[prev in list] [next in list] [prev in thread] [next in thread]
List: php-cvs
Subject: [PHP-CVS] [php-src] master: Merge branch 'PHP-8.2'
From: Ilija Tovilo <noreply () php ! net>
Date: 2023-06-28 18:51:13
Message-ID: Bsx95HjaFEIJ6pBSDZwu1fAcMhNhAo3X3p0Pb6NDSTk () main ! php ! net
[Download RAW message or body]
Author: Ilija Tovilo (iluuu1994)
Date: 2023-06-28T20:37:25+02:00
Commit: https://github.com/php/php-src/commit/a94216dcb78663c4eaee03810de110fb11227edb
Raw diff: https://github.com/php/php-src/commit/a94216dcb78663c4eaee03810de110fb11227edb.diff
Merge branch 'PHP-8.2'
* PHP-8.2:
Fix mis-compilation of by-reference nullsafe operator
Changed paths:
A Zend/tests/oss_fuzz_60011_1.phpt
A Zend/tests/oss_fuzz_60011_2.phpt
M NEWS
M Zend/zend_compile.c
Diff:
diff --git a/NEWS b/NEWS
index a14b29d1b636..cd0bc930df11 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP NEWS
- Core:
. Fixed bug GH-11507 (String concatenation performance regression in 8.3).
(nielsdos)
+ . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
+ (ilutov)
- DOM:
. Fixed bug GH-11500 (Namespace reuse in createElementNS() generates wrong
diff --git a/Zend/tests/oss_fuzz_60011_1.phpt b/Zend/tests/oss_fuzz_60011_1.phpt
new file mode 100644
index 000000000000..cb55b32a5bc5
--- /dev/null
+++ b/Zend/tests/oss_fuzz_60011_1.phpt
@@ -0,0 +1,8 @@
+--TEST--
+oss-fuzz #60011 (Incorrect order of instruction with nullsafe operator)
+--FILE--
+<?php
+[&$y]=$y->y?->y;
+?>
+--EXPECTF--
+Fatal error: Cannot take reference of a nullsafe chain in %s on line %d
diff --git a/Zend/tests/oss_fuzz_60011_2.phpt b/Zend/tests/oss_fuzz_60011_2.phpt
new file mode 100644
index 000000000000..8c6880e358e0
--- /dev/null
+++ b/Zend/tests/oss_fuzz_60011_2.phpt
@@ -0,0 +1,8 @@
+--TEST--
+oss-fuzz #60011 (Incorrect order of instruction with nullsafe operator)
+--FILE--
+<?php
+[&$y]=$y?->y->y;
+?>
+--EXPECTF--
+Fatal error: Cannot take reference of a nullsafe chain in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 21fc22e73140..ced2b5ec91aa 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -3372,6 +3372,9 @@ static void zend_compile_assign(znode *result, zend_ast *ast) /* {{{ */
if (!zend_is_variable_or_call(expr_ast)) {
zend_error_noreturn(E_COMPILE_ERROR,
"Cannot assign reference to non referenceable value");
+ } else if (zend_ast_is_short_circuited(expr_ast)) {
+ zend_error_noreturn(E_COMPILE_ERROR,
+ "Cannot take reference of a nullsafe chain");
}
zend_compile_var(&expr_node, expr_ast, BP_VAR_W, 1);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic