From 8a9df8859747abaf70e4465d066adbe1f97d1fdb Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 26 Sep 2019 10:24:49 +0200
Subject: [PATCH] Fix null-pointer deref in if stmt printing

Fixes OSS-Fuzz #17721.
---
 Zend/tests/assert/expect_015.phpt | 4 ++++
 Zend/zend_ast.c                   | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Zend/tests/assert/expect_015.phpt b/Zend/tests/assert/expect_015.phpt
index 1679640851..72f13ff83f 100644
--- a/Zend/tests/assert/expect_015.phpt
+++ b/Zend/tests/assert/expect_015.phpt
@@ -140,6 +140,7 @@ assert(0 && ($a = function () {
     if ($a) {
     } elseif ($b) {
     }
+    if ($a); else;
 }));
 
 ?>
@@ -292,4 +293,7 @@ Warning: assert(): assert(0 && ($a = function () {
     if ($a) {
     } elseif ($b) {
     }
+    if ($a) {
+    } else {
+    }
 })) failed in %sexpect_015.php on line %d
diff --git a/Zend/zend_ast.c b/Zend/zend_ast.c
index 6e3447eb73..bad1471ac4 100644
--- a/Zend/zend_ast.c
+++ b/Zend/zend_ast.c
@@ -894,7 +894,7 @@ tail_call:
 		} else {
 			zend_ast_export_indent(str, indent);
 			smart_str_appends(str, "} else ");
-			if (ast->child[1]->kind == ZEND_AST_IF) {
+			if (ast->child[1] && ast->child[1]->kind == ZEND_AST_IF) {
 				list = (zend_ast_list*)ast->child[1];
 				goto tail_call;
 			} else {
-- 
2.40.0