Skip to content

Commit 6a9d934

Browse files
nikicnikic
committed
Fixed bug #79779
ASSIGN_OBJ_REF was not handling in zend_wrong_string_offset.
1 parent d9b4974 commit 6a9d934

File tree

3 files changed

+26
-15
lines changed

3 files changed

+26
-15
lines changed

NEWS

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ PHP NEWS
1515
. Fixed bug #79783 (Segfault in php_str_replace_common). (Nikita)
1616
. Fixed bug #79778 (Assertion failure if dumping closure with unresolved
1717
static variable). (Nikita)
18+
. Fixed bug #79779 (Assertion failure when assigning property of string
19+
offset by reference). (Nikita)
1820

1921
- Fileinfo:
2022
. Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb)

Zend/tests/bug79779.phpt

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
--TEST--
2+
Bug #79779: Assertion failure when assigning property of string offset by reference
3+
--FILE--
4+
<?php
5+
$str = "";
6+
$str[1]->a = &$b;
7+
?>
8+
--EXPECTF--
9+
Fatal error: Uncaught Error: Cannot use string offset as an object in %s:%d
10+
Stack trace:
11+
#0 {main}
12+
thrown in %s on line %d

Zend/zend_execute.c

Lines changed: 12 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1446,9 +1446,21 @@ static zend_never_inline ZEND_COLD void zend_wrong_string_offset(EXECUTE_DATA_D)
14461446
while (opline < end) {
14471447
if (opline->op1_type == IS_VAR && opline->op1.var == var) {
14481448
switch (opline->opcode) {
1449+
case ZEND_FETCH_OBJ_W:
1450+
case ZEND_FETCH_OBJ_RW:
1451+
case ZEND_FETCH_OBJ_FUNC_ARG:
1452+
case ZEND_FETCH_OBJ_UNSET:
1453+
case ZEND_ASSIGN_OBJ:
14491454
case ZEND_ASSIGN_OBJ_OP:
1455+
case ZEND_ASSIGN_OBJ_REF:
14501456
msg = "Cannot use string offset as an object";
14511457
break;
1458+
case ZEND_FETCH_DIM_W:
1459+
case ZEND_FETCH_DIM_RW:
1460+
case ZEND_FETCH_DIM_FUNC_ARG:
1461+
case ZEND_FETCH_DIM_UNSET:
1462+
case ZEND_FETCH_LIST_W:
1463+
case ZEND_ASSIGN_DIM:
14521464
case ZEND_ASSIGN_DIM_OP:
14531465
msg = "Cannot use string offset as an array";
14541466
break;
@@ -1466,21 +1478,6 @@ static zend_never_inline ZEND_COLD void zend_wrong_string_offset(EXECUTE_DATA_D)
14661478
case ZEND_POST_DEC:
14671479
msg = "Cannot increment/decrement string offsets";
14681480
break;
1469-
case ZEND_FETCH_DIM_W:
1470-
case ZEND_FETCH_DIM_RW:
1471-
case ZEND_FETCH_DIM_FUNC_ARG:
1472-
case ZEND_FETCH_DIM_UNSET:
1473-
case ZEND_FETCH_LIST_W:
1474-
case ZEND_ASSIGN_DIM:
1475-
msg = "Cannot use string offset as an array";
1476-
break;
1477-
case ZEND_FETCH_OBJ_W:
1478-
case ZEND_FETCH_OBJ_RW:
1479-
case ZEND_FETCH_OBJ_FUNC_ARG:
1480-
case ZEND_FETCH_OBJ_UNSET:
1481-
case ZEND_ASSIGN_OBJ:
1482-
msg = "Cannot use string offset as an object";
1483-
break;
14841481
case ZEND_ASSIGN_REF:
14851482
case ZEND_ADD_ARRAY_ELEMENT:
14861483
case ZEND_INIT_ARRAY:

0 commit comments

Comments
 (0)