From 385d1aa664c6ba7abd9e91f3e4ba29ac3013584d Mon Sep 17 00:00:00 2001
From: Zeev Suraski <zeev@php.net>
Date: Thu, 25 May 2000 16:26:22 +0000
Subject: [PATCH] Fix a crash bug in certain situations of class redeclarations

---
 Zend/zend_compile.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 58b49187cd..2d6b79939e 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -1095,7 +1095,10 @@ ZEND_API int do_bind_function_or_class(zend_op *opline, HashTable *function_tabl
 		case ZEND_DECLARE_CLASS: {
 				zend_class_entry *ce;
 
-				zend_hash_find(class_table, opline->op1.u.constant.value.str.val, opline->op1.u.constant.value.str.len, (void **) &ce);
+				if (zend_hash_find(class_table, opline->op1.u.constant.value.str.val, opline->op1.u.constant.value.str.len, (void **) &ce)==FAILURE) {
+					zend_error(E_ERROR, "Internal Zend error - Missing class information for %s", opline->op1.u.constant.value.str.val);
+					return FAILURE;
+				}
 				(*ce->refcount)++;
 				if (zend_hash_add(class_table, opline->op2.u.constant.value.str.val, opline->op2.u.constant.value.str.len+1, ce, sizeof(zend_class_entry), NULL)==FAILURE) {
 					(*ce->refcount)--;
@@ -1113,9 +1116,10 @@ ZEND_API int do_bind_function_or_class(zend_op *opline, HashTable *function_tabl
 				char *class_name, *parent_name;
 				zend_function tmp_zend_function;
 				zval *tmp;
+				int found_ce;
 
-				zend_hash_find(class_table, opline->op1.u.constant.value.str.val, opline->op1.u.constant.value.str.len, (void **) &ce);
-				(*ce->refcount)++;
+				
+				found_ce = zend_hash_find(class_table, opline->op1.u.constant.value.str.val, opline->op1.u.constant.value.str.len, (void **) &ce);
 
 				/* Restore base class / derived class names */
 				parent_name = opline->op2.u.constant.value.str.val;
@@ -1125,6 +1129,13 @@ ZEND_API int do_bind_function_or_class(zend_op *opline, HashTable *function_tabl
 				}
 				*class_name++ = 0;
 
+				if (found_ce==FAILURE) {
+					zend_error(E_ERROR, "Cannot redeclare class %s", class_name);
+					return FAILURE;
+				}
+
+				(*ce->refcount)++;
+
 				/* Obtain parent class */
 				if (zend_hash_find(class_table, parent_name, strlen(parent_name)+1, (void **) &parent_ce)==FAILURE) {
 					if (!compile_time) {
-- 
2.50.1