'[PHP-CVS] [php-src] PHP-8.2: Merge branch 'PHP-8.1' into PHP-8.2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-cvs
Subject:    [PHP-CVS] [php-src] PHP-8.2: Merge branch 'PHP-8.1' into PHP-8.2
From:       Ilija Tovilo <noreply () php ! net>
Date:       2023-06-28 18:51:08
Message-ID: nxMGHhrxSyFP1eOC6owjXXvN7fQKQLZdUjqZ1ZwX57s () main ! php ! net
[Download RAW message or body]

Author: Ilija Tovilo (iluuu1994)
Date: 2023-06-28T20:36:30+02:00

Commit: https://github.com/php/php-src/commit/54dfa86728eefb4a8ace617a365e0058b4ffff67
Raw diff: https://github.com/php/php-src/commit/54dfa86728eefb4a8ace617a365e0058b4ffff67.diff

Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Fix mis-compilation of by-reference nullsafe operator

Changed paths:
  A  Zend/tests/oss_fuzz_60011_1.phpt
  A  Zend/tests/oss_fuzz_60011_2.phpt
  M  NEWS
  M  Zend/zend_compile.c


Diff:

diff --git a/NEWS b/NEWS
index 87b984a3ac96..d4f80d74e57f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,10 @@ PHP                                                                        NEWS
 - CLI:
   . Fix interrupted CLI output causing the process to exit. (nielsdos)
 
+- Core:
+  . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
+    (ilutov)
+
 - Date:
   . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
 
diff --git a/Zend/tests/oss_fuzz_60011_1.phpt b/Zend/tests/oss_fuzz_60011_1.phpt
new file mode 100644
index 000000000000..cb55b32a5bc5
--- /dev/null
+++ b/Zend/tests/oss_fuzz_60011_1.phpt
@@ -0,0 +1,8 @@
+--TEST--
+oss-fuzz #60011 (Incorrect order of instruction with nullsafe operator)
+--FILE--
+<?php
+[&$y]=$y->y?->y;
+?>
+--EXPECTF--
+Fatal error: Cannot take reference of a nullsafe chain in %s on line %d
diff --git a/Zend/tests/oss_fuzz_60011_2.phpt b/Zend/tests/oss_fuzz_60011_2.phpt
new file mode 100644
index 000000000000..8c6880e358e0
--- /dev/null
+++ b/Zend/tests/oss_fuzz_60011_2.phpt
@@ -0,0 +1,8 @@
+--TEST--
+oss-fuzz #60011 (Incorrect order of instruction with nullsafe operator)
+--FILE--
+<?php
+[&$y]=$y?->y->y;
+?>
+--EXPECTF--
+Fatal error: Cannot take reference of a nullsafe chain in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 53fb5c7f4f7f..ba203cbe2e2d 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -3264,6 +3264,9 @@ static void zend_compile_assign(znode *result, zend_ast *ast) /* {{{ */
 				if (!zend_is_variable_or_call(expr_ast)) {
 					zend_error_noreturn(E_COMPILE_ERROR,
 						"Cannot assign reference to non referenceable value");
+				} else if (zend_ast_is_short_circuited(expr_ast)) {
+					zend_error_noreturn(E_COMPILE_ERROR,
+						"Cannot take reference of a nullsafe chain");
 				}
 
 				zend_compile_var(&expr_node, expr_ast, BP_VAR_W, 1);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic