From cab75d8b00b6e86f6e2ede1ba3b3bd35518fc3bd Mon Sep 17 00:00:00 2001
From: Bob Weinand <bobwei9@hotmail.com>
Date: Sat, 8 Aug 2015 16:19:12 +0200
Subject: [PATCH] Fixed bug #70215 (segfault when __invoke is static)

---
 NEWS                     |  6 ++++++
 Zend/tests/bug70215.phpt | 21 +++++++++++++++++++++
 Zend/zend_vm_def.h       |  2 +-
 Zend/zend_vm_execute.h   |  6 +++---
 4 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 Zend/tests/bug70215.phpt

diff --git a/NEWS b/NEWS
index 22371a511d..4862c9ecf6 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,12 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 20 Aug 2015, PHP 7.0.0 RC 1
 
+- Code:
+  . Fixed bug #70215 (Segfault when __invoke is static). (Bob)
+
+- Phpdbg:
+  . Fixed bug #70214 (FASYNC not defined, needs sys/file.h include). (Bob)
+
 - Standard:
   . Fixed bug #70208 (Assert breaking access on objects). (Bob)
 
diff --git a/Zend/tests/bug70215.phpt b/Zend/tests/bug70215.phpt
new file mode 100644
index 0000000000..527920cbb5
--- /dev/null
+++ b/Zend/tests/bug70215.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #70215 (Segfault when invoke is static)
+--FILE--
+<?php
+
+class A {
+	public static function __invoke() {
+		echo __CLASS__;
+	}
+}
+
+class B extends A { }
+
+$b = new B;
+
+$b();
+
+?>
+--EXPECTF--
+Warning: The magic method __invoke() must have public visibility and cannot be static in %s on line %d
+A
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index b3ae031dee..6339ec631c 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -3249,7 +3249,7 @@ ZEND_VM_C_LABEL(try_function_name):
 			ZEND_ASSERT(GC_TYPE(fbc->common.prototype) == IS_OBJECT);
 			GC_REFCOUNT(fbc->common.prototype)++;
 			call_info |= ZEND_CALL_CLOSURE;
-		} else {
+		} else if (object) {
 			call_info |= ZEND_CALL_RELEASE_THIS;
 			GC_REFCOUNT(object)++; /* For $this pointer */
 		}
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index f1927ff7f6..a0a1c1f0d0 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2019,7 +2019,7 @@ try_function_name:
 			ZEND_ASSERT(GC_TYPE(fbc->common.prototype) == IS_OBJECT);
 			GC_REFCOUNT(fbc->common.prototype)++;
 			call_info |= ZEND_CALL_CLOSURE;
-		} else {
+		} else if (object) {
 			call_info |= ZEND_CALL_RELEASE_THIS;
 			GC_REFCOUNT(object)++; /* For $this pointer */
 		}
@@ -2441,7 +2441,7 @@ try_function_name:
 			ZEND_ASSERT(GC_TYPE(fbc->common.prototype) == IS_OBJECT);
 			GC_REFCOUNT(fbc->common.prototype)++;
 			call_info |= ZEND_CALL_CLOSURE;
-		} else {
+		} else if (object) {
 			call_info |= ZEND_CALL_RELEASE_THIS;
 			GC_REFCOUNT(object)++; /* For $this pointer */
 		}
@@ -2696,7 +2696,7 @@ try_function_name:
 			ZEND_ASSERT(GC_TYPE(fbc->common.prototype) == IS_OBJECT);
 			GC_REFCOUNT(fbc->common.prototype)++;
 			call_info |= ZEND_CALL_CLOSURE;
-		} else {
+		} else if (object) {
 			call_info |= ZEND_CALL_RELEASE_THIS;
 			GC_REFCOUNT(object)++; /* For $this pointer */
 		}
-- 
2.50.1