From: Nikita Popov <nikic@php.net>
Date: Sat, 24 Sep 2016 11:22:00 +0000 (+0200)
Subject: Merge branch 'PHP-7.0' into PHP-7.1
X-Git-Tag: php-7.1.0RC3~34
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=453102b4a0cb02e880bb7b568d71f24acde4246e;p=php

Merge branch 'PHP-7.0' into PHP-7.1
---

453102b4a0cb02e880bb7b568d71f24acde4246e
diff --cc NEWS
index d42a9f409f,674a6cb05c..43e85ac1e3
--- a/NEWS
+++ b/NEWS
@@@ -1,12 -1,31 +1,16 @@@
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 -?? ??? 2016 PHP 7.0.12
 +?? ??? 2016, PHP 7.1.0RC3
  
+ - Core:
 -  . Fixed bug #73067 (__debugInfo crashes when throwing an exception).
 -    (Laruence)
 -  . Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of
 -    zend_virtual_cwd.c). (cmb)
 -  . Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
 -    password_verify). (Anatol)
 -  . Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
 -  . Fixed bug #69579 (Invalid free in extension trait). (John Boehr)
+   . Fixed bug #73163 (PHP hangs if error handler throws while accessing undef
+     const in default value). (Nikita)
+ 
  - COM:
    . Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol)
 -
 -- Filter:
 -  . Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
 -    FILTER_FLAG_NO_PRIV_RANGE). (julien)
 -  . Fixed bug #73054 (default option ignored when object passed to int filter).
 -    (cmb)
 +  . Fixed bug #69579 (Invalid free in extension trait). (John Boehr)
  
  - GD:
 -  . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
 -    (cmb)
    . Fixed bug #50194 (imagettftext broken on transparent background w/o
      alphablending). (cmb)
    . Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab,
diff --cc Zend/zend_execute_API.c
index dc411af835,194f16df48..2e299e8515
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@@ -602,7 -591,7 +600,8 @@@ ZEND_API int zval_update_constant_ex(zv
  					RESET_CONSTANT_VISITED(p);
  					return FAILURE;
  				} else {
 +					zend_string *save = Z_STR_P(p);
+ 					char *actual = Z_STRVAL_P(p);
  					size_t actual_len = Z_STRLEN_P(p);
  					char *slash = (char *) zend_memrchr(actual, '\\', actual_len);
  					if (slash) {