Fixed bug #76796

diff --git a/NEWS b/NEWS
index 5186e6b6c068754a65a1d58204c5b8c0adf28176..932a36a755b2ae4d968285ea6a496762ef6a72d8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 - Opcache:
   . Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
     (Anatol)
+  . Fixed bug #76796 (Compile-time evaluation of disabled function in opcache
+    causes segfault). (Nikita)
 
 - POSIX:
   . Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)

diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c
index e6d40d865d7cb99c8b9c0d1647075121336d5efa..6a7765aa62174acd9ffeed03d61df6238308efd9 100644 (file)
--- a/ext/opcache/Optimizer/sccp.c
+++ b/ext/opcache/Optimizer/sccp.c
@@ -833,7 +833,8 @@ static inline int ct_eval_func_call(
        }
 
        func = zend_hash_find_ptr(CG(function_table), name);
-       if (!func || func->type != ZEND_INTERNAL_FUNCTION) {
+       if (!func || func->type != ZEND_INTERNAL_FUNCTION
+                       || func->internal_function.handler == ZEND_FN(display_disabled_function)) {
                return FAILURE;
        }
 

diff --git a/ext/opcache/tests/bug76796.phpt b/ext/opcache/tests/bug76796.phpt
new file mode 100644 (file)
index 0000000..8388484
--- /dev/null
+++ b/ext/opcache/tests/bug76796.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #76796: Compile-time evaluation of disabled function in opcache (SCCP) causes segfault
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+disable_functions=strpos
+--FILE--
+<?php
+
+var_dump(strpos('foo', 'bar'));
+
+?>
+--EXPECTF--
+Warning: strpos() has been disabled for security reasons in %s on line %d
+NULL