From e430f29cf02a549c0602a60f13ed0481396d3947 Mon Sep 17 00:00:00 2001
From: Reeze Xia <reeze@php.net>
Date: Fri, 13 Nov 2015 20:48:21 +0800
Subject: [PATCH] Fixed bug #70912 (Null ptr dereference instantiating class
 with invalid array property)

The previous related fix is 2a1a8f9ea75d4c8c9c47c2a391113764b9d0639b bug #70183
This check has to be done in compile time or it will be delayed to runtime and lead crash.

And ast->child[0] couldn't be null, so there is no need to check it.
---
 Zend/tests/bug70912.phpt | 10 ++++++++++
 Zend/zend_compile.c      |  7 ++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 Zend/tests/bug70912.phpt

diff --git a/Zend/tests/bug70912.phpt b/Zend/tests/bug70912.phpt
new file mode 100644
index 0000000000000..b3f2937a40a95
--- /dev/null
+++ b/Zend/tests/bug70912.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #70912 Null ptr dereference instantiating class with invalid array property
+--FILE--
+<?php
+new class {
+    public $a = [][];
+};
+?>
+--EXPECTF--
+Fatal error: Cannot use [] for reading in %s on line %d
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
index 7044b6b94587f..594b82a9cce1e 100644
--- a/Zend/zend_compile.c
+++ b/Zend/zend_compile.c
@@ -7386,7 +7386,12 @@ void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */
 
 			zend_eval_const_expr(&ast->child[0]);
 			zend_eval_const_expr(&ast->child[1]);
-			if (!ast->child[0] || !ast->child[1] || ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
+
+			if (!ast->child[1]) {
+				zend_error_noreturn(E_COMPILE_ERROR, "Cannot use [] for reading");
+			}
+
+			if (ast->child[0]->kind != ZEND_AST_ZVAL || ast->child[1]->kind != ZEND_AST_ZVAL) {
 				return;
 			}