diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-09-01 23:15:34 -0700 |
|---|---|---|
| committer | Ferenc Kovacs <tyra3l@gmail.com> | 2016-09-15 10:02:42 +0200 |
| commit | 120eb29bb350950213bbc9a0e11345ba20b63db0 (patch) | |
| tree | 167ece27f737dec7eb6e88505ecd020954b96436 | |
| parent | 88d26623b2e55becc1d4b3e7944ebb1a0c1bd908 (diff) | |
| download | php-git-120eb29bb350950213bbc9a0e11345ba20b63db0.tar.gz | |
Fix various int size overflows.
Add function for detection of string zvals with length that does not fit
INT_MAX.
| -rw-r--r-- | Zend/zend_API.c | 61 | ||||
| -rw-r--r-- | Zend/zend_API.h | 14 | ||||
| -rw-r--r-- | Zend/zend_alloc.c | 9 | ||||
| -rw-r--r-- | Zend/zend_alloc.h | 4 | ||||
| -rw-r--r-- | ext/imap/php_imap.c | 28 | ||||
| -rw-r--r-- | ext/ldap/ldap.c | 2 | ||||
| -rw-r--r-- | ext/pcre/php_pcre.c | 14 | ||||
| -rw-r--r-- | ext/pgsql/pgsql.c | 186 | ||||
| -rw-r--r-- | ext/standard/string.c | 23 | ||||
| -rw-r--r-- | ext/xml/xml.c | 4 | ||||
| -rw-r--r-- | ext/zlib/zlib.c | 8 |
11 files changed, 210 insertions, 143 deletions
diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 7e622c6ea7..1f50016bd6 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -1074,7 +1074,7 @@ static int zval_update_class_constant(zval **pp, int is_static, int offset TSRML *scope = old_scope; return ret; } - } + } ce = ce->parent; } while (ce); @@ -1279,9 +1279,14 @@ ZEND_API int add_assoc_double_ex(zval *arg, const char *key, uint key_len, doubl ZEND_API int add_assoc_string_ex(zval *arg, const char *key, uint key_len, char *str, int duplicate) /* {{{ */ { zval *tmp; + size_t _len = strlen(str); + + if (UNEXPECTED(_len > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } MAKE_STD_ZVAL(tmp); - ZVAL_STRING(tmp, str, duplicate); + ZVAL_STRINGL(tmp, str, _len, duplicate); return zend_symtable_update(Z_ARRVAL_P(arg), key, key_len, (void *) &tmp, sizeof(zval *), NULL); } @@ -1291,6 +1296,10 @@ ZEND_API int add_assoc_stringl_ex(zval *arg, const char *key, uint key_len, char { zval *tmp; + if (UNEXPECTED(length > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } + MAKE_STD_ZVAL(tmp); ZVAL_STRINGL(tmp, str, length, duplicate); @@ -1362,6 +1371,11 @@ ZEND_API int add_index_double(zval *arg, ulong index, double d) /* {{{ */ ZEND_API int add_index_string(zval *arg, ulong index, const char *str, int duplicate) /* {{{ */ { zval *tmp; + size_t _len = strlen(str); + + if (UNEXPECTED(_len > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } MAKE_STD_ZVAL(tmp); ZVAL_STRING(tmp, str, duplicate); @@ -1374,6 +1388,10 @@ ZEND_API int add_index_stringl(zval *arg, ulong index, const char *str, uint len { zval *tmp; + if (UNEXPECTED(length > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } + MAKE_STD_ZVAL(tmp); ZVAL_STRINGL(tmp, str, length, duplicate); @@ -1457,6 +1475,9 @@ ZEND_API int add_next_index_stringl(zval *arg, const char *str, uint length, int { zval *tmp; + if (UNEXPECTED(length > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } MAKE_STD_ZVAL(tmp); ZVAL_STRINGL(tmp, str, length, duplicate); @@ -1473,9 +1494,14 @@ ZEND_API int add_next_index_zval(zval *arg, zval *value) /* {{{ */ ZEND_API int add_get_assoc_string_ex(zval *arg, const char *key, uint key_len, const char *str, void **dest, int duplicate) /* {{{ */ { zval *tmp; + size_t _len = strlen(str); + + if (UNEXPECTED(_len > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } MAKE_STD_ZVAL(tmp); - ZVAL_STRING(tmp, str, duplicate); + ZVAL_STRINGL(tmp, str, _len, duplicate); return zend_symtable_update(Z_ARRVAL_P(arg), key, key_len, (void *) &tmp, sizeof(zval *), dest); } @@ -1485,6 +1511,10 @@ ZEND_API int add_get_assoc_stringl_ex(zval *arg, const char *key, uint key_len, { zval *tmp; + if (UNEXPECTED(length > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } + MAKE_STD_ZVAL(tmp); ZVAL_STRINGL(tmp, str, length, duplicate); @@ -1664,9 +1694,14 @@ ZEND_API int add_property_string_ex(zval *arg, const char *key, uint key_len, co { zval *tmp; zval *z_key; + size_t _len = strlen(str); + + if (UNEXPECTED(_len > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } MAKE_STD_ZVAL(tmp); - ZVAL_STRING(tmp, str, duplicate); + ZVAL_STRINGL(tmp, str, _len, duplicate); MAKE_STD_ZVAL(z_key); ZVAL_STRINGL(z_key, key, key_len-1, 1); @@ -1683,6 +1718,10 @@ ZEND_API int add_property_stringl_ex(zval *arg, const char *key, uint key_len, c zval *tmp; zval *z_key; + if (UNEXPECTED(length > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX); + } + MAKE_STD_ZVAL(tmp); ZVAL_STRINGL(tmp, str, length, duplicate); @@ -1836,7 +1875,7 @@ ZEND_API void zend_collect_module_handlers(TSRMLS_D) /* {{{ */ module_post_deactivate_handlers = module_request_shutdown_handlers + shutdown_count + 1; module_post_deactivate_handlers[post_deactivate_count] = NULL; startup_count = 0; - + for (zend_hash_internal_pointer_reset_ex(&module_registry, &pos); zend_hash_get_current_data_ex(&module_registry, (void *) &module, &pos) == SUCCESS; zend_hash_move_forward_ex(&module_registry, &pos)) { @@ -2083,7 +2122,7 @@ ZEND_API int zend_register_functions(zend_class_entry *scope, const zend_functio } if (ptr->arg_info) { zend_internal_function_info *info = (zend_internal_function_info*)ptr->arg_info; - + internal_function->arg_info = (zend_arg_info*)ptr->arg_info+1; internal_function->num_args = ptr->num_args; /* Currently you cannot denote that the function can accept less arguments than num_args */ @@ -2701,7 +2740,7 @@ static int zend_is_callable_check_class(const char *name, int name_len, zend_fca } ret = 1; } - } else if (name_len == sizeof("parent") - 1 && + } else if (name_len == sizeof("parent") - 1 && !memcmp(lcname, "parent", sizeof("parent") - 1)) { if (!EG(scope)) { if (error) *error = estrdup("cannot access parent:: when no class scope is active"); @@ -3030,7 +3069,7 @@ ZEND_API zend_bool zend_is_callable_ex(zval *callable, zval *object_ptr, uint ch if (error) { *error = NULL; } - + fcc->initialized = 0; fcc->calling_scope = NULL; fcc->called_scope = NULL; @@ -3042,7 +3081,7 @@ ZEND_API zend_bool zend_is_callable_ex(zval *callable, zval *object_ptr, uint ch object_ptr = NULL; } if (object_ptr && - (!EG(objects_store).object_buckets || + (!EG(objects_store).object_buckets || !EG(objects_store).object_buckets[Z_OBJ_HANDLE_P(object_ptr)].valid)) { return 0; } @@ -3123,7 +3162,7 @@ ZEND_API zend_bool zend_is_callable_ex(zval *callable, zval *object_ptr, uint ch } } else { - if (!EG(objects_store).object_buckets || + if (!EG(objects_store).object_buckets || !EG(objects_store).object_buckets[Z_OBJ_HANDLE_PP(obj)].valid) { return 0; } @@ -3192,7 +3231,7 @@ ZEND_API zend_bool zend_is_callable_ex(zval *callable, zval *object_ptr, uint ch *callable_name = emalloc(*callable_name_len + 1); memcpy(*callable_name, ce->name, ce->name_length); memcpy((*callable_name) + ce->name_length, "::__invoke", sizeof("::__invoke")); - } + } return 1; } /* break missing intentionally */ diff --git a/Zend/zend_API.h b/Zend/zend_API.h index e17be4ce68..3e191b63eb 100644 --- a/Zend/zend_API.h +++ b/Zend/zend_API.h @@ -654,6 +654,20 @@ END_EXTERN_C() } while (0) #define RETURN_ZVAL_FAST(z) { RETVAL_ZVAL_FAST(z); return; } +/* Check that returned string length fits int */ +#define RETVAL_STRINGL_CHECK(s, len, dup) \ + size_t __len = (len); \ + if (UNEXPECTED(__len > INT_MAX)) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "String too long, max is %d", INT_MAX); \ + if(!(dup)) { \ + efree((s)); \ + } \ + RETURN_FALSE; \ + } \ + RETVAL_STRINGL((s), __len, (dup)) + + + #define SET_VAR_STRING(n, v) { \ { \ zval *var; \ diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 105c2560aa..1f00414939 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -2578,6 +2578,15 @@ static inline size_t safe_address(size_t nmemb, size_t size, size_t offset) #endif +ZEND_API void *_safe_emalloc_string(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) +{ + size_t str_size = safe_address(nmemb, size, offset); + if (UNEXPECTED(str_size > INT_MAX)) { + zend_error_noreturn(E_ERROR, "String allocation overflow, max size is %d", INT_MAX); + } + return emalloc_rel(str_size); +} + ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) { return emalloc_rel(safe_address(nmemb, size, offset)); diff --git a/Zend/zend_alloc.h b/Zend/zend_alloc.h index 8169364cd3..719f9c5cae 100644 --- a/Zend/zend_alloc.h +++ b/Zend/zend_alloc.h @@ -5,7 +5,7 @@ | Copyright (c) 1998-2016 Zend Technologies Ltd. (http://www.zend.com) | +----------------------------------------------------------------------+ | This source file is subject to version 2.00 of the Zend license, | - | that is bundled with this package in the file LICENSE, and is | + | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.zend.com/license/2_00.txt. | | If you did not receive a copy of the Zend license and are unable to | @@ -56,6 +56,7 @@ ZEND_API char *zend_strndup(const char *s, unsigned int length) ZEND_ATTRIBUTE_M ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTRIBUTE_ALLOC_SIZE(1); ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; +ZEND_API void *_safe_emalloc_string(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC; ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC; ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC); ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTRIBUTE_ALLOC_SIZE2(1,2); @@ -69,6 +70,7 @@ ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_ /* Standard wrapper macros */ #define emalloc(size) _emalloc((size) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC) #define safe_emalloc(nmemb, size, offset) _safe_emalloc((nmemb), (size), (offset) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC) +#define safe_emalloc_string(nmemb, size, offset) _safe_emalloc_string((nmemb), (size), (offset) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC) #define efree(ptr) _efree((ptr) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC) #define ecalloc(nmemb, size) _ecalloc((nmemb), (size) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC) #define erealloc(ptr, size) _erealloc((ptr), (size), 0 ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC) diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index d5d3e2255a..8fe9de9ea8 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -1711,7 +1711,7 @@ PHP_FUNCTION(imap_body) if (body_len == 0) { RETVAL_EMPTY_STRING(); } else { - RETVAL_STRINGL(body, body_len, 1); + RETVAL_STRINGL_CHECK(body, body_len, 1); } } /* }}} */ @@ -1899,7 +1899,7 @@ PHP_FUNCTION(imap_list_full) } array_init(return_value); - delim = safe_emalloc(2, sizeof(char), 0); + delim = emalloc(2); cur=IMAPG(imap_folder_objects); while (cur != NIL) { MAKE_STD_ZVAL(mboxob); @@ -2205,7 +2205,7 @@ PHP_FUNCTION(imap_lsub_full) } array_init(return_value); - delim = safe_emalloc(2, sizeof(char), 0); + delim = emalloc(2); cur=IMAPG(imap_sfolder_objects); while (cur != NIL) { MAKE_STD_ZVAL(mboxob); @@ -2356,7 +2356,7 @@ PHP_FUNCTION(imap_fetchbody) php_error_docref(NULL TSRMLS_CC, E_WARNING, "No body information available"); RETURN_FALSE; } - RETVAL_STRINGL(body, len, 1); + RETVAL_STRINGL_CHECK(body, len, 1); } /* }}} */ @@ -2396,7 +2396,12 @@ PHP_FUNCTION(imap_fetchmime) php_error_docref(NULL TSRMLS_CC, E_WARNING, "No body MIME information available"); RETURN_FALSE; } - RETVAL_STRINGL(body, len, 1); + if (len > INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "String too long, max is %d", INT_MAX); + efree(body); + RETURN_FALSE; + } + RETVAL_STRINGL_CHECK(body, len, 1); } /* }}} */ @@ -2495,7 +2500,7 @@ PHP_FUNCTION(imap_qprint) RETURN_FALSE; } - RETVAL_STRINGL(decode, newlength, 1); + RETVAL_STRINGL_CHECK(decode, newlength, 1); fs_give((void**) &decode); } /* }}} */ @@ -2541,7 +2546,7 @@ PHP_FUNCTION(imap_binary) RETURN_FALSE; } - RETVAL_STRINGL(decode, newlength, 1); + RETVAL_STRINGL_CHECK(decode, newlength, 1); fs_give((void**) &decode); } /* }}} */ @@ -2626,7 +2631,7 @@ PHP_FUNCTION(imap_rfc822_write_address) string = _php_rfc822_write_address(addr TSRMLS_CC); if (string) { - RETVAL_STRING(string, 0); + RETVAL_STRINGL_CHECK(string, strlen(string), 0); } else { RETURN_FALSE; } @@ -2882,7 +2887,8 @@ PHP_FUNCTION(imap_utf7_encode) const unsigned char *in, *inp, *endp; unsigned char *out, *outp; unsigned char c; - int arg_len, inlen, outlen; + int arg_len, inlen; + size_t outlen; enum { ST_NORMAL, /* printable text */ ST_ENCODE0, /* encoded text rotation... */ @@ -2929,7 +2935,7 @@ PHP_FUNCTION(imap_utf7_encode) } /* allocate output buffer */ - out = emalloc(outlen + 1); + out = safe_emalloc_string(1, outlen, 1); /* encode input string */ outp = out; @@ -3019,7 +3025,7 @@ static void php_imap_mutf7(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ if (out == NIL) { RETURN_FALSE; } else { - RETURN_STRING((char *)out, 1); + RETVAL_STRINGL_CHECK((char *)out, strlen(out), 1); } } /* }}} */ diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c index e709e592fa..8ab0fe0727 100644 --- a/ext/ldap/ldap.c +++ b/ext/ldap/ldap.c @@ -2647,7 +2647,7 @@ static void php_ldap_do_escape(const zend_bool *map, const char *value, size_t v len += (map[(unsigned char) value[i]]) ? 3 : 1; } - (*result) = (char *) safe_emalloc(1, len, 1); + (*result) = (char *) safe_emalloc_string(1, len, 1); (*resultlen) = len; for (i = 0; i < valuelen; i++) { diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index ddc5d764f9..b5d9ca31fd 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -805,7 +805,7 @@ PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, char *subject, int subjec to achieve this, unless we're already at the end of the string. */ if (g_notempty != 0 && start_offset < subject_len) { int unit_len = calculate_unit_length(pce, subject + start_offset); - + offsets[0] = start_offset; offsets[1] = start_offset + unit_len; } else @@ -820,7 +820,7 @@ PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, char *subject, int subjec the match again at the same point. If this fails (picked up above) we advance to the next character. */ g_notempty = (offsets[1] == offsets[0])? PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED : 0; - + /* Advance to the position right after the last full match */ start_offset = offsets[1]; } while (global); @@ -1054,7 +1054,7 @@ PHPAPI char *php_pcre_replace(char *regex, int regex_len, return NULL; } pce->refcount++; - result = php_pcre_replace_impl(pce, subject, subject_len, replace_val, + result = php_pcre_replace_impl(pce, subject, subject_len, replace_val, is_callable_replace, result_len, limit, replace_count TSRMLS_CC); pce->refcount--; @@ -1299,7 +1299,7 @@ PHPAPI char *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject, int sub the match again at the same point. If this fails (picked up above) we advance to the next character. */ g_notempty = (offsets[1] == offsets[0])? PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED : 0; - + /* Advance to the next piece. */ start_offset = offsets[1]; } @@ -1592,7 +1592,7 @@ PHPAPI void php_pcre_split_impl(pcre_cache_entry *pce, char *subject, int subjec #ifdef PCRE_EXTRA_MARK extra->flags &= ~PCRE_EXTRA_MARK; #endif - + /* Initialize return value */ array_init(return_value); @@ -1700,7 +1700,7 @@ PHPAPI void php_pcre_split_impl(pcre_cache_entry *pce, char *subject, int subjec the match again at the same point. If this fails (picked up above) we advance to the next character. */ g_notempty = (offsets[1] == offsets[0])? PCRE_NOTEMPTY_ATSTART | PCRE_ANCHORED : 0; - + /* Advance to the position right after the last full match */ start_offset = offsets[1]; } @@ -1761,7 +1761,7 @@ static PHP_FUNCTION(preg_quote) /* Allocate enough memory so that even if each character is quoted, we won't run out of room */ - out_str = safe_emalloc(4, in_str_len, 1); + out_str = safe_emalloc_string(4, in_str_len, 1); /* Go through the string and quote necessary characters */ for(p = in_str, q = out_str; p != in_str_end; p++) { diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 8f3518d7c2..a1835bfa7c 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -959,7 +959,7 @@ static void _close_pgsql_plink(zend_rsrc_list_entry *rsrc TSRMLS_DC) static void _php_pgsql_notice_handler(void *resource_id, const char *message) { php_pgsql_notice *notice; - + TSRMLS_FETCH(); if (! PGG(ignore_notices)) { notice = (php_pgsql_notice *)emalloc(sizeof(php_pgsql_notice)); @@ -976,7 +976,7 @@ static void _php_pgsql_notice_handler(void *resource_id, const char *message) /* {{{ _php_pgsql_notice_dtor */ -static void _php_pgsql_notice_ptr_dtor(void **ptr) +static void _php_pgsql_notice_ptr_dtor(void **ptr) { php_pgsql_notice *notice = (php_pgsql_notice *)*ptr; if (notice) { @@ -995,7 +995,7 @@ static int _rollback_transactions(zend_rsrc_list_entry *rsrc TSRMLS_DC) PGresult *res; int orig; - if (Z_TYPE_P(rsrc) != le_plink) + if (Z_TYPE_P(rsrc) != le_plink) return 0; link = (PGconn *) rsrc->ptr; @@ -1004,7 +1004,7 @@ static int _rollback_transactions(zend_rsrc_list_entry *rsrc TSRMLS_DC) php_error_docref("ref.pgsql" TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode"); return -1; } - + while ((res = PQgetResult(link))) { PQclear(res); } @@ -1093,7 +1093,7 @@ static PHP_GINIT_FUNCTION(pgsql) { memset(pgsql_globals, 0, sizeof(zend_pgsql_globals)); /* Initilize notice message hash at MINIT only */ - zend_hash_init_ex(&pgsql_globals->notices, 0, NULL, PHP_PGSQL_NOTICE_PTR_DTOR, 1, 0); + zend_hash_init_ex(&pgsql_globals->notices, 0, NULL, PHP_PGSQL_NOTICE_PTR_DTOR, 1, 0); } /* }}} */ @@ -1283,11 +1283,11 @@ static void php_pgsql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent) } smart_str_appends(&str, "pgsql"); - + for (i = 0; i < ZEND_NUM_ARGS(); i++) { /* make sure that the PGSQL_CONNECT_FORCE_NEW bit is not part of the hash so that subsequent connections * can re-use this connection. Bug #39979 - */ + */ if (i == 1 && ZEND_NUM_ARGS() == 2 && Z_TYPE_PP(args[i]) == IS_LONG) { if (Z_LVAL_PP(args[1]) == PGSQL_CONNECT_FORCE_NEW) { continue; @@ -1325,11 +1325,11 @@ static void php_pgsql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent) if (persistent && PGG(allow_persistent)) { zend_rsrc_list_entry *le; - + /* try to find if we already have this link in our persistent list */ if (zend_hash_find(&EG(persistent_list), str.c, str.len+1, (void **) &le)==FAILURE) { /* we don't */ zend_rsrc_list_entry new_le; - + if (PGG(max_links)!=-1 && PGG(num_links)>=PGG(max_links)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot create new link. Too many open links (%ld)", PGG(num_links)); @@ -1483,7 +1483,7 @@ static void php_pgsql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent) PQsetNoticeProcessor(pgsql, _php_pgsql_notice_handler, (void*)Z_RESVAL_P(return_value)); } php_pgsql_set_default_link(Z_LVAL_P(return_value) TSRMLS_CC); - + cleanup: smart_str_free(&str); return; @@ -1550,7 +1550,7 @@ PHP_FUNCTION(pg_pconnect) /* }}} */ /* {{{ proto bool pg_close([resource connection]) - Close a PostgreSQL connection */ + Close a PostgreSQL connection */ PHP_FUNCTION(pg_close) { zval *pgsql_link = NULL; @@ -1608,12 +1608,12 @@ static void php_pgsql_get_link_info(INTERNAL_FUNCTION_PARAMETERS, int entry_type if (zend_parse_parameters(argc TSRMLS_CC, "|r", &pgsql_link) == FAILURE) { return; } - + if (argc == 0) { id = PGG(default_link); CHECK_DEFAULT_LINK(id); } - + if (pgsql_link == NULL && id == -1) { RETURN_FALSE; } @@ -1688,7 +1688,7 @@ static void php_pgsql_get_link_info(INTERNAL_FUNCTION_PARAMETERS, int entry_type /* }}} */ /* {{{ proto string pg_dbname([resource connection]) - Get the database name */ + Get the database name */ PHP_FUNCTION(pg_dbname) { php_pgsql_get_link_info(INTERNAL_FUNCTION_PARAM_PASSTHRU,PHP_PG_DBNAME); @@ -1930,7 +1930,7 @@ PHP_FUNCTION(pg_query_params) PGresult *pgsql_result; ExecStatusType status; pgsql_result_handle *pg_result; - + if (argc == 2) { if (zend_parse_parameters(argc TSRMLS_CC, "sa", &query, &query_len, &pv_param_arr) == FAILURE) { return; @@ -1994,12 +1994,12 @@ PHP_FUNCTION(pg_query_params) } } - pgsql_result = PQexecParams(pgsql, query, num_params, + pgsql_result = PQexecParams(pgsql, query, num_params, NULL, (const char * const *)params, NULL, NULL, 0); if ((PGG(auto_reset_persistent) & 2) && PQstatus(pgsql) != CONNECTION_OK) { PQclear(pgsql_result); PQreset(pgsql); - pgsql_result = PQexecParams(pgsql, query, num_params, + pgsql_result = PQexecParams(pgsql, query, num_params, NULL, (const char * const *)params, NULL, NULL, 0); } @@ -2008,7 +2008,7 @@ PHP_FUNCTION(pg_query_params) } else { status = (ExecStatusType) PQstatus(pgsql); } - + _php_pgsql_free_params(params, num_params); switch (status) { @@ -2201,12 +2201,12 @@ PHP_FUNCTION(pg_execute) } } - pgsql_result = PQexecPrepared(pgsql, stmtname, num_params, + pgsql_result = PQexecPrepared(pgsql, stmtname, num_params, (const char * const *)params, NULL, NULL, 0); if ((PGG(auto_reset_persistent) & 2) && PQstatus(pgsql) != CONNECTION_OK) { PQclear(pgsql_result); PQreset(pgsql); - pgsql_result = PQexecPrepared(pgsql, stmtname, num_params, + pgsql_result = PQexecPrepared(pgsql, stmtname, num_params, (const char * const *)params, NULL, NULL, 0); } @@ -2260,7 +2260,7 @@ static void php_pgsql_get_result_info(INTERNAL_FUNCTION_PARAMETERS, int entry_ty if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &result) == FAILURE) { return; } - + ZEND_FETCH_RESOURCE(pg_result, pgsql_result_handle *, &result, -1, "PostgreSQL result", le_result); pgsql_result = pg_result->result; @@ -2315,13 +2315,13 @@ PHP_FUNCTION(pg_affected_rows) /* {{{ proto string pg_last_notice(resource connection) Returns the last notice set by the backend */ -PHP_FUNCTION(pg_last_notice) +PHP_FUNCTION(pg_last_notice) { zval *pgsql_link; PGconn *pg_link; int id = -1; php_pgsql_notice **notice; - + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &pgsql_link) == FAILURE) { return; } @@ -2372,7 +2372,7 @@ static char *get_field_name(PGconn *pgsql, Oid oid, HashTable *list TSRMLS_DC) if ((tmp_oid = PQgetvalue(result,i,oid_offset))==NULL) { continue; } - + str.len = 0; smart_str_appends(&str, "pgsql_oid_"); smart_str_appends(&str, tmp_oid); @@ -2508,7 +2508,7 @@ static void php_pgsql_get_field_info(INTERNAL_FUNCTION_PARAMETERS, int entry_typ ZEND_FETCH_RESOURCE(pg_result, pgsql_result_handle *, &result, -1, "PostgreSQL result", le_result); pgsql_result = pg_result->result; - + if (field < 0 || field >= PQnfields(pgsql_result)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Bad field offset specified"); RETURN_FALSE; @@ -2531,7 +2531,7 @@ static void php_pgsql_get_field_info(INTERNAL_FUNCTION_PARAMETERS, int entry_typ Z_TYPE_P(return_value) = IS_STRING; break; case PHP_PG_FIELD_TYPE_OID: - + oid = PQftype(pgsql_result, field); #if UINT_MAX > LONG_MAX if (oid > LONG_MAX) { @@ -2563,7 +2563,7 @@ PHP_FUNCTION(pg_field_name) /* }}} */ /* {{{ proto int pg_field_size(resource result, int field_number) - Returns the internal size of the field */ + Returns the internal size of the field */ PHP_FUNCTION(pg_field_size) { php_pgsql_get_field_info(INTERNAL_FUNCTION_PARAM_PASSTHRU,PHP_PG_FIELD_SIZE); @@ -2629,7 +2629,7 @@ PHP_FUNCTION(pg_fetch_result) return; } } - + ZEND_FETCH_RESOURCE(pg_result, pgsql_result_handle *, &result, -1, "PostgreSQL result", le_result); pgsql_result = pg_result->result; @@ -2723,12 +2723,12 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type, php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid result type"); RETURN_FALSE; } - + ZEND_FETCH_RESOURCE(pg_result, pgsql_result_handle *, &result, -1, "PostgreSQL result", le_result); pgsql_result = pg_result->result; - if (use_row) { + if (use_row) { pgsql_row = row; pg_result->row = pgsql_row; if (pgsql_row < 0 || pgsql_row >= PQntuples(pgsql_result)) { @@ -2836,7 +2836,7 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type, /* }}} */ /* {{{ proto array pg_fetch_row(resource result [, int row [, int result_type]]) - Get a row as an enumerated array */ + Get a row as an enumerated array */ PHP_FUNCTION(pg_fetch_row) { php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAM_PASSTHRU, PGSQL_NUM, 0); @@ -2931,7 +2931,7 @@ PHP_FUNCTION(pg_fetch_all_columns) if (PQgetisnull(pgsql_result, pg_row, colno)) { add_next_index_null(return_value); } else { - add_next_index_string(return_value, PQgetvalue(pgsql_result, pg_row, colno), 1); + add_next_index_string(return_value, PQgetvalue(pgsql_result, pg_row, colno), 1); } } } @@ -3151,12 +3151,12 @@ PHP_FUNCTION(pg_untrace) zval *pgsql_link = NULL; int id = -1, argc = ZEND_NUM_ARGS(); PGconn *pgsql; - + if (zend_parse_parameters(argc TSRMLS_CC, "|r", &pgsql_link) == FAILURE) { return; } - if (argc == 0) { + if (argc == 0) { id = PGG(default_link); CHECK_DEFAULT_LINK(id); } @@ -3188,7 +3188,7 @@ PHP_FUNCTION(pg_lo_create) oid = pgsql_link; pgsql_link = NULL; } - + if (pgsql_link == NULL) { id = PGG(default_link); CHECK_DEFAULT_LINK(id); @@ -3198,7 +3198,7 @@ PHP_FUNCTION(pg_lo_create) } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); - + if (oid) { #ifndef HAVE_PG_LO_CREATE php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Passing OID value is not supported. Upgrade your PostgreSQL"); @@ -3377,7 +3377,7 @@ PHP_FUNCTION(pg_lo_open) } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); - + /* r/w/+ is little bit more PHP-like than INV_READ/INV_WRITE and a lot of faster to type. Unfortunately, doesn't behave the same way as fopen()... (Jouni) @@ -3447,7 +3447,7 @@ PHP_FUNCTION(pg_lo_close) } ZEND_FETCH_RESOURCE(pgsql, pgLofp *, &pgsql_lofp, -1, "PostgreSQL large object", le_lofp); - + if (lo_close((PGconn *)pgsql->conn, pgsql->lofd) < 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to close PostgreSQL large object descriptor %d", pgsql->lofd); RETVAL_FALSE; @@ -3481,7 +3481,7 @@ PHP_FUNCTION(pg_lo_read) if (argc > 1) { buf_len = len; } - + buf = (char *) safe_emalloc(sizeof(char), (buf_len+1), 0); if ((nbytes = lo_read((PGconn *)pgsql->conn, pgsql->lofd, buf, buf_len))<0) { efree(buf); @@ -3543,7 +3543,7 @@ PHP_FUNCTION(pg_lo_read_all) volatile int nbytes; char buf[PGSQL_LO_READ_BUF_SIZE]; pgLofp *pgsql; - + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &pgsql_id) == FAILURE) { return; } @@ -3587,7 +3587,7 @@ PHP_FUNCTION(pg_lo_import) else { WRONG_PARAM_COUNT; } - + if (php_check_open_basedir(file_in TSRMLS_CC)) { RETURN_FALSE; } @@ -3720,7 +3720,7 @@ PHP_FUNCTION(pg_lo_export) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Requires 2 or 3 arguments"); RETURN_FALSE; } - + if (php_check_open_basedir(file_out TSRMLS_CC)) { RETURN_FALSE; } @@ -3861,7 +3861,7 @@ PHP_FUNCTION(pg_set_error_verbosity) if (pgsql_link == NULL && id == -1) { RETURN_FALSE; - } + } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); @@ -3920,7 +3920,7 @@ PHP_FUNCTION(pg_client_encoding) if (zend_parse_parameters(argc TSRMLS_CC, "|r", &pgsql_link) == FAILURE) { return; } - + if (argc == 0) { id = PGG(default_link); CHECK_DEFAULT_LINK(id); @@ -3928,7 +3928,7 @@ PHP_FUNCTION(pg_client_encoding) if (pgsql_link == NULL && id == -1) { RETURN_FALSE; - } + } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); @@ -3958,7 +3958,7 @@ PHP_FUNCTION(pg_end_copy) if (zend_parse_parameters(argc TSRMLS_CC, "|r", &pgsql_link) == FAILURE) { return; } - + if (argc == 0) { id = PGG(default_link); CHECK_DEFAULT_LINK(id); @@ -4005,7 +4005,7 @@ PHP_FUNCTION(pg_put_line) if (pgsql_link == NULL && id == -1) { RETURN_FALSE; - } + } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); @@ -4117,7 +4117,7 @@ PHP_FUNCTION(pg_copy_to) csv = (char *)erealloc(csv, strlen(csv) + sizeof(char)*(COPYBUFSIZ+1)); strcat(csv, copybuf); } - + switch (ret) { case EOF: @@ -4325,7 +4325,7 @@ PHP_FUNCTION(pg_escape_string) break; } - to = (char *) safe_emalloc(from_len, 2, 1); + to = (char *) safe_emalloc_string(from_len, 2, 1); #ifdef HAVE_PQESCAPE_CONN if (pgsql_link != NULL || id != -1) { ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); @@ -4374,7 +4374,7 @@ PHP_FUNCTION(pg_escape_bytea) #endif to = (char *)PQescapeBytea((unsigned char*)from, from_len, &to_len); - RETVAL_STRINGL(to, to_len-1, 1); /* to_len includes additional '\0' */ + RETVAL_STRINGL_CHECK(to, to_len-1, 1); /* to_len includes additional '\0' */ PQfreemem(to); } /* }}} */ @@ -4460,7 +4460,7 @@ static unsigned char * php_pgsql_unescape_bytea(unsigned char *strtext, size_t * if (isdigit(*sp)) /* state=4 */ { unsigned char *start, *end, buf[4]; /* 000 + '\0' */ - + bp -= 3; memcpy(buf, sp-2, 3); buf[3] = '\0'; @@ -4561,7 +4561,7 @@ static void php_pgsql_escape_internal(INTERNAL_FUNCTION_PARAMETERS, int escape_l to = estrdup(tmp); PGSQLfree(tmp); - RETURN_STRING(to, 0); + RETVAL_STRINGL_CHECK(to, strlen(to), 0); } /* {{{ proto string pg_escape_literal([resource connection,] string data) @@ -4595,7 +4595,7 @@ PHP_FUNCTION(pg_result_error) &result) == FAILURE) { RETURN_FALSE; } - + ZEND_FETCH_RESOURCE(pg_result, pgsql_result_handle *, &result, -1, "PostgreSQL result", le_result); pgsql_result = pg_result->result; @@ -4623,7 +4623,7 @@ PHP_FUNCTION(pg_result_error_field) &result, &fieldcode) == FAILURE) { RETURN_FALSE; } - + ZEND_FETCH_RESOURCE(pg_result, pgsql_result_handle *, &result, -1, "PostgreSQL result", le_result); pgsql_result = pg_result->result; @@ -4705,14 +4705,14 @@ PHP_FUNCTION(pg_connection_reset) zval *pgsql_link; int id = -1; PGconn *pgsql; - + if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "r", &pgsql_link) == FAILURE) { RETURN_FALSE; } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); - + PQreset(pgsql); if (PQstatus(pgsql) == CONNECTION_BAD) { RETURN_FALSE; @@ -4728,11 +4728,11 @@ PHP_FUNCTION(pg_connection_reset) /* {{{ php_pgsql_flush_query */ -static int php_pgsql_flush_query(PGconn *pgsql TSRMLS_DC) +static int php_pgsql_flush_query(PGconn *pgsql TSRMLS_DC) { PGresult *res; int leftover = 0; - + if (PQ_SETNONBLOCKING(pgsql, 1)) { php_error_docref(NULL TSRMLS_CC, E_NOTICE,"Cannot set connection to nonblocking mode"); return -1; @@ -4749,7 +4749,7 @@ static int php_pgsql_flush_query(PGconn *pgsql TSRMLS_DC) /* {{{ php_pgsql_do_async */ -static void php_pgsql_do_async(INTERNAL_FUNCTION_PARAMETERS, int entry_type) +static void php_pgsql_do_async(INTERNAL_FUNCTION_PARAMETERS, int entry_type) { zval *pgsql_link; int id = -1; @@ -4927,7 +4927,7 @@ PHP_FUNCTION(pg_send_query_params) if (num_params > 0) { int i = 0; params = (char **)safe_emalloc(sizeof(char *), num_params, 0); - + for(i = 0; i < num_params; i++) { if (zend_hash_get_current_data(Z_ARRVAL_P(pv_param_arr), (void **) &tmp) == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING,"Error getting parameter"); @@ -5199,7 +5199,7 @@ PHP_FUNCTION(pg_get_result) } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); - + pgsql_result = PQgetResult(pgsql); if (!pgsql_result) { /* no result */ @@ -5278,11 +5278,11 @@ PHP_FUNCTION(pg_get_notify) if (result_type & PGSQL_NUM) { add_index_string(return_value, 0, pgsql_notify->relname, 1); add_index_long(return_value, 1, pgsql_notify->be_pid); -#if HAVE_PQPROTOCOLVERSION && HAVE_PQPARAMETERSTATUS +#if HAVE_PQPROTOCOLVERSION && HAVE_PQPARAMETERSTATUS if (PQprotocolVersion(pgsql) >= 3 && atof(PQparameterStatus(pgsql, "server_version")) >= 9.0) { -#else +#else if (atof(PG_VERSION) >= 9.0) { -#endif +#endif #if HAVE_PQPARAMETERSTATUS add_index_string(return_value, 2, pgsql_notify->extra, 1); #endif @@ -5291,11 +5291,11 @@ PHP_FUNCTION(pg_get_notify) if (result_type & PGSQL_ASSOC) { add_assoc_string(return_value, "message", pgsql_notify->relname, 1); add_assoc_long(return_value, "pid", pgsql_notify->be_pid); -#if HAVE_PQPROTOCOLVERSION && HAVE_PQPARAMETERSTATUS +#if HAVE_PQPROTOCOLVERSION && HAVE_PQPARAMETERSTATUS if (PQprotocolVersion(pgsql) >= 3 && atof(PQparameterStatus(pgsql, "server_version")) >= 9.0) { -#else +#else if (atof(PG_VERSION) >= 9.0) { -#endif +#endif #if HAVE_PQPARAMETERSTATUS add_assoc_string(return_value, "payload", pgsql_notify->extra, 1); #endif @@ -5568,7 +5568,7 @@ PHP_PGSQL_API int php_pgsql_meta_data(PGconn *pg_link, const char *table_name, z add_assoc_zval(meta, name, elem); } PQclear(pg_result); - + return SUCCESS; } @@ -5742,7 +5742,7 @@ static int php_pgsql_convert_match(const char *str, size_t str_len, const char * /* {{{ php_pgsql_add_quote * add quotes around string. */ -static int php_pgsql_add_quotes(zval *src, zend_bool should_free TSRMLS_DC) +static int php_pgsql_add_quotes(zval *src, zend_bool should_free TSRMLS_DC) { smart_str str = {0}; @@ -5783,7 +5783,7 @@ static int php_pgsql_add_quotes(zval *src, zend_bool should_free TSRMLS_DC) /* {{{ php_pgsql_convert * check and convert array values (fieldname=>vlaue pair) for sql */ -PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, const zval *values, zval *result, ulong opt TSRMLS_DC) +PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, const zval *values, zval *result, ulong opt TSRMLS_DC) { HashPosition pos; char *field = NULL; @@ -5942,11 +5942,11 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con ZVAL_DOUBLE(new_val, Z_DVAL_PP(val)); convert_to_long_ex(&new_val); break; - + case IS_LONG: ZVAL_LONG(new_val, Z_LVAL_PP(val)); break; - + case IS_NULL: ZVAL_STRINGL(new_val, "NULL", sizeof("NULL")-1, 1); break; @@ -6129,7 +6129,7 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con } } break; - + case IS_NULL: ZVAL_STRINGL(new_val, "NULL", sizeof("NULL")-1, 1); break; @@ -6250,14 +6250,14 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con interval values can be written with the following syntax: [@] quantity unit [quantity unit...] [direction] - + Where: quantity is a number (possibly signed); unit is second, minute, hour, day, week, month, year, decade, century, millennium, or abbreviations or plurals of these units [note not *all* abbreviations] ; direction can be ago or empty. The at sign (@) is optional noise. - + ... - + Quantities of days, hours, minutes, and seconds can be specified without explicit unit markings. For example, '1 12:59:10' is read the same as '1 day 12 hours 59 min 10 sec'. @@ -6273,7 +6273,7 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con "decades|decade|dec|decs|" "years|year|y|" "months|month|mon|" - "weeks|week|w|" + "weeks|week|w|" "days|day|d|" "hours|hour|hr|hrs|h|" "minutes|minute|mins|min|m|" @@ -6288,7 +6288,7 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con "years|year|y|" "months|month|mon|" "weeks|week|w|" - "days|day|d))+" + "days|day|d))+" "([-+]?[ \\t]+" "([0-9]+[ \\t]+)+" /* dd */ "(([0-9]{1,2}:){0,2}[0-9]{0,2})" /* hh:[mm:[ss]] */ @@ -6368,7 +6368,7 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Expects NULL, string, long or double value for PostgreSQL '%s' (%s)", Z_STRVAL_PP(type), field); } break; - + #endif case PG_MACADDR: switch(Z_TYPE_PP(val)) { @@ -6592,12 +6592,12 @@ PHP_PGSQL_API int php_pgsql_insert(PGconn *pg_link, const char *table, zval *var } querystr.len--; smart_str_appends(&querystr, ") VALUES ("); - + /* make values string */ for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(var_array), &pos); zend_hash_get_current_data_ex(Z_ARRVAL_P(var_array), (void **)&val, &pos) == SUCCESS; zend_hash_move_forward_ex(Z_ARRVAL_P(var_array), &pos)) { - + /* we can avoid the key_type check here, because we tested it in the other loop */ switch(Z_TYPE_PP(val)) { case IS_STRING: @@ -6645,7 +6645,7 @@ no_values: else if (opt & PGSQL_DML_STRING) { ret = SUCCESS; } - + cleanup: if (!(opt & PGSQL_DML_NO_CONV) && converted) { zval_dtor(converted); @@ -6683,7 +6683,7 @@ PHP_FUNCTION(pg_insert) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid option is specified"); RETURN_FALSE; } - + ZEND_FETCH_RESOURCE2(pg_link, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); if (php_pgsql_flush_query(pg_link TSRMLS_CC)) { @@ -6811,7 +6811,7 @@ static inline int build_assignment_string(PGconn *pg_link, smart_str *querystr, /* {{{ php_pgsql_update */ -PHP_PGSQL_API int php_pgsql_update(PGconn *pg_link, const char *table, zval *var_array, zval *ids_array, ulong opt, char **sql TSRMLS_DC) +PHP_PGSQL_API int php_pgsql_update(PGconn *pg_link, const char *table, zval *var_array, zval *ids_array, ulong opt, char **sql TSRMLS_DC) { zval *var_converted = NULL, *ids_converted = NULL; smart_str querystr = {0}; @@ -6849,9 +6849,9 @@ PHP_PGSQL_API int php_pgsql_update(PGconn *pg_link, const char *table, zval *var if (build_assignment_string(pg_link, &querystr, Z_ARRVAL_P(var_array), 0, ",", 1, opt TSRMLS_CC)) goto cleanup; - + smart_str_appends(&querystr, " WHERE "); - + if (build_assignment_string(pg_link, &querystr, Z_ARRVAL_P(ids_array), 1, " AND ", sizeof(" AND ")-1, opt TSRMLS_CC)) goto cleanup; @@ -6902,7 +6902,7 @@ PHP_FUNCTION(pg_update) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid option is specified"); RETURN_FALSE; } - + ZEND_FETCH_RESOURCE2(pg_link, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); if (php_pgsql_flush_query(pg_link TSRMLS_CC)) { @@ -6920,7 +6920,7 @@ PHP_FUNCTION(pg_update) /* {{{ php_pgsql_delete */ -PHP_PGSQL_API int php_pgsql_delete(PGconn *pg_link, const char *table, zval *ids_array, ulong opt, char **sql TSRMLS_DC) +PHP_PGSQL_API int php_pgsql_delete(PGconn *pg_link, const char *table, zval *ids_array, ulong opt, char **sql TSRMLS_DC) { zval *ids_converted = NULL; smart_str querystr = {0}; @@ -6994,7 +6994,7 @@ PHP_FUNCTION(pg_delete) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid option is specified"); RETURN_FALSE; } - + ZEND_FETCH_RESOURCE2(pg_link, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); if (php_pgsql_flush_query(pg_link TSRMLS_CC)) { @@ -7007,12 +7007,12 @@ PHP_FUNCTION(pg_delete) RETURN_STRING(sql, 0); } RETURN_TRUE; -} +} /* }}} */ /* {{{ php_pgsql_result2array */ -PHP_PGSQL_API int php_pgsql_result2array(PGresult *pg_result, zval *ret_array TSRMLS_DC) +PHP_PGSQL_API int php_pgsql_result2array(PGresult *pg_result, zval *ret_array TSRMLS_DC) { zval *row; char *field_name; @@ -7041,7 +7041,7 @@ PHP_PGSQL_API int php_pgsql_result2array(PGresult *pg_result, zval *ret_array TS data = safe_estrndup(element, element_len); data_len = element_len; - + field_name = PQfname(pg_result, i); add_assoc_stringl(row, field_name, data, data_len, 0); } @@ -7132,7 +7132,7 @@ PHP_FUNCTION(pg_select) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid option is specified"); RETURN_FALSE; } - + ZEND_FETCH_RESOURCE2(pg_link, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); if (php_pgsql_flush_query(pg_link TSRMLS_CC)) { diff --git a/ext/standard/string.c b/ext/standard/string.c index 9498496fce..da473d985c 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -2401,7 +2401,7 @@ PHP_FUNCTION(substr_replace) l = Z_STRLEN_PP(str); } - if ((f + l) > Z_STRLEN_PP(str)) { + if (f > Z_STRLEN_PP(str) - l) { l = Z_STRLEN_PP(str) - f; } if (Z_TYPE_PP(repl) == IS_ARRAY) { @@ -2414,7 +2414,7 @@ PHP_FUNCTION(substr_replace) repl_len = Z_STRLEN_PP(repl); } result_len = Z_STRLEN_PP(str) - l + repl_len; - result = emalloc(result_len + 1); + result = safe_emalloc_string(1, result_len, 1); memcpy(result, Z_STRVAL_PP(str), f); if (repl_len) { @@ -2556,7 +2556,7 @@ PHP_FUNCTION(substr_replace) result_len += Z_STRLEN_P(repl_str); zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl); - result = emalloc(result_len + 1); + result = safe_emalloc_string(1, result_len, 1); memcpy(result, Z_STRVAL_P(orig_str), f); memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str)); @@ -2565,7 +2565,7 @@ PHP_FUNCTION(substr_replace) zval_dtor(repl_str); } } else { - result = emalloc(result_len + 1); + result = safe_emalloc_string(1, result_len, 1); memcpy(result, Z_STRVAL_P(orig_str), f); memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); @@ -2573,7 +2573,7 @@ PHP_FUNCTION(substr_replace) } else { result_len += Z_STRLEN_PP(repl); - result = emalloc(result_len + 1); + result = safe_emalloc_string(1, result_len, 1); memcpy(result, Z_STRVAL_P(orig_str), f); memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl)); @@ -2620,7 +2620,7 @@ PHP_FUNCTION(quotemeta) RETURN_FALSE; } - str = safe_emalloc(2, old_len, 1); + str = safe_emalloc_string(2, old_len, 1); for (p = old, q = str; p != old_end; p++) { c = *p; @@ -3646,7 +3646,7 @@ PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int to_l if (Z_STRLEN_P(result) < 0) { zend_error(E_ERROR, "String size overflow"); } - Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len + 1); + Z_STRVAL_P(result) = target = safe_emalloc_string(char_count, to_len, len + 1); Z_TYPE_P(result) = IS_STRING; if (case_sensitivity) { @@ -3776,7 +3776,7 @@ PHPAPI char *php_str_to_str_ex(char *haystack, int length, } return new_str; } else { - new_str = safe_emalloc(count, str_len - needle_len, length + 1); + new_str = safe_emalloc_string(count, str_len - needle_len, length + 1); } } @@ -4307,10 +4307,7 @@ PHP_FUNCTION(nl2br) size_t repl_len = is_xhtml ? (sizeof("<br />") - 1) : (sizeof("<br>") - 1); new_length = str_len + repl_cnt * repl_len; - if (UNEXPECTED(new_length > INT_MAX)) { - zend_error(E_ERROR, "String size overflow"); - } - tmp = target = safe_emalloc(repl_cnt, repl_len, str_len + 1); + tmp = target = safe_emalloc_string(repl_cnt, repl_len, str_len + 1); } while (str < end) { @@ -5303,7 +5300,7 @@ PHP_FUNCTION(str_pad) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Padding length is too long"); return; } - result = (char *)emalloc(input_len + num_pad_chars + 1); + result = (char *)safe_emalloc_string(1, input_len, num_pad_chars + 1); /* We need to figure out the left/right padding lengths. */ switch (pad_type_val) { diff --git a/ext/xml/xml.c b/ext/xml/xml.c index 5912f9143d..96a76efbdf 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -12,7 +12,7 @@ | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ - | Authors: Stig Sæther Bakken <ssb@php.net> | + | Authors: Stig Sæther Bakken <ssb@php.net> | | Thies C. Arntzen <thies@thieso.net> | | Sterling Hughes <sterling@php.net> | +----------------------------------------------------------------------+ @@ -638,7 +638,7 @@ PHPAPI char *xml_utf8_encode(const char *s, int len, int *newlen, const XML_Char } /* This is the theoretical max (will never get beyond len * 2 as long * as we are converting from single-byte characters, though) */ - newbuf = safe_emalloc(len, 4, 1); + newbuf = safe_emalloc_string(len, 4, 1); while (pos > 0) { c = encoder ? encoder((unsigned char)(*s)) : (unsigned short)(*s); if (c < 0x80) { diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c index ea0d502e90..e33b2ccd21 100644 --- a/ext/zlib/zlib.c +++ b/ext/zlib/zlib.c @@ -82,7 +82,7 @@ static int php_zlib_output_encoding(TSRMLS_D) zval **enc; if (!ZLIBG(compression_coding)) { - if ((PG(http_globals)[TRACK_VARS_SERVER] || zend_is_auto_global(ZEND_STRL("_SERVER") TSRMLS_CC)) && + if ((PG(http_globals)[TRACK_VARS_SERVER] || zend_is_auto_global(ZEND_STRL("_SERVER") TSRMLS_CC)) && SUCCESS == zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "HTTP_ACCEPT_ENCODING", sizeof("HTTP_ACCEPT_ENCODING"), (void *) &enc)) { convert_to_string(*enc); if (strstr(Z_STRVAL_PP(enc), "gzip")) { @@ -574,7 +574,7 @@ static PHP_FUNCTION(gzfile) /* Now loop through the file and do the magic quotes thing if needed */ memset(buf, 0, sizeof(buf)); - + while (php_stream_gets(stream, buf, sizeof(buf) - 1) != NULL) { add_index_string(return_value, i++, buf, 1); } @@ -693,7 +693,7 @@ static PHP_FUNCTION(name) \ if (SUCCESS != php_zlib_decode(in_buf, in_len, &out_buf, &out_len, encoding, max_len TSRMLS_CC)) { \ RETURN_FALSE; \ } \ - RETURN_STRINGL(out_buf, out_len, 0); \ + RETVAL_STRINGL_CHECK(out_buf, out_len, 0); \ } /* {{{ proto binary zlib_encode(binary data, int encoding[, int level = -1]) @@ -931,7 +931,7 @@ static PHP_INI_MH(OnUpdate_zlib_output_handler) return OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); } /* }}} */ - + /* {{{ INI */ PHP_INI_BEGIN() STD_PHP_INI_BOOLEAN("zlib.output_compression", "0", PHP_INI_ALL, OnUpdate_zlib_output_compression, output_compression_default, zend_zlib_globals, zlib_globals) |