From ef68cd324923d81565debef8939b015a3f4b8a6f Mon Sep 17 00:00:00 2001 From: ekinhbayar Date: Mon, 28 Jan 2019 09:46:29 +0300 Subject: [PATCH] Fixed bug #77530: PHP crashes when parsing "(2)::class" --- NEWS | 1 + Zend/tests/bug77530.phpt | 10 ++++++++++ Zend/zend_compile.c | 9 ++++++++- 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 Zend/tests/bug77530.phpt diff --git a/NEWS b/NEWS index 3485917350..56e451b119 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,7 @@ PHP NEWS . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry) . Fixed bug #77494 (Disabling class causes segfault on member access). (Dmitry) + . Fixed bug #77530 (PHP crashes when parsing `(2)::class`). (Ekin) - Curl: . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães) diff --git a/Zend/tests/bug77530.phpt b/Zend/tests/bug77530.phpt new file mode 100644 index 0000000000..fdb2bac78b --- /dev/null +++ b/Zend/tests/bug77530.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #77530: PHP crashes when parsing '(2)::class' +--FILE-- + +--EXPECTF-- +Fatal error: Illegal class name in %s on line %d diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 28336130cc..46ca21a436 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -1494,6 +1494,7 @@ static void zend_ensure_valid_class_fetch_type(uint32_t fetch_type) /* {{{ */ static zend_bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_ast *class_ast, zend_ast *name_ast, zend_bool constant) /* {{{ */ { uint32_t fetch_type; + zval *class_name; if (name_ast->kind != ZEND_AST_ZVAL) { return 0; @@ -1508,7 +1509,13 @@ static zend_bool zend_try_compile_const_expr_resolve_class_name(zval *zv, zend_a "Dynamic class names are not allowed in compile-time ::class fetch"); } - fetch_type = zend_get_class_fetch_type(zend_ast_get_str(class_ast)); + class_name = zend_ast_get_zval(class_ast); + + if (Z_TYPE_P(class_name) != IS_STRING) { + zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name"); + } + + fetch_type = zend_get_class_fetch_type(Z_STR_P(class_name)); zend_ensure_valid_class_fetch_type(fetch_type); switch (fetch_type) { -- 2.40.0