]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3124129)
Fix segfault with __COMPILER_HALT_OFFSET__ and trailing {}
authorNikita Popov <nikita.ppv@gmail.com>
Wed, 2 Oct 2019 10:06:00 +0000 (12:06 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Wed, 2 Oct 2019 10:07:15 +0000 (12:07 +0200)
Fixes OSS-Fuzz #17895.

Zend/tests/halt_compiler5.phpt [new file with mode: 0644] patch | blob
Zend/zend_compile.c patch | blob | history

diff --git a/Zend/tests/halt_compiler5.phpt b/Zend/tests/halt_compiler5.phpt
new file mode 100644 (file)
index 0000000..71d973e
--- /dev/null
+++ b/Zend/tests/halt_compiler5.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Using __COMPILER_HALF_OFFSET__ with trailing {} (OSS-Fuzz #17895)
+--FILE--
+<?php
+__COMPILER_HALT_OFFSET__;
+{}
+--EXPECTF--
+Warning: Use of undefined constant __COMPILER_HALT_OFFSET__ - assumed '__COMPILER_HALT_OFFSET__' (this will throw an Error in a future version of PHP) in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index f25ce2f55d809456bec520ec128679d2e1122567..d991bbcf3809e544f09fee5614682b8fd9621d8c 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -7676,6 +7676,9 @@ void zend_compile_const(znode *result, zend_ast *ast) /* {{{ */
 
                while (last && last->kind == ZEND_AST_STMT_LIST) {
                        zend_ast_list *list = zend_ast_get_list(last);
+                       if (list->children == 0) {
+                               break;
+                       }
                        last = list->child[list->children-1];
                }
                if (last && last->kind == ZEND_AST_HALT_COMPILER) {
Unnamed repository; edit this file 'description' to name the repository.