From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 7 Sep 2018 12:02:03 +0000 (+0200)
Subject: Fixed bug #76796
X-Git-Tag: php-7.3.0RC1~15^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cfdd828163bc03b63e41d92adc5b127f567e4c46;p=php

Fixed bug #76796
---

diff --git a/NEWS b/NEWS
index 5186e6b6c0..932a36a755 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 - Opcache:
   . Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
     (Anatol)
+  . Fixed bug #76796 (Compile-time evaluation of disabled function in opcache
+    causes segfault). (Nikita)
 
 - POSIX:
   . Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c
index e6d40d865d..6a7765aa62 100644
--- a/ext/opcache/Optimizer/sccp.c
+++ b/ext/opcache/Optimizer/sccp.c
@@ -833,7 +833,8 @@ static inline int ct_eval_func_call(
 	}
 
 	func = zend_hash_find_ptr(CG(function_table), name);
-	if (!func || func->type != ZEND_INTERNAL_FUNCTION) {
+	if (!func || func->type != ZEND_INTERNAL_FUNCTION
+			|| func->internal_function.handler == ZEND_FN(display_disabled_function)) {
 		return FAILURE;
 	}
 
diff --git a/ext/opcache/tests/bug76796.phpt b/ext/opcache/tests/bug76796.phpt
new file mode 100644
index 0000000000..8388484e10
--- /dev/null
+++ b/ext/opcache/tests/bug76796.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #76796: Compile-time evaluation of disabled function in opcache (SCCP) causes segfault
+--INI--
+opcache.enable=1
+opcache.enable_cli=1
+opcache.optimization_level=-1
+disable_functions=strpos
+--FILE--
+<?php
+
+var_dump(strpos('foo', 'bar'));
+
+?>
+--EXPECTF--
+Warning: strpos() has been disabled for security reasons in %s on line %d
+NULL