Fixed bug #70912 (Null ptr dereference instantiating class with invalid array property)

2 files changed, 15 insertions, 2 deletions

diff --git a/Zend/tests/bug70912.phpt b/Zend/tests/bug70912.phpt
new file mode 100644
index 0000000000..3d6d4303a6
--- /dev/null
+++ b/Zend/tests/bug70912.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #70912 (Null ptr dereference when class property is initialised to a dereferenced value)
+--FILE--
+<?php
+class A {
+	public $a=[][];
+}
+?>
+--EXPECTF--
+Fatal error: Cannot use [] for reading in %sbug70912.php on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index c3e9384556..bc6b83c1b9 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -7381,12 +7381,15 @@ void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
 		case ZEND_AST_DIM:
 		{
 			/* constant expression should be always read context ... */
-
 			zval *container, *dim;
 
+			if (ast->child[1] == NULL) {
+				zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");
+			}
+
 			zend_eval_const_expr(&ast->child[0]);
 			zend_eval_const_expr(&ast->child[1]);
-			if (!ast->child[0] || !ast->child[1] || ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
+			if (ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
 				return;
 			}