
parent: 3124129ca8f0d1f1688f6657f199db70437c6f66 (diff)
download: php-git-a5d3620d937f69665d78ab8d21c757d3db17b5ec.tar.gz
2 files changed, 11 insertions, 0 deletions
diff --git a/Zend/tests/halt_compiler5.phpt b/Zend/tests/halt_compiler5.phpt
new file mode 100644
index 0000000000..71d973e4f7
--- /dev/null
+++ b/Zend/tests/halt_compiler5.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Using __COMPILER_HALF_OFFSET__ with trailing {} (OSS-Fuzz #17895)
+--FILE--
+<?php
+__COMPILER_HALT_OFFSET__;
+{}
+--EXPECTF--
+Warning: Use of undefined constant __COMPILER_HALT_OFFSET__ - assumed '__COMPILER_HALT_OFFSET__' (this will throw an Error in a future version of PHP) in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index f25ce2f55d..d991bbcf38 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -7676,6 +7676,9 @@ void zend_compile_const(znode *result, zend_ast *ast) /* {{{ */
 
 		while (last && last->kind == ZEND_AST_STMT_LIST) {
 			zend_ast_list *list = zend_ast_get_list(last);
+			if (list->children == 0) {
+				break;
+			}
 			last = list->child[list->children-1];
 		}
 		if (last && last->kind == ZEND_AST_HALT_COMPILER) {
author	Nikita Popov <nikita.ppv@gmail.com>	2019-10-02 12:06:00 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2019-10-02 12:07:15 +0200
commit	a5d3620d937f69665d78ab8d21c757d3db17b5ec (patch)
tree	87b54909a8349640f470e90e87fff3e018f52dcf
parent	3124129ca8f0d1f1688f6657f199db70437c6f66 (diff)
download	php-git-a5d3620d937f69665d78ab8d21c757d3db17b5ec.tar.gz