From ad3ddf46f9f5c97c43f04612bb448fcd109e2926 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 8 Oct 2019 14:30:53 +0200
Subject: [PATCH] Fixed bug #78644

Make sure the initialize the result of FETCH_OBJ_UNSET operations.
I'm using a NULL value rather than ERROR here, because the latter
no longer exists in master.
---
 NEWS                     |  2 ++
 Zend/tests/bug78644.phpt | 16 ++++++++++++++++
 Zend/zend_execute.c      |  1 +
 3 files changed, 19 insertions(+)
 create mode 100644 Zend/tests/bug78644.phpt

diff --git a/NEWS b/NEWS
index 8f79383ca5..ff37a024b1 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,8 @@ PHP                                                                        NEWS
   . Fixed bug #78620 (Out of memory error). (cmb, Nikita)
   . Fixed bug #78632 (method_exists() in php74 works differently from php73 in
     checking priv. methods). (Nikita)
+  . Fixed bug #78644 (SEGFAULT in ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER).
+    (Nikita)
 
 - Iconv:
   . Fixed bug #78642 (Wrong libiconv version displayed). (gedas at martynas,
diff --git a/Zend/tests/bug78644.phpt b/Zend/tests/bug78644.phpt
new file mode 100644
index 0000000000..3889e9fb05
--- /dev/null
+++ b/Zend/tests/bug78644.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #78644: SEGFAULT in ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER
+--FILE--
+<?php
+
+$a = new stdClass;
+unset($a->b->c->d);
+unset($a->b->c['d']);
+var_dump($a);
+
+?>
+--EXPECT--
+object(stdClass)#1 (1) {
+  ["b"]=>
+  NULL
+}
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index 42822785cb..15f3ee792a 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -2765,6 +2765,7 @@ static zend_always_inline void zend_fetch_property_address(zval *result, zval *c
 
 			/* this should modify object only if it's empty */
 			if (type == BP_VAR_UNSET) {
+				ZVAL_NULL(result);
 				return;
 			}
 
-- 
2.50.1