06 Aug 2015, PHP 7.0.0 Beta 3
- Core:
+ . Fixed bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION).
+ (Laruence)
. Fixed bug #70117 (Unexpected return type error). (Laruence)
. Fixed bug #70106 (Inheritance by anonymous class). (Bob)
--- /dev/null
+--TEST--
+Bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION_SPEC_HANDLER)
+--FILE--
+<?php
+
+try {
+ echo base_convert([array_search(chr(48),chr(48),chr(48),chr(48),chr(48),$f("test"))],chr(48));
+} catch (Error $e) {
+ var_dump($e->getMessage());
+}
+
+class A {
+}
+
+try {
+ echo base_convert([array_search(chr(48),chr(48),chr(48),chr(48),chr(48),a::y("test"))],chr(48));
+} catch (Error $e) {
+ var_dump($e->getMessage());
+}
+
+$a = new A;
+
+try {
+ echo base_convert([array_search(chr(48),chr(48),chr(48),chr(48),chr(48),$a->y("test"))],chr(48));
+} catch (Error $e) {
+ var_dump($e->getMessage());
+}
+
+try {
+ echo base_convert([array_search(chr(48),chr(48),chr(48),chr(48),chr(48),\bar\y("test"))],chr(48));
+} catch (Error $e) {
+ var_dump($e->getMessage());
+}
+
+try {
+ echo base_convert([array_search(chr(48),chr(48),chr(48),chr(48),chr(48),y("test"))],chr(48));
+} catch (Error $e) {
+ var_dump($e->getMessage());
+}
+?>
+--EXPECTF--
+Notice: Undefined variable: f in %sbug70124.php on line %d
+string(30) "Function name must be a string"
+string(31) "Call to undefined method A::y()"
+string(31) "Call to undefined method A::y()"
+string(34) "Call to undefined function bar\y()"
+string(30) "Call to undefined function y()"
zend_op *opline = EX(func)->op_array.opcodes + op_num;
int level;
int do_exit;
+
+ if (UNEXPECTED(opline->opcode == ZEND_INIT_FCALL ||
+ opline->opcode == ZEND_INIT_FCALL_BY_NAME ||
+ opline->opcode == ZEND_INIT_DYNAMIC_CALL ||
+ opline->opcode == ZEND_INIT_METHOD_CALL ||
+ opline->opcode == ZEND_INIT_STATIC_METHOD_CALL)) {
+ ZEND_ASSERT(op_num);
+ opline--;
+ }
do {
/* If the exception was thrown during a function call there might be
projects / php / commitdiff