]> granicus.if.org Git - php/commitdiff
Fixed bug #78182
authorNikita Popov <nikita.ppv@gmail.com>
Wed, 19 Jun 2019 14:35:12 +0000 (16:35 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Wed, 19 Jun 2019 14:35:12 +0000 (16:35 +0200)
NEWS
Zend/tests/bug78182.phpt [new file with mode: 0644]
Zend/zend_execute.c

diff --git a/NEWS b/NEWS
index 006ed9cebc952ec8f2b6f2ca661117ee45cf433f..50402e8411db4944fd7a2b20ea866e23455b6b3f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
   . Fixed bug #78151 (Segfault caused by indirect expressions in PHP 7.4a1).
     (Nikita)
   . Fixed bug #78154 (SEND_VAR_NO_REF does not always send reference). (Nikita)
+  . Fixed bug #78182 (Segmentation fault during by-reference property
+    assignment). (Nikita)
 
 - Date:
   . Fixed #69044 (discrepency between time and microtime). (krakjoe)
diff --git a/Zend/tests/bug78182.phpt b/Zend/tests/bug78182.phpt
new file mode 100644 (file)
index 0000000..4b0f08d
--- /dev/null
@@ -0,0 +1,15 @@
+--TEST--
+Bug #78182: Segmentation fault during by-reference property assignment
+--FILE--
+<?php
+$varName = 'var';
+$propName = 'prop';
+$$varName->$propName =& $$varName;
+var_dump($var);
+?>
+--EXPECTF--
+Warning: Creating default object from empty value in %s on line %d
+object(stdClass)#1 (1) {
+  ["prop"]=>
+  *RECURSION*
+}
index faa677e44de52f76ea71cf20a5177ef362dd9457..5588ada56aa108204846fe64b9850b7fe9b4ec95 100644 (file)
@@ -2826,6 +2826,7 @@ static zend_always_inline void zend_assign_to_property_reference(zval *container
                if (prop_op_type == IS_CONST) {
                        prop_info = (zend_property_info *) CACHED_PTR_EX(cache_addr + 2);
                } else {
+                       ZVAL_DEREF(container);
                        prop_info = zend_object_fetch_property_type_info(Z_OBJ_P(container), variable_ptr);
                }