diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | Zend/tests/bug60611.phpt | 28 | ||||
| -rw-r--r-- | Zend/zend_compile.c | 11 |
3 files changed, 39 insertions, 3 deletions
@@ -1,6 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Jan 2012, PHP 5.4.0 RC5 +- Core: + . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence) + - CLI SAPI: . Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence) diff --git a/Zend/tests/bug60611.phpt b/Zend/tests/bug60611.phpt new file mode 100644 index 0000000000..bbfb385ff2 --- /dev/null +++ b/Zend/tests/bug60611.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #60611 (Segmentation fault with Cls::{expr}() syntax) +--FILE-- +<?php +class Cls { + function __call($name, $arg) { + } + static function __callStatic($name, $arg) { + } +} + +Cls::{0}(); +Cls::{1.0}(); +Cls::{true}(); +Cls::{false}(); +Cls::{null}(); + +$cls = new Cls; +$cls->{0}(); +$cls->{1.0}(); +$cls->{true}(); +$cls->{false}(); +$cls->{null}(); + +echo "done"; +?> +--EXPECT-- +done diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index cfd1ce8315..4a7bd8405e 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -1973,9 +1973,10 @@ void zend_do_begin_method_call(znode *left_bracket TSRMLS_DC) /* {{{ */ if (last_op->opcode == ZEND_FETCH_OBJ_R) { if (last_op->op2_type == IS_CONST) { zval name; - name = CONSTANT(last_op->op2.constant); - if (!IS_INTERNED(Z_STRVAL(name))) { + if (Z_TYPE(name) != IS_STRING) { + convert_to_string(&name); + } else if (!IS_INTERNED(Z_STRVAL(name))) { Z_STRVAL(name) = estrndup(Z_STRVAL(name), Z_STRLEN(name)); } FREE_POLYMORPHIC_CACHE_SLOT(last_op->op2.constant); @@ -2367,7 +2368,11 @@ int zend_do_begin_class_member_function_call(znode *class_name, znode *method_na zend_op *opline; if (method_name->op_type == IS_CONST) { - char *lcname = zend_str_tolower_dup(Z_STRVAL(method_name->u.constant), Z_STRLEN(method_name->u.constant)); + char *lcname; + if (Z_TYPE(method_name->u.constant) != IS_STRING) { + convert_to_string(&method_name->u.constant); + } + lcname = zend_str_tolower_dup(Z_STRVAL(method_name->u.constant), Z_STRLEN(method_name->u.constant)); if ((sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) == Z_STRLEN(method_name->u.constant) && memcmp(lcname, ZEND_CONSTRUCTOR_FUNC_NAME, sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) == 0) { zval_dtor(&method_name->u.constant); |