diff options
author | ekinhbayar <me@ekins.space> | 2019-01-28 09:46:29 +0300 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-01-28 09:22:18 +0100 |
commit | ef68cd324923d81565debef8939b015a3f4b8a6f (patch) | |
tree | d9bf55e0eb1b7f1967781e6b45a2b7877880e5e2 | |
parent | dc2ffdeed7d5c17eeb4f706f530eccafb425f92a (diff) | |
download | php-git-ef68cd324923d81565debef8939b015a3f4b8a6f.tar.gz |
Fixed bug #77530: PHP crashes when parsing "(2)::class"
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | Zend/tests/bug77530.phpt | 10 | ||||
-rw-r--r-- | Zend/zend_compile.c | 9 |
3 files changed, 19 insertions, 1 deletions
@@ -6,6 +6,7 @@ PHP NEWS . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry) . Fixed bug #77494 (Disabling class causes segfault on member access). (Dmitry) + . Fixed bug #77530 (PHP crashes when parsing `(2)::class`). (Ekin) - Curl: . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães) diff --git a/Zend/tests/bug77530.phpt b/Zend/tests/bug77530.phpt new file mode 100644 index 0000000000..fdb2bac78b --- /dev/null +++ b/Zend/tests/bug77530.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #77530: PHP crashes when parsing '(2)::class' +--FILE-- +<?php + +echo (2)::class; + +?> +--EXPECTF-- +Fatal error: Illegal class name in %s on line %d diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 28336130cc..46ca21a436 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -1494,6 +1494,7 @@ static void zend_ensure_valid_class_fetch_type(uint32_t fetch_type) /* {{{ */ static zend_bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_ast *class_ast, zend_ast *name_ast, zend_bool constant) /* {{{ */ { uint32_t fetch_type; + zval *class_name; if (name_ast->kind != ZEND_AST_ZVAL) { return 0; @@ -1508,7 +1509,13 @@ static zend_bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_a "Dynamic class names are not allowed in compile-time ::class fetch"); } - fetch_type = zend_get_class_fetch_type(zend_ast_get_str(class_ast)); + class_name = zend_ast_get_zval(class_ast); + + if (Z_TYPE_P(class_name) != IS_STRING) { + zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name"); + } + + fetch_type = zend_get_class_fetch_type(Z_STR_P(class_name)); zend_ensure_valid_class_fetch_type(fetch_type); switch (fetch_type) { |