Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start)

3 files changed, 14 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index dc7417650f..89aa2c0ec8 100644
--- a/NEWS
+++ b/NEWS
@@ -29,6 +29,10 @@ PHP                                                                        NEWS
 - PCRE:
   . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
     match). (cmb)
+
+- SPL:
+  . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
+    ob_start). (hugh at allthethings dot co dot nz)
   
 - Standard:
   . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
diff --git a/ext/spl/php_spl.c b/ext/spl/php_spl.c
index 6b886b7ef3..3424b90aea 100644
--- a/ext/spl/php_spl.c
+++ b/ext/spl/php_spl.c
@@ -358,7 +358,7 @@ PHP_FUNCTION(spl_autoload)
 		 * The "scope" is determined by an opcode, if it is ZEND_FETCH_CLASS we know function was called indirectly by
 		 * the Zend engine.
 		 */
-		if (active_opline->opcode != ZEND_FETCH_CLASS) {
+		if (EG(opline_ptr) && active_opline->opcode != ZEND_FETCH_CLASS) {
 			zend_throw_exception_ex(spl_ce_LogicException, 0 TSRMLS_CC, "Class %s could not be loaded", class_name);
 		} else {
 			php_error_docref(NULL TSRMLS_CC, E_ERROR, "Class %s could not be loaded", class_name);
diff --git a/ext/spl/tests/bug70290.phpt b/ext/spl/tests/bug70290.phpt
new file mode 100644
index 0000000000..0fd83c2d75
--- /dev/null
+++ b/ext/spl/tests/bug70290.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start)
+--INI--
+display_errors=2
+--FILE--
+<?php ob_start("spl_autoload"); ?> 1
+--EXPECT--
+Fatal error: Unknown: Class  1
+ could not be loaded in Unknown on line 0