From c447acf8632dd22d53e5498372f718e6e241c27a Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 19 Jan 2006 07:23:32 +0000 Subject: [PATCH] Fixed bug #36071 (Engine Crash related with 'clone') --- NEWS | 1 + Zend/tests/bug36071.phpt | 13 +++++++++++++ Zend/zend_execute.c | 10 ++++++++++ 3 files changed, 24 insertions(+) create mode 100755 Zend/tests/bug36071.phpt diff --git a/NEWS b/NEWS index 9219bdbbce..39f1ba0a96 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ PHP NEWS MYSQLI_TYPE_NEWDECIMAL and MYSQLI_TYPE_BIT. FR #36007. (Georg) - Fixed imagecolorallocate() and imagecolorallocatelapha() to return FALSE on error. (Pierre) +- Fixed bug #36071 (Engine Crash related with 'clone'). (Dmitry) - Fixed bug #36055 (possible OCI8 crash in multithreaded environment). (Tony) - Fixed bug #36046 (parse_ini_file() miscounts lines in multi-line values). (Ilia) diff --git a/Zend/tests/bug36071.phpt b/Zend/tests/bug36071.phpt new file mode 100755 index 0000000000..3b8e05dfab --- /dev/null +++ b/Zend/tests/bug36071.phpt @@ -0,0 +1,13 @@ +--TEST-- +Bug #36071 (Engine Crash related with 'clone') +--INI-- +error_reporting=4095 +--FILE-- +b = 0; +echo "ok\n"; +?> +--EXPECTF-- +Warning: __clone method called on non-object in %sbug36071.php on line 2 +ok \ No newline at end of file diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 5ccdf67b70..046a9b1b0d 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -545,6 +545,16 @@ static inline void zend_assign_to_object(znode *result, zval **object_ptr, znode zval *value = get_zval_ptr(value_op, Ts, &free_value, BP_VAR_R); zval **retval = &T(result->u.var).var.ptr; + if (*object_ptr == EG(error_zval_ptr)) { + FREE_OP(free_op2); + if (!RETURN_VALUE_UNUSED(result)) { + *retval = EG(uninitialized_zval_ptr); + PZVAL_LOCK(*retval); + } + FREE_OP(free_value); + return; + } + make_real_object(object_ptr TSRMLS_CC); /* this should modify object only if it's empty */ object = *object_ptr; -- 2.50.1