From e9ae04062986023be41798f6a31b3acfcd0a49a2 Mon Sep 17 00:00:00 2001 From: arshidkv12 Date: Thu, 29 Jan 2026 13:51:53 +0530 Subject: [PATCH] Fix crash on (unset) cast in constant expression Fixes GH-21072 Closes GH-21073 --- NEWS | 2 ++ Zend/tests/ast/gh21072.phpt | 17 +++++++++++++++++ Zend/zend_compile.c | 3 +++ 3 files changed, 22 insertions(+) create mode 100644 Zend/tests/ast/gh21072.phpt diff --git a/NEWS b/NEWS index 8ec869035f0..07c66ec833e 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,8 @@ PHP NEWS - Core: . Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds). (Arnaud) . Fixed bug GH-21059 (Segfault when preloading constant AST closure). (ilutov) + . Fixed bug GH-21072 (Crash on (unset) cast in constant expression). + (arshidkv12) - Windows: . Fixed compilation with clang (missing intrin.h include). (Kévin Dunglas) diff --git a/Zend/tests/ast/gh21072.phpt b/Zend/tests/ast/gh21072.phpt new file mode 100644 index 00000000000..1ffd0518eae --- /dev/null +++ b/Zend/tests/ast/gh21072.phpt @@ -0,0 +1,17 @@ +--TEST-- +(unset) cast must not be allowed in constant expressions +--CREDITS-- +Viet Hoang Luu (@vi3tL0u1s) +--FILE-- +getMessage(); +} +?> +--EXPECTF-- +Fatal error: The (unset) cast is no longer supported in %s on line %d diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index 8be1ee14f48..80f85f421a3 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -12360,6 +12360,9 @@ static void zend_eval_const_expr(zend_ast **ast_ptr) /* {{{ */ zend_eval_const_expr(&ast->child[1]); return; case ZEND_AST_CAST: + if (ast->attr == IS_NULL) { + zend_error_noreturn(E_COMPILE_ERROR, "The (unset) cast is no longer supported"); + } zend_eval_const_expr(&ast->child[0]); if (ast->child[0]->kind == ZEND_AST_ZVAL && zend_try_ct_eval_cast(&result, ast->attr, zend_ast_get_zval(ast->child[0]))) {