From: Xinchen Hui Date: Wed, 19 Aug 2015 10:41:28 +0000 (+0800) Subject: Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) X-Git-Tag: php-5.6.13RC1~4 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b584b513983319be170f02828bc7c12850b40320;p=php Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) --- diff --git a/NEWS b/NEWS index dc7417650f..89aa2c0ec8 100644 --- a/NEWS +++ b/NEWS @@ -29,6 +29,10 @@ PHP NEWS - PCRE: . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb) + +- SPL: + . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via + ob_start). (hugh at allthethings dot co dot nz) - Standard: . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c index 6b886b7ef3..3424b90aea 100644 --- a/ext/spl/php_spl.c +++ b/ext/spl/php_spl.c @@ -358,7 +358,7 @@ PHP_FUNCTION(spl_autoload) * The "scope" is determined by an opcode, if it is ZEND_FETCH_CLASS we know function was called indirectly by * the Zend engine. */ - if (active_opline->opcode != ZEND_FETCH_CLASS) { + if (EG(opline_ptr) && active_opline->opcode != ZEND_FETCH_CLASS) { zend_throw_exception_ex(spl_ce_LogicException, 0 TSRMLS_CC, "Class %s could not be loaded", class_name); } else { php_error_docref(NULL TSRMLS_CC, E_ERROR, "Class %s could not be loaded", class_name); diff --git a/ext/spl/tests/bug70290.phpt b/ext/spl/tests/bug70290.phpt new file mode 100644 index 0000000000..0fd83c2d75 --- /dev/null +++ b/ext/spl/tests/bug70290.phpt @@ -0,0 +1,9 @@ +--TEST-- +Bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start) +--INI-- +display_errors=2 +--FILE-- + 1 +--EXPECT-- +Fatal error: Unknown: Class 1 + could not be loaded in Unknown on line 0