From 4c0804c07de703826e38646bb6cc6d6ca633ddc4 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikic@php.net>
Date: Wed, 28 Sep 2016 19:19:31 +0200
Subject: Ensure symtable exists before checking it

---
 .../tests/strings/parse_str_memory_error.phpt         | 19 +++++++++++++++++++
 main/php_variables.c                                  |  3 ++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 ext/standard/tests/strings/parse_str_memory_error.phpt

diff --git a/ext/standard/tests/strings/parse_str_memory_error.phpt b/ext/standard/tests/strings/parse_str_memory_error.phpt
new file mode 100644
index 0000000000..0242d97d06
--- /dev/null
+++ b/ext/standard/tests/strings/parse_str_memory_error.phpt
@@ -0,0 +1,19 @@
+--TEST--
+parse_str() should not read uninitialized memory when checking for $this
+--FILE--
+<?php
+
+function test() {
+    // strlen("abcd") == 4 is relevant
+    parse_str('abcd=1', $array);
+    var_dump($array);
+}
+
+test();
+
+?>
+--EXPECT--
+array(1) {
+  ["abcd"]=>
+  string(1) "1"
+}
diff --git a/main/php_variables.c b/main/php_variables.c
index 7f0823af5a..a5256e7322 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -114,7 +114,8 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 
 		while (ex) {
 			if (ex->func && ZEND_USER_CODE(ex->func->common.type)) {
-				if (ex->symbol_table == symtable1) {
+				if ((ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_SYMBOL_TABLE)
+						&& ex->symbol_table == symtable1) {
 					if (memcmp(var, "this", sizeof("this")-1) == 0) {
 						zend_throw_error(NULL, "Cannot re-assign $this");
 						zval_dtor(val);
-- 
cgit v1.2.1