Ensure symtable exists before checking it

diff --git a/ext/standard/tests/strings/parse_str_memory_error.phpt b/ext/standard/tests/strings/parse_str_memory_error.phpt
new file mode 100644 (file)
index 0000000..0242d97
--- /dev/null
+++ b/ext/standard/tests/strings/parse_str_memory_error.phpt
@@ -0,0 +1,19 @@
+--TEST--
+parse_str() should not read uninitialized memory when checking for $this
+--FILE--
+<?php
+
+function test() {
+    // strlen("abcd") == 4 is relevant
+    parse_str('abcd=1', $array);
+    var_dump($array);
+}
+
+test();
+
+?>
+--EXPECT--
+array(1) {
+  ["abcd"]=>
+  string(1) "1"
+}

diff --git a/main/php_variables.c b/main/php_variables.c
index 7f0823af5ac88eaf77e3b484eaf7bd3afcb93f63..a5256e7322e6476b82f87c00dd8697362e518fcd 100644 (file)
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -114,7 +114,8 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 
                while (ex) {
                        if (ex->func && ZEND_USER_CODE(ex->func->common.type)) {
-                               if (ex->symbol_table == symtable1) {
+                               if ((ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_SYMBOL_TABLE)
+                                               && ex->symbol_table == symtable1) {
                                        if (memcmp(var, "this", sizeof("this")-1) == 0) {
                                                zend_throw_error(NULL, "Cannot re-assign $this");
                                                zval_dtor(val);