From 7f95aa4d97b6a687f7b4565157b934610d354f43 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 14 Jan 2015 16:12:35 -0800
Subject: [PATCH] Fix bug #68817: Null pointer deference

---
 ext/json/JSON_parser.c       |  2 +-
 ext/json/tests/bug68817.phpt | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 ext/json/tests/bug68817.phpt

diff --git a/ext/json/JSON_parser.c b/ext/json/JSON_parser.c
index 22508b79b1..4c17eb273c 100644
--- a/ext/json/JSON_parser.c
+++ b/ext/json/JSON_parser.c
@@ -582,7 +582,7 @@ parse_JSON_ex(JSON_parser jp, zval *z, unsigned short utf16_json[], int length,
 
                     json_create_zval(&mval, &buf, type, options);
                     add_next_index_zval(&jp->the_zstack[jp->top], &mval);
-                    buf.s->len = 0;
+                    if (buf.s) { buf.s->len = 0; }
                     JSON_RESET_TYPE();
                 }
 
diff --git a/ext/json/tests/bug68817.phpt b/ext/json/tests/bug68817.phpt
new file mode 100644
index 0000000000..aa9a63f93d
--- /dev/null
+++ b/ext/json/tests/bug68817.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #68817 (Null pointer deference)
+--SKIPIF--
+<?php if (!extension_loaded("json")) print "skip"; ?>
+--FILE--
+<?php
+
+var_dump(json_decode('[""]'));
+
+?>
+===DONE===
+--EXPECTF--
+array(1) {
+  [0]=>
+  string(0) ""
+}
+===DONE===
-- 
2.40.0