Fix GH-16358: Segmentation fault (access null pointer) in Zend/zend_operators.c:2495

dstogov · dstogov · commit b9a64c5e344e · 2024-10-15T15:37:30.000+03:00
diff --git a/ext/opcache/jit/zend_jit_ir.c b/ext/opcache/jit/zend_jit_ir.c
@@ -9108,6 +9108,7 @@ static int zend_jit_init_static_method_call(zend_jit_ctx         *jit,
 			if (fn->common.scope == op_array->scope
 			 || (fn->common.fn_flags & ZEND_ACC_PUBLIC)
 			 || ((fn->common.fn_flags & ZEND_ACC_PROTECTED)
+			  && op_array->scope
 			  && instanceof_function_slow(op_array->scope, fn->common.scope))) {
 				func = fn;
 			}
@@ -15823,6 +15824,7 @@ static int zend_jit_fetch_static_prop(zend_jit_ctx *jit, const zend_op *opline,
 				if (prop_info->ce == op_array->scope
 				 || (prop_info->flags & ZEND_ACC_PUBLIC)
 				 || ((prop_info->flags & ZEND_ACC_PROTECTED)
+				  && op_array->scope
 				  && instanceof_function_slow(op_array->scope, prop_info->ce))) {
 					known_prop_info = prop_info;
 				}
diff --git a/ext/opcache/tests/jit/gh16358.phpt b/ext/opcache/tests/jit/gh16358.phpt
@@ -0,0 +1,20 @@
+--TEST--
+GH-16358 (Segmentation fault (access null pointer) in Zend/zend_operators.c:2495)
+--EXTENSIONS--
+opcache
+--INI--
+opcache.jit=1214
+opcache.jit_buffer_size=64M
+--FILE--
+<?php
+class test_class {
+static protected function test_func4() {
+}
+}
+if (is_callable(array('test_class','test_func4'))) {
+test_class::test_func4();
+}
+?>
+OK
+--EXPECT--
+OK
