diff options
| author | andrey <andrey@php.net> | 2012-06-29 14:40:41 +0300 |
|---|---|---|
| committer | andrey <andrey@php.net> | 2012-06-29 14:40:41 +0300 |
| commit | 1ac611f24f03728e4d9cd717e83331e2e17184d2 (patch) | |
| tree | 69dceee0471cad1a1c518e8333f0b908e52aa454 | |
| parent | f826ea093f8317dda2e5476db128dc5ad3eba442 (diff) | |
| parent | e6cf7d774519300c08399cae5bfba90e33749727 (diff) | |
| download | php-git-1ac611f24f03728e4d9cd717e83331e2e17184d2.tar.gz | |
Merge branch 'PHP-5.3' of ssh://git.php.net/php-src into PHP-5.3
31 files changed, 95 insertions, 73 deletions
@@ -12,6 +12,10 @@ PHP NEWS . Fixed CVE-2012-2143. (Solar Designer) . Fixed potential overflow in _php_stream_scandir. (Jason Powell, Stas) + . Fixed bug #62432 (ReflectionMethod random corrupt memory on high + concurrent). (Johannes) + . Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed + Salt). (Anthony Ferrara) - Fileinfo: . Fixed magic file regex support. (Felipe) diff --git a/ext/date/php_date.c b/ext/date/php_date.c index ab4cc49442..527894d223 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -2035,7 +2035,7 @@ static inline zend_object_value date_object_new_date_ex(zend_class_entry *class_ } zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t) date_object_free_storage_date, NULL TSRMLS_CC); retval.handlers = &date_object_handlers_date; @@ -2159,7 +2159,7 @@ static inline zend_object_value date_object_new_timezone_ex(zend_class_entry *cl } zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t) date_object_free_storage_timezone, NULL TSRMLS_CC); retval.handlers = &date_object_handlers_timezone; @@ -2215,7 +2215,7 @@ static inline zend_object_value date_object_new_interval_ex(zend_class_entry *cl } zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t) date_object_free_storage_interval, NULL TSRMLS_CC); retval.handlers = &date_object_handlers_interval; @@ -2291,7 +2291,7 @@ static inline zend_object_value date_object_new_period_ex(zend_class_entry *clas } zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t) date_object_free_storage_period, NULL TSRMLS_CC); retval.handlers = &date_object_handlers_period; diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c index 2c0e39a714..36c5e392eb 100644 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@ -104,7 +104,7 @@ PHP_FILEINFO_API zend_object_value finfo_objects_new(zend_class_entry *class_typ memset(intern, 0, sizeof(struct finfo_object)); zend_object_std_init(&intern->zo, class_type TSRMLS_CC); - zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref,(void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor,(void *) &tmp, sizeof(zval *)); intern->ptr = NULL; diff --git a/ext/json/json.c b/ext/json/json.c index 5e0351f3f1..4d29a66688 100644 --- a/ext/json/json.c +++ b/ext/json/json.c @@ -34,6 +34,7 @@ static PHP_MINFO_FUNCTION(json); static PHP_FUNCTION(json_encode); static PHP_FUNCTION(json_decode); static PHP_FUNCTION(json_last_error); +static PHP_FUNCTION(json_last_error_msg); static const char digits[] = "0123456789abcdef"; @@ -51,8 +52,10 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_json_decode, 0, 0, 1) ZEND_ARG_INFO(0, depth) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_INFO_EX(arginfo_json_last_error, 0, 0, 0) - ZEND_ARG_INFO(0, as_string) +ZEND_BEGIN_ARG_INFO(arginfo_json_last_error, 0) +ZEND_END_ARG_INFO() + +ZEND_BEGIN_ARG_INFO(arginfo_json_last_error_msg, 0) ZEND_END_ARG_INFO() /* }}} */ @@ -61,6 +64,7 @@ static const function_entry json_functions[] = { PHP_FE(json_encode, arginfo_json_encode) PHP_FE(json_decode, arginfo_json_decode) PHP_FE(json_last_error, arginfo_json_last_error) + PHP_FE(json_last_error_msg, arginfo_json_last_error_msg) PHP_FE_END }; /* }}} */ @@ -607,21 +611,25 @@ static PHP_FUNCTION(json_decode) /* }}} */ /* {{{ proto int json_last_error() - Returns the error code of the last json_decode(). */ + Returns the error code of the last json_encode() or json_decode() call. */ static PHP_FUNCTION(json_last_error) { - zend_bool as_string = 0; - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &as_string) == FAILURE) { + if (zend_parse_parameters_none() == FAILURE) { return; } - /* return error code (JSON_ERROR_* constants) */ - if (!as_string) { - RETURN_LONG(JSON_G(error_code)); + RETURN_LONG(JSON_G(error_code)); +} +/* }}} */ + +/* {{{ proto string json_last_error_msg() + Returns the error string of the last json_encode() or json_decode() call. */ +static PHP_FUNCTION(json_last_error_msg) +{ + if (zend_parse_parameters_none() == FAILURE) { + return; } - /* return error message (for debugging purposes) */ switch(JSON_G(error_code)) { case PHP_JSON_ERROR_NONE: RETURN_STRING("No error", 1); @@ -644,6 +652,7 @@ static PHP_FUNCTION(json_last_error) default: RETURN_STRING("Unknown error", 1); } + } /* }}} */ diff --git a/ext/json/tests/003.phpt b/ext/json/tests/003.phpt index 71874525a7..4ce5b0fde9 100644 --- a/ext/json/tests/003.phpt +++ b/ext/json/tests/003.phpt @@ -13,14 +13,12 @@ var_dump($a); echo "\n"; var_dump(json_encode($a)); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); echo "\n"; var_dump(json_encode($a, JSON_PARTIAL_OUTPUT_ON_ERROR)); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); echo "Done\n"; ?> diff --git a/ext/json/tests/004.phpt b/ext/json/tests/004.phpt index 49c543edca..70ef3ffd1b 100644 --- a/ext/json/tests/004.phpt +++ b/ext/json/tests/004.phpt @@ -13,14 +13,12 @@ var_dump($a); echo "\n"; var_dump(json_encode($a)); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); echo "\n"; var_dump(json_encode($a, JSON_PARTIAL_OUTPUT_ON_ERROR)); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); echo "Done\n"; ?> diff --git a/ext/json/tests/007.phpt b/ext/json/tests/007.phpt index 9ee190a24c..7557ac9ed7 100644 --- a/ext/json/tests/007.phpt +++ b/ext/json/tests/007.phpt @@ -5,15 +5,15 @@ json_last_error() tests --FILE-- <?php var_dump(json_decode("[1]")); -var_dump(json_last_error()); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_decode("[[1]]", false, 2)); -var_dump(json_last_error()); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_decode("[1}")); -var_dump(json_last_error()); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_decode('["' . chr(0) . 'abcd"]')); -var_dump(json_last_error()); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_decode("[1")); -var_dump(json_last_error()); +var_dump(json_last_error(), json_last_error_msg()); echo "Done\n"; @@ -24,13 +24,17 @@ array(1) { int(1) } int(0) +string(8) "No error" NULL int(1) +string(28) "Maximum stack depth exceeded" NULL int(2) +string(42) "State mismatch (invalid or malformed JSON)" NULL int(3) +string(53) "Control character error, possibly incorrectly encoded" NULL int(4) +string(12) "Syntax error" Done - diff --git a/ext/json/tests/bug54058.phpt b/ext/json/tests/bug54058.phpt index 2c2304578e..df1b3130f8 100644 --- a/ext/json/tests/bug54058.phpt +++ b/ext/json/tests/bug54058.phpt @@ -8,29 +8,25 @@ Bug #54058 (json_last_error() invalid UTF-8 produces wrong error) $bad_utf8 = quoted_printable_decode('=B0'); json_encode($bad_utf8); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); $a = new stdclass; $a->foo = quoted_printable_decode('=B0'); json_encode($a); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); $b = new stdclass; $b->foo = $bad_utf8; $b->bar = 1; json_encode($b); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); $c = array( 'foo' => $bad_utf8, 'bar' => 1 ); json_encode($c); -var_dump(json_last_error()); -var_dump(json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); ?> --EXPECTF-- diff --git a/ext/json/tests/bug61537.phpt b/ext/json/tests/bug61537.phpt index f6bb02bae4..80ed051c9a 100644 --- a/ext/json/tests/bug61537.phpt +++ b/ext/json/tests/bug61537.phpt @@ -7,20 +7,20 @@ Bug #61537 (json_encode() incorrectly truncates/discards information) $invalid_utf8 = "\x9f"; var_dump(json_encode($invalid_utf8)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_encode($invalid_utf8, JSON_PARTIAL_OUTPUT_ON_ERROR)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); echo "\n"; $invalid_utf8 = "an invalid sequen\xce in the middle of a string"; var_dump(json_encode($invalid_utf8)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_encode($invalid_utf8, JSON_PARTIAL_OUTPUT_ON_ERROR)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); ?> --EXPECTF-- diff --git a/ext/json/tests/inf_nan_error.phpt b/ext/json/tests/inf_nan_error.phpt index f12e902d9f..f9deecc469 100644 --- a/ext/json/tests/inf_nan_error.phpt +++ b/ext/json/tests/inf_nan_error.phpt @@ -1,5 +1,7 @@ --TEST-- An error is thrown when INF or NaN are encoded +--SKIPIF-- +<?php if (!extension_loaded("json")) print "skip"; ?> --FILE-- <?php @@ -8,10 +10,10 @@ $inf = INF; var_dump($inf); var_dump(json_encode($inf)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_encode($inf, JSON_PARTIAL_OUTPUT_ON_ERROR)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); echo "\n"; @@ -20,10 +22,10 @@ $nan = NAN; var_dump($nan); var_dump(json_encode($nan)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_encode($nan, JSON_PARTIAL_OUTPUT_ON_ERROR)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); ?> --EXPECTF-- float(INF) diff --git a/ext/json/tests/unsupported_type_error.phpt b/ext/json/tests/unsupported_type_error.phpt index f36afb44a5..45a167a5ac 100644 --- a/ext/json/tests/unsupported_type_error.phpt +++ b/ext/json/tests/unsupported_type_error.phpt @@ -1,5 +1,7 @@ --TEST-- An error is thrown when an unsupported type is encoded +--SKIPIF-- +<?php if (!extension_loaded("json")) print "skip"; ?> --FILE-- <?php @@ -8,10 +10,10 @@ $resource = fopen(__FILE__, "r"); var_dump($resource); var_dump(json_encode($resource)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); var_dump(json_encode($resource, JSON_PARTIAL_OUTPUT_ON_ERROR)); -var_dump(json_last_error(), json_last_error(true)); +var_dump(json_last_error(), json_last_error_msg()); ?> --EXPECTF-- diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index 1c3bb8a8b3..6b3ba3bb1b 100755 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -1580,7 +1580,7 @@ zend_object_value pdo_dbh_new(zend_class_entry *ce TSRMLS_DC) dbh->refcount = 1; ALLOC_HASHTABLE(dbh->properties); zend_hash_init(dbh->properties, 0, NULL, ZVAL_PTR_DTOR, 0); - zend_hash_copy(dbh->properties, &ce->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(dbh->properties, &ce->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); dbh->def_stmt_ce = pdo_dbstmt_ce; retval.handle = zend_objects_store_put(dbh, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t)pdo_dbh_free_storage, NULL TSRMLS_CC); diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c index f2828499f7..0cf0cf852a 100755 --- a/ext/pdo/pdo_stmt.c +++ b/ext/pdo/pdo_stmt.c @@ -2466,7 +2466,7 @@ zend_object_value pdo_dbstmt_new(zend_class_entry *ce TSRMLS_DC) stmt->refcount = 1; ALLOC_HASHTABLE(stmt->properties); zend_hash_init(stmt->properties, 0, NULL, ZVAL_PTR_DTOR, 0); - zend_hash_copy(stmt->properties, &ce->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(stmt->properties, &ce->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(stmt, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t)pdo_dbstmt_free_storage, (zend_objects_store_clone_t)dbstmt_clone_obj TSRMLS_CC); retval.handlers = &pdo_dbstmt_object_handlers; diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 180ce8f91a..e98652ba23 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -314,7 +314,7 @@ static zend_object_value reflection_objects_new(zend_class_entry *class_type TSR intern->zo.ce = class_type; zend_object_std_init(&intern->zo, class_type TSRMLS_CC); - zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, NULL, reflection_free_objects_storage, NULL TSRMLS_CC); retval.handlers = &reflection_object_handlers; return retval; diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 87391ab76d..120f78071b 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -1265,7 +1265,7 @@ PHP_METHOD(SoapServer, SoapServer) ALLOC_HASHTABLE(service->class_map); zend_hash_init(service->class_map, zend_hash_num_elements((*tmp)->value.ht), NULL, ZVAL_PTR_DTOR, 0); - zend_hash_copy(service->class_map, (*tmp)->value.ht, (copy_ctor_func_t) zval_add_ref, (void *) &ztmp, sizeof(zval *)); + zend_hash_copy(service->class_map, (*tmp)->value.ht, (copy_ctor_func_t) zval_property_ctor, (void *) &ztmp, sizeof(zval *)); } if (zend_hash_find(ht, "typemap", sizeof("typemap"), (void**)&tmp) == SUCCESS && diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 5bbab907e4..80ca5be612 100755 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -174,7 +174,7 @@ static zend_object_value spl_array_object_new_ex(zend_class_entry *class_type, s ALLOC_INIT_ZVAL(intern->retval); zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); intern->ar_flags = 0; intern->serialize_data = NULL; diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c index aaa256de7b..4f8edb5211 100755 --- a/ext/spl/spl_directory.c +++ b/ext/spl/spl_directory.c @@ -158,7 +158,7 @@ static zend_object_value spl_filesystem_object_new_ex(zend_class_entry *class_ty if (obj) *obj = intern; zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t) zend_objects_destroy_object, (zend_objects_free_object_storage_t) spl_filesystem_object_free_storage, NULL TSRMLS_CC); retval.handlers = &spl_filesystem_object_handlers; diff --git a/ext/spl/spl_dllist.c b/ext/spl/spl_dllist.c index 84afdd6849..0774857cc3 100644 --- a/ext/spl/spl_dllist.c +++ b/ext/spl/spl_dllist.c @@ -376,7 +376,7 @@ static zend_object_value spl_dllist_object_new_ex(zend_class_entry *class_type, ALLOC_INIT_ZVAL(intern->retval); zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); intern->flags = 0; intern->traverse_position = 0; diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c index 4cd78f3774..ee8f51eb33 100644 --- a/ext/spl/spl_fixedarray.c +++ b/ext/spl/spl_fixedarray.c @@ -215,7 +215,7 @@ static zend_object_value spl_fixedarray_object_new_ex(zend_class_entry *class_ty ALLOC_INIT_ZVAL(intern->retval); zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); intern->current = 0; intern->flags = 0; diff --git a/ext/spl/spl_heap.c b/ext/spl/spl_heap.c index a0055f410d..a663422a27 100644 --- a/ext/spl/spl_heap.c +++ b/ext/spl/spl_heap.c @@ -394,7 +394,7 @@ static zend_object_value spl_heap_object_new_ex(zend_class_entry *class_type, sp ALLOC_INIT_ZVAL(intern->retval); zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); intern->flags = 0; intern->fptr_cmp = NULL; diff --git a/ext/spl/spl_iterators.c b/ext/spl/spl_iterators.c index ddcdedbd69..eecd483ba7 100755 --- a/ext/spl/spl_iterators.c +++ b/ext/spl/spl_iterators.c @@ -921,7 +921,7 @@ static zend_object_value spl_RecursiveIteratorIterator_new_ex(zend_class_entry * } zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t)spl_RecursiveIteratorIterator_dtor, (zend_objects_free_object_storage_t) spl_RecursiveIteratorIterator_free_storage, NULL TSRMLS_CC); retval.handlers = &spl_handlers_rec_it_it; diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index a1e497ec5e..85bbeec731 100755 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -206,7 +206,7 @@ static zend_object_value spl_object_storage_new_ex(zend_class_entry *class_type, *obj = intern; zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); zend_hash_init(&intern->storage, 0, NULL, (void (*)(void *))spl_object_storage_dtor, 0); diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 15517db909..a7070a9b06 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -1166,7 +1166,7 @@ static void sqlite_object_new(zend_class_entry *class_type, zend_object_handlers memset(intern, 0, sizeof(sqlite_object)); zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval->handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t) sqlite_object_free_storage, NULL TSRMLS_CC); retval->handlers = handlers; diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index e793206624..d3314d3f86 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -2134,7 +2134,7 @@ static zend_object_value php_sqlite3_object_new(zend_class_entry *class_type TSR zend_llist_init(&(intern->free_list), sizeof(php_sqlite3_free_list *), (llist_dtor_func_t)php_sqlite3_free_list_dtor, 0); zend_object_std_init(&intern->zo, class_type TSRMLS_CC); - zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref,(void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor,(void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, NULL, (zend_objects_free_object_storage_t) php_sqlite3_object_free_storage, NULL TSRMLS_CC); retval.handlers = (zend_object_handlers *) &sqlite3_object_handlers; @@ -2156,7 +2156,7 @@ static zend_object_value php_sqlite3_stmt_object_new(zend_class_entry *class_typ intern->db_obj_zval = NULL; zend_object_std_init(&intern->zo, class_type TSRMLS_CC); - zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref,(void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor,(void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, NULL, (zend_objects_free_object_storage_t) php_sqlite3_stmt_object_free_storage, NULL TSRMLS_CC); retval.handlers = (zend_object_handlers *) &sqlite3_stmt_object_handlers; @@ -2180,7 +2180,7 @@ static zend_object_value php_sqlite3_result_object_new(zend_class_entry *class_t intern->stmt_obj_zval = NULL; zend_object_std_init(&intern->zo, class_type TSRMLS_CC); - zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref,(void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor,(void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, NULL, (zend_objects_free_object_storage_t) php_sqlite3_result_object_free_storage, NULL TSRMLS_CC); retval.handlers = (zend_object_handlers *) &sqlite3_result_object_handlers; diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c index e0d90e7e39..27a8d82d0e 100644 --- a/ext/standard/crypt.c +++ b/ext/standard/crypt.c @@ -199,8 +199,8 @@ PHP_FUNCTION(crypt) char *output; int needed = (sizeof(sha512_salt_prefix) - 1 + sizeof(sha512_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); - output = emalloc(needed * sizeof(char *)); + + salt_in_len + 1 + 86 + 1); + output = emalloc(needed); salt[salt_in_len] = '\0'; crypt_res = php_sha512_crypt_r(str, salt, output, needed); @@ -214,7 +214,7 @@ PHP_FUNCTION(crypt) RETVAL_STRING(output, 1); } - memset(output, 0, PHP_MAX_SALT_LEN + 1); + memset(output, 0, needed); efree(output); } else if (salt[0]=='$' && salt[1]=='5' && salt[2]=='$') { const char sha256_salt_prefix[] = "$5$"; @@ -222,8 +222,8 @@ PHP_FUNCTION(crypt) char *output; int needed = (sizeof(sha256_salt_prefix) - 1 + sizeof(sha256_rounds_prefix) + 9 + 1 - + strlen(salt) + 1 + 43 + 1); - output = emalloc(needed * sizeof(char *)); + + salt_in_len + 1 + 43 + 1); + output = emalloc(needed); salt[salt_in_len] = '\0'; crypt_res = php_sha256_crypt_r(str, salt, output, needed); @@ -237,7 +237,7 @@ PHP_FUNCTION(crypt) RETVAL_STRING(output, 1); } - memset(output, 0, PHP_MAX_SALT_LEN + 1); + memset(output, 0, needed); efree(output); } else if ( salt[0] == '$' && diff --git a/ext/standard/tests/strings/bug62443.phpt b/ext/standard/tests/strings/bug62443.phpt new file mode 100644 index 0000000000..9e0dc38cfb --- /dev/null +++ b/ext/standard/tests/strings/bug62443.phpt @@ -0,0 +1,9 @@ +--TEST-- +Bug #62443 Crypt SHA256/512 Segfaults With Malformed Salt +--FILE-- +<?php +crypt("foo", '$5$'.chr(0).'abc'); +crypt("foo", '$6$'.chr(0).'abc'); +echo "OK!"; +--EXPECT-- +OK! diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index 619d5a3a6a..529929342f 100644 --- a/ext/tidy/tidy.c +++ b/ext/tidy/tidy.c @@ -687,7 +687,7 @@ static void tidy_object_new(zend_class_entry *class_type, zend_object_handlers * memset(intern, 0, sizeof(PHPTidyObj)); zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); switch(objtype) { case is_node: diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c index 4ffdb179ff..7a4cd0e718 100644 --- a/ext/xmlreader/php_xmlreader.c +++ b/ext/xmlreader/php_xmlreader.c @@ -401,7 +401,7 @@ zend_object_value xmlreader_objects_new(zend_class_entry *class_type TSRMLS_DC) intern->prop_handler = &xmlreader_prop_handlers; zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t) xmlreader_objects_free_storage, xmlreader_objects_clone TSRMLS_CC); intern->handle = retval.handle; retval.handlers = &xmlreader_object_handlers; diff --git a/ext/xmlwriter/php_xmlwriter.c b/ext/xmlwriter/php_xmlwriter.c index 588ca4bf3a..c1152eb113 100644 --- a/ext/xmlwriter/php_xmlwriter.c +++ b/ext/xmlwriter/php_xmlwriter.c @@ -151,7 +151,7 @@ static zend_object_value xmlwriter_object_new(zend_class_entry *class_type TSRML intern->xmlwriter_ptr = NULL; zend_object_std_init(&intern->zo, class_type TSRMLS_CC); - zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, + zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, diff --git a/ext/xsl/php_xsl.c b/ext/xsl/php_xsl.c index 7262e7804a..6f7237d57d 100644 --- a/ext/xsl/php_xsl.c +++ b/ext/xsl/php_xsl.c @@ -129,7 +129,7 @@ zend_object_value xsl_objects_new(zend_class_entry *class_type TSRMLS_DC) intern->profiling = NULL; zend_object_std_init(&intern->std, class_type TSRMLS_CC); - zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); ALLOC_HASHTABLE(intern->parameter); zend_hash_init(intern->parameter, 0, NULL, ZVAL_PTR_DTOR, 0); ALLOC_HASHTABLE(intern->registered_phpfunctions); diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index e6a30a0066..75f98b591f 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -1104,7 +1104,7 @@ static zend_object_value php_zip_object_new(zend_class_entry *class_type TSRMLS_ intern->zo.ce = class_type; #endif - zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, + zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_property_ctor, (void *) &tmp, sizeof(zval *)); retval.handle = zend_objects_store_put(intern, |