1 commit 3b9ba7b6bd9e24bdbeca8e8e3f24cee2fccc51d8
2 Author: Xinchen Hui <laruence@gmail.com>
3 Date: Wed Nov 29 14:46:21 2017 +0800
5 Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
7 diff --git a/Zend/tests/bug75573.phpt b/Zend/tests/bug75573.phpt
9 index 0000000000..476ff6e6cf
11 +++ b/Zend/tests/bug75573.phpt
14 +Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
21 + function initialize($properties = FALSE) {
22 + $this->_stdObject = $properties ? (object) $properties : new stdClass();
23 + parent::initialize();
25 + function &__get($property)
27 + if (isset($this->_stdObject->{$property})) {
28 + $retval =& $this->_stdObject->{$property};
34 + function &__set($property, $value)
36 + return $this->_stdObject->{$property} = $value;
38 + function __isset($property_name)
40 + return isset($this->_stdObject->{$property_name});
46 + function initialize($properties = array())
48 + parent::initialize($properties);
50 + function &__get($property)
52 + if (isset($this->settings) && isset($this->settings[$property])) {
53 + $retval =& $this->settings[$property];
56 + return parent::__get($property);
62 +$b->settings = [ "foo" => "bar", "name" => "abc" ];
64 +var_dump($b->settings);
67 +Warning: Creating default object from empty value in %sbug75573.php on line %d
69 +Notice: Only variable references should be returned by reference in %sbug75573.php on line %d
77 diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
78 index 10045b53f1..d9ebd842eb 100644
79 --- a/Zend/zend_object_handlers.c
80 +++ b/Zend/zend_object_handlers.c
81 @@ -668,13 +668,11 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_
83 zval_ptr_dtor(&tmp_object);
86 + } else if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
87 zval_ptr_dtor(&tmp_object);
88 - if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
89 - zend_throw_error(NULL, "Cannot access property started with '\\0'");
90 - retval = &EG(uninitialized_zval);
93 + zend_throw_error(NULL, "Cannot access property started with '\\0'");
94 + retval = &EG(uninitialized_zval);