From 0bddc18619062e2801ac4aecf76e95963d1990e3 Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Tue, 28 Jul 2015 16:39:58 +0800
Subject: [PATCH] Fixed bug #70156 (Segfault in zend_find_alias_name)

---
 NEWS                     |  3 ++-
 Zend/tests/bug70156.phpt | 37 +++++++++++++++++++++++++++++++++++++
 Zend/zend_API.c          |  3 +--
 3 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 Zend/tests/bug70156.phpt

diff --git a/NEWS b/NEWS
index 3d41ca9e7a..3d41dd9086 100644
--- a/NEWS
+++ b/NEWS
@@ -3,7 +3,7 @@ PHP                                                                        NEWS
 06 Aug 2015, PHP 7.0.0 Beta 3
 
 - Core:
-  . Fixed bug #36365 (scandir duplicates file name at every 65535th file). (cmb)
+  . Fixed bug #70156 (Segfault in zend_find_alias_name). (Laruence)
   . Fixed bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION).
     (Laruence)
   . Fixed bug #70117 (Unexpected return type error). (Laruence)
@@ -20,6 +20,7 @@ PHP                                                                        NEWS
 - Standard:
   . Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code
     Execution). (Laruence)
+  . Fixed bug #36365 (scandir duplicates file name at every 65535th file). (cmb)
 
 23 Jul 2015, PHP 7.0.0 Beta 2
 
diff --git a/Zend/tests/bug70156.phpt b/Zend/tests/bug70156.phpt
new file mode 100644
index 0000000000..6b5e383337
--- /dev/null
+++ b/Zend/tests/bug70156.phpt
@@ -0,0 +1,37 @@
+--TEST--
+Bug #70156 (Segfault in zend_find_alias_name)
+--FILE--
+<?php
+trait T1 {
+	protected function foo1()
+	{
+		$this->bar();
+	}
+}
+
+trait T2 {
+	protected function foo2()
+	{
+		debug_print_backtrace();
+	}
+}
+
+class dummy {
+	use T1 {
+		foo1 as private;
+	}
+	use T2 {
+		foo2 as bar;
+	}
+	public function __construct()
+	{
+		$this->foo1();
+	}
+}
+
+new dummy();
+?>
+--EXPECTF--
+#0  dummy->bar() called at [%sbug70156.php:%d]
+#1  dummy->foo1() called at [%sbug70156.php:%d]
+#2  dummy->__construct() called at [%sbug70156.php:%d]
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index d8e560c844..4a29c9e117 100644
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -4106,8 +4106,7 @@ ZEND_API zend_string* zend_find_alias_name(zend_class_entry *ce, zend_string *na
 	if ((alias_ptr = ce->trait_aliases)) {
 		alias = *alias_ptr;
 		while (alias) {
-			if (ZSTR_LEN(alias->alias) == ZSTR_LEN(name) &&
-				!strncasecmp(ZSTR_VAL(name), ZSTR_VAL(alias->alias), ZSTR_LEN(alias->alias))) {
+			if (alias->alias && zend_string_equals_ci(alias->alias, name)) {
 				return alias->alias;
 			}
 			alias_ptr++;
-- 
2.40.0