From c56efb848b01fa3ecdb7f7253b541b020d154290 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 25 Dec 2015 21:25:53 -0800 Subject: [PATCH] Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start) --- NEWS | 2 ++ ext/standard/array.c | 4 ++++ ext/standard/tests/array/bug71220.phpt | 10 ++++++++++ 3 files changed, 16 insertions(+) create mode 100644 ext/standard/tests/array/bug71220.phpt diff --git a/NEWS b/NEWS index 776f289aa2..932dd4a251 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ PHP NEWS immediately). (Laruence) - Standard: + . Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start). + (hugh at allthethings dot co dot nz) . Fixed bug #71190 (substr_replace converts integers in original $search array to strings). (Laruence) . Fixed bug #71188 (str_replace converts integers in original $search array diff --git a/ext/standard/array.c b/ext/standard/array.c index 79c9ab6207..7d27c0b78b 100644 --- a/ext/standard/array.c +++ b/ext/standard/array.c @@ -1976,6 +1976,10 @@ PHP_FUNCTION(compact) symbol_table = zend_rebuild_symbol_table(); + if (UNEXPECTED(symbol_table == NULL)) { + return; + } + /* compact() is probably most used with a single array of var_names or multiple string names, rather than a combination of both. So quickly guess a minimum result size based on that */ diff --git a/ext/standard/tests/array/bug71220.phpt b/ext/standard/tests/array/bug71220.phpt new file mode 100644 index 0000000000..2a852a6e71 --- /dev/null +++ b/ext/standard/tests/array/bug71220.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #71220 (Null pointer deref (segfault) in compact via ob_start) +--FILE-- + +okey +--EXPECT-- +okey -- 2.40.0