diff options
| author | Dmitry Stogov <dmitry@zend.com> | 2014-07-07 19:21:23 +0400 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@zend.com> | 2014-07-07 19:21:23 +0400 |
| commit | bce6a36c8a13d718cc308e4e48724c799863459a (patch) | |
| tree | 26f2a9eab1d102dc5c9d9bb7ec54280d6ae17c01 | |
| parent | 477bd49ccab2a10c421a51f512d593251ef7adef (diff) | |
| parent | f0499b86a8b83204eab14e25eb7cb15536f9e69f (diff) | |
| download | php-git-bce6a36c8a13d718cc308e4e48724c799863459a.tar.gz | |
Merge branch 'master' into test
* master: (48 commits)
change locale - looks like not everybody has sl_SI
Fix bug #66921 - Wrong argument type hint for function intltz_from_date_time_zone
fix format
Fix bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting)
Make sure the generator script also creates a newline at the end of file
Add newline at end of file to prevent compilation warning
Fix handling of session user module custom handlers.
Reference bug report instead of github issue in NEWS file
add more exts for Travis
Update NEWS
Fix phpdbg.1 man page installation when build != src directory
BFN for bug #67551 (php://input temp file will be located in sys_temp_dir instead of upload_tmp_dir)
reorder
restore API compatibility
finish
refactor php_stream_temp_create{,_ex} and use it for the php://input stream
refactor _php_stream_fopen_{temporary_,tmp}file()
fix length overflow of HTTP_RAW_POST_DATA
Update NEWS
Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen)
...
Conflicts:
ext/opcache/zend_accelerator_util_funcs.c
ext/session/mod_user.c
ext/spl/spl_array.c
ext/spl/spl_dllist.c
ext/standard/file.c
ext/standard/streamsfuncs.c
ext/standard/string.c
main/streams/memory.c
35 files changed, 618 insertions, 97 deletions
diff --git a/.travis.yml b/.travis.yml index b104b9a3f6..248ab861f8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,6 +25,9 @@ env: - ENABLE_MAINTAINER_ZTS=0 ENABLE_DEBUG=0 - ENABLE_MAINTAINER_ZTS=1 ENABLE_DEBUG=1 +before_install: + - sudo apt-get update -qq + - sudo apt-get install -y libenchant-dev libaspell-dev libpspell-dev librecode-dev before_script: # Compile PHP - ./travis/compile.sh @@ -12,6 +12,7 @@ PHP NEWS - Standard: . Removed call_user_method() and call_user_method_array() functions. (Kalle) + . Fix user session handlers (See rfc:session.user.return-value). (Sara) - XSL: . Fixed bug #64776 (The XSLT extension is not thread safe). (Mike) diff --git a/Zend/tests/constant_expressions_arrays.phpt b/Zend/tests/constant_expressions_arrays.phpt new file mode 100644 index 0000000000..061fcc6a92 --- /dev/null +++ b/Zend/tests/constant_expressions_arrays.phpt @@ -0,0 +1,35 @@ +--TEST-- +Constant expressions with arrays +--FILE-- +<?php +const a = [1,2,[3,[4]]]; +const b = a[0]; +const c = a[2][0]; +const d = a[2]; +const e = ["string" => [1]]["string"][0]; + +var_dump(b, c, e); + +function test ($a = d[1][0]) { + var_dump($a); +} + +test(); + +class foo { + const bar = [1][0]; +} + +var_dump(foo::bar); + +var_dump(a); // Eventually allow that later with array dereferencing of constants + +?> +--EXPECTF-- +int(1) +int(3) +int(1) +int(4) +int(1) + +Fatal error: Arrays are not allowed in constants at run-time in %s on line %d diff --git a/Zend/tests/constant_expressions_self_referencing_array.phpt b/Zend/tests/constant_expressions_self_referencing_array.phpt new file mode 100644 index 0000000000..09f862e048 --- /dev/null +++ b/Zend/tests/constant_expressions_self_referencing_array.phpt @@ -0,0 +1,15 @@ +--TEST-- +Self-referencing constant expression (part of a constant AST) +--XFAIL-- +Not yet fixed, to be fixed for PHP 5.6 +--FILE-- +<?php +class A { + const FOO = [self::BAR]; + const BAR = [self::FOO]; +} +var_dump(A::FOO); +?> +--EXPECTF-- +Fatal error: Cannot declare self-referencing constant 'self::FOO' in %s on line %d + diff --git a/Zend/tests/generators/bug67497.phpt b/Zend/tests/generators/bug67497.phpt new file mode 100644 index 0000000000..483857b96c --- /dev/null +++ b/Zend/tests/generators/bug67497.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #67467: eval with parse error causes segmentation fault in generator +--FILE-- +<?php + +function gen() { + $a = 1; + yield $a; +} + +@eval('abc'); + +$values = gen(); +$values->next(); + +?> +===DONE=== +--EXPECT-- +===DONE=== diff --git a/Zend/zend_generators.c b/Zend/zend_generators.c index 698b2d8cf3..922c6a3f2b 100644 --- a/Zend/zend_generators.c +++ b/Zend/zend_generators.c @@ -115,6 +115,7 @@ ZEND_API void zend_generator_close(zend_generator *generator, zend_bool finished /* A fatal error / die occurred during the generator execution. Trying to clean * up the stack may not be safe in this case. */ if (CG(unclean_shutdown)) { + generator->execute_data = NULL; return; } diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch index bb9a0dafae..8b0b9a8911 100644 --- a/ext/fileinfo/libmagic.patch +++ b/ext/fileinfo/libmagic.patch @@ -822,7 +822,16 @@ diff -u libmagic.orig/ascmagic.c libmagic/ascmagic.c } diff -u libmagic.orig/cdf.c libmagic/cdf.c --- libmagic.orig/cdf.c Tue Feb 26 17:20:42 2013 -+++ libmagic/cdf.c Tue May 27 22:28:51 2014 ++++ libmagic/cdf.c Tue Jul 1 08:57:25 2014 +@@ -35,7 +35,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: cdf.c,v 1.53 2013/02/26 16:20:42 christos Exp $") ++FILE_RCSID("@(#)$File: cdf.c,v 1.55 2014/02/27 23:26:17 christos Exp $") + #endif + + #include <assert.h> @@ -43,7 +43,17 @@ #include <err.h> #endif @@ -841,7 +850,25 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c #include <string.h> #include <time.h> #include <ctype.h> -@@ -296,7 +306,10 @@ +@@ -267,13 +277,15 @@ + { + const char *b = (const char *)sst->sst_tab; + const char *e = ((const char *)p) + tail; ++ size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? ++ CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); + (void)&line; +- if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len) ++ if (e >= b && (size_t)(e - b) <= ss * sst->sst_len) + return 0; + DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u" + " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" + SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), +- CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); ++ ss * sst->sst_len, ss, sst->sst_len)); + errno = EFTYPE; + return -1; + } +@@ -296,7 +308,10 @@ if (info->i_fd == -1) return -1; @@ -853,7 +880,77 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c return -1; return (ssize_t)len; -@@ -810,6 +823,10 @@ +@@ -352,10 +367,10 @@ + size_t ss = CDF_SHORT_SEC_SIZE(h); + size_t pos = CDF_SHORT_SEC_POS(h, id); + assert(ss == len); +- if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { ++ if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { + DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" + SIZE_T_FORMAT "u\n", +- pos, CDF_SEC_SIZE(h) * sst->sst_len)); ++ pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); + return -1; + } + (void)memcpy(((char *)buf) + offs, +@@ -455,7 +470,8 @@ + cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) + { + size_t i, j; +- cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size); ++ cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size) ++ / sizeof(maxsector)); + + DPRINTF(("Chain:")); + for (j = i = 0; sid >= 0; i++, j++) { +@@ -465,8 +481,8 @@ + errno = EFTYPE; + return (size_t)-1; + } +- if (sid > maxsector) { +- DPRINTF(("Sector %d > %d\n", sid, maxsector)); ++ if (sid >= maxsector) { ++ DPRINTF(("Sector %d >= %d\n", sid, maxsector)); + errno = EFTYPE; + return (size_t)-1; + } +@@ -675,11 +691,13 @@ + + int + cdf_read_short_stream(const cdf_info_t *info, const cdf_header_t *h, +- const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn) ++ const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn, ++ const cdf_directory_t **root) + { + size_t i; + const cdf_directory_t *d; + ++ *root = NULL; + for (i = 0; i < dir->dir_len; i++) + if (dir->dir_tab[i].d_type == CDF_DIR_TYPE_ROOT_STORAGE) + break; +@@ -688,6 +706,7 @@ + if (i == dir->dir_len) + goto out; + d = &dir->dir_tab[i]; ++ *root = d; + + /* If the it is not there, just fake it; some docs don't have it */ + if (d->d_stream_first_sector < 0) +@@ -796,7 +815,11 @@ + if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) + goto out; + for (i = 0; i < sh.sh_properties; i++) { +- size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); ++ size_t ofs, tail = (i << 1) + 1; ++ if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t), ++ __LINE__) == -1) ++ goto out; ++ ofs = CDF_GETUINT32(p, tail); + q = (const uint8_t *)(const void *) + ((const char *)(const void *)p + ofs + - 2 * sizeof(uint32_t)); +@@ -810,6 +833,10 @@ i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { nelements = CDF_GETUINT32(q, 1); @@ -864,7 +961,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c o = 2; } else { nelements = 1; -@@ -884,7 +901,9 @@ +@@ -884,7 +911,9 @@ } DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", nelements)); @@ -875,7 +972,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = (const char *) -@@ -929,7 +948,7 @@ +@@ -929,7 +958,7 @@ cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) { @@ -884,7 +981,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c const cdf_summary_info_header_t *si = CAST(const cdf_summary_info_header_t *, sst->sst_tab); const cdf_section_declaration_t *sd = -@@ -944,21 +963,13 @@ +@@ -944,21 +973,13 @@ ssi->si_os = CDF_TOLE2(si->si_os); ssi->si_class = si->si_class; cdf_swap_class(&ssi->si_class); @@ -909,7 +1006,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c return 0; } -@@ -1132,7 +1143,7 @@ +@@ -1132,7 +1153,7 @@ cdf_directory_t *d; char name[__arraycount(d->d_name)]; cdf_stream_t scn; @@ -918,7 +1015,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c static const char *types[] = { "empty", "user storage", "user stream", "lockbytes", "property", "root storage" }; -@@ -1185,7 +1196,7 @@ +@@ -1185,7 +1206,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count) { cdf_timestamp_t tp; @@ -927,7 +1024,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c char buf[64]; size_t i, j; -@@ -1229,7 +1240,11 @@ +@@ -1229,7 +1250,11 @@ break; case CDF_FILETIME: tp = info[i].pi_tp; @@ -941,7 +1038,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c } else { diff -u libmagic.orig/cdf.h libmagic/cdf.h --- libmagic.orig/cdf.h Thu Jun 21 00:19:55 2012 -+++ libmagic/cdf.h Tue May 27 22:28:51 2014 ++++ libmagic/cdf.h Thu Jun 5 18:05:33 2014 @@ -35,10 +35,12 @@ #ifndef _H_CDF_ #define _H_CDF_ @@ -982,6 +1079,16 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h int cdf_read_header(const cdf_info_t *, cdf_header_t *); void cdf_swap_header(cdf_header_t *); void cdf_unpack_header(cdf_header_t *, char *); +@@ -294,7 +300,8 @@ + int cdf_read_ssat(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *, + cdf_sat_t *); + int cdf_read_short_stream(const cdf_info_t *, const cdf_header_t *, +- const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *); ++ const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *, ++ const cdf_directory_t **); + int cdf_read_property_info(const cdf_stream_t *, const cdf_header_t *, uint32_t, + cdf_property_info_t **, size_t *, size_t *); + int cdf_read_summary_info(const cdf_info_t *, const cdf_header_t *, diff -u libmagic.orig/cdf_time.c libmagic/cdf_time.c --- libmagic.orig/cdf_time.c Thu Jun 21 00:18:33 2012 +++ libmagic/cdf_time.c Fri Feb 21 00:21:27 2014 @@ -2599,8 +2706,13 @@ diff -u libmagic.orig/print.c libmagic/print.c } diff -u libmagic.orig/readcdf.c libmagic/readcdf.c --- libmagic.orig/readcdf.c Tue Jan 7 04:13:42 2014 -+++ libmagic/readcdf.c Tue May 27 22:28:51 2014 -@@ -30,7 +30,11 @@ ++++ libmagic/readcdf.c Thu Jun 5 18:05:33 2014 +@@ -26,11 +26,15 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: readcdf.c,v 1.37 2014/01/06 13:41:18 rrt Exp $") ++FILE_RCSID("@(#)$File: readcdf.c,v 1.40 2014/03/06 15:23:33 christos Exp $") #endif #include <stdlib.h> @@ -2612,7 +2724,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c #include <string.h> #include <time.h> #include <ctype.h> -@@ -69,6 +73,10 @@ +@@ -69,6 +73,44 @@ { NULL, NULL, }, }; @@ -2620,10 +2732,49 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c +# define strcasestr strstr +#endif + ++static const struct cv { ++ uint64_t clsid[2]; ++ const char *mime; ++} clsid2mime[] = { ++ { ++#ifdef PHP_WIN32 ++ { 0x00000000000c1084ui64, 0x46000000000000c0ui64 }, ++#else ++ { 0x00000000000c1084LLU, 0x46000000000000c0LLU }, ++#endif ++ "x-msi", ++ } ++}, clsid2desc[] = { ++ { ++#ifdef PHP_WIN32 ++ { 0x00000000000c1084ui64, 0x46000000000000c0ui64 }, ++#else ++ { 0x00000000000c1084LLU, 0x46000000000000c0LLU }, ++#endif ++ "MSI Installer", ++ }, ++}; ++ ++private const char * ++cdf_clsid_to_mime(const uint64_t clsid[2], const struct cv *cv) ++{ ++ size_t i; ++ for (i = 0; cv[i].mime != NULL; i++) { ++ if (clsid[0] == cv[i].clsid[0] && clsid[1] == cv[i].clsid[1]) ++ return cv[i].mime; ++ } ++ return NULL; ++} ++ private const char * cdf_app_to_mime(const char *vbuf, const struct nv *nv) { -@@ -91,12 +99,14 @@ +@@ -87,16 +129,21 @@ + + private int + cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, +- size_t count) ++ size_t count, const cdf_directory_t *root_storage) { size_t i; cdf_timestamp_t tp; @@ -2636,10 +2787,22 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c + memset(&ts, 0, sizeof(ts)); + ++ if (!NOTMIME(ms) && root_storage) ++ str = cdf_clsid_to_mime(root_storage->d_storage_uuid, clsid2mime); ++ for (i = 0; i < count; i++) { cdf_print_property_name(buf, sizeof(buf), info[i].pi_id); switch (info[i].pi_type) { -@@ -162,8 +172,12 @@ +@@ -153,7 +200,7 @@ + buf, vbuf) == -1) + return -1; + } +- } else if (info[i].pi_id == ++ } else if (str == NULL && info[i].pi_id == + CDF_PROPERTY_NAME_OF_APPLICATION) { + str = cdf_app_to_mime(vbuf, app2mime); + } +@@ -162,8 +209,12 @@ case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { @@ -2654,7 +2817,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c cdf_print_elapsed_time(tbuf, sizeof(tbuf), tp); if (NOTMIME(ms) && file_printf(ms, -@@ -171,8 +185,11 @@ +@@ -171,8 +222,11 @@ return -1; } else { char *c, *ec; @@ -2668,6 +2831,91 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c if (c != NULL && (ec = strchr(c, '\n')) != NULL) *ec = '\0'; +@@ -200,7 +254,7 @@ + + private int + cdf_file_summary_info(struct magic_set *ms, const cdf_header_t *h, +- const cdf_stream_t *sst) ++ const cdf_stream_t *sst, const cdf_directory_t *root_storage) + { + cdf_summary_info_header_t si; + cdf_property_info_t *info; +@@ -211,6 +265,8 @@ + return -1; + + if (NOTMIME(ms)) { ++ const char *str; ++ + if (file_printf(ms, "Composite Document File V2 Document") + == -1) + return -1; +@@ -238,9 +294,15 @@ + return -2; + break; + } +- } ++ if (root_storage) { ++ str = cdf_clsid_to_mime(root_storage->d_storage_uuid, clsid2desc); ++ if (str) ++ if (file_printf(ms, ", %s", str) == -1) ++ return -2; ++ } ++ } + +- m = cdf_file_property_info(ms, info, count); ++ m = cdf_file_property_info(ms, info, count, root_storage); + free(info); + + return m == -1 ? -2 : m; +@@ -258,6 +320,7 @@ + int i; + const char *expn = ""; + const char *corrupt = "corrupt: "; ++ const cdf_directory_t *root_storage; + + info.i_fd = fd; + info.i_buf = buf; +@@ -291,7 +354,8 @@ + goto out2; + } + +- if ((i = cdf_read_short_stream(&info, &h, &sat, &dir, &sst)) == -1) { ++ if ((i = cdf_read_short_stream(&info, &h, &sat, &dir, &sst, ++ &root_storage)) == -1) { + expn = "Cannot read short stream"; + goto out3; + } +@@ -312,23 +376,21 @@ + #ifdef CDF_DEBUG + cdf_dump_summary_info(&h, &scn); + #endif +- if ((i = cdf_file_summary_info(ms, &h, &scn)) < 0) +- expn = "Can't expand summary_info"; ++ if ((i = cdf_file_summary_info(ms, &h, &scn, root_storage)) < 0) ++ expn = "Can't expand summary_info"; ++ + if (i == 0) { + const char *str = NULL; + cdf_directory_t *d; + char name[__arraycount(d->d_name)]; + size_t j, k; +- for (j = 0; j < dir.dir_len; j++) { ++ ++ for (j = 0; str == NULL && j < dir.dir_len; j++) { + d = &dir.dir_tab[j]; + for (k = 0; k < sizeof(name); k++) + name[k] = (char)cdf_tole2(d->d_name[k]); +- if (NOTMIME(ms)) +- str = cdf_app_to_mime(name, name2desc); +- else +- str = cdf_app_to_mime(name, name2mime); +- if (str != NULL) +- break; ++ str = cdf_app_to_mime(name, ++ NOTMIME(ms) ? name2desc : name2mime); + } + if (NOTMIME(ms)) { + if (str != NULL) { diff -u libmagic.orig/readelf.c libmagic/readelf.c --- libmagic.orig/readelf.c Tue Nov 5 16:44:01 2013 +++ libmagic/readelf.c Fri Feb 21 00:21:27 2014 @@ -2915,7 +3163,7 @@ diff -u libmagic.orig/readelf.h libmagic/readelf.h typedef uint8_t Elf64_Char; diff -u libmagic.orig/softmagic.c libmagic/softmagic.c --- libmagic.orig/softmagic.c Thu Feb 13 00:20:53 2014 -+++ libmagic/softmagic.c Sun Mar 9 13:14:07 2014 ++++ libmagic/softmagic.c Tue Jul 1 08:57:25 2014 @@ -50,6 +50,11 @@ #include <locale.h> #endif @@ -3050,7 +3298,29 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c break; \ } \ -@@ -1178,9 +1162,6 @@ +@@ -931,10 +915,18 @@ + return 1; + } + case FILE_PSTRING: { +- char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); ++ size_t sz = file_pstring_length_size(m); ++ char *ptr1 = p->s, *ptr2 = ptr1 + sz; + size_t len = file_pstring_get_length(m, ptr1); +- if (len >= sizeof(p->s)) +- len = sizeof(p->s) - 1; ++ if (len >= sizeof(p->s)) { ++ /* ++ * The size of the pascal string length (sz) ++ * is 1, 2, or 4. We need at least 1 byte for NUL ++ * termination, but we've already truncated the ++ * string by p->s, so we need to deduct sz. ++ */ ++ len = sizeof(p->s) - sz; ++ } + while (len--) + *ptr1++ = *ptr2++; + *ptr1 = '\0'; +@@ -1178,9 +1170,6 @@ "nbytes=%zu, count=%u)\n", m->type, m->flag, offset, o, nbytes, count); mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); @@ -3060,7 +3330,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c } if (m->flag & INDIR) { -@@ -1679,9 +1660,6 @@ +@@ -1679,9 +1668,6 @@ if ((ms->flags & MAGIC_DEBUG) != 0) { mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); @@ -3070,7 +3340,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c } } -@@ -1755,11 +1733,21 @@ +@@ -1755,11 +1741,21 @@ ms->offset = soffset; if (rv == 1) { if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && @@ -3095,7 +3365,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c } return rv; -@@ -1875,6 +1863,42 @@ +@@ -1875,6 +1871,42 @@ return file_strncmp(a, b, len, flags); } @@ -3138,13 +3408,16 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c private int magiccheck(struct magic_set *ms, struct magic *m) { -@@ -2035,63 +2059,151 @@ +@@ -2035,63 +2067,151 @@ break; } case FILE_REGEX: { - int rc; - regex_t rx; - char errmsg[512]; +- +- if (ms->search.s == NULL) +- return 0; + zval *pattern; + int options = 0; + pcre_cache_entry *pce; @@ -3281,9 +3554,6 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c + } + } -- if (ms->search.s == NULL) -- return 0; - - l = 0; - rc = regcomp(&rx, m->value.s, - REG_EXTENDED|REG_NEWLINE| @@ -3318,7 +3588,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c - (size_t)(pmatch[0].rm_eo - pmatch[0].rm_so); - v = 0; - break; -- + - case REG_NOMATCH: + } else { v = 1; @@ -3354,4 +3624,3 @@ diff -u libmagic.orig/strcasestr.c libmagic/strcasestr.c #include <assert.h> #include <ctype.h> #include <string.h> - diff --git a/ext/filter/tests/bug49184.phpt b/ext/filter/tests/bug49184.phpt new file mode 100644 index 0000000000..86d35db0d5 --- /dev/null +++ b/ext/filter/tests/bug49184.phpt @@ -0,0 +1,22 @@ +--TEST-- +Bug #67296 (filter_input doesn't validate variables) +--XFAIL-- +See Bug #49184 +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip needs filter ext"); ?> +--ENV-- +return <<<END +HTTP_X_FORWARDED_FOR=example.com +END; +--FILE-- +<?php + var_dump(filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR", FILTER_UNSAFE_RAW)); + var_dump($_SERVER["HTTP_X_FORWARDED_FOR"]); + var_dump(getenv("HTTP_X_FORWARDED_FOR")); + var_dump("done"); +?> +--EXPECT-- +string(11) "example.com" +string(11) "example.com" +string(11) "example.com" +string(4) "done" diff --git a/ext/intl/formatter/formatter_parse.c b/ext/intl/formatter/formatter_parse.c index d5b7cdd745..62fc2b10f5 100644 --- a/ext/intl/formatter/formatter_parse.c +++ b/ext/intl/formatter/formatter_parse.c @@ -74,7 +74,9 @@ PHP_FUNCTION( numfmt_parse ) } #if ICU_LOCALE_BUG && defined(LC_NUMERIC) - oldlocale = setlocale(LC_NUMERIC, "C"); + /* need to copy here since setlocale may change it later */ + oldlocale = estrdup(setlocale(LC_NUMERIC, NULL)); + setlocale(LC_NUMERIC, "C"); #endif switch(type) { @@ -101,6 +103,7 @@ PHP_FUNCTION( numfmt_parse ) } #if ICU_LOCALE_BUG && defined(LC_NUMERIC) setlocale(LC_NUMERIC, oldlocale); + efree(oldlocale); #endif if(zposition) { zval_dtor(zposition); diff --git a/ext/intl/php_intl.c b/ext/intl/php_intl.c index c1171add4b..9ca225ab88 100644 --- a/ext/intl/php_intl.c +++ b/ext/intl/php_intl.c @@ -445,7 +445,7 @@ ZEND_BEGIN_ARG_INFO_EX( arginfo_tz_idarg_static, 0, 0, 1 ) ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX( arginfo_tz_from_date_time_zone, 0, 0, 1 ) - ZEND_ARG_OBJ_INFO( 0, dateTimeZone, IntlDateTimeZone, 0 ) + ZEND_ARG_OBJ_INFO( 0, dateTimeZone, DateTimeZone, 0 ) ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX( arginfo_tz_create_enumeration, 0, 0, 0 ) diff --git a/ext/intl/tests/bug14562.phpt b/ext/intl/tests/bug14562.phpt index 3256268405..7cf927f7e7 100644 --- a/ext/intl/tests/bug14562.phpt +++ b/ext/intl/tests/bug14562.phpt @@ -15,6 +15,7 @@ function ut_main() setlocale(LC_ALL, $de_locale); $fmt = new NumberFormatter("de", NumberFormatter::DECIMAL ); $numeric = $fmt->parse("1234,56"); + setlocale(LC_ALL, "C"); // reset for printing $res_str .= "$numeric\n"; return $res_str; } diff --git a/ext/intl/tests/bug66921.phpt b/ext/intl/tests/bug66921.phpt new file mode 100644 index 0000000000..58ae9c0f82 --- /dev/null +++ b/ext/intl/tests/bug66921.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #66921 - Wrong argument type hint for function intltz_from_date_time_zone +--SKIPIF-- +<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?> +--FILE-- +<?php +$f = new ReflectionFunction('intltz_from_date_time_zone'); +var_dump($f->getParameters()[0]->getClass()); + +?> +--EXPECTF-- +object(ReflectionClass)#%d (1) { + ["name"]=> + string(12) "DateTimeZone" +} diff --git a/ext/intl/tests/bug67052.phpt b/ext/intl/tests/bug67052.phpt new file mode 100644 index 0000000000..f3245f8398 --- /dev/null +++ b/ext/intl/tests/bug67052.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #67052 - NumberFormatter::parse() resets LC_NUMERIC setting +--SKIPIF-- +<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?> +--FILE-- +<?php + +function ut_main() +{ + setlocale(LC_ALL, 'de_DE'); + + $fmt = new NumberFormatter( 'sl_SI.UTF-8', NumberFormatter::DECIMAL); + $num = "1.234.567,891"; + $res_str = $fmt->parse($num)."\n"; + $res_str .= setlocale(LC_NUMERIC, 0); + return $res_str; +} + +include_once( 'ut_common.inc' ); +ut_run(); + +?> +--EXPECT-- +1234567,891 +de_DE diff --git a/ext/opcache/tests/bug67215.phpt b/ext/opcache/tests/bug67215.phpt new file mode 100644 index 0000000000..e9919d1001 --- /dev/null +++ b/ext/opcache/tests/bug67215.phpt @@ -0,0 +1,28 @@ +--TEST-- +Bug #67215 (php-cgi work with opcache, may be segmentation fault happen) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.file_update_protection=0 +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php + +$file_c = __DIR__ . "/bug67215.c.php"; +$file_p = __DIR__ . "/bug67215.p.php"; +file_put_contents($file_c, "<?php require \"$file_p\"; class c extends p {} ?>"); +file_put_contents($file_p, '<?php class p { protected $var = ""; } ?>'); +require $file_c; +$a = new c(); +require $file_c; +?> +--CLEAN-- +<?php +$file_c = __DIR__ . "/bug67215.c.php"; +$file_p = __DIR__ . "/bug67215.p.php"; +unlink($file_c); +unlink($file_p); +?> +--EXPECTF-- +Fatal error: Cannot redeclare class c in %sbug67215.c.php on line %d diff --git a/ext/opcache/zend_accelerator_util_funcs.c b/ext/opcache/zend_accelerator_util_funcs.c index 93999af11f..ad5f44baa0 100644 --- a/ext/opcache/zend_accelerator_util_funcs.c +++ b/ext/opcache/zend_accelerator_util_funcs.c @@ -810,18 +810,7 @@ static void zend_accel_function_hash_copy(HashTable *target, HashTable *source, if (UNEXPECTED(t == NULL)) { if (p->key->len > 0 && p->key->val[0] == 0) { /* Mangled key */ -#if ZEND_EXTENSION_API_NO >= PHP_5_3_X_API_NO - if (((zend_function*)Z_PTR(p->val))->common.fn_flags & ZEND_ACC_CLOSURE) { - /* update closure */ - t = zend_hash_update(target, p->key, &p->val); - } else { - /* ignore and wait for runtime */ - continue; - } -#else - /* ignore and wait for runtime */ - continue; -#endif + t = zend_hash_update(target, p->key, &p->val); } else { t = zend_hash_find(target, p->key); goto failure; diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 4381440e8d..40f24ff940 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -783,7 +783,7 @@ static int le_link, le_plink, le_result, le_lofp, le_string; #endif #if !HAVE_PQESCAPE_CONN -#define PQescapeStringConn(conn, to, form, len, error) PQescapeString(to, from, len) +#define PQescapeStringConn(conn, to, from, len, error) PQescapeString(to, from, len) #endif #if HAVE_PQESCAPELITERAL @@ -1126,7 +1126,9 @@ PHP_MINIT_FUNCTION(pgsql) REGISTER_LONG_CONSTANT("PGSQL_CONNECTION_MADE", CONNECTION_MADE, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PGSQL_CONNECTION_AWAITING_RESPONSE", CONNECTION_AWAITING_RESPONSE, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("PGSQL_CONNECTION_AUTH_OK", CONNECTION_AUTH_OK, CONST_CS | CONST_PERSISTENT); +#ifdef CONNECTION_SSL_STARTUP REGISTER_LONG_CONSTANT("PGSQL_CONNECTION_SSL_STARTUP", CONNECTION_SSL_STARTUP, CONST_CS | CONST_PERSISTENT); +#endif REGISTER_LONG_CONSTANT("PGSQL_CONNECTION_SETENV", CONNECTION_SETENV, CONST_CS | CONST_PERSISTENT); /* For pg_connect_poll() */ REGISTER_LONG_CONSTANT("PGSQL_POLLING_FAILED", PGRES_POLLING_FAILED, CONST_CS | CONST_PERSISTENT); diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c index 21f52a1db0..7996575cd4 100644 --- a/ext/session/mod_user.c +++ b/ext/session/mod_user.c @@ -67,12 +67,24 @@ static void ps_call_handler(zval *func, int argc, zval *argv, zval *retval TSRML #define PSF(a) PS(mod_user_names).name.ps_##a -#define FINISH \ - if (!Z_ISUNDEF(retval)) { \ - convert_to_long(&retval); \ - ret = Z_LVAL(retval); \ - zval_ptr_dtor(&retval); \ - } \ +#define FINISH \ + if (Z_TYPE(retval) != IS_UNDEF) { \ + if (Z_TYPE(retval) == IS_TRUE) { \ + ret = SUCCESS; \ + } else if (Z_TYPE(retval) == IS_FALSE) { \ + ret = FAILURE; \ + } else if ((Z_TYPE(retval) == IS_LONG) && (Z_LVAL(retval) == -1)) { \ + /* BC for clever users - Deprecate me */ \ + ret = FAILURE; \ + } else if ((Z_TYPE(retval) == IS_LONG) && (Z_LVAL(retval) == 0)) { \ + /* BC for clever users - Deprecate me */ \ + ret = SUCCESS; \ + } else { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Session callback expects true/false return value"); \ + ret = FAILURE; \ + zval_ptr_dtor(&retval); \ + } \ + } \ return ret PS_OPEN_FUNC(user) diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 24556b532c..385c029794 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1774,6 +1774,7 @@ SPL_METHOD(Array, unserialize) const unsigned char *p, *s; php_unserialize_data_t var_hash; zval members, zflags; + HashTable *aht; long flags; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { @@ -1784,6 +1785,12 @@ SPL_METHOD(Array, unserialize) return; } + aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); + if (aht->u.v.nApplyCount > 0) { + zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited"); + return; + } + /* storage */ s = p = (const unsigned char*)buf; PHP_VAR_UNSERIALIZE_INIT(var_hash); diff --git a/ext/spl/spl_dllist.c b/ext/spl/spl_dllist.c index 929fdd8798..09d874645d 100644 --- a/ext/spl/spl_dllist.c +++ b/ext/spl/spl_dllist.c @@ -43,12 +43,10 @@ PHPAPI zend_class_entry *spl_ce_SplStack; #define SPL_LLIST_DELREF(elem) if(!--(elem)->rc) { \ efree(elem); \ - elem = NULL; \ } #define SPL_LLIST_CHECK_DELREF(elem) if((elem) && !--(elem)->rc) { \ efree(elem); \ - elem = NULL; \ } #define SPL_LLIST_ADDREF(elem) (elem)->rc++ @@ -897,6 +895,10 @@ SPL_METHOD(SplDoublyLinkedList, offsetUnset) llist->dtor(element TSRMLS_CC); } + if (intern->traverse_pointer == element) { + SPL_LLIST_DELREF(element); + intern->traverse_pointer = NULL; + } zval_ptr_dtor(&element->data); ZVAL_UNDEF(&element->data); diff --git a/ext/spl/tests/bug67538.phpt b/ext/spl/tests/bug67538.phpt new file mode 100644 index 0000000000..b6f3848c36 --- /dev/null +++ b/ext/spl/tests/bug67538.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #67538 (SPL Iterators use-after-free) +--FILE-- +<?php +$list = new SplDoublyLinkedList(); +$list->push('a'); +$list->push('b'); + +$list->rewind(); +$list->offsetUnset(0); +$list->push('b'); +$list->offsetUnset(0); +$list->next(); +echo "okey"; +?> +--EXPECTF-- +okey diff --git a/ext/spl/tests/bug67539.phpt b/ext/spl/tests/bug67539.phpt new file mode 100644 index 0000000000..8bab2a8c21 --- /dev/null +++ b/ext/spl/tests/bug67539.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #67539 (ArrayIterator use-after-free due to object change during sorting) +--FILE-- +<?php + +$it = new ArrayIterator(array_fill(0,2,'X'), 1 ); + +function badsort($a, $b) { + $GLOBALS['it']->unserialize($GLOBALS['it']->serialize()); + return TRUE; +} + +$it->uksort('badsort'); +--EXPECTF-- +Warning: Modification of ArrayObject during sorting is prohibited in %sbug67539.php on line %d diff --git a/ext/standard/credits.c b/ext/standard/credits.c index 006c2d4c1a..3cb6eef724 100644 --- a/ext/standard/credits.c +++ b/ext/standard/credits.c @@ -61,10 +61,10 @@ PHPAPI void php_print_credits(int flag TSRMLS_DC) /* {{{ */ php_info_print_table_start(); php_info_print_table_colspan_header(2, "PHP Authors"); php_info_print_table_header(2, "Contribution", "Authors"); - CREDIT_LINE("Zend Scripting Language Engine", "Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Marcus Boerger, Dmitry Stogov"); + CREDIT_LINE("Zend Scripting Language Engine", "Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Marcus Boerger, Dmitry Stogov, Xinchen Hui, Nikita Popov"); CREDIT_LINE("Extension Module API", "Andi Gutmans, Zeev Suraski, Andrei Zmievski"); CREDIT_LINE("UNIX Build and Modularization", "Stig Bakken, Sascha Schumann, Jani Taskinen"); - CREDIT_LINE("Windows Port", "Shane Caraveo, Zeev Suraski, Wez Furlong, Pierre-Alain Joye"); + CREDIT_LINE("Windows Port", "Shane Caraveo, Zeev Suraski, Wez Furlong, Pierre-Alain Joye, Anatol Belski"); CREDIT_LINE("Server API (SAPI) Abstraction Layer", "Andi Gutmans, Shane Caraveo, Zeev Suraski"); CREDIT_LINE("Streams Abstraction Layer", "Wez Furlong, Sara Golemon"); CREDIT_LINE("PHP Data Objects Layer", "Wez Furlong, Marcus Boerger, Sterling Hughes, George Schlossnagle, Ilia Alshanetsky"); @@ -95,7 +95,7 @@ PHPAPI void php_print_credits(int flag TSRMLS_DC) /* {{{ */ if (flag & PHP_CREDITS_DOCS) { php_info_print_table_start(); php_info_print_table_colspan_header(2, "PHP Documentation"); - CREDIT_LINE("Authors", "Mehdi Achour, Friedhelm Betz, Antony Dovgal, Nuno Lopes, Hannes Magnusson, Georg Richter, Damien Seguy, Jakub Vrana"); + CREDIT_LINE("Authors", "Mehdi Achour, Friedhelm Betz, Antony Dovgal, Nuno Lopes, Hannes Magnusson, Georg Richter, Damien Seguy, Jakub Vrana, Adam Harvey, Peter Cowburn"); CREDIT_LINE("Editor", "Philip Olson"); CREDIT_LINE("User Note Maintainers", "Daniel P. Brown, Thiago Henrique Pojda"); CREDIT_LINE("Other Contributors", "Previously active authors, editors and other contributors are listed in the manual."); @@ -105,7 +105,7 @@ PHPAPI void php_print_credits(int flag TSRMLS_DC) /* {{{ */ if (flag & PHP_CREDITS_QA) { php_info_print_table_start(); php_info_print_table_header(1, "PHP Quality Assurance Team"); - php_info_print_table_row(1, "Ilia Alshanetsky, Joerg Behrens, Antony Dovgal, Stefan Esser, Moriyoshi Koizumi, Magnus Maatta, Sebastian Nohn, Derick Rethans, Melvyn Sopacua, Jani Taskinen, Pierre-Alain Joye, Dmitry Stogov, Felipe Pena, David Soria Parra"); + php_info_print_table_row(1, "Ilia Alshanetsky, Joerg Behrens, Antony Dovgal, Stefan Esser, Moriyoshi Koizumi, Magnus Maatta, Sebastian Nohn, Derick Rethans, Melvyn Sopacua, Jani Taskinen, Pierre-Alain Joye, Dmitry Stogov, Felipe Pena, David Soria Parra, Stanislav Malyshev, Julien Pauli, Stephen Zarkos, Anatol Belski, Remi Collet, Ferenc Kovacs"); php_info_print_table_end(); } @@ -115,7 +115,7 @@ PHPAPI void php_print_credits(int flag TSRMLS_DC) /* {{{ */ php_info_print_table_start(); php_info_print_table_colspan_header(2, "Websites and Infrastructure team"); /* www., wiki., windows., master., and others, I guess pecl. too? */ - CREDIT_LINE("PHP Websites Team", "Rasmus Lerdorf, Hannes Magnusson, Philip Olson, Lukas Kahwe Smith, Pierre-Alain Joye, Kalle Sommer Nielsen"); + CREDIT_LINE("PHP Websites Team", "Rasmus Lerdorf, Hannes Magnusson, Philip Olson, Lukas Kahwe Smith, Pierre-Alain Joye, Kalle Sommer Nielsen, Peter Cowburn, Adam Harvey, Ferenc Kovacs, Levi Morrison"); CREDIT_LINE("Event Maintainers", "Damien Seguy, Daniel P. Brown"); /* Mirroring */ CREDIT_LINE("Network Infrastructure", "Daniel P. Brown"); diff --git a/ext/standard/file.c b/ext/standard/file.c index 897eaa7be8..1b14849954 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -557,6 +557,10 @@ PHP_FUNCTION(file_get_contents) RETURN_FALSE; } + if (maxlen > INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "maxlen truncated from %ld to %d bytes", maxlen, INT_MAX); + maxlen = INT_MAX; + } if ((contents = php_stream_copy_to_mem(stream, maxlen, 0)) != NULL) { RETVAL_STR(contents); } else { @@ -575,7 +579,7 @@ PHP_FUNCTION(file_put_contents) char *filename; int filename_len; zval *data; - int numbytes = 0; + long numbytes = 0; long flags = 0; zval *zcontext = NULL; php_stream_context *context = NULL; @@ -627,6 +631,10 @@ PHP_FUNCTION(file_put_contents) if (php_stream_copy_to_stream_ex(srcstream, stream, PHP_STREAM_COPY_ALL, &len) != SUCCESS) { numbytes = -1; } else { + if (len > LONG_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "content truncated from %lu to %ld bytes", (unsigned long) len, LONG_MAX); + len = LONG_MAX; + } numbytes = len; } break; @@ -642,7 +650,7 @@ PHP_FUNCTION(file_put_contents) if (Z_STRLEN_P(data)) { numbytes = php_stream_write(stream, Z_STRVAL_P(data), Z_STRLEN_P(data)); if (numbytes != Z_STRLEN_P(data)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Only %d of %d bytes written, possibly out of free disk space", numbytes, Z_STRLEN_P(data)); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Only %ld of %d bytes written, possibly out of free disk space", numbytes, Z_STRLEN_P(data)); numbytes = -1; } } @@ -681,7 +689,7 @@ PHP_FUNCTION(file_put_contents) if (zend_std_cast_object_tostring(data, &out, IS_STRING TSRMLS_CC) == SUCCESS) { numbytes = php_stream_write(stream, Z_STRVAL(out), Z_STRLEN(out)); if (numbytes != Z_STRLEN(out)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Only %d of %d bytes written, possibly out of free disk space", numbytes, Z_STRLEN(out)); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Only %ld of %d bytes written, possibly out of free disk space", numbytes, Z_STRLEN(out)); numbytes = -1; } zval_dtor(&out); diff --git a/ext/standard/php_fopen_wrapper.c b/ext/standard/php_fopen_wrapper.c index 7e21e95d18..9628c0d69d 100644 --- a/ext/standard/php_fopen_wrapper.c +++ b/ext/standard/php_fopen_wrapper.c @@ -231,7 +231,7 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, const char *pa if ((input->body = SG(request_info).request_body)) { php_stream_rewind(input->body); } else { - input->body = php_stream_temp_create(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE); + input->body = php_stream_temp_create_ex(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE, PG(upload_tmp_dir)); SG(request_info).request_body = input->body; } diff --git a/ext/standard/streamsfuncs.c b/ext/standard/streamsfuncs.c index bd0c0de31b..fe51f48d52 100644 --- a/ext/standard/streamsfuncs.c +++ b/ext/standard/streamsfuncs.c @@ -447,6 +447,10 @@ PHP_FUNCTION(stream_get_contents) } } + if (maxlen > INT_MAX) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "maxlen truncated from %ld to %d bytes", maxlen, INT_MAX); + maxlen = INT_MAX; + } if ((contents = php_stream_copy_to_mem(stream, maxlen, 0))) { RETURN_STR(contents); } else { diff --git a/ext/standard/tests/strings/bug67151.phpt b/ext/standard/tests/strings/bug67151.phpt new file mode 100644 index 0000000000..1d0c02a52d --- /dev/null +++ b/ext/standard/tests/strings/bug67151.phpt @@ -0,0 +1,8 @@ +--TEST-- +Buf #67151: strtr with empty array crashes +--FILE-- +<?php +var_dump(strtr("foo", [])); +?> +--EXPECT-- +string(3) "foo" diff --git a/main/SAPI.c b/main/SAPI.c index 229396dd79..f2a0b26779 100644 --- a/main/SAPI.c +++ b/main/SAPI.c @@ -275,7 +275,7 @@ SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data) } - SG(request_info).request_body = php_stream_temp_create(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE); + SG(request_info).request_body = php_stream_temp_create_ex(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE, PG(upload_tmp_dir)); if (sapi_module.read_post) { int read_bytes; diff --git a/main/php_memory_streams.h b/main/php_memory_streams.h index 3c4c3280eb..229ed1902e 100644 --- a/main/php_memory_streams.h +++ b/main/php_memory_streams.h @@ -36,6 +36,7 @@ #define php_stream_temp_new() php_stream_temp_create(TEMP_STREAM_DEFAULT, PHP_STREAM_MAX_MEM) #define php_stream_temp_create(mode, max_memory_usage) _php_stream_temp_create((mode), (max_memory_usage) STREAMS_CC TSRMLS_CC) +#define php_stream_temp_create_ex(mode, max_memory_usage, tmpdir) _php_stream_temp_create_ex((mode), (max_memory_usage), (tmpdir) STREAMS_CC TSRMLS_CC) #define php_stream_temp_create_rel(mode, max_memory_usage) _php_stream_temp_create((mode), (max_memory_usage) STREAMS_REL_CC TSRMLS_CC) #define php_stream_temp_open(mode, max_memory_usage, buf, length) _php_stream_temp_open((mode), (max_memory_usage), (buf), (length) STREAMS_CC TSRMLS_CC) @@ -45,6 +46,7 @@ PHPAPI php_stream *_php_stream_memory_open(int mode, char *buf, size_t length ST PHPAPI char *_php_stream_memory_get_buffer(php_stream *stream, size_t *length STREAMS_DC TSRMLS_DC); PHPAPI php_stream *_php_stream_temp_create(int mode, size_t max_memory_usage STREAMS_DC TSRMLS_DC); +PHPAPI php_stream *_php_stream_temp_create_ex(int mode, size_t max_memory_usage, const char *tmpdir STREAMS_DC TSRMLS_DC); PHPAPI php_stream *_php_stream_temp_open(int mode, size_t max_memory_usage, char *buf, size_t length STREAMS_DC TSRMLS_DC); END_EXTERN_C() diff --git a/main/streams/memory.c b/main/streams/memory.c index 89bd59e215..5da0c8decd 100644 --- a/main/streams/memory.c +++ b/main/streams/memory.c @@ -352,6 +352,7 @@ typedef struct { size_t smax; int mode; zval meta; + char* tmpdir; } php_stream_temp_data; @@ -369,7 +370,7 @@ static size_t php_stream_temp_write(php_stream *stream, const char *buf, size_t char *membuf = php_stream_memory_get_buffer(ts->innerstream, &memsize); if (memsize + count >= ts->smax) { - php_stream *file = php_stream_fopen_tmpfile(); + php_stream *file = php_stream_fopen_temporary_file(ts->tmpdir, "php", NULL); php_stream_write(file, membuf, memsize); php_stream_free_enclosed(ts->innerstream, PHP_STREAM_FREE_CLOSE); ts->innerstream = file; @@ -418,6 +419,10 @@ static int php_stream_temp_close(php_stream *stream, int close_handle TSRMLS_DC) zval_ptr_dtor(&ts->meta); + if (ts->tmpdir) { + efree(ts->tmpdir); + } + efree(ts); return ret; @@ -545,8 +550,8 @@ PHPAPI php_stream_ops php_stream_temp_ops = { /* }}} */ -/* {{{ _php_stream_temp_create */ -PHPAPI php_stream *_php_stream_temp_create(int mode, size_t max_memory_usage STREAMS_DC TSRMLS_DC) +/* {{{ _php_stream_temp_create_ex */ +PHPAPI php_stream *_php_stream_temp_create_ex(int mode, size_t max_memory_usage, const char *tmpdir STREAMS_DC TSRMLS_DC) { php_stream_temp_data *self; php_stream *stream; @@ -555,6 +560,9 @@ PHPAPI php_stream *_php_stream_temp_create(int mode, size_t max_memory_usage STR self->smax = max_memory_usage; self->mode = mode; ZVAL_UNDEF(&self->meta); + if (tmpdir) { + self->tmpdir = estrdup(tmpdir); + } stream = php_stream_alloc_rel(&php_stream_temp_ops, self, 0, mode & TEMP_STREAM_READONLY ? "rb" : "w+b"); stream->flags |= PHP_STREAM_FLAG_NO_BUFFER; self->innerstream = php_stream_memory_create_rel(mode); @@ -564,6 +572,12 @@ PHPAPI php_stream *_php_stream_temp_create(int mode, size_t max_memory_usage STR } /* }}} */ +/* {{{ _php_stream_temp_create */ +PHPAPI php_stream *_php_stream_temp_create(int mode, size_t max_memory_usage STREAMS_DC TSRMLS_DC) +{ + return php_stream_temp_create_ex(mode, max_memory_usage, NULL); +} +/* }}} */ /* {{{ _php_stream_temp_open */ PHPAPI php_stream *_php_stream_temp_open(int mode, size_t max_memory_usage, char *buf, size_t length STREAMS_DC TSRMLS_DC) diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 5e9e5c7ace..87312b9ef8 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -183,31 +183,20 @@ static php_stream *_php_stream_fopen_from_file_int(FILE *file, const char *mode return php_stream_alloc_rel(&php_stream_stdio_ops, self, 0, mode); } -PHPAPI php_stream *_php_stream_fopen_temporary_file(const char *dir, const char *pfx, char **opened_path STREAMS_DC TSRMLS_DC) +PHPAPI php_stream *_php_stream_fopen_temporary_file(const char *dir, const char *pfx, char **opened_path_ptr STREAMS_DC TSRMLS_DC) { - int fd = php_open_temporary_fd(dir, pfx, opened_path TSRMLS_CC); + char *opened_path = NULL; + int fd; + fd = php_open_temporary_fd(dir, pfx, &opened_path TSRMLS_CC); if (fd != -1) { - php_stream *stream = php_stream_fopen_from_fd_int_rel(fd, "r+b", NULL); - if (stream) { - return stream; - } - close(fd); - - php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to allocate stream"); - - return NULL; - } - return NULL; -} + php_stream *stream; -PHPAPI php_stream *_php_stream_fopen_tmpfile(int dummy STREAMS_DC TSRMLS_DC) -{ - char *opened_path = NULL; - int fd = php_open_temporary_fd(NULL, "php", &opened_path TSRMLS_CC); + if (opened_path_ptr) { + *opened_path_ptr = opened_path; + } - if (fd != -1) { - php_stream *stream = php_stream_fopen_from_fd_int_rel(fd, "r+b", NULL); + stream = php_stream_fopen_from_fd_int_rel(fd, "r+b", NULL); if (stream) { php_stdio_stream_data *self = (php_stdio_stream_data*)stream->abstract; stream->wrapper = &php_plain_files_wrapper; @@ -227,6 +216,11 @@ PHPAPI php_stream *_php_stream_fopen_tmpfile(int dummy STREAMS_DC TSRMLS_DC) return NULL; } +PHPAPI php_stream *_php_stream_fopen_tmpfile(int dummy STREAMS_DC TSRMLS_DC) +{ + return php_stream_fopen_temporary_file(NULL, "php", NULL); +} + PHPAPI php_stream *_php_stream_fopen_from_fd(int fd, const char *mode, const char *persistent_id STREAMS_DC TSRMLS_DC) { php_stream *stream = php_stream_fopen_from_fd_int_rel(fd, mode, persistent_id); diff --git a/sapi/phpdbg/Makefile.frag b/sapi/phpdbg/Makefile.frag index b276aaaa53..36c7512d69 100644 --- a/sapi/phpdbg/Makefile.frag +++ b/sapi/phpdbg/Makefile.frag @@ -28,7 +28,7 @@ install-phpdbg: $(BUILD_BINARY) @$(INSTALL) -m 0755 $(BUILD_BINARY) $(INSTALL_ROOT)$(bindir)/$(program_prefix)phpdbg$(program_suffix)$(EXEEXT) @echo "Installing phpdbg man page: $(INSTALL_ROOT)$(mandir)/man1/" @$(mkinstalldirs) $(INSTALL_ROOT)$(mandir)/man1 - @$(INSTALL_DATA) sapi/phpdbg/phpdbg.1 $(INSTALL_ROOT)$(mandir)/man1/$(program_prefix)phpdbg$(program_suffix).1 + @$(INSTALL_DATA) $(srcdir)/phpdbg.1 $(INSTALL_ROOT)$(mandir)/man1/$(program_prefix)phpdbg$(program_suffix).1 clean-phpdbg: @echo "Cleaning phpdbg object files ..." diff --git a/sapi/phpdbg/phpdbg.c b/sapi/phpdbg/phpdbg.c index 93fdbd7424..1fbd18a423 100644 --- a/sapi/phpdbg/phpdbg.c +++ b/sapi/phpdbg/phpdbg.c @@ -856,7 +856,8 @@ int phpdbg_open_sockets(char *address, int port[2], int (*listen)[2], int (*sock return SUCCESS; } /* }}} */ -void phpdbg_signal_handler(int sig, siginfo_t *info, void *context) { +void phpdbg_signal_handler(int sig, siginfo_t *info, void *context) /* {{{ */ +{ int is_handled = FAILURE; TSRMLS_FETCH(); @@ -874,10 +875,11 @@ void phpdbg_signal_handler(int sig, siginfo_t *info, void *context) { break; } -} +} /* }}} */ #endif -static inline zend_mm_heap *phpdbg_mm_get_heap() { +static inline zend_mm_heap *phpdbg_mm_get_heap() /* {{{ */ +{ zend_mm_heap *mm_heap; TSRMLS_FETCH(); @@ -886,22 +888,22 @@ static inline zend_mm_heap *phpdbg_mm_get_heap() { zend_mm_set_heap(mm_heap TSRMLS_CC); return mm_heap; -} +} /* }}} */ -void *phpdbg_malloc_wrapper(size_t size) +void *phpdbg_malloc_wrapper(size_t size) /* {{{ */ { return zend_mm_alloc(phpdbg_mm_get_heap(), size); -} +} /* }}} */ -void phpdbg_free_wrapper(void *p) +void phpdbg_free_wrapper(void *p) /* {{{ */ { zend_mm_free(phpdbg_mm_get_heap(), p); -} +} /* }}} */ -void *phpdbg_realloc_wrapper(void *ptr, size_t size) +void *phpdbg_realloc_wrapper(void *ptr, size_t size) /* {{{ */ { return zend_mm_realloc(phpdbg_mm_get_heap(), ptr, size); -} +} /* }}} */ int main(int argc, char **argv) /* {{{ */ { diff --git a/travis/compile.sh b/travis/compile.sh index babb945a04..52748c6db5 100755 --- a/travis/compile.sh +++ b/travis/compile.sh @@ -49,5 +49,12 @@ $TS \ --with-openssl \ --with-gmp \ --enable-bcmath \ ---enable-phpdbg +--enable-phpdbg \ +--enable-calendar \ +--enable-ftp \ +--with-pspell=/usr \ +--with-recode=/usr \ +--with-enchant=/usr \ +--enable-wddx \ +--enable-sysvmsg make --quiet diff --git a/win32/build/libs_version.txt b/win32/build/libs_version.txt index a22823d0a9..0ea0067a62 100644 --- a/win32/build/libs_version.txt +++ b/win32/build/libs_version.txt @@ -13,4 +13,4 @@ libssh2-1.4.3 libtidy-20090406 libxslt-1.1.27 libxml-2.9.1 -openssl-1.0.1g +openssl-1.0.1h diff --git a/win32/build/mkdist.php b/win32/build/mkdist.php index 23d26c9c53..640e9b3bd7 100644 --- a/win32/build/mkdist.php +++ b/win32/build/mkdist.php @@ -246,7 +246,8 @@ foreach ($text_files as $src => $dest) { /* general other files */ $general_files = array( - "php.gif" => "php.gif", + "php.gif" => "php.gif", + "$GLOBALS[build_dir]\\deplister.exe" => "deplister.exe", ); foreach ($general_files as $src => $dest) { |