From: Xinchen Hui Date: Sat, 26 Dec 2015 05:25:53 +0000 (-0800) Subject: Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start) X-Git-Tag: php-7.0.3RC1~101 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c56efb848b01fa3ecdb7f7253b541b020d154290;p=php Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start) --- diff --git a/NEWS b/NEWS index 776f289aa2..932dd4a251 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ PHP NEWS immediately). (Laruence) - Standard: + . Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start). + (hugh at allthethings dot co dot nz) . Fixed bug #71190 (substr_replace converts integers in original $search array to strings). (Laruence) . Fixed bug #71188 (str_replace converts integers in original $search array diff --git a/ext/standard/array.c b/ext/standard/array.c index 79c9ab6207..7d27c0b78b 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -1976,6 +1976,10 @@ PHP_FUNCTION(compact) symbol_table = zend_rebuild_symbol_table(); + if (UNEXPECTED(symbol_table == NULL)) { + return; + } + /* compact() is probably most used with a single array of var_names or multiple string names, rather than a combination of both. So quickly guess a minimum result size based on that */ diff --git a/ext/standard/tests/array/bug71220.phpt b/ext/standard/tests/array/bug71220.phpt new file mode 100644 index 0000000000..2a852a6e71 --- /dev/null +++ b/ext/standard/tests/array/bug71220.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #71220 (Null pointer deref (segfault) in compact via ob_start) +--FILE-- + +okey +--EXPECT-- +okey