diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-15 12:42:48 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-15 12:43:31 +0100 |
commit | c70220205e20005ad916289ea6958d156fac54da (patch) | |
tree | a6631530412789a7ef70885718399fbfeff92718 | |
parent | 8b9dd0a3014e7a3c76fc2ddded374fa4ca0ed386 (diff) | |
download | php-git-c70220205e20005ad916289ea6958d156fac54da.tar.gz |
Fix assertion failure in cufa optimization with named args
Fixes oss-fuzz#30764.
-rw-r--r-- | Zend/tests/call_user_func_array_array_slice_named_args.phpt | 8 | ||||
-rw-r--r-- | Zend/zend_compile.c | 1 |
2 files changed, 9 insertions, 0 deletions
diff --git a/Zend/tests/call_user_func_array_array_slice_named_args.phpt b/Zend/tests/call_user_func_array_array_slice_named_args.phpt new file mode 100644 index 0000000000..2d84ec4776 --- /dev/null +++ b/Zend/tests/call_user_func_array_array_slice_named_args.phpt @@ -0,0 +1,8 @@ +--TEST-- +call_user_func_array() + array_slice() + named arguments +--FILE-- +<?php +call_user_func_array('func', array_slice(array: $a, 1, 2)); +?> +--EXPECTF-- +Fatal error: Cannot use positional argument after named argument in %s on line %d diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 57c33e3c96..19a1c543ab 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -3878,6 +3878,7 @@ zend_result zend_compile_func_cufa(znode *result, zend_ast_list *args, zend_stri zend_string *name = zend_resolve_function_name(orig_name, args->child[1]->child[0]->attr, &is_fully_qualified); if (zend_string_equals_literal_ci(name, "array_slice") + && !zend_args_contain_unpack_or_named(list) && list->children == 3 && list->child[1]->kind == ZEND_AST_ZVAL) { zval *zv = zend_ast_get_zval(list->child[1]); |