diff options
| author | Xinchen Hui <laruence@php.net> | 2015-07-24 16:13:07 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2015-07-24 16:13:07 +0800 |
| commit | d44fc4a07361d2527dd7073b09e5e88134708858 (patch) | |
| tree | 7bf11a426384d594d61bc2e6f813934ce96f2ce7 | |
| parent | 0f1e87d9c18c52f91cb64267114267d239ad3488 (diff) | |
| parent | 1dab25689a48b9645dbea023e7d42b29d0c1a1ae (diff) | |
| download | php-git-d44fc4a07361d2527dd7073b09e5e88134708858.tar.gz | |
Merge branch 'master' of git.php.net:php-src
| -rw-r--r-- | ext/gd/config.w32 | 3 | ||||
| -rw-r--r-- | ext/standard/image.c | 25 | ||||
| -rw-r--r-- | ext/standard/tests/image/bug70052.phpt | 21 | ||||
| -rw-r--r-- | ext/standard/tests/image/bug70052_1.wbmp | bin | 0 -> 12 bytes | |||
| -rw-r--r-- | ext/standard/tests/image/bug70052_2.wbmp | bin | 0 -> 7 bytes | |||
| -rw-r--r-- | ext/standard/tests/network/bug55472.phpt | 8 | ||||
| -rw-r--r-- | ext/zip/tests/compression_methods.phpt | 35 | ||||
| -rw-r--r-- | ext/zip/tests/compression_methods.zip | bin | 0 -> 2402 bytes | |||
| -rw-r--r-- | sapi/phpdbg/phpdbg.c | 3 | ||||
| -rw-r--r-- | sapi/phpdbg/phpdbg_list.c | 4 | ||||
| -rw-r--r-- | sapi/phpdbg/phpdbg_prompt.c | 4 | ||||
| -rw-r--r-- | sapi/phpdbg/phpdbg_watch.c | 29 |
12 files changed, 99 insertions, 33 deletions
diff --git a/ext/gd/config.w32 b/ext/gd/config.w32 index d9716bae36..f0e0b2296a 100644 --- a/ext/gd/config.w32 +++ b/ext/gd/config.w32 @@ -11,7 +11,8 @@ if (PHP_GD != "no") { CHECK_HEADER_ADD_INCLUDE("ft2build.h", "CFLAGS_GD", PHP_GD + ";" + PHP_PHP_BUILD + "\\include" + ";" + PHP_PHP_BUILD + "\\include\\freetype") && CHECK_LIB("libpng_a.lib;libpng.lib", "gd", PHP_GD) && CHECK_HEADER_ADD_INCLUDE("gd.h", "CFLAGS_GD", PHP_GD + ";ext\\gd\\libgd") && - (CHECK_HEADER_ADD_INCLUDE("png.h", "CFLAGS_GD", PHP_GD + ";" + PHP_PHP_BUILD + "\\include\\libpng15") || + (CHECK_HEADER_ADD_INCLUDE("png.h", "CFLAGS_GD", PHP_GD + ";" + PHP_PHP_BUILD + "\\include\\libpng16") || + CHECK_HEADER_ADD_INCLUDE("png.h", "CFLAGS_GD", PHP_GD + ";" + PHP_PHP_BUILD + "\\include\\libpng15") || CHECK_HEADER_ADD_INCLUDE("png.h", "CFLAGS_GD", PHP_GD + ";" + PHP_PHP_BUILD + "\\include\\libpng12")) && (CHECK_LIB("libiconv_a.lib;libiconv.lib", "gd", PHP_GD) || CHECK_LIB("iconv_a.lib;iconv.lib", "gd", PHP_GD)) && CHECK_HEADER_ADD_INCLUDE("iconv.h", "CFLAGS_GD", PHP_GD) && diff --git a/ext/standard/image.c b/ext/standard/image.c index edb0d50ea3..378423917e 100644 --- a/ext/standard/image.c +++ b/ext/standard/image.c @@ -969,6 +969,10 @@ static int php_get_wbmp(php_stream *stream, struct gfxinfo **result, int check) return 0; } width = (width << 7) | (i & 0x7f); + /* maximum valid width for wbmp (although 127 may be a more accurate one) */ + if (width > 2048) { + return 0; + } } while (i & 0x80); /* get height */ @@ -978,10 +982,13 @@ static int php_get_wbmp(php_stream *stream, struct gfxinfo **result, int check) return 0; } height = (height << 7) | (i & 0x7f); + /* maximum valid heigth for wbmp (although 127 may be a more accurate one) */ + if (height > 2048) { + return 0; + } } while (i & 0x80); - /* maximum valid sizes for wbmp (although 127x127 may be a more accurate one) */ - if (!height || !width || height > 2048 || width > 2048) { + if (!height || !width) { return 0; } @@ -1223,6 +1230,7 @@ PHP_FUNCTION(image_type_to_extension) PHPAPI int php_getimagetype(php_stream * stream, char *filetype) { char tmp[12]; + int twelve_bytes_read; if ( !filetype) filetype = tmp; if((php_stream_read(stream, filetype, 3)) != 3) { @@ -1273,12 +1281,11 @@ PHPAPI int php_getimagetype(php_stream * stream, char *filetype) return IMAGE_FILETYPE_ICO; } - if (php_stream_read(stream, filetype+4, 8) != 8) { - php_error_docref(NULL, E_NOTICE, "Read error!"); - return IMAGE_FILETYPE_UNKNOWN; - } + /* WBMP may be smaller than 12 bytes, so delay error */ + twelve_bytes_read = (php_stream_read(stream, filetype+4, 8) == 8); + /* BYTES READ: 12 */ - if (!memcmp(filetype, php_sig_jp2, 12)) { + if (twelve_bytes_read && !memcmp(filetype, php_sig_jp2, 12)) { return IMAGE_FILETYPE_JP2; } @@ -1286,6 +1293,10 @@ PHPAPI int php_getimagetype(php_stream * stream, char *filetype) if (php_get_wbmp(stream, NULL, 1)) { return IMAGE_FILETYPE_WBMP; } + if (!twelve_bytes_read) { + php_error_docref(NULL, E_NOTICE, "Read error!"); + return IMAGE_FILETYPE_UNKNOWN; + } if (php_get_xbm(stream, NULL)) { return IMAGE_FILETYPE_XBM; } diff --git a/ext/standard/tests/image/bug70052.phpt b/ext/standard/tests/image/bug70052.phpt new file mode 100644 index 0000000000..76ebda92b2 --- /dev/null +++ b/ext/standard/tests/image/bug70052.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #70052 (getimagesize() fails for very large and very small WBMP) +--FILE-- +<?php +var_dump(getimagesize(__DIR__ . '/bug70052_1.wbmp')); +var_dump(getimagesize(__DIR__ . '/bug70052_2.wbmp')); +?> +--EXPECT-- +bool(false) +array(5) { + [0]=> + int(3) + [1]=> + int(3) + [2]=> + int(15) + [3]=> + string(20) "width="3" height="3"" + ["mime"]=> + string(18) "image/vnd.wap.wbmp" +} diff --git a/ext/standard/tests/image/bug70052_1.wbmp b/ext/standard/tests/image/bug70052_1.wbmp Binary files differnew file mode 100644 index 0000000000..2c32f379ae --- /dev/null +++ b/ext/standard/tests/image/bug70052_1.wbmp diff --git a/ext/standard/tests/image/bug70052_2.wbmp b/ext/standard/tests/image/bug70052_2.wbmp Binary files differnew file mode 100644 index 0000000000..d0f4313fc1 --- /dev/null +++ b/ext/standard/tests/image/bug70052_2.wbmp diff --git a/ext/standard/tests/network/bug55472.phpt b/ext/standard/tests/network/bug55472.phpt new file mode 100644 index 0000000000..3e0c12795c --- /dev/null +++ b/ext/standard/tests/network/bug55472.phpt @@ -0,0 +1,8 @@ +--TEST-- +Bug #55472 (ip2long(integer) returns integer) +--FILE-- +<?php +var_dump(ip2long(26)); +?> +--EXPECT-- +bool(false) diff --git a/ext/zip/tests/compression_methods.phpt b/ext/zip/tests/compression_methods.phpt new file mode 100644 index 0000000000..084fa848f1 --- /dev/null +++ b/ext/zip/tests/compression_methods.phpt @@ -0,0 +1,35 @@ +--TEST-- +Recognition of compression methods +--DESCRIPTION-- +This test is supposed to cover all compression methods that are recognized by +libzip, but for now only 6 methods are available in compression_methods.zip. +The zip and the test should be extended, if possible. +--SKIPIF-- +<?php +if (!extension_loaded('zip')) die('skip zip extension not available'); +?> +--FILE-- +<?php +$methods = array( + 'store' => ZipArchive::CM_STORE, + 'deflate' => ZipArchive::CM_DEFLATE, + 'deflate64' => ZipArchive::CM_DEFLATE64, + 'bzip2' => ZipArchive::CM_BZIP2, + 'lzma' => ZipArchive::CM_LZMA, + 'ppmd' => ZipArchive::CM_PPMD +); +$zip = new ZipArchive(); +$zip->open(__DIR__ . '/compression_methods.zip'); +foreach ($methods as $filename => $method) { + echo "$filename: "; + var_dump($zip->statName($filename)['comp_method'] === $method); +} +$zip->close(); +?> +--EXPECT-- +store: bool(true) +deflate: bool(true) +deflate64: bool(true) +bzip2: bool(true) +lzma: bool(true) +ppmd: bool(true) diff --git a/ext/zip/tests/compression_methods.zip b/ext/zip/tests/compression_methods.zip Binary files differnew file mode 100644 index 0000000000..44ed8ff5ed --- /dev/null +++ b/ext/zip/tests/compression_methods.zip diff --git a/sapi/phpdbg/phpdbg.c b/sapi/phpdbg/phpdbg.c index a4f36eeced..ecfe7a9249 100644 --- a/sapi/phpdbg/phpdbg.c +++ b/sapi/phpdbg/phpdbg.c @@ -1343,9 +1343,10 @@ int main(int argc, char **argv) /* {{{ */ struct sigaction signal_struct; signal_struct.sa_sigaction = phpdbg_signal_handler; signal_struct.sa_flags = SA_SIGINFO | SA_NODEFER; + sigemptyset(&signal_struct.sa_mask); sigio_struct.sa_sigaction = phpdbg_sigio_handler; sigio_struct.sa_flags = SA_SIGINFO; - + sigemptyset(&sigio_struct.sa_mask); address = strdup("127.0.0.1"); #endif diff --git a/sapi/phpdbg/phpdbg_list.c b/sapi/phpdbg/phpdbg_list.c index 3a7761cc64..6d5e894930 100644 --- a/sapi/phpdbg/phpdbg_list.c +++ b/sapi/phpdbg/phpdbg_list.c @@ -299,7 +299,9 @@ zend_op_array *phpdbg_compile_file(zend_file_handle *file, int type) { return ret; } -void phpdbg_free_file_source(phpdbg_file_source *data) { +void phpdbg_free_file_source(zval *zv) { + phpdbg_file_source *data = Z_PTR_P(zv); + #if HAVE_MMAP if (data->map) { munmap(data->map, data->len + ZEND_MMAP_AHEAD); diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index b00952c07b..5ad3fea79d 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -607,7 +607,7 @@ static inline void phpdbg_handle_exception(void) /* {{{ */ msg = zval_get_string(zend_read_property(zend_get_exception_base(&zv), &zv, ZEND_STRL("string"), 1, &rv)); } - phpdbg_writeln("exception", "name=\"%s\" file=\"%s\" line=\"%lld\"", "Uncaught %s in %s on line %lld\n%s", ZSTR_VAL(ex->ce->name), ZSTR_VAL(file), line, ZSTR_VAL(msg)); + phpdbg_writeln("exception", "name=\"%s\" file=\"%s\" line=\"" ZEND_LONG_FMT "\"", "Uncaught %s in %s on line " ZEND_LONG_FMT "\n%s", ZSTR_VAL(ex->ce->name), ZSTR_VAL(file), line, ZSTR_VAL(msg)); zend_string_release(msg); zend_string_release(file); @@ -1461,7 +1461,7 @@ void phpdbg_execute_ex(zend_execute_data *execute_data) /* {{{ */ line = zval_get_long(zend_read_property(zend_get_exception_base(&zv), &zv, ZEND_STRL("line"), 1, &rv)); msg = zval_get_string(zend_read_property(zend_get_exception_base(&zv), &zv, ZEND_STRL("message"), 1, &rv)); - phpdbg_error("exception", "name=\"%s\" file=\"%s\" line=\"%lld\"", "Uncaught %s in %s on line %lld: %.*s", ZSTR_VAL(exception->ce->name), ZSTR_VAL(file), line, ZSTR_LEN(msg) < 80 ? ZSTR_LEN(msg) : 80, ZSTR_VAL(msg)); + phpdbg_error("exception", "name=\"%s\" file=\"%s\" line=\"" ZEND_LONG_FMT "\"", "Uncaught %s in %s on line " ZEND_LONG_FMT ": %.*s", ZSTR_VAL(exception->ce->name), ZSTR_VAL(file), line, ZSTR_LEN(msg) < 80 ? ZSTR_LEN(msg) : 80, ZSTR_VAL(msg)); zend_string_release(msg); zend_string_release(file); diff --git a/sapi/phpdbg/phpdbg_watch.c b/sapi/phpdbg/phpdbg_watch.c index 7452771cf2..15ae97da3a 100644 --- a/sapi/phpdbg/phpdbg_watch.c +++ b/sapi/phpdbg/phpdbg_watch.c @@ -442,12 +442,10 @@ static int phpdbg_create_recursive_ht_watch(phpdbg_watchpoint_t *watch) { zval *zv; zend_string *key; zend_long h; - size_t str_len; ZEND_ASSERT(watch->type == WATCH_ON_HASHTABLE); ZEND_HASH_FOREACH_KEY_VAL(HT_WATCH_HT(watch), h, key, zv) { - char *str = NULL; phpdbg_watchpoint_t *new_watch = emalloc(sizeof(phpdbg_watchpoint_t)); new_watch->flags = PHPDBG_WATCH_RECURSIVE; @@ -458,14 +456,10 @@ static int phpdbg_create_recursive_ht_watch(phpdbg_watchpoint_t *watch) { new_watch->name_in_parent = key; ++GC_REFCOUNT(key); } else { - str_len = spprintf(&str, 0, "%lld", h); - new_watch->name_in_parent = zend_string_init(str, str_len, 0); - efree(str); + new_watch->name_in_parent = strpprintf(0, ZEND_LONG_FMT, h); } - str_len = spprintf(&str, 0, "%.*s%s%s%s", (int) ZSTR_LEN(watch->str) - 2, ZSTR_VAL(watch->str), (watch->flags & PHPDBG_WATCH_ARRAY) ? "[" : "->", phpdbg_get_property_key(ZSTR_VAL(new_watch->name_in_parent)), (watch->flags & PHPDBG_WATCH_ARRAY) ? "]" : ""); - new_watch->str = zend_string_init(str, str_len, 0); - efree(str); + new_watch->str = strpprintf(0, "%.*s%s%s%s", (int) ZSTR_LEN(watch->str) - 2, ZSTR_VAL(watch->str), (watch->flags & PHPDBG_WATCH_ARRAY) ? "[" : "->", phpdbg_get_property_key(ZSTR_VAL(new_watch->name_in_parent)), (watch->flags & PHPDBG_WATCH_ARRAY) ? "]" : ""); while (Z_TYPE_P(zv) == IS_INDIRECT) { zv = Z_INDIRECT_P(zv); @@ -480,7 +474,6 @@ static int phpdbg_create_recursive_ht_watch(phpdbg_watchpoint_t *watch) { } static int phpdbg_create_recursive_zval_watch(phpdbg_watchpoint_t *watch) { - size_t str_len; HashTable *ht; zval *zvp; @@ -490,7 +483,6 @@ static int phpdbg_create_recursive_zval_watch(phpdbg_watchpoint_t *watch) { ZVAL_DEREF(zvp); if ((ht = HT_FROM_ZVP(zvp))) { - char *str = NULL; phpdbg_watchpoint_t *new_watch = emalloc(sizeof(phpdbg_watchpoint_t)); new_watch->flags = PHPDBG_WATCH_RECURSIVE; @@ -498,9 +490,7 @@ static int phpdbg_create_recursive_zval_watch(phpdbg_watchpoint_t *watch) { new_watch->parent_container = watch->parent_container; new_watch->name_in_parent = watch->name_in_parent; ++GC_REFCOUNT(new_watch->name_in_parent); - str_len = spprintf(&str, 0, "%.*s[]", (int) ZSTR_LEN(watch->str), ZSTR_VAL(watch->str)); - new_watch->str = zend_string_init(str, str_len, 0); - efree(str); + new_watch->str = strpprintf(0, "%.*s[]", (int) ZSTR_LEN(watch->str), ZSTR_VAL(watch->str)); if (Z_TYPE_P(zvp) == IS_ARRAY) { new_watch->flags |= PHPDBG_WATCH_ARRAY; @@ -513,7 +503,6 @@ static int phpdbg_create_recursive_zval_watch(phpdbg_watchpoint_t *watch) { phpdbg_create_recursive_ht_watch(new_watch); phpdbg_create_watchpoint(new_watch); - } return SUCCESS; @@ -564,24 +553,22 @@ static int phpdbg_delete_watchpoint_recursive(phpdbg_watchpoint_t *watch, zend_b } static void phpdbg_delete_ht_watchpoints_recursive(phpdbg_watchpoint_t *watch) { - zend_string *strkey; + zend_string *str, *strkey; zend_long numkey; - char *str; - size_t str_len; phpdbg_watchpoint_t *watchpoint; ZEND_HASH_FOREACH_KEY(HT_WATCH_HT(watch), numkey, strkey) { if (strkey) { - str_len = spprintf(&str, 0, "%.*s%s%s%s", (int) ZSTR_LEN(watch->str), ZSTR_VAL(watch->str), (watch->flags & PHPDBG_WATCH_ARRAY) ? "[" : "->", phpdbg_get_property_key(ZSTR_VAL(strkey)), (watch->flags & PHPDBG_WATCH_ARRAY) ? "]" : ""); + str = strpprintf(0, "%.*s%s%s%s", (int) ZSTR_LEN(watch->str), ZSTR_VAL(watch->str), (watch->flags & PHPDBG_WATCH_ARRAY) ? "[" : "->", phpdbg_get_property_key(ZSTR_VAL(strkey)), (watch->flags & PHPDBG_WATCH_ARRAY) ? "]" : ""); } else { - str_len = spprintf(&str, 0, "%.*s%s" ZEND_LONG_FMT "%s", (int) ZSTR_LEN(watch->str), ZSTR_VAL(watch->str), (watch->flags & PHPDBG_WATCH_ARRAY) ? "[" : "->", numkey, (watch->flags & PHPDBG_WATCH_ARRAY) ? "]" : ""); + str = strpprintf(0, "%.*s%s" ZEND_LONG_FMT "%s", (int) ZSTR_LEN(watch->str), ZSTR_VAL(watch->str), (watch->flags & PHPDBG_WATCH_ARRAY) ? "[" : "->", numkey, (watch->flags & PHPDBG_WATCH_ARRAY) ? "]" : ""); } - if ((watchpoint = zend_hash_str_find_ptr(&PHPDBG_G(watchpoints), str, str_len))) { + if ((watchpoint = zend_hash_find_ptr(&PHPDBG_G(watchpoints), str))) { phpdbg_delete_watchpoint_recursive(watchpoint, 1); } - efree(str); + zend_string_release(str); } ZEND_HASH_FOREACH_END(); } |