diff --git a/NEWS b/NEWS index 43f4ec3770d..0846843e6a4 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,10 @@ PHP NEWS . Fixed bug GH-12870 (Creating an xmlns attribute results in a DOMException). (nielsdos) +- FFI: + . Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData). + (Jakub Zelenka) + - Hash: . Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on strings >= 4GiB). (nielsdos) diff --git a/ext/ffi/ffi.c b/ext/ffi/ffi.c index b0b650b7be9..7c7c992bb26 100644 --- a/ext/ffi/ffi.c +++ b/ext/ffi/ffi.c @@ -1302,6 +1302,10 @@ static zval *zend_ffi_cdata_write_field(zend_object *obj, zend_string *field_nam if (cache_slot && *cache_slot == type) { field = *(cache_slot + 1); } else { + if (UNEXPECTED(type == NULL)) { + zend_throw_error(zend_ffi_exception_ce, "Attempt to assign field '%s' to uninitialized FFI\\CData object", ZSTR_VAL(field_name)); + return value; + } if (type->kind == ZEND_FFI_TYPE_POINTER) { type = ZEND_FFI_TYPE(type->pointer.type); } diff --git a/ext/ffi/tests/gh9698.phpt b/ext/ffi/tests/gh9698.phpt new file mode 100644 index 00000000000..bab403810cd --- /dev/null +++ b/ext/ffi/tests/gh9698.phpt @@ -0,0 +1,21 @@ +--TEST-- +GH-9698 (stream_wrapper_register crashes with FFI\CData provided as class) +--EXTENSIONS-- +ffi +--SKIPIF-- + +--FILE-- +getMessage(); +} +?> + +DONE +--EXPECT-- +Attempt to assign field 'context' to uninitialized FFI\CData object +DONE diff --git a/main/streams/userspace.c b/main/streams/userspace.c index 73319215d28..2a7380ce8f3 100644 --- a/main/streams/userspace.c +++ b/main/streams/userspace.c @@ -278,6 +278,12 @@ static void user_stream_create_object(struct php_user_stream_wrapper *uwrap, php add_property_null(object, "context"); } + if (EG(exception) != NULL) { + zval_ptr_dtor(object); + ZVAL_UNDEF(object); + return; + } + if (uwrap->ce->constructor) { zend_call_known_instance_method_with_0_params( uwrap->ce->constructor, Z_OBJ_P(object), NULL);