[packages/php/PHP_7_1] - rel 2; fixes segfault introduced in 7.1.12 - https://bugs.php.net/bug.php?id=75573

arekm arekm at pld-linux.org
Wed Dec 6 10:43:37 CET 2017 

commit ee7700513889d8aa5da73b79591ce08d2e676332
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Wed Dec 6 10:43:27 2017 +0100

    - rel 2; fixes segfault introduced in 7.1.12 - https://bugs.php.net/bug.php?id=75573

 php-bug-75573.patch | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 php.spec            |  4 ++-
 2 files changed, 101 insertions(+), 1 deletion(-)
---
diff --git a/php.spec b/php.spec
index d2f2bbd..3991601 100644
--- a/php.spec
+++ b/php.spec
@@ -150,7 +150,7 @@ Summary(ru.UTF-8):	PHP Версии 7 - язык препроцессирова
 Summary(uk.UTF-8):	PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
 Version:	7.1.12
-Release:	1
+Release:	2
 Epoch:		4
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
@@ -216,6 +216,7 @@ Patch68:	php-mysql-ssl-context.patch
 Patch70:	mysqlnd-ssl.patch
 Patch71:	libdb-info.patch
 Patch72:	phar-hash-shared.patch
+Patch73:	php-bug-75573.patch
 URL:		http://php.net/
 %{?with_interbase:%{!?with_interbase_inst:BuildRequires:	Firebird-devel >= 1.0.2.908-2}}
 %{?with_pspell:BuildRequires:	aspell-devel >= 2:0.50.0}
@@ -2023,6 +2024,7 @@ cp -p php.ini-production php.ini
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
+%patch73 -p1
 
 %{__sed} -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
 
diff --git a/php-bug-75573.patch b/php-bug-75573.patch
new file mode 100644
index 0000000..0a6aae7
--- /dev/null
+++ b/php-bug-75573.patch
@@ -0,0 +1,98 @@
+commit 3b9ba7b6bd9e24bdbeca8e8e3f24cee2fccc51d8
+Author: Xinchen Hui <laruence at gmail.com>
+Date:   Wed Nov 29 14:46:21 2017 +0800
+
+    Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
+
+diff --git a/Zend/tests/bug75573.phpt b/Zend/tests/bug75573.phpt
+new file mode 100644
+index 0000000000..476ff6e6cf
+--- /dev/null
++++ b/Zend/tests/bug75573.phpt
+@@ -0,0 +1,64 @@
++--TEST--
++Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
++--FILE--
++<?php
++
++class A
++{
++	var $_stdObject;
++	function initialize($properties = FALSE) {
++		$this->_stdObject = $properties ? (object) $properties : new stdClass();
++		parent::initialize();
++	}
++	function &__get($property)
++	{
++		if (isset($this->_stdObject->{$property})) {
++			$retval =& $this->_stdObject->{$property};
++			return $retval;
++		} else {
++			return NULL;
++		}
++	}
++	function &__set($property, $value)
++	{
++		return $this->_stdObject->{$property} = $value;
++	}
++	function __isset($property_name)
++	{
++		return isset($this->_stdObject->{$property_name});
++	}
++}
++
++class B extends A
++{
++	function initialize($properties = array())
++	{
++		parent::initialize($properties);
++	}
++	function &__get($property)
++	{
++		if (isset($this->settings) && isset($this->settings[$property])) {
++			$retval =& $this->settings[$property];
++			return $retval;
++		} else {
++			return parent::__get($property);
++		}
++	}
++}
++
++$b = new B();
++$b->settings = [ "foo" => "bar", "name" => "abc" ];
++var_dump($b->name);
++var_dump($b->settings);
++?>
++--EXPECTF--
++Warning: Creating default object from empty value in %sbug75573.php on line %d
++
++Notice: Only variable references should be returned by reference in %sbug75573.php on line %d
++string(3) "abc"
++array(2) {
++  ["foo"]=>
++  string(3) "bar"
++  ["name"]=>
++  string(3) "abc"
++}
+diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
+index 10045b53f1..d9ebd842eb 100644
+--- a/Zend/zend_object_handlers.c
++++ b/Zend/zend_object_handlers.c
+@@ -668,13 +668,11 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_
+ 			}
+ 			zval_ptr_dtor(&tmp_object);
+ 			goto exit;
+-		} else {
++		} else if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
+ 			zval_ptr_dtor(&tmp_object);
+-			if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
+-				zend_throw_error(NULL, "Cannot access property started with '\\0'");
+-				retval = &EG(uninitialized_zval);
+-				goto exit;
+-			}
++			zend_throw_error(NULL, "Cannot access property started with '\\0'");
++			retval = &EG(uninitialized_zval);
++			goto exit;
+ 		}
+ 	}
+ 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/ee7700513889d8aa5da73b79591ce08d2e676332

More information about the pld-cvs-commit mailing list