Fixed bug #70183 null pointer deref (segfault) in zend_eval_const_expr

author Hugh Davenport <hugh@allthethings.co.nz>

Sun, 2 Aug 2015 14:51:23 +0000 (16:51 +0200)

committer Anatol Belski <ab@php.net>

Sun, 2 Aug 2015 14:51:23 +0000 (16:51 +0200)
author Hugh Davenport <hugh@allthethings.co.nz>
Sun, 2 Aug 2015 14:51:23 +0000 (16:51 +0200)
committer Anatol Belski <ab@php.net>
Sun, 2 Aug 2015 14:51:23 +0000 (16:51 +0200)
diff --git a/Zend/tests/bug70183.phpt b/Zend/tests/bug70183.phpt

new file mode 100644 (file)

index 0000000..d9b9972
--- /dev/null
+++ b/Zend/tests/bug70183.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Bug #70183 (null pointer deref (segfault) in zend_eval_const_expr)
+--FILE--
+<?php
+[[][]]
+?>
+--EXPECTF--
+Fatal error: Cannot use [] for reading in %sbug70183.php on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c

index 5d7eec2412cd66b74e64f44112a94bf03dd3bba5..0e9f478f973a8faa9afd5d88835fa07fb22d87e4 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -7374,7 +7374,7 @@ void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
  
                         zend_eval_const_expr(&ast->child[0]);
                         zend_eval_const_expr(&ast->child[1]);
-                       if (ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
+                       if (!ast->child[0] || !ast->child[1] || ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
                                 return;
                         }
author	Hugh Davenport <hugh@allthethings.co.nz>
	Sun, 2 Aug 2015 14:51:23 +0000 (16:51 +0200)
committer	Anatol Belski <ab@php.net>
	Sun, 2 Aug 2015 14:51:23 +0000 (16:51 +0200)
Zend/tests/bug70183.phpt	[new file with mode: 0644]	patch \| blob
Zend/zend_compile.c		patch \| blob \| history