Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Do not allow using traits/interfaces/abstract classes as stream wrappers
  Add oci8_failover.c to config.w32, follow up for commit 1b797f7a

3 files changed, 18 insertions, 1 deletions

diff --git a/ext/oci8/config.w32 b/ext/oci8/config.w32
index 234420de67..6ac80aa986 100644
--- a/ext/oci8/config.w32
+++ b/ext/oci8/config.w32
@@ -45,7 +45,7 @@ if (PHP_OCI8 != "no") {
 	if (CHECK_HEADER_ADD_INCLUDE("oci.h", "CFLAGS_OCI8", oci8_inc_paths) &&
 			CHECK_LIB("oci.lib", "oci8", oci8_lib_paths))
 	{
-		EXTENSION('oci8', 'oci8.c oci8_lob.c oci8_statement.c oci8_collection.c oci8_interface.c');
+		EXTENSION('oci8', 'oci8.c oci8_lob.c oci8_statement.c oci8_collection.c oci8_interface.c oci8_failover.c');
 
 		AC_DEFINE('HAVE_OCI8', 1);
 		AC_DEFINE('HAVE_OCI_INSTANT_CLIENT', 1);
diff --git a/ext/standard/tests/streams/bug74951.phpt b/ext/standard/tests/streams/bug74951.phpt
new file mode 100644
index 0000000000..82788b09e6
--- /dev/null
+++ b/ext/standard/tests/streams/bug74951.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug#74951 Null pointer dereference in user streams
+--FILE--
+<?php
+trait Stream00ploiter{
+  public function s() {}
+  public function n($_) {}
+}
+stream_wrapper_register('e0ploit','Stream00ploiter');
+$s=fopen('e0ploit://',0);
+--EXPECTF--
+Warning: fopen(e0ploit://): failed to open stream: operation failed in %s/bug74951.php on line 7
diff --git a/main/streams/userspace.c b/main/streams/userspace.c
index da39dcaf7c..b5061514f4 100644
--- a/main/streams/userspace.c
+++ b/main/streams/userspace.c
@@ -283,6 +283,11 @@ typedef struct _php_userstream_data php_userstream_data_t;
 
 static void user_stream_create_object(struct php_user_stream_wrapper *uwrap, php_stream_context *context, zval *object)
 {
+	if (uwrap->ce->ce_flags & (ZEND_ACC_INTERFACE|ZEND_ACC_TRAIT|ZEND_ACC_IMPLICIT_ABSTRACT_CLASS|ZEND_ACC_EXPLICIT_ABSTRACT_CLASS)) {
+		ZVAL_UNDEF(object);
+		return;
+	}
+
 	/* create an instance of our class */
 	object_init_ex(object, uwrap->ce);