MFB

9 files changed, 55 insertions, 44 deletions

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 841ef49fcd..8f22964a5e 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -2211,6 +2211,9 @@ PHP_FUNCTION(imap_utf8)
 	if (dest.data) {
 		free(dest.data);
 	}
+	if (src.data) {
+		free(src.data);
+	}
 	if (src.data && src.data != dest.data) {
 		free(src.data);
 	}
@@ -2952,7 +2955,7 @@ PHP_FUNCTION(imap_mail_compose)
 	BODY *bod=NULL, *topbod=NULL;
 	PART *mypart=NULL, *part;
 	PARAMETER *param, *disp_param = NULL, *custom_headers_param = NULL, *tmp_param = NULL;
-	char tmp[SENDBUFLEN + 1], *mystring=NULL, *t=NULL, *tempstring=NULL;
+	char *tmp=NULL, *mystring=NULL, *t=NULL, *tempstring=NULL;
 	int toppart = 0;
 
 	if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &envelope, &body) == FAILURE) {
@@ -3184,7 +3187,7 @@ PHP_FUNCTION(imap_mail_compose)
 						disp_param->next = tmp_param;
 						tmp_param = disp_param;
 					}
-				bod->parameter = disp_param;
+					bod->parameter = disp_param;
 				}
 			}
 			if (zend_hash_find(Z_ARRVAL_PP(data), "subtype", sizeof("subtype"), (void **) &pvalue)== SUCCESS) {
@@ -3254,6 +3257,9 @@ PHP_FUNCTION(imap_mail_compose)
 	}
 
 	rfc822_encode_body_7bit(env, topbod);
+
+	tmp = emalloc(SENDBUFLEN + 1);
+
 	rfc822_header(tmp, env, topbod);
 
 	/* add custom envelope headers */
@@ -3303,7 +3309,7 @@ PHP_FUNCTION(imap_mail_compose)
 		/* yucky default */
 			if (!cookie) {
 				cookie = "-";  
-			} else if (strlen(cookie) > (sizeof(tmp) - 2 - 2)) {  /* validate cookie length -- + CRLF */
+			} else if (strlen(cookie) > (SENDBUFLEN - 2 - 2 - 2)) {  /* validate cookie length -- + CRLF * 2 */
 				php_error_docref(NULL TSRMLS_CC, E_WARNING, "The boudary should be no longer then 4kb");
 				RETVAL_FALSE;
 				goto done;	
@@ -3311,18 +3317,14 @@ PHP_FUNCTION(imap_mail_compose)
 
 		/* for each part */
 			do {
-				t=tmp;
-			/* build cookie */
-				sprintf(t, "--%s%s", cookie, CRLF);
-
+				t = tmp;
+			
 			/* append mini-header */
+				*t = '\0';
 				rfc822_write_body_header(&t, &part->body);
 
-			/* write terminating blank line */
-				strcat(t, CRLF);
-
 			/* output cookie, mini-header, and contents */
-				spprintf(&tempstring, 0, "%s%s", mystring, tmp);
+				spprintf(&tempstring, 0, "%s--%s%s%s%s", mystring, cookie, CRLF, tmp, CRLF);
 				efree(mystring);
 				mystring=tempstring;
 
@@ -3334,13 +3336,13 @@ PHP_FUNCTION(imap_mail_compose)
 			} while ((part = part->next)); /* until done */
 
 			/* output trailing cookie */
-			spprintf(&tempstring, 0, "%s--%s--%s", mystring, tmp, CRLF);
+			spprintf(&tempstring, 0, "%s--%s--%s", mystring, cookie, CRLF);
 			efree(mystring);
 			mystring=tempstring;
 	} else if (bod) {
-			spprintf(&tempstring, 0, "%s%s%s", mystring, bod->contents.text.data, CRLF);
-			efree(mystring);
-			mystring=tempstring;
+		spprintf(&tempstring, 0, "%s%s%s", mystring, bod->contents.text.data, CRLF);
+		efree(mystring);
+		mystring=tempstring;
 	} else {
 		efree(mystring);
 		RETVAL_FALSE;
@@ -3349,6 +3351,9 @@ PHP_FUNCTION(imap_mail_compose)
 
 	RETVAL_STRING(tempstring, 0);
 done:
+	if (tmp) {
+		efree(tmp);
+	}
 	mail_free_body(&topbod);
 	mail_free_envelope(&env);
 }
@@ -3889,7 +3894,7 @@ static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, z
 	addresstmp = addresslist;
 
 	if ((len = _php_imap_address_size(addresstmp))) {
-		tmpstr = (char *) malloc(len + 1);
+		tmpstr = (char *) pemalloc(len + 1, 1);
 		tmpstr[0] = '\0';
 		rfc822_write_address(tmpstr, addresstmp);
 		*fulladdress = tmpstr;
@@ -4310,7 +4315,7 @@ static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DA
 		}
 		return NULL;
 	} else {
-		char *buf = malloc(size + 1);
+		char *buf = pemalloc(size + 1, 1);
 		
 		if (f(stream, size, buf)) {
 			buf[size] = '\0';
diff --git a/ext/interbase/php_ibase_udf.c b/ext/interbase/php_ibase_udf.c
index 2c572202e8..3451200059 100644
--- a/ext/interbase/php_ibase_udf.c
+++ b/ext/interbase/php_ibase_udf.c
@@ -145,7 +145,7 @@ static void __attribute__((destructor)) fini()
 void exec_php(BLOBCALLBACK b, PARAMDSC *res, ISC_SHORT *init)
 {
 	int result, remaining = b->blob_total_length, i = 0;
-	char *code = malloc(remaining+1);
+	char *code = pemalloc(remaining+1, 1);
 	ISC_USHORT read;
 
 	for (code[remaining] = '\0'; remaining > 0; remaining -= read)
diff --git a/ext/mime_magic/mime_magic.c b/ext/mime_magic/mime_magic.c
index c186923031..9c399c3c6a 100644
--- a/ext/mime_magic/mime_magic.c
+++ b/ext/mime_magic/mime_magic.c
@@ -1156,21 +1156,29 @@ static int fsmagic(zval *what TSRMLS_DC)
 	php_stream_statbuf stat_ssb;
 
 	switch (Z_TYPE_P(what)) {
-	case IS_STRING:
-		if(!php_stream_stat_path(Z_STRVAL_P(what), &stat_ssb)) {
-			return MIME_MAGIC_OK;
-		}
-		break;
-	case IS_RESOURCE:
-		{
-			php_stream *stream;
-
-			php_stream_from_zval_no_verify(stream, &what);
-			if(!php_stream_stat(stream, &stat_ssb)) {
-				return MIME_MAGIC_OK;
+		case IS_STRING:
+			if (php_stream_stat_path_ex(Z_STRVAL_P(what), PHP_STREAM_URL_STAT_QUIET, &stat_ssb, NULL)) {
+				if (MIME_MAGIC_G(debug)) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-statable file path (%s)", Z_STRVAL_P(what));
+				}
+				return MIME_MAGIC_ERROR;
 			}
-		}
-		break;
+			break;
+		case IS_RESOURCE:
+			{
+				php_stream *stream;
+	
+				php_stream_from_zval_no_verify(stream, &what);
+				if (php_stream_stat(stream, &stat_ssb)) {
+					if (MIME_MAGIC_G(debug)) {
+						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Non-statable file path (%s)", Z_STRVAL_P(what));
+					}
+					return MIME_MAGIC_ERROR;
+				}
+			}
+			break;
+		default:
+			return MIME_MAGIC_OK;
 	}
 
     switch (stat_ssb.sb.st_mode & S_IFMT) {
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index b9b8e3053f..61e7e0174e 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -1542,13 +1542,13 @@ cleanup:
 }
 /* }}} */
 
-/* {{{ proto bool openssl_pkcs12_read(mixed PKCS12, array &certs, string pass)
+/* {{{ proto bool openssl_pkcs12_read(string PKCS12, array &certs, string pass)
    Parses a PKCS12 to an array */
 PHP_FUNCTION(openssl_pkcs12_read)
 {
-	zval *zp12 = NULL, *zout = NULL, *zextracerts, *zcert, *zpkey;
-	char * pass;
-	int pass_len;
+	zval *zout = NULL, *zextracerts, *zcert, *zpkey;
+	char *pass, *zp12;
+	int pass_len, zp12_len;
 	PKCS12 * p12 = NULL;
 	EVP_PKEY * pkey = NULL;
 	X509 * cert = NULL;
@@ -1556,7 +1556,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
 	BIO * bio_in = NULL;
 	int i;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zzs", &zp12, &zout, &pass, &pass_len) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "szs", &zp12, &zout, &pass, &pass_len) == FAILURE) {
 		return;
 	}
 
@@ -1564,7 +1564,7 @@ PHP_FUNCTION(openssl_pkcs12_read)
 	
 	bio_in = BIO_new(BIO_s_mem());
 	
-	if(!BIO_write(bio_in, Z_STRVAL_P(zp12), Z_STRLEN_P(zp12)))
+	if(!BIO_write(bio_in, zp12, zp12_len))
 		goto cleanup;
 	
 	if(d2i_PKCS12_bio(bio_in, &p12)) {
diff --git a/ext/pdo_firebird/firebird_statement.c b/ext/pdo_firebird/firebird_statement.c
index 6c9cb9bbe5..3ea1428a19 100644
--- a/ext/pdo_firebird/firebird_statement.c
+++ b/ext/pdo_firebird/firebird_statement.c
@@ -655,8 +655,7 @@ static int firebird_stmt_set_attribute(pdo_stmt_t *stmt, long attr, zval *val TS
 				RECORD_ERROR(stmt);
 				return 0;
 			}
-			strncpy(S->name, Z_STRVAL_P(val), sizeof(S->name));
-			S->name[sizeof(S->name)] = 0;
+			strlcpy(S->name, Z_STRVAL_P(val), sizeof(S->name));
 			break;
 	}
 	return 1;
diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
index 48ed3de6f9..69e88682b2 100644
--- a/ext/pdo_pgsql/pgsql_statement.c
+++ b/ext/pdo_pgsql/pgsql_statement.c
@@ -205,6 +205,7 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data *
 						S->param_lengths[param->paramno] = 1;
 						S->param_formats[param->paramno] = 1;
 					} else {
+						SEPARATE_ZVAL_IF_NOT_REF(&param->parameter);
 						convert_to_string(param->parameter);
 						S->param_values[param->paramno] = Z_STRVAL_P(param->parameter);
 						S->param_lengths[param->paramno] = Z_STRLEN_P(param->parameter);
diff --git a/ext/sockets/php_sockets.h b/ext/sockets/php_sockets.h
index b3f49a0f93..b89f4f6eb4 100644
--- a/ext/sockets/php_sockets.h
+++ b/ext/sockets/php_sockets.h
@@ -41,7 +41,6 @@ extern zend_module_entry sockets_module_entry;
 
 PHP_MINIT_FUNCTION(sockets);
 PHP_MINFO_FUNCTION(sockets);
-PHP_RINIT_FUNCTION(sockets);
 PHP_RSHUTDOWN_FUNCTION(sockets);
 
 PHP_FUNCTION(socket_select);
diff --git a/ext/sqlite/php_sqlite.h b/ext/sqlite/php_sqlite.h
index 0deb5c407b..db9ad1da4c 100644
--- a/ext/sqlite/php_sqlite.h
+++ b/ext/sqlite/php_sqlite.h
@@ -38,7 +38,6 @@ extern zend_module_entry sqlite_module_entry;
 
 PHP_MINIT_FUNCTION(sqlite);
 PHP_MSHUTDOWN_FUNCTION(sqlite);
-PHP_RINIT_FUNCTION(sqlite);
 PHP_RSHUTDOWN_FUNCTION(sqlite);
 PHP_MINFO_FUNCTION(sqlite);
 
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index f0a54c3c1c..babcf8fcd4 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -81,7 +81,7 @@ extern int sqlite_encode_binary(const unsigned char *in, int n, unsigned char *o
 extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out);
 
 #define php_sqlite_encode_binary(in, n, out) sqlite_encode_binary((const unsigned char *)in, n, (unsigned char *)out)
-#define php_sqlite_decode_binary(in, out)    sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out)
+#define php_sqlite_decode_binary(in, out) in && *in ? sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) : 0
 
 static int sqlite_count_elements(zval *object, long *count TSRMLS_DC);
 
@@ -341,7 +341,7 @@ zend_module_entry sqlite_module_entry = {
 	sqlite_functions,
 	PHP_MINIT(sqlite),
 	PHP_MSHUTDOWN(sqlite),
-	PHP_RINIT(sqlite),
+	NULL,
 	PHP_RSHUTDOWN(sqlite),
 	PHP_MINFO(sqlite),
 #if ZEND_MODULE_API_NO >= 20010901