From 76d285140e4f0bf1d43bb7190bd86f652d818487 Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Thu, 5 Nov 2015 14:43:27 +0100
Subject: [PATCH] fix NULL deref in to_string

---
 src/module.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/module.c b/src/module.c
index 3e222b0..2705df1 100644
--- a/src/module.c
+++ b/src/module.c
@@ -135,7 +135,7 @@ void psi_to_string(zval *return_value, token_t t, impl_val *ret_val, decl_var *v
 			RETVAL_STRINGL(&ret_val->cval, 1);
 		} else {
 			ret_val = deref_impl_val(ret_val, var);
-			if (ret_val) {
+			if (ret_val && ret_val->ptr) {
 				RETVAL_STRING(ret_val->ptr);
 			} else {
 				RETVAL_EMPTY_STRING();
@@ -491,7 +491,7 @@ impl_val *psi_do_let(decl_arg *darg)
 		 * let foo = NULL;
 		 * let foo;
 		 */
-		if (darg->let->val->func->type == PSI_T_CALLOC) {
+		if (darg->let->val->func && darg->let->val->func->type == PSI_T_CALLOC) {
 			arg_val->ptr = psi_do_calloc(darg->let->val->func->alloc);
 			darg->let->mem = arg_val->ptr;
 		} else if (darg->var->array_size) {
-- 
2.30.2