Do not allow using traits/interfaces/abstract classes as stream wrappers

Fixes https://bugs.php.net/bug.php?id=74951

2 files changed, 17 insertions, 0 deletions

diff --git a/ext/standard/tests/streams/bug74951.phpt b/ext/standard/tests/streams/bug74951.phpt
new file mode 100644
index 0000000000..82788b09e6
--- /dev/null
+++ b/ext/standard/tests/streams/bug74951.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug#74951 Null pointer dereference in user streams
+--FILE--
+<?php
+trait Stream00ploiter{
+  public function s() {}
+  public function n($_) {}
+}
+stream_wrapper_register('e0ploit','Stream00ploiter');
+$s=fopen('e0ploit://',0);
+--EXPECTF--
+Warning: fopen(e0ploit://): failed to open stream: operation failed in %s/bug74951.php on line 7
diff --git a/main/streams/userspace.c b/main/streams/userspace.c
index 94d32abd11..e2cccf32d6 100644
--- a/main/streams/userspace.c
+++ b/main/streams/userspace.c
@@ -283,6 +283,11 @@ typedef struct _php_userstream_data php_userstream_data_t;
 
 static void user_stream_create_object(struct php_user_stream_wrapper *uwrap, php_stream_context *context, zval *object)
 {
+	if (uwrap->ce->ce_flags & (ZEND_ACC_INTERFACE|ZEND_ACC_TRAIT|ZEND_ACC_IMPLICIT_ABSTRACT_CLASS|ZEND_ACC_EXPLICIT_ABSTRACT_CLASS)) {
+		ZVAL_UNDEF(object);
+		return;
+	}
+
 	/* create an instance of our class */
 	object_init_ex(object, uwrap->ce);