diff options
author | Dmitry Stogov <dmitry@zend.com> | 2019-01-24 13:06:36 +0300 |
---|---|---|
committer | Dmitry Stogov <dmitry@zend.com> | 2019-01-24 13:06:36 +0300 |
commit | 73f222d722460bebb98a1d2f11f891eefe4defde (patch) | |
tree | 7dfdb1bae5952afd6179fe50f76838d66494c5dd | |
parent | 526344aa5ee3190b754e3678e0c71b0d7f272876 (diff) | |
download | php-git-73f222d722460bebb98a1d2f11f891eefe4defde.tar.gz |
Fixed bug #77494 (Disabling class causes segfault on member access)
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | Zend/tests/bug77494.phpt | 16 | ||||
-rw-r--r-- | Zend/zend_API.c | 11 |
3 files changed, 29 insertions, 0 deletions
@@ -4,6 +4,8 @@ PHP NEWS - Core: . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry) + . Fixed bug #77494 (Disabling class causes segfault on member access). + (Dmitry) - Curl: . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães) diff --git a/Zend/tests/bug77494.phpt b/Zend/tests/bug77494.phpt new file mode 100644 index 0000000000..1793f6b219 --- /dev/null +++ b/Zend/tests/bug77494.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #77494 (Disabling class causes segfault on member access) +--SKIPIF-- +<?php if (!extension_loaded("curl")) exit("skip curl extension not loaded"); ?> +--INI-- +disable_classes=CURLFile +--FILE-- +<?php +$a = new CURLFile(); +var_dump($a->name); +?> +--EXPECTF-- +Warning: CURLFile() has been disabled for security reasons in %sbug77494.php on line 2 + +Notice: Undefined property: CURLFile::$name in %sbug77494.php on line 3 +NULL diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 600520552c..d4b1502734 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -2855,6 +2855,17 @@ static zend_object *display_disabled_class(zend_class_entry *class_type) /* {{{ zend_object *intern; intern = zend_objects_new(class_type); + + /* Initialize default properties */ + if (EXPECTED(class_type->default_properties_count != 0)) { + zval *p = intern->properties_table; + zval *end = p + class_type->default_properties_count; + do { + ZVAL_UNDEF(p); + p++; + } while (p != end); + } + zend_error(E_WARNING, "%s() has been disabled for security reasons", ZSTR_VAL(class_type->name)); return intern; } |