Fix segfault with __COMPILER_HALT_OFFSET__ and trailing {}

nikic · nikic · commit a5d3620d937f · 2019-10-02T12:07:15.000+02:00
Fixes OSS-Fuzz #17895.
diff --git a/Zend/tests/halt_compiler5.phpt b/Zend/tests/halt_compiler5.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Using __COMPILER_HALF_OFFSET__ with trailing {} (OSS-Fuzz #17895)
+--FILE--
+<?php
+__COMPILER_HALT_OFFSET__;
+{}
+--EXPECTF--
+Warning: Use of undefined constant __COMPILER_HALT_OFFSET__ - assumed '__COMPILER_HALT_OFFSET__' (this will throw an Error in a future version of PHP) in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
@@ -7676,6 +7676,9 @@ void zend_compile_const(znode *result, zend_ast *ast) /* {{{ */
 
 		while (last && last->kind == ZEND_AST_STMT_LIST) {
 			zend_ast_list *list = zend_ast_get_list(last);
+			if (list->children == 0) {
+				break;
+			}
 			last = list->child[list->children-1];
 		}
 		if (last && last->kind == ZEND_AST_HALT_COMPILER) {

Original file line number	Diff line number	Diff line change
`@@ -7676,6 +7676,9 @@ void zend_compile_const(znode result, zend_ast ast) /* {{{ */`
`7676`	`7676`
`7677`	`7677`	`while (last && last->kind == ZEND_AST_STMT_LIST) {`
`7678`	`7678`	`zend_ast_list *list = zend_ast_get_list(last);`
	`7679`	`+ if (list->children == 0) {`
	`7680`	`+ break;`
	`7681`	`+ }`
`7679`	`7682`	`last = list->child[list->children-1];`
`7680`	`7683`	`}`
`7681`	`7684`	`if (last && last->kind == ZEND_AST_HALT_COMPILER) {`