php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70685 Segfault for getClosure() internal method rebind with invalid $this
Submitted: 2015-10-10 12:43 UTC Modified: -
From: nikic@php.net Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 5.6.14 OS:
Private report: No CVE-ID:
 [2015-10-10 12:43 UTC] nikic@php.net
Description:
------------
So zend_create_closure correctly detects that this is wrong ... and then just goes on to bind NULL for $this, which is a lot worse.

This has been fixed for PHP 7.0 as a side-effect of https://github.com/php/php-src/commit/4b821f0fc6aade0eb9793a8b4fa3cd28b347ac2f, but needs to be fixed for PHP 5.6 as well.

Test script:
---------------
<?php
class cls {}
$c = (new ReflectionMethod('SplStack', 'count'))->getClosure(new SplStack);
$c = $c->bindTo(new cls);
$c();


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-10 13:02 UTC] nikic@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d01fc9a326fe530df4e067db1df9ec451f4411
Log: Fixed bug #70685
 [2015-10-10 13:02 UTC] nikic@php.net
-Status: Open +Status: Closed
 [2015-10-13 10:12 UTC] ab@php.net
Automatic comment on behalf of nikic
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d7d01fc9a326fe530df4e067db1df9ec451f4411
Log: Fixed bug #70685
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC