diff options
| author | Dmitry Stogov <dmitry@php.net> | 2011-05-31 09:20:51 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2011-05-31 09:20:51 +0000 |
| commit | c989a36927b0359adede36e6579a17a11b49c1d3 (patch) | |
| tree | 54139d5622ced4a3fc95daa241dc85333c6d7480 | |
| parent | 3d7a201eb42ab7eb30737f9f24137e4c05fe9126 (diff) | |
| download | php-git-c989a36927b0359adede36e6579a17a11b49c1d3.tar.gz | |
Fixed bug #54910 (Crash when calling call_user_func with unknown function name)
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | Zend/tests/bug54910.phpt | 28 | ||||
| -rw-r--r-- | Zend/zend_API.c | 5 |
3 files changed, 35 insertions, 0 deletions
@@ -6,6 +6,8 @@ PHP NEWS - Increased the backtrack limit from 100000 to 1000000 (Rasmus) - Zend Engine: + . Fixed bug #54910 (Crash when calling call_user_func with unknown function + name). (Dmitry) . Fixed bug #54804 (__halt_compiler and imported namespaces). (Pierrick, Felipe) . Fixed bug #54585 (track_errors causes segfault). (Dmitry) diff --git a/Zend/tests/bug54910.phpt b/Zend/tests/bug54910.phpt new file mode 100644 index 0000000000..8808cd0609 --- /dev/null +++ b/Zend/tests/bug54910.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #54910 (Crash when calling call_user_func with unknown function name) +--FILE-- +<?php +class A { + public function __call($method, $args) { + if (stripos($method, 'get') === 0) { + return $this->get(); + } + die("No such method - '$method'\n"); + } + + protected function get() { + $class = get_class($this); + $call = array($class, 'noSuchMethod'); + + if (is_callable($call)) { + call_user_func($call); + } + } +} + +class B extends A {} + +$input = new B(); +echo $input->getEmail(); +--EXPECT-- +No such method - 'noSuchMethod' diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 261170c41e..fba570513c 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -2590,6 +2590,11 @@ get_function_via_handler: if (fcc->function_handler) { retval = 1; call_via_handler = (fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) != 0; + if (call_via_handler && !fcc->object_ptr && EG(This) && + Z_OBJ_HT_P(EG(This))->get_class_entry && + instanceof_function(Z_OBJCE_P(EG(This)), fcc->calling_scope TSRMLS_CC)) { + fcc->object_ptr = EG(This); + } } } } |