Fixed bug #77494 (Disabling class causes segfault on member access)

NEWS

@@ -4,6 +4,8 @@ PHP                                                                        NEWS
 
 - Core:
   . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry)
+  . Fixed bug #77494 (Disabling class causes segfault on member access).
+    (Dmitry)
 
 - Curl:
   . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães)

Zend/tests/bug77494.phpt

@@ -0,0 +1,16 @@
+--TEST--
+Bug #77494 (Disabling class causes segfault on member access)
+--SKIPIF--
+<?php if (!extension_loaded("curl")) exit("skip curl extension not loaded"); ?>
+--INI--
+disable_classes=CURLFile
+--FILE--
+<?php
+$a = new CURLFile();
+var_dump($a->name);
+?>
+--EXPECTF--
+Warning: CURLFile() has been disabled for security reasons in %sbug77494.php on line 2
+
+Notice: Undefined property: CURLFile::$name in %sbug77494.php on line 3
+NULL

Zend/zend_API.c

@@ -2855,6 +2855,17 @@ static zend_object *display_disabled_class(zend_class_entry *class_type) /* {{{
 	zend_object *intern;
 
 	intern = zend_objects_new(class_type);
+
+	/* Initialize default properties */
+	if (EXPECTED(class_type->default_properties_count != 0)) {
+		zval *p = intern->properties_table;
+		zval *end = p + class_type->default_properties_count;
+		do {
+			ZVAL_UNDEF(p);
+			p++;
+		} while (p != end);
+	}
+
 	zend_error(E_WARNING, "%s() has been disabled for security reasons", ZSTR_VAL(class_type->name));
 	return intern;
 }