From 0427ef91a677d10a022b82b3c96e02ba6520c4fa Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 27 Feb 2020 10:29:44 +0100
Subject: [PATCH] Avoid null arithmetic UB in EX_VAR_TO_NUM

---
 Zend/zend_compile.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h
index 6c438b6902..97ce2b9415 100644
--- a/Zend/zend_compile.h
+++ b/Zend/zend_compile.h
@@ -577,7 +577,7 @@ struct _zend_execute_data {
 #define EX_VAR(n)				ZEND_CALL_VAR(execute_data, n)
 #define EX_VAR_NUM(n)			ZEND_CALL_VAR_NUM(execute_data, n)
 
-#define EX_VAR_TO_NUM(n)		((uint32_t)(ZEND_CALL_VAR(NULL, n) - ZEND_CALL_VAR_NUM(NULL, 0)))
+#define EX_VAR_TO_NUM(n)		((uint32_t)((n) / sizeof(zval) - ZEND_CALL_FRAME_SLOT))
 
 #define ZEND_OPLINE_TO_OFFSET(opline, target) \
 	((char*)(target) - (char*)(opline))
-- 
2.40.0