mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 02:15:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed #75220 - Segfault when calling is_callable on parent

Browse Source
This commit is contained in:
Nester 2017-09-18 08:19:47 +00:00 committed by Joe Watkins
parent 3752d18ffe
commit a680d701ce
No known key found for this signature in database
GPG Key ID: F9BA0ADA31CBD89E
3 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -8,6 +8,8 @@ PHP NEWS
. Fixed bug #75236 (infinite loop when printing an error-message). (Andrea)
. Fixed bug #75252 (Incorrect token formatting on two parse errors in one
request). (Nikita)
. Fixed bug #75220 (Segfault when calling is_callable on parent).
(andrewnester)
- SPL:
. Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).

9
Zend/zend_API.c
View File

@ -3067,7 +3067,8 @@ get_function_via_handler:
(!fcc->function_handler->common.scope ||
!instanceof_function(ce_org, fcc->function_handler->common.scope))) {
if (fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) {
if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION) {
if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION &&
fcc->function_handler->common.function_name) {
zend_string_release(fcc->function_handler->common.function_name);
}
zend_free_trampoline(fcc->function_handler);
@ -3237,7 +3238,8 @@ again:
((fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) ||
fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION_TEMPORARY ||
fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION)) {
if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION) {
if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION &&
fcc->function_handler->common.function_name) {
zend_string_release(fcc->function_handler->common.function_name);
}
zend_free_trampoline(fcc->function_handler);
@ -3324,7 +3326,8 @@ again:
((fcc->function_handler->common.fn_flags & ZEND_ACC_CALL_VIA_TRAMPOLINE) ||
fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION_TEMPORARY ||
fcc->function_handler->type == ZEND_OVERLOADED_FUNCTION)) {
if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION) {
if (fcc->function_handler->type != ZEND_OVERLOADED_FUNCTION &&
fcc->function_handler->common.function_name) {
zend_string_release(fcc->function_handler->common.function_name);
}
zend_free_trampoline(fcc->function_handler);

28
ext/standard/tests/bug75220.phpt Normal file
View File

@ -0,0 +1,28 @@
--TEST--
Bug #75220 (is_callable crash for 'parent')
--FILE--
<?php
$a = new A();
$a->bar('foo');
class B {};
class A extends B
{
function bar($func)
{
var_dump('foo');
var_dump(is_callable('parent::foo'));
var_dump(is_callable(array('parent', 'foo')));
}
function __call($func, $args)
{
}
};
?>
--EXPECT--
string(3) "foo"
bool(false)
bool(false)