wudi · pull · Mar 16, 2025 · Mar 15, 2025 · Mar 16, 2025 · Mar 15, 2025
diff --git a/Zend/tests/property_hooks/oss_fuzz_403308724.phpt b/Zend/tests/property_hooks/oss_fuzz_403308724.phpt
@@ -0,0 +1,30 @@
+--TEST--
+OSS-Fuzz #403308724
+--FILE--
+<?php
+class Base {
+    public $y { get => 1; }
+}
+
+class Test extends Base {
+    public $y {
+        get => [new class {
+            public $inner {get => __PROPERTY__;}
+        }, parent::$y::get()];
+    }
+}
+
+$test = new Test;
+$y = $test->y;
+var_dump($y);
+var_dump($y[0]->inner);
+?>
+--EXPECT--
+array(2) {
+  [0]=>
+  object(class@anonymous)#2 (0) {
+  }
+  [1]=>
+  int(1)
+}
+string(5) "inner"
diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c
@@ -8686,7 +8686,7 @@ static void zend_compile_prop_decl(zend_ast *ast, zend_ast *type_ast, uint32_t f
 		zend_type type = ZEND_TYPE_INIT_NONE(0);
 		flags |= zend_property_is_virtual(ce, name, hooks_ast, flags) ? ZEND_ACC_VIRTUAL : 0;
 
-		ZEND_ASSERT(!CG(context).active_property_info_name);
+		zend_string *old_active_property_info_name = CG(context).active_property_info_name;
 		CG(context).active_property_info_name = name;
 
 		if (!hooks_ast) {
@@ -8782,7 +8782,7 @@ static void zend_compile_prop_decl(zend_ast *ast, zend_ast *type_ast, uint32_t f
 			zend_compile_attributes(&info->attributes, attr_ast, 0, ZEND_ATTRIBUTE_TARGET_PROPERTY, 0);
 		}
 
-		CG(context).active_property_info_name = NULL;
+		CG(context).active_property_info_name = old_active_property_info_name;
 	}
 }
 /* }}} */

diff --git a/ext/mysqli/tests/fetch/mysqli_fetch_all_data_types_variation.phpt b/ext/mysqli/tests/fetch/mysqli_fetch_all_data_types_variation.phpt
@@ -122,22 +122,27 @@ func_mysqli_fetch_all($link, $engine, "DECIMAL(10,2)", "99999999.99", "99999999.
 func_mysqli_fetch_all($link, $engine, "DECIMAL(10,2)", NULL, NULL, 400);
 
 // don't care about date() strict TZ warnings...
-func_mysqli_fetch_all($link, $engine, "DATE", @date('Y-m-d'), @date('Y-m-d'), 410);
-func_mysqli_fetch_all($link, $engine, "DATE NOT NULL", @date('Y-m-d'), @date('Y-m-d'), 420);
+$date = @date('Y-m-d');
+$datetime = @date('Y-m-d H:i:s');
+$time = @date('H:i:s');
+$year = @date('Y');
+
+func_mysqli_fetch_all($link, $engine, "DATE", $date, $date, 410);
+func_mysqli_fetch_all($link, $engine, "DATE NOT NULL", $date, $date, 420);
 func_mysqli_fetch_all($link, $engine, "DATE", NULL, NULL, 430);
 
-func_mysqli_fetch_all($link, $engine, "DATETIME", @date('Y-m-d H:i:s'), @date('Y-m-d H:i:s'), 440);
-func_mysqli_fetch_all($link, $engine, "DATETIME NOT NULL", @date('Y-m-d H:i:s'), @date('Y-m-d H:i:s'), 450);
+func_mysqli_fetch_all($link, $engine, "DATETIME", $datetime, $datetime, 440);
+func_mysqli_fetch_all($link, $engine, "DATETIME NOT NULL", $datetime, $datetime, 450);
 func_mysqli_fetch_all($link, $engine, "DATETIME", NULL, NULL, 460);
 
-func_mysqli_fetch_all($link, $engine, "TIMESTAMP", @date('Y-m-d H:i:s'), @date('Y-m-d H:i:s'), 470);
+func_mysqli_fetch_all($link, $engine, "TIMESTAMP", $datetime, $datetime, 470);
 
-func_mysqli_fetch_all($link, $engine, "TIME", @date('H:i:s'), @date('H:i:s'), 480);
-func_mysqli_fetch_all($link, $engine, "TIME NOT NULL", @date('H:i:s'), @date('H:i:s'), 490);
+func_mysqli_fetch_all($link, $engine, "TIME", $time, $time, 480);
+func_mysqli_fetch_all($link, $engine, "TIME NOT NULL", $time, $time, 490);
 func_mysqli_fetch_all($link, $engine, "TIME", NULL, NULL, 500);
 
-func_mysqli_fetch_all($link, $engine, "YEAR", @date('Y'), @date('Y'), 510);
-func_mysqli_fetch_all($link, $engine, "YEAR NOT NULL", @date('Y'), @date('Y'), 520);
+func_mysqli_fetch_all($link, $engine, "YEAR", $year, $year, 510);
+func_mysqli_fetch_all($link, $engine, "YEAR NOT NULL", $year, $year, 520);
 func_mysqli_fetch_all($link, $engine, "YEAR", NULL, NULL, 530);
 
 $string255 = func_mysqli_fetch_array_make_string(255);

diff --git a/sapi/fuzzer/fuzzer-json.c b/sapi/fuzzer/fuzzer-json.c
@@ -15,8 +15,6 @@
    +----------------------------------------------------------------------+
  */
 
-
-
 #include "fuzzer.h"
 
 #include "Zend/zend.h"
@@ -31,14 +29,15 @@
 #include "ext/json/php_json_parser.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-	char *data = malloc(Size+1);
-	memcpy(data, Data, Size);
-	data[Size] = '\0';
 
-	if (fuzzer_request_startup() == FAILURE) {
+	if (fuzzer_request_startup() == FAILURE){
 		return 0;
 	}
 
+	char *data = malloc(Size + 1);
+	memcpy(data, Data, Size);
+	data[Size] = '\0';
+
 	for (int option = 0; option <=1; ++option) {
 		zval result;
 		php_json_parser parser;

diff --git a/sapi/fuzzer/fuzzer-mbregex.c b/sapi/fuzzer/fuzzer-mbregex.c
@@ -30,15 +30,16 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 #ifdef HAVE_MBREGEX
-	char *args[2];
-	char *data = malloc(Size+1);
-	memcpy(data, Data, Size);
-	data[Size] = '\0';
 
 	if (fuzzer_request_startup() == FAILURE) {
 		return 0;
 	}
 
+	char *args[2];
+	char *data = malloc(Size+1);
+	memcpy(data, Data, Size);
+	data[Size] = '\0';
+
 	fuzzer_setup_dummy_frame();
 
 	args[0] = data;

diff --git a/sapi/fuzzer/fuzzer-unserialize.c b/sapi/fuzzer/fuzzer-unserialize.c
@@ -30,14 +30,15 @@
 #include "ext/standard/php_var.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-	unsigned char *orig_data = malloc(Size+1);
-	memcpy(orig_data, Data, Size);
-	orig_data[Size] = '\0';
 
 	if (fuzzer_request_startup() == FAILURE) {
 		return 0;
 	}
 
+	unsigned char *orig_data = malloc(Size+1);
+	memcpy(orig_data, Data, Size);
+	orig_data[Size] = '\0';
+
 	fuzzer_setup_dummy_frame();
 
 	{

diff --git a/sapi/fuzzer/fuzzer-unserializehash.c b/sapi/fuzzer/fuzzer-unserializehash.c
@@ -34,15 +34,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t FullSize) {
 	}
 	++Start;
 
+	if (fuzzer_request_startup() == FAILURE) {
+		return 0;
+	}
+
 	size_t Size = (Data + FullSize) - Start;
 	unsigned char *orig_data = malloc(Size+1);
 	memcpy(orig_data, Start, Size);
 	orig_data[Size] = '\0';
 
-	if (fuzzer_request_startup() == FAILURE) {
-		return 0;
-	}
-
 	fuzzer_setup_dummy_frame();
 
 	{