diff options
| author | Joe Watkins <krakjoe@php.net> | 2017-09-27 06:07:46 +0100 |
|---|---|---|
| committer | Joe Watkins <krakjoe@php.net> | 2017-09-27 06:08:01 +0100 |
| commit | 2dd77456fe0f9e01f80414790653ce94156f67ab (patch) | |
| tree | 16004bff0d34c5d8c123084fcea1c0c81415547a | |
| parent | 0217a81722a41deae8946c33c08053eb49d1b7e8 (diff) | |
| parent | a680d701cece7d8c5d2b8aa1ce14bae4058b20da (diff) | |
| download | php-git-2dd77456fe0f9e01f80414790653ce94156f67ab.tar.gz | |
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0:
Fixed #75220 - Segfault when calling is_callable on parent
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | Zend/zend_API.c | 9 | ||||
| -rw-r--r-- | ext/standard/tests/bug75220.phpt | 28 |
3 files changed, 36 insertions, 3 deletions
@@ -8,6 +8,8 @@ PHP NEWS . Fixed bug #75236 (infinite loop when printing an error-message). (Andrea) . Fixed bug #75252 (Incorrect token formatting on two parse errors in one request). (Nikita) + . Fixed bug #75220 (Segfault when calling is_callable on parent). + (andrewnester) - MySQLi: . Fixed bug #75018 (Data corruption when reading fields of bit type). (Anatol) diff --git a/Zend/zend_API.c b/Zend/zend_API.c index e1a6392c9f..e70fefa3b5 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -3068,7 +3068,8 @@ get_function_via_handler: (!fcc->function_handler->common.scope || !instanceof_function(ce_org, fcc->function_handler->common.scope))) { if (fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) { - if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION) { + if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION && + fcc->function_handler->common.function_name) { zend_string_release(fcc->function_handler->common.function_name); } zend_free_trampoline(fcc->function_handler); @@ -3240,7 +3241,8 @@ again: ((fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) || fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION_TEMPORARY || fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION)) { - if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION) { + if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION && + fcc->function_handler->common.function_name) { zend_string_release(fcc->function_handler->common.function_name); } zend_free_trampoline(fcc->function_handler); @@ -3327,7 +3329,8 @@ again: ((fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) || fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION_TEMPORARY || fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION)) { - if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION) { + if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION && + fcc->function_handler->common.function_name) { zend_string_release(fcc->function_handler->common.function_name); } zend_free_trampoline(fcc->function_handler); diff --git a/ext/standard/tests/bug75220.phpt b/ext/standard/tests/bug75220.phpt new file mode 100644 index 0000000000..f5820a12dd --- /dev/null +++ b/ext/standard/tests/bug75220.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #75220 (is_callable crash for 'parent') +--FILE-- +<?php + +$a = new A(); +$a->bar('foo'); + +class B {}; +class A extends B +{ + function bar($func) + { + var_dump('foo'); + var_dump(is_callable('parent::foo')); + var_dump(is_callable(array('parent', 'foo'))); + } + + function __call($func, $args) + { + } +}; + +?> +--EXPECT-- +string(3) "foo" +bool(false) +bool(false)
\ No newline at end of file |