Fixed bug #69805 (null ptr deref and seg fault in zend_resolve_class_name)

Author: laruence

NEWS

@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 25 Jun 2015, PHP 7.0.0 Alpha 2
 
 - Core:
+  . Fixed bug #69805 (null ptr deref and seg fault in zend_resolve_class_name).
+    (Laruence)
   . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
     fault). (Christoph M. Becker)
   . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows

Zend/tests/bug69805.phpt

@@ -0,0 +1,8 @@
+--TEST--
+Bug #69805 (null ptr deref and seg fault in zend_resolve_class_name)
+--FILE--
+<?php
+class p{public function c(){(0)::t;}}?>
+?>
+--EXPECTF--
+Fatal error: Illegal class name in %sbug69805.php on line %d

Zend/zend_compile.c

@@ -855,8 +855,11 @@ zend_string *zend_resolve_class_name(zend_string *name, uint32_t type) /* {{{ */
 
 zend_string *zend_resolve_class_name_ast(zend_ast *ast) /* {{{ */
 {
-	zend_string *name = zend_ast_get_str(ast);
-	return zend_resolve_class_name(name, ast->attr);
+	zval *class_name = zend_ast_get_zval(ast);
+	if (Z_TYPE_P(class_name) != IS_STRING) {
+		zend_error_noreturn(E_COMPILE_ERROR, "Illegal class name");
+	}
+	return zend_resolve_class_name(Z_STR_P(class_name), ast->attr);
 }
 /* }}} */