From c63a3187e5605e42085424c932ab4622b50f7feb Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Fri, 18 May 2007 11:51:40 +0000
Subject: [PATCH] fix #41421 (Uncaught exception from a stream wrapper
 segfaults)

---
 Zend/tests/bug41421.phpt | 29 +++++++++++++++++++++++++++++
 Zend/zend_execute_API.c  |  8 ++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 Zend/tests/bug41421.phpt

diff --git a/Zend/tests/bug41421.phpt b/Zend/tests/bug41421.phpt
new file mode 100644
index 0000000000..f10db10980
--- /dev/null
+++ b/Zend/tests/bug41421.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Bug #41421 (Uncaught exception from a stream wrapper segfaults)
+--FILE--
+<?php
+
+class wrapper {
+	function stream_open() {
+		return true;
+	}
+	function stream_eof() {
+		throw new exception();
+	}
+}
+
+stream_wrapper_register("wrap", "wrapper");
+$fp = fopen("wrap://...", "r");
+feof($fp);
+
+echo "Done\n";
+?>
+--EXPECTF--	
+Warning: feof(): wrapper::stream_eof is not implemented! Assuming EOF in %s on line %d
+
+Fatal error: Uncaught exception 'Exception' in %s:%d
+Stack trace:
+#0 [internal function]: wrapper->stream_eof()
+#1 %s(%d): feof(Resource id #6)
+#2 {main}
+  thrown in %s on line %d
diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c
index a8d9ef42b7..3ab20f0e26 100644
--- a/Zend/zend_execute_API.c
+++ b/Zend/zend_execute_API.c
@@ -711,6 +711,10 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS
 		}
 
 		if (fci->object_pp) {
+			if (Z_TYPE_PP(fci->object_pp) == IS_OBJECT
+				&& (!EG(objects_store).object_buckets || !EG(objects_store).object_buckets[Z_OBJ_HANDLE_PP(fci->object_pp)].valid)) {
+				return FAILURE;
+			}
 			/* TBI!! new object handlers */
 			if (Z_TYPE_PP(fci->object_pp) == IS_OBJECT) {
 				if (!IS_ZEND_STD_OBJECT(**fci->object_pp)) {
@@ -905,6 +909,10 @@ int zend_call_function(zend_fcall_info *fci, zend_fcall_info_cache *fci_cache TS
 		calling_scope = fci_cache->calling_scope;
 		fci->object_pp = fci_cache->object_pp;
 		EX(object) = fci->object_pp ? *fci->object_pp : NULL;
+		if (fci->object_pp && Z_TYPE_PP(fci->object_pp) == IS_OBJECT
+			&& (!EG(objects_store).object_buckets || !EG(objects_store).object_buckets[Z_OBJ_HANDLE_PP(fci->object_pp)].valid)) {
+			return FAILURE;
+		}
 	}
 
 	if (EX(function_state).function->common.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_DEPRECATED)) {
-- 
2.50.1