. Fixed bug #79783 (Segfault in php_str_replace_common). (Nikita)
. Fixed bug #79778 (Assertion failure if dumping closure with unresolved
static variable). (Nikita)
+ . Fixed bug #79779 (Assertion failure when assigning property of string
+ offset by reference). (Nikita)
- Fileinfo:
. Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb)
--- /dev/null
+--TEST--
+Bug #79779: Assertion failure when assigning property of string offset by reference
+--FILE--
+<?php
+$str = "";
+$str[1]->a = &$b;
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: Cannot use string offset as an object in %s:%d
+Stack trace:
+#0 {main}
+ thrown in %s on line %d
while (opline < end) {
if (opline->op1_type == IS_VAR && opline->op1.var == var) {
switch (opline->opcode) {
+ case ZEND_FETCH_OBJ_W:
+ case ZEND_FETCH_OBJ_RW:
+ case ZEND_FETCH_OBJ_FUNC_ARG:
+ case ZEND_FETCH_OBJ_UNSET:
+ case ZEND_ASSIGN_OBJ:
case ZEND_ASSIGN_OBJ_OP:
+ case ZEND_ASSIGN_OBJ_REF:
msg = "Cannot use string offset as an object";
break;
+ case ZEND_FETCH_DIM_W:
+ case ZEND_FETCH_DIM_RW:
+ case ZEND_FETCH_DIM_FUNC_ARG:
+ case ZEND_FETCH_DIM_UNSET:
+ case ZEND_FETCH_LIST_W:
+ case ZEND_ASSIGN_DIM:
case ZEND_ASSIGN_DIM_OP:
msg = "Cannot use string offset as an array";
break;
case ZEND_POST_DEC:
msg = "Cannot increment/decrement string offsets";
break;
- case ZEND_FETCH_DIM_W:
- case ZEND_FETCH_DIM_RW:
- case ZEND_FETCH_DIM_FUNC_ARG:
- case ZEND_FETCH_DIM_UNSET:
- case ZEND_FETCH_LIST_W:
- case ZEND_ASSIGN_DIM:
- msg = "Cannot use string offset as an array";
- break;
- case ZEND_FETCH_OBJ_W:
- case ZEND_FETCH_OBJ_RW:
- case ZEND_FETCH_OBJ_FUNC_ARG:
- case ZEND_FETCH_OBJ_UNSET:
- case ZEND_ASSIGN_OBJ:
- msg = "Cannot use string offset as an object";
- break;
case ZEND_ASSIGN_REF:
case ZEND_ADD_ARRAY_ELEMENT:
case ZEND_INIT_ARRAY:
projects / php / commitdiff