Merge branch 'PHP-7.0' into PHP-7.1

* PHP-7.0:
  Fixed bug #74968 PHP crashes when calling mysqli_result::fetch_object with an abstract class

2 files changed, 28 insertions, 0 deletions

diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index 15cb4bc23b..56b88c4827 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -1244,6 +1244,10 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags
 			php_error_docref(NULL, E_WARNING, "Could not find class '%s'", ZSTR_VAL(class_name));
 			return;
 		}
+		if (UNEXPECTED(ce->ce_flags & (ZEND_ACC_INTERFACE|ZEND_ACC_TRAIT|ZEND_ACC_IMPLICIT_ABSTRACT_CLASS|ZEND_ACC_EXPLICIT_ABSTRACT_CLASS))) {
+			zend_throw_error(NULL, "Class '%s' cannot be instantiated", ZSTR_VAL(ce->name));
+			return;
+		}
 		fetchtype = MYSQLI_ASSOC;
 	} else {
 		if (override_flags) {
diff --git a/ext/mysqli/tests/bug74968.phpt b/ext/mysqli/tests/bug74968.phpt
new file mode 100644
index 0000000000..f78fa92d83
--- /dev/null
+++ b/ext/mysqli/tests/bug74968.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #74968 PHP crashes when calling mysqli_result::fetch_object with an abstract class
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+	require_once("connect.inc");
+
+	$mysqli = new mysqli("$host:$port", $user, $passwd, $db);
+	abstract class test {
+		public $a;
+	}
+	$mysqli->query("SELECT 1 as a")->fetch_object("test");
+?>
+==DONE==
+--EXPECTF--
+Fatal error: Uncaught Error: Class 'test' cannot be instantiated in %sbug74968.php:%d
+Stack trace:
+#0 %sbug74968.php(%d): mysqli_result->fetch_object('test')
+#1 {main}
+  thrown in %sbug74968.php on line %d