Fixed bug #77494 (Disabling class causes segfault on member access)

3 files changed, 29 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 928cd54e2c..dbf4216bb5 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry)
+  . Fixed bug #77494 (Disabling class causes segfault on member access).
+    (Dmitry)
 
 - Curl:
   . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães)
diff --git a/Zend/tests/bug77494.phpt b/Zend/tests/bug77494.phpt
new file mode 100644
index 0000000000..1793f6b219
--- /dev/null
+++ b/Zend/tests/bug77494.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #77494 (Disabling class causes segfault on member access)
+--SKIPIF--
+<?php if (!extension_loaded("curl")) exit("skip curl extension not loaded"); ?>
+--INI--
+disable_classes=CURLFile
+--FILE--
+<?php
+$a = new CURLFile();
+var_dump($a->name);
+?>
+--EXPECTF--
+Warning: CURLFile() has been disabled for security reasons in %sbug77494.php on line 2
+
+Notice: Undefined property: CURLFile::$name in %sbug77494.php on line 3
+NULL
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index 600520552c..d4b1502734 100644
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -2855,6 +2855,17 @@ static zend_object *display_disabled_class(zend_class_entry *class_type) /* {{{
 	zend_object *intern;
 
 	intern = zend_objects_new(class_type);
+
+	/* Initialize default properties */
+	if (EXPECTED(class_type->default_properties_count != 0)) {
+		zval *p = intern->properties_table;
+		zval *end = p + class_type->default_properties_count;
+		do {
+			ZVAL_UNDEF(p);
+			p++;
+		} while (p != end);
+	}
+
 	zend_error(E_WARNING, "%s() has been disabled for security reasons", ZSTR_VAL(class_type->name));
 	return intern;
 }