Fixed bug #77530: PHP crashes when parsing "(2)::class"

author ekinhbayar <me@ekins.space>

Mon, 28 Jan 2019 06:46:29 +0000 (09:46 +0300)

committer Nikita Popov <nikita.ppv@gmail.com>

Mon, 28 Jan 2019 08:22:18 +0000 (09:22 +0100)
author ekinhbayar <me@ekins.space>
Mon, 28 Jan 2019 06:46:29 +0000 (09:46 +0300)
committer Nikita Popov <nikita.ppv@gmail.com>
Mon, 28 Jan 2019 08:22:18 +0000 (09:22 +0100)
diff --git a/NEWS b/NEWS

index 348591735097896c1147e9e0ab3e4a4e747eb091..56e451b119f2349bbd14c946cfa8d548883dbbd9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ PHP                                                                        NEWS
    . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry)
    . Fixed bug #77494 (Disabling class causes segfault on member access).
      (Dmitry)
+  . Fixed bug #77530 (PHP crashes when parsing `(2)::class`). (Ekin)
  
  - Curl:
    . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães)
diff --git a/Zend/tests/bug77530.phpt b/Zend/tests/bug77530.phpt

new file mode 100644 (file)

index 0000000..fdb2bac
--- /dev/null
+++ b/Zend/tests/bug77530.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #77530: PHP crashes when parsing '(2)::class'
+--FILE--
+<?php
+
+echo (2)::class;
+
+?>
+--EXPECTF--
+Fatal error: Illegal class name in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c

index 28336130ccbf9c19ed066f2d47c0efde792b0925..46ca21a4367b4e5ee0c86ce9bac74447bcb5625e 100644 (file)
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -1494,6 +1494,7 @@ static void zend_ensure_valid_class_fetch_type(uint32_t fetch_type) /* {{{ */
  static zend_bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_ast *class_ast, zend_ast *name_ast, zend_bool constant) /* {{{ */
  {
         uint32_t fetch_type;
+       zval *class_name;
  
         if (name_ast->kind != ZEND_AST_ZVAL) {
                 return 0;
@@ -1508,7 +1509,13 @@ static zend_bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_a
                         "Dynamic class names are not allowed in compile-time ::class fetch");
         }
  
-       fetch_type = zend_get_class_fetch_type(zend_ast_get_str(class_ast));
+       class_name = zend_ast_get_zval(class_ast);
+
+       if (Z_TYPE_P(class_name) != IS_STRING) {
+               zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
+       }
+
+       fetch_type = zend_get_class_fetch_type(Z_STR_P(class_name));
         zend_ensure_valid_class_fetch_type(fetch_type);
  
         switch (fetch_type) {
author	ekinhbayar <me@ekins.space>
	Mon, 28 Jan 2019 06:46:29 +0000 (09:46 +0300)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 28 Jan 2019 08:22:18 +0000 (09:22 +0100)
NEWS		patch \| blob \| history
Zend/tests/bug77530.phpt	[new file with mode: 0644]	patch \| blob
Zend/zend_compile.c		patch \| blob \| history