diff options
author | Xinchen Hui <laruence@gmail.com> | 2016-08-21 17:19:24 +0800 |
---|---|---|
committer | Xinchen Hui <laruence@gmail.com> | 2016-08-21 17:19:24 +0800 |
commit | 226e21b0fe41d0122d573459f2161cc87505c972 (patch) | |
tree | 1da513f9143e2d41f653273ff77bfa56a0810722 | |
parent | b740bb3987ba4f181dfda91ce3bd9fe663155574 (diff) | |
parent | 52793c14d951b12f0eca806bb55a97011a322243 (diff) | |
download | php-git-226e21b0fe41d0122d573459f2161cc87505c972.tar.gz |
Merge branch 'PHP-5.6' of git.php.net:/php-src into PHP-5.6
* 'PHP-5.6' of git.php.net:/php-src:
Improvements to fix #72714, suggested by nikic
Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequence
Fix #72714: _xml_startElementHandler() segmentation fault
update NEWS
Fixed bug #72852 imap_mail null dereference
Revert "Fix dba configuration for Windows"
Fix dba configuration for Windows
Fix broken test include
fix NEWS
Add myself as PDO_OCI maintainer
-rw-r--r-- | EXTENSIONS | 2 | ||||
-rw-r--r-- | ext/dba/tests/dba_handler.inc | 2 | ||||
-rw-r--r-- | ext/imap/php_imap.c | 6 | ||||
-rw-r--r-- | ext/intl/grapheme/grapheme_util.c | 2 | ||||
-rw-r--r-- | ext/intl/tests/bug65732.phpt | 19 | ||||
-rw-r--r-- | ext/xml/tests/bug72714.phpt | 35 | ||||
-rw-r--r-- | ext/xml/xml.c | 24 |
7 files changed, 76 insertions, 14 deletions
diff --git a/EXTENSIONS b/EXTENSIONS index fd454dfc54..4e0af33ebf 100644 --- a/EXTENSIONS +++ b/EXTENSIONS @@ -205,7 +205,7 @@ STATUS: Working SINCE: 5.1 ------------------------------------------------------------------------------- EXTENSION: pdo_oci -PRIMARY MAINTAINER: Unknown +PRIMARY MAINTAINER: Christopher Jones <sixd@php.net> MAINTENANCE: Odd fixes STATUS: Working SINCE: 5.1 diff --git a/ext/dba/tests/dba_handler.inc b/ext/dba/tests/dba_handler.inc index a950e903af..0f348bc01e 100644 --- a/ext/dba/tests/dba_handler.inc +++ b/ext/dba/tests/dba_handler.inc @@ -40,7 +40,7 @@ do { } if ($handler != 'cdb') { $db_writer = dba_open($db_filename, 'c'.$lock_flag, $handler); - if (($dba_reader = @dba_open($db_filename, 'r'.$lock_flag.($lock_flag ? 't' : ''), $handler))===false) { + if (($dba_reader = @dba_open($db_filename, 'r'.$lock_flag.'t', $handler))===false) { echo "Read during write: not allowed\n"; } else { echo "Read during write: allowed\n"; diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index e91dbfad00..d5d3e2255a 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -3922,7 +3922,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * bt_len++; offset = 0; addr = NULL; - rfc822_parse_adrlist(&addr, tempMailTo, NULL); + rfc822_parse_adrlist(&addr, tempMailTo, "NO HOST"); while (addr) { if (addr->host == NULL || strcmp(addr->host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; @@ -3951,7 +3951,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * bt_len++; offset = 0; addr = NULL; - rfc822_parse_adrlist(&addr, tempMailTo, NULL); + rfc822_parse_adrlist(&addr, tempMailTo, "NO HOST"); while (addr) { if (addr->host == NULL || strcmp(addr->host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; @@ -3977,7 +3977,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char * bt_len++; offset = 0; addr = NULL; - rfc822_parse_adrlist(&addr, tempMailTo, NULL); + rfc822_parse_adrlist(&addr, tempMailTo, "NO HOST"); while (addr) { if (addr->host == NULL || strcmp(addr->host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; diff --git a/ext/intl/grapheme/grapheme_util.c b/ext/intl/grapheme/grapheme_util.c index c752b02372..350ba66255 100644 --- a/ext/intl/grapheme/grapheme_util.c +++ b/ext/intl/grapheme/grapheme_util.c @@ -221,7 +221,7 @@ int grapheme_ascii_check(const unsigned char *day, int32_t len) { int ret_len = len; while ( len-- ) { - if ( *day++ > 0x7f ) + if ( *day++ > 0x7f || (*day == '\n' && *(day - 1) == '\r') ) return -1; } diff --git a/ext/intl/tests/bug65732.phpt b/ext/intl/tests/bug65732.phpt new file mode 100644 index 0000000000..b49f884ee4 --- /dev/null +++ b/ext/intl/tests/bug65732.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence) +--SKIPIF-- +<?php +if (!extension_loaded('intl')) die('skip intl extension not available'); +?> +--FILE-- +<?php +var_dump(grapheme_strlen("\r\n")); +var_dump(grapheme_substr(implode("\r\n", ['abc', 'def', 'ghi']), 5)); +var_dump(grapheme_strrpos("a\r\nb", 'b')); +?> +==DONE== +--EXPECT-- +int(1) +string(7) "ef +ghi" +int(2) +==DONE== diff --git a/ext/xml/tests/bug72714.phpt b/ext/xml/tests/bug72714.phpt new file mode 100644 index 0000000000..7b44e1fd11 --- /dev/null +++ b/ext/xml/tests/bug72714.phpt @@ -0,0 +1,35 @@ +--TEST-- +Bug #72714 (_xml_startElementHandler() segmentation fault) +--SKIPIF-- +<?php +if (!extension_loaded('xml')) die('skip xml extension not available'); +?> +--FILE-- +<?php +function startElement($parser, $name, $attribs) { + var_dump($name); +} + +function endElement($parser, $name) {} + +function parse($tagstart) { + $xml = '<ns1:total>867</ns1:total>'; + + $xml_parser = xml_parser_create(); + xml_set_element_handler($xml_parser, 'startElement', 'endElement'); + + xml_parser_set_option($xml_parser, XML_OPTION_SKIP_TAGSTART, $tagstart); + xml_parse($xml_parser, $xml); + + xml_parser_free($xml_parser); +} + +parse(3015809298423721); +parse(20); +?> +===DONE=== +--EXPECTF-- +Notice: xml_parser_set_option(): tagstart ignored, because it is out of range in %s%ebug72714.php on line %d +string(9) "NS1:TOTAL" +string(0) "" +===DONE=== diff --git a/ext/xml/xml.c b/ext/xml/xml.c index 9eba47be26..5912f9143d 100644 --- a/ext/xml/xml.c +++ b/ext/xml/xml.c @@ -66,6 +66,10 @@ ZEND_GET_MODULE(xml) #endif /* COMPILE_DL_XML */ /* }}} */ + +#define SKIP_TAGSTART(str) ((str) + (parser->toffset > strlen(str) ? strlen(str) : parser->toffset)) + + /* {{{ function prototypes */ PHP_MINIT_FUNCTION(xml); PHP_MINFO_FUNCTION(xml); @@ -785,7 +789,7 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch if (parser->startElementHandler) { args[0] = _xml_resource_zval(parser->index); - args[1] = _xml_string_zval(((char *) tag_name) + parser->toffset); + args[1] = _xml_string_zval(SKIP_TAGSTART((char *) tag_name)); MAKE_STD_ZVAL(args[2]); array_init(args[2]); @@ -816,9 +820,9 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch array_init(tag); array_init(atr); - _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); + _xml_add_to_info(parser,SKIP_TAGSTART((char *) tag_name)); - add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ + add_assoc_string(tag,"tag",SKIP_TAGSTART((char *) tag_name),1); add_assoc_string(tag,"type","open",1); add_assoc_long(tag,"level",parser->level); @@ -870,7 +874,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) if (parser->endElementHandler) { args[0] = _xml_resource_zval(parser->index); - args[1] = _xml_string_zval(((char *) tag_name) + parser->toffset); + args[1] = _xml_string_zval(SKIP_TAGSTART((char *) tag_name)); if ((retval = xml_call_handler(parser, parser->endElementHandler, parser->endElementPtr, 2, args))) { zval_ptr_dtor(&retval); @@ -887,9 +891,9 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) array_init(tag); - _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); + _xml_add_to_info(parser,SKIP_TAGSTART((char *) tag_name)); - add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ + add_assoc_string(tag,"tag",SKIP_TAGSTART((char *) tag_name),1); add_assoc_string(tag,"type","close",1); add_assoc_long(tag,"level",parser->level); @@ -990,9 +994,9 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) array_init(tag); - _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); + _xml_add_to_info(parser,SKIP_TAGSTART(parser->ltags[parser->level-1])); - add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); + add_assoc_string(tag,"tag",SKIP_TAGSTART(parser->ltags[parser->level-1]),1); add_assoc_string(tag,"value",decoded_value,0); add_assoc_string(tag,"type","cdata",1); add_assoc_long(tag,"level",parser->level); @@ -1633,6 +1637,10 @@ PHP_FUNCTION(xml_parser_set_option) case PHP_XML_OPTION_SKIP_TAGSTART: convert_to_long_ex(val); parser->toffset = Z_LVAL_PP(val); + if (parser->toffset < 0) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "tagstart ignored, because it is out of range"); + parser->toffset = 0; + } break; case PHP_XML_OPTION_SKIP_WHITE: convert_to_long_ex(val); |