From e68106988a6a3a3bd9736747d111ce388ef82423 Mon Sep 17 00:00:00 2001
From: Felipe Pena <felipe@php.net>
Date: Mon, 6 Oct 2008 00:40:02 +0000
Subject: [PATCH] - MFH: Fixed bug #46238 (Segmentation fault on static call
 with empty string method)

---
 NEWS                     |   2 +
 Zend/tests/bug46238.phpt | 120 +++++++++++++++++++++++++++++++++++++++
 Zend/zend_vm_def.h       |   4 +-
 Zend/zend_vm_execute.h   |  40 ++++++-------
 4 files changed, 144 insertions(+), 22 deletions(-)
 create mode 100644 Zend/tests/bug46238.phpt

diff --git a/NEWS b/NEWS
index 38470182ea..3db618827f 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,8 @@ PHP                                                                        NEWS
 
 - Fixed bug causing the algorithm parameter of mhash() to be modified. (Scott)
 
+- Fixed bug #46238 (Segmentation fault on static call with empty string method).
+  (Felipe)
 - Fixed bug #46206 (pg_query_params/pg_execute convert passed values to
   strings). (Ilia) 
 - Fixed bug #46205 (Closure - Memory leaks when ReflectionException is thrown).
diff --git a/Zend/tests/bug46238.phpt b/Zend/tests/bug46238.phpt
new file mode 100644
index 0000000000..87a1c15c14
--- /dev/null
+++ b/Zend/tests/bug46238.phpt
@@ -0,0 +1,120 @@
+--TEST--
+Bug #46238 (Segmentation fault on static call with empty string method)
+--FILE--
+<?php
+
+class a {
+        static function __callStatic($name, $arguments)
+        {
+                var_dump(array($name, $arguments));
+        }
+}
+
+$a = 'a';
+$b = '';
+
+$a::$b($a);
+$a::$b(array());
+$a::$b(NULL);
+$a::$b(1);
+$a::$b();
+
+
+$b = "\0";
+
+$a::$b($a);
+$a::$b(array());
+$a::$b(NULL);
+$a::$b(1);
+$a::$b();
+
+?>
+--EXPECT--
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    string(1) "a"
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    array(0) {
+    }
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    NULL
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    int(1)
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(0) {
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    string(1) "a"
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    array(0) {
+    }
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    NULL
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(1) {
+    [0]=>
+    int(1)
+  }
+}
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  array(0) {
+  }
+}
diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
index a86a79b8c8..c9657dbdeb 100644
--- a/Zend/zend_vm_def.h
+++ b/Zend/zend_vm_def.h
@@ -1983,7 +1983,7 @@ ZEND_VM_HANDLER(113, ZEND_INIT_STATIC_METHOD_CALL, CONST|VAR, CONST|TMP|VAR|UNUS
 		}
 	}
 	if(OP2_TYPE != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 		zend_free_op free_op2;
 
@@ -2001,7 +2001,7 @@ ZEND_VM_HANDLER(113, ZEND_INIT_STATIC_METHOD_CALL, CONST|VAR, CONST|TMP|VAR|UNUS
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
index 6f4ef773f5..09a49379f9 100644
--- a/Zend/zend_vm_execute.h
+++ b/Zend/zend_vm_execute.h
@@ -2630,7 +2630,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER(
 		}
 	}
 	if(IS_CONST != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 
 
@@ -2648,7 +2648,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CONST_HANDLER(
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -3226,7 +3226,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_TMP_HANDLER(ZE
 		}
 	}
 	if(IS_TMP_VAR != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 		zend_free_op free_op2;
 
@@ -3244,7 +3244,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_TMP_HANDLER(ZE
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -3702,7 +3702,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_VAR_HANDLER(ZE
 		}
 	}
 	if(IS_VAR != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 		zend_free_op free_op2;
 
@@ -3720,7 +3720,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_VAR_HANDLER(ZE
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -3934,7 +3934,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_UNUSED_HANDLER
 		}
 	}
 	if(IS_UNUSED != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 
 
@@ -3952,7 +3952,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_UNUSED_HANDLER
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -4378,7 +4378,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CV_HANDLER(ZEN
 		}
 	}
 	if(IS_CV != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 
 
@@ -4396,7 +4396,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_CV_HANDLER(ZEN
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -10371,7 +10371,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_CONST_HANDLER(ZE
 		}
 	}
 	if(IS_CONST != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 
 
@@ -10389,7 +10389,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_CONST_HANDLER(ZE
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -12225,7 +12225,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_TMP_HANDLER(ZEND
 		}
 	}
 	if(IS_TMP_VAR != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 		zend_free_op free_op2;
 
@@ -12243,7 +12243,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_TMP_HANDLER(ZEND
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -14059,7 +14059,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_VAR_HANDLER(ZEND
 		}
 	}
 	if(IS_VAR != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 		zend_free_op free_op2;
 
@@ -14077,7 +14077,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_VAR_HANDLER(ZEND
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -14986,7 +14986,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_UNUSED_HANDLER(Z
 		}
 	}
 	if(IS_UNUSED != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 
 
@@ -15004,7 +15004,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_UNUSED_HANDLER(Z
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
@@ -16507,7 +16507,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_CV_HANDLER(ZEND_
 		}
 	}
 	if(IS_CV != IS_UNUSED) {
-		char *function_name_strval;
+		char *function_name_strval = NULL;
 		int function_name_strlen = 0;
 
 
@@ -16525,7 +16525,7 @@ static int ZEND_FASTCALL  ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_CV_HANDLER(ZEND_
  			}
 		}
 
-		if (function_name_strlen) {
+		if (function_name_strval) {
 			if (ce->get_static_method) {
 				EX(fbc) = ce->get_static_method(ce, function_name_strval, function_name_strlen TSRMLS_CC);
 			} else {
-- 
2.40.0