summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikita Popov <nikita.ppv@gmail.com>2018-09-07 14:02:36 +0200
committerNikita Popov <nikita.ppv@gmail.com>2018-09-07 14:02:51 +0200
commita32c563e50b344136ede9be0a62ae6ccedaf427b (patch)
treeddd699f56cd6333af8747f4bf867d7b416c56137
parentf7b573b4e96f3cf421dc92063b11121da2370e46 (diff)
parentcfdd828163bc03b63e41d92adc5b127f567e4c46 (diff)
downloadphp-git-a32c563e50b344136ede9be0a62ae6ccedaf427b.tar.gz
Merge branch 'PHP-7.2' into PHP-7.3
-rw-r--r--NEWS2
-rw-r--r--ext/opcache/Optimizer/sccp.c3
-rw-r--r--ext/opcache/tests/bug76796.phpt16
3 files changed, 20 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 936ad95f31..307fcb6550 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,8 @@ PHP NEWS
- Opcache:
. Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
(Anatol)
+ . Fixed bug #76796 (Compile-time evaluation of disabled function in opcache
+ causes segfault). (Nikita)
- POSIX:
Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c
index c9acb04983..78db802ebc 100644
--- a/ext/opcache/Optimizer/sccp.c
+++ b/ext/opcache/Optimizer/sccp.c
@@ -953,7 +953,8 @@ static inline int ct_eval_func_call(
}
func = zend_hash_find_ptr(CG(function_table), name);
- if (!func || func->type != ZEND_INTERNAL_FUNCTION) {
+ if (!func || func->type != ZEND_INTERNAL_FUNCTION
+ || func->internal_function.handler == ZEND_FN(display_disabled_function)) {
return FAILURE;
}
diff --git a/ext/opcache/tests/bug76796.phpt b/ext/opcache/tests/bug76796.phpt
new file mode 100644
index 0000000000..8388484e10
--- /dev/null
+++ b/ext/opcache/tests/bug76796.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #76796: Compile-time evaluation of disabled function in opcache (SCCP) causes segfault
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+disable_functions=strpos
+--FILE--
+<?php
+
+var_dump(strpos('foo', 'bar'));
+
+?>
+--EXPECTF--
+Warning: strpos() has been disabled for security reasons in %s on line %d
+NULL