Patch ChangeDisableClassHandler.patch for Reproducible crash Bug #62737

Patch version 2012-08-03 16:21 UTC

Obsoleted by patches:

• bug62737.patch, revision 2012-08-04 15:13 UTC

Obsolete patches:

• ChangeDisableClassHandler.patch, revision 2012-08-03 15:02 UTC

• 2012-08-03 16:21 UTC [diff to current]
• 2012-08-03 15:02 UTC [diff to current]

Developer: laruence@php.net

diff --git a/Zend/zend_API.c b/Zend/zend_API.c
index 6d2ccd2..59e35ac 100644
--- a/Zend/zend_API.c
+++ b/Zend/zend_API.c
@@ -2342,16 +2342,16 @@ static const zend_function_entry disabled_class_new[] = {
 
 ZEND_API int zend_disable_class(char *class_name, uint class_name_length TSRMLS_DC) /* {{{ */
 {
-	zend_class_entry disabled_class;
+	zend_class_entry **disabled_class;
 
 	zend_str_tolower(class_name, class_name_length);
-	if (zend_hash_del(CG(class_table), class_name, class_name_length+1)==FAILURE) {
+	if (zend_hash_find(CG(class_table), class_name, class_name_length+1, (void **)&disabled_class)==FAILURE) {
 		return FAILURE;
 	}
-	INIT_OVERLOADED_CLASS_ENTRY_EX(disabled_class, class_name, class_name_length, disabled_class_new, NULL, NULL, NULL, NULL, NULL);
-	disabled_class.create_object = display_disabled_class;
-	disabled_class.name_length = class_name_length;
-	zend_register_internal_class(&disabled_class TSRMLS_CC);
+    INIT_CLASS_ENTRY_INIT_METHODS((**disabled_class), disabled_class_new, NULL, NULL, NULL, NULL, NULL);
+	(*disabled_class)->create_object = display_disabled_class;
+    (*disabled_class)->builtin_functions = disabled_class_new;
+    zend_hash_clean(&((*disabled_class)->function_table));
 	return SUCCESS;
 }
 /* }}} */
@@ -2425,7 +2425,6 @@ static int zend_is_callable_check_class(const char *name, int name_len, zend_fca
 }
 /* }}} */
 
-
 static int zend_is_callable_check_func(int check_flags, zval *callable, zend_fcall_info_cache *fcc, int strict_class, char **error TSRMLS_DC) /* {{{ */
 {
 	zend_class_entry *ce_org = fcc->calling_scope;
diff --git a/Zend/zend_API.h b/Zend/zend_API.h
index 0a2a595..00503db 100644
--- a/Zend/zend_API.h
+++ b/Zend/zend_API.h
@@ -170,6 +170,10 @@ typedef struct _zend_fcall_info_cache {
 		int _len = class_name_len;								\
 		class_container.name = zend_strndup(class_name, _len);	\
 		class_container.name_length = _len;						\
+        INIT_CLASS_ENTRY_INIT_METHODS(class_container, functions, handle_fcall, handle_propget, handle_propset, handle_propunset, handle_propisset) \
+	}
+
+#define INIT_CLASS_ENTRY_INIT_METHODS(class_container, functions, handle_fcall, handle_propget, handle_propset, handle_propunset, handle_propisset) \
 		class_container.builtin_functions = functions;			\
 		class_container.constructor = NULL;						\
 		class_container.destructor = NULL;						\
@@ -195,8 +199,7 @@ typedef struct _zend_fcall_info_cache {
 		class_container.interfaces = NULL;						\
 		class_container.get_iterator = NULL;					\
 		class_container.iterator_funcs.funcs = NULL;			\
-		class_container.module = NULL;							\
-	}
+		class_container.module = NULL;
 
 #define INIT_OVERLOADED_CLASS_ENTRY(class_container, class_name, functions, handle_fcall, handle_propget, handle_propset) \
 	INIT_OVERLOADED_CLASS_ENTRY_EX(class_container, class_name, sizeof(class_name)-1, functions, handle_fcall, handle_propget, handle_propset, NULL, NULL)
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index 4f8edb5..17acc1e 100755
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -516,7 +516,7 @@ static spl_filesystem_object * spl_filesystem_object_create_type(int ht, spl_fil
 	
 		spl_filesystem_object_get_file_name(source TSRMLS_CC);
 
-		if (ce->constructor->common.scope != spl_ce_SplFileObject) {
+		if (ce->constructor && (ce->constructor->common.scope != spl_ce_SplFileObject)) {
 			MAKE_STD_ZVAL(arg1);
 			MAKE_STD_ZVAL(arg2);
 			ZVAL_STRINGL(arg1, source->file_name, source->file_name_len, 1);