]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3d7a201)
Fixed bug #54910 (Crash when calling call_user_func with unknown function name)
authorDmitry Stogov <dmitry@php.net>
Tue, 31 May 2011 09:20:51 +0000 (09:20 +0000)
committerDmitry Stogov <dmitry@php.net>
Tue, 31 May 2011 09:20:51 +0000 (09:20 +0000)
NEWS patch | blob | history
Zend/tests/bug54910.phpt [new file with mode: 0644] patch | blob
Zend/zend_API.c patch | blob | history

diff --git a/NEWS b/NEWS
index eca47322e6d2382580ee66fdd40f77bba6b4689d..f7f9d4b3b5acc115d088a28434f5a3d600406136 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Increased the backtrack limit from 100000 to 1000000 (Rasmus)
 
 - Zend Engine:
+  . Fixed bug #54910 (Crash when calling call_user_func with unknown function
+    name). (Dmitry)
   . Fixed bug #54804 (__halt_compiler and imported namespaces).
     (Pierrick, Felipe)
   . Fixed bug #54585 (track_errors causes segfault). (Dmitry)
diff --git a/Zend/tests/bug54910.phpt b/Zend/tests/bug54910.phpt
new file mode 100644 (file)
index 0000000..8808cd0
--- /dev/null
+++ b/Zend/tests/bug54910.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #54910 (Crash when calling call_user_func with unknown function name)
+--FILE--
+<?php
+class A {
+    public function __call($method, $args) {
+        if (stripos($method, 'get') === 0) {
+            return $this->get();
+        } 
+        die("No such method - '$method'\n");
+    }
+
+    protected function get() {
+        $class = get_class($this);
+        $call = array($class, 'noSuchMethod');
+        
+        if (is_callable($call)) {
+            call_user_func($call);
+        }
+    }
+}
+
+class B extends A {}
+
+$input = new B();
+echo $input->getEmail();
+--EXPECT--
+No such method - 'noSuchMethod'
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index 261170c41ee653ff631875faa3669520dd3aa2ac..fba570513c3bc2655ff7d4916e125352f7e6eff0 100644 (file)
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -2590,6 +2590,11 @@ get_function_via_handler:
                        if (fcc->function_handler) {
                                retval = 1;
                                call_via_handler = (fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_HANDLER) != 0;
+                               if (call_via_handler && !fcc->object_ptr && EG(This) &&
+                                   Z_OBJ_HT_P(EG(This))->get_class_entry &&
+                                   instanceof_function(Z_OBJCE_P(EG(This)), fcc->calling_scope TSRMLS_CC)) {
+                                       fcc->object_ptr = EG(This);
+                               }
                        }
                }
        }
Unnamed repository; edit this file 'description' to name the repository.