diff options
author | Dmitry Stogov <dmitry@zend.com> | 2014-06-12 05:07:33 +0400 |
---|---|---|
committer | Dmitry Stogov <dmitry@zend.com> | 2014-06-12 05:07:33 +0400 |
commit | dd1c68e67fd5ed5022b62328748fb961d082c070 (patch) | |
tree | 8266673f59360ad76297cf0c9e887b531460f3ac /ext | |
parent | 593b125eb985f5cdfa346d8f1d249924899b2558 (diff) | |
parent | b853f99abfd823fc2752175cab58465cfc8a3eab (diff) | |
download | php-git-dd1c68e67fd5ed5022b62328748fb961d082c070.tar.gz |
Merge branch 'master' into phpng
* master: (77 commits)
NEWS entry for Fix potential segfault in dns_get_record()
NEWS entry for "Fix potential segfault in dns_get_record()"
NEWS entry for Fix potential segfault in dns_get_record(
Fix potential segfault in dns_get_record()
Revert "Add optional second arg to unserialize()"
5.5.15 now
update NEWS
Fix bug #66127 (Segmentation fault with ArrayObject unset)
5.4.31 next
Add NEWS. This doesn't need UPGRADING (or an RFC), IMO.
Fix broken test.
Add a mime type map generation script and update the header.
Move the mime type map out of php_cli_server.c for easier generation.
Replace the CLI server's linear search for extensions with a hash table.
fix test
Remove unused included file
NEWS
NEWS
NEWS
Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec
...
Conflicts:
Zend/zend_closures.c
Zend/zend_execute.c
Zend/zend_vm_def.h
Zend/zend_vm_execute.h
ext/spl/spl_array.c
ext/standard/basic_functions.c
ext/standard/dns.c
ext/standard/var.c
Diffstat (limited to 'ext')
34 files changed, 263 insertions, 140 deletions
diff --git a/ext/date/tests/bug67118.phpt b/ext/date/tests/bug67118.phpt index 2aa8c1d828..19b5914aa3 100644 --- a/ext/date/tests/bug67118.phpt +++ b/ext/date/tests/bug67118.phpt @@ -23,4 +23,4 @@ class mydt extends datetime new mydt("Funktionsansvarig rÄdgivning och juridik", "UTC"); ?> --EXPECTF-- -Fatal error: Call to a member function format() on a non-object in %sbug67118.php on line %d +Fatal error: Call to a member function format() on null in %sbug67118.php on line %d diff --git a/ext/exif/tests/exif004.phpt b/ext/exif/tests/exif004.phpt index 229f49e145..8797955f8c 100644 --- a/ext/exif/tests/exif004.phpt +++ b/ext/exif/tests/exif004.phpt @@ -18,7 +18,7 @@ exif.encode_unicode=ISO-8859-1 test4.jpg is a 1*1 image that contains Exif tags written by WindowsXP */ $image = exif_read_data(dirname(__FILE__).'/test4.jpg','',true,false); -echo var_dump($image['WINXP']); +var_dump($image['WINXP']); ?> --EXPECT-- array(5) { diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c index cbe3b0cf77..ad285cfe18 100644 --- a/ext/fileinfo/libmagic/cdf.c +++ b/ext/fileinfo/libmagic/cdf.c @@ -277,13 +277,15 @@ cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h, { const char *b = (const char *)sst->sst_tab; const char *e = ((const char *)p) + tail; + size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? + CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); (void)&line; - if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len) + if (e >= b && (size_t)(e - b) <= ss * sst->sst_len) return 0; DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u" " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), - CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); + ss * sst->sst_len, ss, sst->sst_len)); errno = EFTYPE; return -1; } @@ -468,7 +470,8 @@ size_t cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) { size_t i, j; - cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size); + cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size) + / sizeof(maxsector)); DPRINTF(("Chain:")); for (j = i = 0; sid >= 0; i++, j++) { @@ -478,8 +481,8 @@ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) errno = EFTYPE; return (size_t)-1; } - if (sid > maxsector) { - DPRINTF(("Sector %d > %d\n", sid, maxsector)); + if (sid >= maxsector) { + DPRINTF(("Sector %d >= %d\n", sid, maxsector)); errno = EFTYPE; return (size_t)-1; } @@ -812,7 +815,11 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { - size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); + size_t ofs, tail = (i << 1) + 1; + if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t), + __LINE__) == -1) + goto out; + ofs = CDF_GETUINT32(p, tail); q = (const uint8_t *)(const void *) ((const char *)(const void *)p + ofs - 2 * sizeof(uint32_t)); diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c index bfcae28c51..9432d55f21 100644 --- a/ext/fileinfo/libmagic/softmagic.c +++ b/ext/fileinfo/libmagic/softmagic.c @@ -918,10 +918,18 @@ mconvert(struct magic_set *ms, struct magic *m, int flip) return 1; } case FILE_PSTRING: { - char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); + size_t sz = file_pstring_length_size(m); + char *ptr1 = p->s, *ptr2 = ptr1 + sz; size_t len = file_pstring_get_length(m, ptr1); - if (len >= sizeof(p->s)) - len = sizeof(p->s) - 1; + if (len >= sizeof(p->s)) { + /* + * The size of the pascal string length (sz) + * is 1, 2, or 4. We need at least 1 byte for NUL + * termination, but we've already truncated the + * string by p->s, so we need to deduct sz. + */ + len = sizeof(p->s) - sz; + } while (len--) *ptr1++ = *ptr2++; *ptr1 = '\0'; diff --git a/ext/mbstring/libmbfl/cvsclean b/ext/mbstring/libmbfl/cvsclean deleted file mode 100755 index 60ae246a50..0000000000 --- a/ext/mbstring/libmbfl/cvsclean +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -function cvsclean_sub() { - prev_pwd=`pwd` - cd $1 - cat .cvsignore | while read fname; do - rm -r -f $fname - done - cd "$prev_pwd" -} - -cvsclean_sub . -cvsclean_sub mbfl -cvsclean_sub filters -cvsclean_sub nls diff --git a/ext/mysqli/tests/bug33491.phpt b/ext/mysqli/tests/bug33491.phpt index 168ecb0381..7e994bc4d0 100644 --- a/ext/mysqli/tests/bug33491.phpt +++ b/ext/mysqli/tests/bug33491.phpt @@ -26,4 +26,4 @@ $DB->query_single('SELECT DATE()'); ?> --EXPECTF-- -Fatal error: Call to a member function fetch_row() on a non-object in %sbug33491.php on line %d +Fatal error: Call to a member function fetch_row() on boolean in %sbug33491.php on line %d diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c index 16c609ffb9..ed13bae12c 100755 --- a/ext/openssl/openssl.c +++ b/ext/openssl/openssl.c @@ -705,7 +705,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ char * thestr; long gmadjust = 0; - if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME) { + if (ASN1_STRING_type(timestr) != V_ASN1_UTCTIME && ASN1_STRING_type(timestr) != V_ASN1_GENERALIZEDTIME) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "illegal ASN1 data type for timestamp"); return (time_t)-1; } @@ -720,6 +720,11 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ return (time_t)-1; } + if (ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME && ASN1_STRING_length(timestr) < 15) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "unable to parse time string %s correctly", timestr->data); + return (time_t)-1; + } + strbuf = estrdup((char *)ASN1_STRING_data(timestr)); memset(&thetime, 0, sizeof(thetime)); @@ -741,14 +746,21 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */ *thestr = '\0'; thestr -= 2; thetime.tm_mon = atoi(thestr)-1; + *thestr = '\0'; - thestr -= 2; - thetime.tm_year = atoi(thestr); + if( ASN1_STRING_type(timestr) == V_ASN1_UTCTIME ) { + thestr -= 2; + thetime.tm_year = atoi(thestr); - if (thetime.tm_year < 68) { - thetime.tm_year += 100; + if (thetime.tm_year < 68) { + thetime.tm_year += 100; + } + } else if( ASN1_STRING_type(timestr) == V_ASN1_GENERALIZEDTIME ) { + thestr -= 4; + thetime.tm_year = atoi(thestr) - 1900; } + thetime.tm_isdst = -1; ret = mktime(&thetime); diff --git a/ext/openssl/tests/bug65698.crt b/ext/openssl/tests/bug65698.crt new file mode 100644 index 0000000000..c4a0261138 --- /dev/null +++ b/ext/openssl/tests/bug65698.crt @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEsTCCA5mgAwIBAgIQdwrGwrpRpBwdXS+ZsmsMGjANBgkqhkiG9w0BAQUFADA+ +MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4geiBvLm8uMRIwEAYD +VQQDEwlDZXJ0dW0gQ0EwIhgPMjAwOTAzMDMxMjUzMThaGA8yMDI0MDMwMzEyNTMx +OFowdzELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVz +IFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEb +MBkGA1UEAxMSQ2VydHVtIExldmVsIElJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4LE0Ixw8h5Lper9tHVtZkWIujxYsPVgUZABeZZgQsKTdJjaG +VP64B/oiEV5Hd3AxRqaZ7dRRsf4Pg/PSS/2mHRQQ/SH3XACbrDHmucDvYgtU/WoZ +yp9d6PXVPY4j7J5t/52s+EbZD5swSuQLGjZ9iwg9sXX3JdJ9Ty+B3z80oiajpK0B +wqAxrcX3DekEOknj7LkAOK6iuQKI85REj4IVb9kD7KKIWdISGbfL4Ezh/TP51e0L +/WhTJ7lHbHbRzFfPU/oi3Qyt5tEexrPKe+6N+Jrejdb5Ya7Ne3tKujDU7KlbO+dn +pzFH7VHkBPJcQJ7QUrprPaqVsVg3JJ1PXTqVnwIDAQABo4IBbDCCAWgwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUgGIR3sBrpxDhCPBVtDCDv/qPCGAwUgYDVR0j +BEswSaFCpEAwPjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHog +by5vLjESMBAGA1UEAxMJQ2VydHVtIENBggMBACAwDgYDVR0PAQH/BAQDAgEGMCwG +A1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9jcmwuY2VydHVtLnBsL2NhLmNybDBoBggr +BgEFBQcBAQRcMFowKAYIKwYBBQUHMAGGHGh0dHA6Ly9zdWJjYS5vY3NwLWNlcnR1 +bS5jb20wLgYIKwYBBQUHMAKGImh0dHA6Ly9yZXBvc2l0b3J5LmNlcnR1bS5wbC9j +YS5jZXIwOgYDVR0gBDMwMTAvBgRVHSAAMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8v +d3d3LmNlcnR1bS5wbC9DUFMwDQYJKoZIhvcNAQEFBQADggEBAI/jSDAW/w9qLzF6 +4oQiIRB7dGKp2Nlj27xZFYDBRINn4DKyZExkpanASF2of9eEzvrS+qoDY29mhXCi +MkiGr0vCsVhn0ReUpjg4Z5SsiQhZ2BGSjXiOJgaDI7Dw1MH7Ru6jdfSbLyd97EFj +ER0ERGdrcA2kLw7KfQm78IkClXEEKjKnAUTn1d/5Y4UuBWDCEL0FLgO9AqNXEzIy +rlXVGIs73kdefAK+Z1T6dm83vUrDMyzemWNRBI2tVBujkN6zkaF6uPjE4hfoIkEQ +Z4317byFkG4mxjATU+tQLG1Bs88HUAOrxtJOo/WoeCNsFJaxbYPt4oQGxIVYdz29 +OUX9CQA= +-----END CERTIFICATE----- diff --git a/ext/openssl/tests/bug65698.phpt b/ext/openssl/tests/bug65698.phpt new file mode 100644 index 0000000000..35d31764d5 --- /dev/null +++ b/ext/openssl/tests/bug65698.phpt @@ -0,0 +1,19 @@ +--TEST-- +Bug #65689 (GeneralizedTime format parsing) +--SKIPIF-- +<?php +if (!extension_loaded("openssl")) die("skip"); +?> +--FILE-- +<?php +$crt = substr(__FILE__, 0, -4).'.crt'; +$info = openssl_x509_parse("file://$crt"); +var_dump($info["validFrom"], $info["validFrom_time_t"], $info["validTo"], $info["validTo_time_t"]); +?> +Done +--EXPECTF-- +string(15) "20090303125318Z" +int(1236084798) +string(15) "20240303125318Z" +int(1709470398) +Done diff --git a/ext/openssl/tests/cve-2013-6420.phpt b/ext/openssl/tests/cve-2013-6420.phpt index 87c0210b2e..ccead0aab6 100644 --- a/ext/openssl/tests/cve-2013-6420.phpt +++ b/ext/openssl/tests/cve-2013-6420.phpt @@ -12,7 +12,7 @@ var_dump($info['issuer']['emailAddress'], $info["validFrom_time_t"]); ?> Done --EXPECTF-- -%s openssl_x509_parse(): illegal ASN1 data type for timestamp in %s%ecve-2013-6420.php on line 3 +%s openssl_x509_parse(): illegal length in timestamp in %s%ecve-2013-6420.php on line 3 string(27) "stefan.esser@sektioneins.de" int(-1) Done diff --git a/ext/pdo_mysql/tests/pdo_mysql_prepare_native_clear_error.phpt b/ext/pdo_mysql/tests/pdo_mysql_prepare_native_clear_error.phpt index 42c3d074ad..224684b878 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_prepare_native_clear_error.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_prepare_native_clear_error.phpt @@ -93,4 +93,4 @@ array(1) { Warning: PDO::prepare(): SQLSTATE[42S22]: Column not found: 1054 Unknown column 'unknown_column' in 'field list' in %s on line %d -Fatal error: Call to a member function execute() on a non-object in %s on line %d
\ No newline at end of file +Fatal error: Call to a member function execute() on boolean in %s on line %d diff --git a/ext/pdo_mysql/tests/pdo_mysql_prepare_native_mixed_style.phpt b/ext/pdo_mysql/tests/pdo_mysql_prepare_native_mixed_style.phpt index 90cedef561..b7b0ab6294 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_prepare_native_mixed_style.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_prepare_native_mixed_style.phpt @@ -36,4 +36,4 @@ Warning: PDO::prepare(): SQLSTATE[HY093]: Invalid parameter number: mixed named Warning: PDO::prepare(): SQLSTATE[HY093]: Invalid parameter number in %s on line %d -Fatal error: Call to a member function execute() on a non-object in %s on line %d
\ No newline at end of file +Fatal error: Call to a member function execute() on boolean in %s on line %d diff --git a/ext/pdo_mysql/tests/pdo_mysql_stmt_errorcode.phpt b/ext/pdo_mysql/tests/pdo_mysql_stmt_errorcode.phpt index 4d59e8c3b1..c16ce5dd1c 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_stmt_errorcode.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_stmt_errorcode.phpt @@ -56,4 +56,4 @@ Testing native PS... Warning: PDO::prepare(): SQLSTATE[42S02]: Base table or view not found: 1146 Table '%s.ihopeitdoesnotexist' doesn't exist in %s on line %d -Fatal error: Call to a member function execute() on a non-object in %s on line %d
\ No newline at end of file +Fatal error: Call to a member function execute() on boolean in %s on line %d diff --git a/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt b/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt index 91b5237ea8..56c37c5f1a 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt @@ -99,4 +99,4 @@ Native Prepared Statements... Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%SSELECT label FROM test ORDER BY id ASC LIMIT 1' at line %d in %s on line %d -Fatal error: Call to a member function errorInfo() on a non-object in %s on line %d +Fatal error: Call to a member function errorInfo() on boolean in %s on line %d diff --git a/ext/reflection/tests/ReflectionFunction_isClosure_basic.phpt b/ext/reflection/tests/ReflectionFunction_isClosure_basic.phpt index eeaf8d382c..368464e130 100644 --- a/ext/reflection/tests/ReflectionFunction_isClosure_basic.phpt +++ b/ext/reflection/tests/ReflectionFunction_isClosure_basic.phpt @@ -13,6 +13,6 @@ if (!extension_loaded('reflection') || !defined('PHP_VERSION_ID') || PHP_VERSION <?php $closure = function($param) { return "this is a closure"; }; $rc = new ReflectionFunction($closure); -echo var_dump($rc->isClosure()); +var_dump($rc->isClosure()); --EXPECTF-- bool(true) diff --git a/ext/reflection/tests/ReflectionFunction_isDeprecated_basic.phpt b/ext/reflection/tests/ReflectionFunction_isDeprecated_basic.phpt index 31d37a85f1..4148fada0c 100644 --- a/ext/reflection/tests/ReflectionFunction_isDeprecated_basic.phpt +++ b/ext/reflection/tests/ReflectionFunction_isDeprecated_basic.phpt @@ -10,6 +10,6 @@ if (!extension_loaded('reflection') || !defined('PHP_VERSION_ID') || PHP_VERSION --FILE-- <?php $rc = new ReflectionFunction('ereg'); -echo var_dump($rc->isDeprecated()); +var_dump($rc->isDeprecated()); --EXPECTF-- bool(true) diff --git a/ext/reflection/tests/ReflectionFunction_isDisabled_basic.phpt b/ext/reflection/tests/ReflectionFunction_isDisabled_basic.phpt index c71b96b8ef..30189cf4de 100644 --- a/ext/reflection/tests/ReflectionFunction_isDisabled_basic.phpt +++ b/ext/reflection/tests/ReflectionFunction_isDisabled_basic.phpt @@ -12,6 +12,6 @@ disable_functions=is_file --FILE-- <?php $rc = new ReflectionFunction('is_file'); -echo var_dump($rc->isDisabled()); +var_dump($rc->isDisabled()); --EXPECTF-- bool(true) diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 7150738051..fe97793afe 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -225,6 +225,7 @@ PHP_METHOD(SoapClient, __getFunctions); PHP_METHOD(SoapClient, __getTypes); PHP_METHOD(SoapClient, __doRequest); PHP_METHOD(SoapClient, __setCookie); +PHP_METHOD(SoapClient, __getCookies); PHP_METHOD(SoapClient, __setLocation); PHP_METHOD(SoapClient, __setSoapHeaders); @@ -368,6 +369,9 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_soapclient___setcookie, 0, 0, 1) ZEND_ARG_INFO(0, value) ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO(arginfo_soapclient___getcookies, 0) +ZEND_END_ARG_INFO() + ZEND_BEGIN_ARG_INFO_EX(arginfo_soapclient___setsoapheaders, 0, 0, 1) ZEND_ARG_INFO(0, soapheaders) ZEND_END_ARG_INFO() @@ -422,6 +426,7 @@ static const zend_function_entry soap_client_functions[] = { PHP_ME(SoapClient, __getTypes, arginfo_soapclient___gettypes, 0) PHP_ME(SoapClient, __doRequest, arginfo_soapclient___dorequest, 0) PHP_ME(SoapClient, __setCookie, arginfo_soapclient___setcookie, 0) + PHP_ME(SoapClient, __getCookies, arginfo_soapclient___getcookies, 0) PHP_ME(SoapClient, __setLocation, arginfo_soapclient___setlocation, 0) PHP_ME(SoapClient, __setSoapHeaders, arginfo_soapclient___setsoapheaders, 0) PHP_FE_END @@ -3146,6 +3151,26 @@ PHP_METHOD(SoapClient, __setCookie) } /* }}} */ +/* {{{ proto array SoapClient::__getCookies ( void ) + Returns list of cookies */ +PHP_METHOD(SoapClient, __getCookies) +{ + zval *cookies; + + if (zend_parse_parameters_none() == FAILURE) { + return; + } + + + if ((cookies = zend_hash_str_find(Z_OBJPROP_P(getThis()), "_cookies", sizeof("_cookies")-1)) != NULL) { + ZVAL_NEW_ARR(return_value); + zend_array_dup(Z_ARRVAL_P(return_value), Z_ARRVAL_P(cookies)); + } else { + array_init(return_value); + } +} +/* }}} */ + /* {{{ proto void SoapClient::__setSoapHeaders(array SoapHeaders) Sets SOAP headers for subsequent calls (replaces any previous values). diff --git a/ext/soap/tests/bug49898.phpt b/ext/soap/tests/bug49898.phpt new file mode 100644 index 0000000000..eea4ea490a --- /dev/null +++ b/ext/soap/tests/bug49898.phpt @@ -0,0 +1,14 @@ +--TEST-- +Test for bug #49898: SoapClient::__getCookies() implementation +--CREDITS-- +Boro Sitnikovski <buritomath@yahoo.com> +--SKIPIF-- +<?php require_once('skipif.inc'); ?> +--FILE-- +<?php +$client = new SoapClient(null, array('uri' => 'mo:http://www.w3.org/', 'location' => 'http://some.url')); +$client->__setCookie("CookieTest", "HelloWorld"); +var_dump($client->__getCookies()['CookieTest'][0]); +?> +--EXPECT-- +string(10) "HelloWorld" diff --git a/ext/spl/tests/bug66127.phpt b/ext/spl/tests/bug66127.phpt new file mode 100644 index 0000000000..b5d1dcac4b --- /dev/null +++ b/ext/spl/tests/bug66127.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #66127 (Segmentation fault with ArrayObject unset) +--INI-- +error_reporting = E_ALL & ~E_NOTICE +--FILE-- +<?php +function crash() +{ + set_error_handler(function () {}); + $var = 1; + trigger_error('error'); + $var2 = $var; + $var3 = $var; + trigger_error('error'); +} + +$items = new ArrayObject(); + +unset($items[0]); +unset($items[0][0]); +crash(); +echo "Worked!\n"; +?> +--EXPECT-- +Worked! diff --git a/ext/spl/tests/iterator_035.phpt b/ext/spl/tests/iterator_035.phpt index 9ce098b69d..fc0271e381 100644 --- a/ext/spl/tests/iterator_035.phpt +++ b/ext/spl/tests/iterator_035.phpt @@ -12,4 +12,6 @@ $a[] = &$tmp; echo "Done\n"; ?> --EXPECTF-- +Notice: Indirect modification of overloaded element of ArrayIterator has no effect in %s on line %d + Fatal error: Cannot assign by reference to overloaded object in %s on line %d diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 0242f8aaba..c8b3f96bc5 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -2636,7 +2636,6 @@ ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX(arginfo_unserialize, 0, 0, 1) ZEND_ARG_INFO(0, variable_representation) - ZEND_ARG_INFO(1, consumed) ZEND_END_ARG_INFO() ZEND_BEGIN_ARG_INFO_EX(arginfo_memory_get_usage, 0, 0, 0) @@ -4042,92 +4041,91 @@ PHP_FUNCTION(putenv) { char *setting; int setting_len; + char *p, **env; + putenv_entry pe; +#ifdef PHP_WIN32 + char *value = NULL; + int equals = 0; + int error_code; +#endif if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &setting, &setting_len) == FAILURE) { return; } + + if(setting_len == 0 || setting[0] == '=') { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter syntax"); + RETURN_FALSE; + } - if (setting_len) { - char *p, **env; - putenv_entry pe; + pe.putenv_string = estrndup(setting, setting_len); + pe.key = estrndup(setting, setting_len); + if ((p = strchr(pe.key, '='))) { /* nullify the '=' if there is one */ + *p = '\0'; #ifdef PHP_WIN32 - char *value = NULL; - int equals = 0; - int error_code; + equals = 1; #endif + } - pe.putenv_string = estrndup(setting, setting_len); - pe.key = estrndup(setting, setting_len); - if ((p = strchr(pe.key, '='))) { /* nullify the '=' if there is one */ - *p = '\0'; -#ifdef PHP_WIN32 - equals = 1; -#endif - } - - pe.key_len = strlen(pe.key); + pe.key_len = strlen(pe.key); #ifdef PHP_WIN32 - if (equals) { - if (pe.key_len < setting_len - 1) { - value = p + 1; - } else { - /* empty string*/ - value = p; - } + if (equals) { + if (pe.key_len < setting_len - 1) { + value = p + 1; + } else { + /* empty string*/ + value = p; } + } #endif - zend_hash_str_del(&BG(putenv_ht), pe.key, pe.key_len); + zend_hash_str_del(&BG(putenv_ht), pe.key, pe.key_len); - /* find previous value */ - pe.previous_value = NULL; - for (env = environ; env != NULL && *env != NULL; env++) { - if (!strncmp(*env, pe.key, pe.key_len) && (*env)[pe.key_len] == '=') { /* found it */ + /* find previous value */ + pe.previous_value = NULL; + for (env = environ; env != NULL && *env != NULL; env++) { + if (!strncmp(*env, pe.key, pe.key_len) && (*env)[pe.key_len] == '=') { /* found it */ #if defined(PHP_WIN32) - /* must copy previous value because MSVCRT's putenv can free the string without notice */ - pe.previous_value = estrdup(*env); + /* must copy previous value because MSVCRT's putenv can free the string without notice */ + pe.previous_value = estrdup(*env); #else - pe.previous_value = *env; + pe.previous_value = *env; #endif - break; - } + break; } + } #if HAVE_UNSETENV - if (!p) { /* no '=' means we want to unset it */ - unsetenv(pe.putenv_string); - } - if (!p || putenv(pe.putenv_string) == 0) { /* success */ + if (!p) { /* no '=' means we want to unset it */ + unsetenv(pe.putenv_string); + } + if (!p || putenv(pe.putenv_string) == 0) { /* success */ #else # ifndef PHP_WIN32 - if (putenv(pe.putenv_string) == 0) { /* success */ + if (putenv(pe.putenv_string) == 0) { /* success */ # else - error_code = SetEnvironmentVariable(pe.key, value); + error_code = SetEnvironmentVariable(pe.key, value); # if _MSC_VER < 1500 - /* Yet another VC6 bug, unset may return env not found */ - if (error_code != 0 || - (error_code == 0 && GetLastError() == ERROR_ENVVAR_NOT_FOUND)) { + /* Yet another VC6 bug, unset may return env not found */ + if (error_code != 0 || + (error_code == 0 && GetLastError() == ERROR_ENVVAR_NOT_FOUND)) { # else - if (error_code != 0) { /* success */ + if (error_code != 0) { /* success */ # endif # endif #endif - zend_hash_str_add_mem(&BG(putenv_ht), pe.key, pe.key_len, &pe, sizeof(putenv_entry)); + zend_hash_str_add_mem(&BG(putenv_ht), pe.key, pe.key_len, &pe, sizeof(putenv_entry)); #ifdef HAVE_TZSET - if (!strncmp(pe.key, "TZ", pe.key_len)) { - tzset(); - } -#endif - RETURN_TRUE; - } else { - efree(pe.putenv_string); - efree(pe.key); - RETURN_FALSE; + if (!strncmp(pe.key, "TZ", pe.key_len)) { + tzset(); } +#endif + RETURN_TRUE; + } else { + efree(pe.putenv_string); + efree(pe.key); + RETURN_FALSE; } - - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid parameter syntax"); - RETURN_FALSE; } /* }}} */ #endif diff --git a/ext/standard/dns.c b/ext/standard/dns.c index fd0acd7e3c..cabe3d72f1 100644 --- a/ext/standard/dns.c +++ b/ext/standard/dns.c @@ -515,6 +515,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int while (ll < dlen) { n = cp[ll]; + if ((ll + n) >= dlen) { + // Invalid chunk length, truncate + n = dlen - (ll + 1); + } memcpy(tp->val + ll , cp + ll + 1, n); add_next_index_stringl(&entries, (char*)cp + ll + 1, n); ll = ll + n + 1; diff --git a/ext/standard/tests/general_functions/putenv.phpt b/ext/standard/tests/general_functions/putenv.phpt index afe1badce4..254207320b 100644 --- a/ext/standard/tests/general_functions/putenv.phpt +++ b/ext/standard/tests/general_functions/putenv.phpt @@ -15,6 +15,9 @@ var_dump(getenv($var_name)); var_dump(putenv($var_name)); var_dump(getenv($var_name)); +var_dump(putenv("=123")); +var_dump(putenv("")); + echo "Done\n"; ?> --EXPECTF-- @@ -25,4 +28,10 @@ bool(true) string(0) "" bool(true) bool(false) + +Warning: putenv(): Invalid parameter syntax in %s on line %d +bool(false) + +Warning: putenv(): Invalid parameter syntax in %s on line %d +bool(false) Done diff --git a/ext/standard/tests/network/setcookie.phpt b/ext/standard/tests/network/setcookie.phpt index bf04ec78de..a2a72e7177 100644 --- a/ext/standard/tests/network/setcookie.phpt +++ b/ext/standard/tests/network/setcookie.phpt @@ -35,7 +35,7 @@ $expected = array( $headers = headers_list(); if (($i = count($expected)) > count($headers)) { - echo "Less headers are being sent than expected - aborting"; + echo "Fewer headers are being sent than expected - aborting"; return; } @@ -67,4 +67,4 @@ echo ($i === 0) --EXPECTHEADERS-- --EXPECT-- -OK
\ No newline at end of file +OK diff --git a/ext/standard/tests/serialize/serialization_error_001.phpt b/ext/standard/tests/serialize/serialization_error_001.phpt index c6c17512f3..da6f50cc02 100644 --- a/ext/standard/tests/serialize/serialization_error_001.phpt +++ b/ext/standard/tests/serialize/serialization_error_001.phpt @@ -21,7 +21,7 @@ var_dump( unserialize() ); //Test serialize with one more than the expected number of arguments var_dump( serialize(1,2) ); -var_dump( unserialize(1,$x,2) ); +var_dump( unserialize(1,2) ); echo "Done"; ?> @@ -31,12 +31,12 @@ echo "Done"; Warning: serialize() expects exactly 1 parameter, 0 given in %s on line 16 NULL -Warning: unserialize() expects at least 1 parameter, 0 given in %s on line 17 +Warning: unserialize() expects exactly 1 parameter, 0 given in %s on line 17 bool(false) Warning: serialize() expects exactly 1 parameter, 2 given in %s on line 20 NULL -Warning: unserialize() expects at most 2 parameters, 3 given in %s on line 21 +Warning: unserialize() expects exactly 1 parameter, 2 given in %s on line 21 bool(false) Done diff --git a/ext/standard/tests/serialize/unserialize_consumed.phpt b/ext/standard/tests/serialize/unserialize_consumed.phpt deleted file mode 100644 index 6cc11e273f..0000000000 --- a/ext/standard/tests/serialize/unserialize_consumed.phpt +++ /dev/null @@ -1,27 +0,0 @@ ---TEST-- -Unserialization of partial strings ---FILE-- -<?php -$data = [123,4.56,true]; -$ser = serialize($data); -$serlen = strlen($ser); - -$unser = unserialize($ser, $consumed); -echo "Consume full string: "; -var_dump($serlen == $consumed); -echo "Return original data: "; -var_dump($unser === $data); - -$ser .= "junk\x01data"; -$unser = unserialize($ser, $consumed); -echo "Consume full string(junk): "; -var_dump($serlen == $consumed); -echo "Return original data(junk): "; -var_dump($unser === $data); - ---EXPECT-- -Consume full string: bool(true) -Return original data: bool(true) -Consume full string(junk): bool(true) -Return original data(junk): bool(true) - diff --git a/ext/standard/var.c b/ext/standard/var.c index 1a6a16508c..96b1ee40ec 100644 --- a/ext/standard/var.c +++ b/ext/standard/var.c @@ -1008,7 +1008,7 @@ PHP_FUNCTION(serialize) } /* }}} */ -/* {{{ proto mixed unserialize(string variable_representation[, int &consumed]) +/* {{{ proto mixed unserialize(string variable_representation) Takes a string representation of variable and recreates it */ PHP_FUNCTION(unserialize) { @@ -1016,9 +1016,8 @@ PHP_FUNCTION(unserialize) int buf_len; const unsigned char *p; php_unserialize_data_t var_hash; - zval *consumed = NULL; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|z/", &buf, &buf_len, &consumed) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { RETURN_FALSE; } @@ -1037,11 +1036,6 @@ PHP_FUNCTION(unserialize) RETURN_FALSE; } PHP_VAR_UNSERIALIZE_DESTROY(var_hash); - - if (consumed) { - zval_dtor(consumed); - ZVAL_LONG(consumed, ((char*)p) - buf); - } } /* }}} */ diff --git a/ext/tokenizer/tests/bug67395.phpt b/ext/tokenizer/tests/bug67395.phpt new file mode 100644 index 0000000000..c9b7f3012f --- /dev/null +++ b/ext/tokenizer/tests/bug67395.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug 67395: token_name() does not return name for T_POW and T_POW_EQUAL token +--FILE-- +<?php + +$powToken = token_get_all('<?php **')[1][0]; +var_dump(token_name($powToken)); + +$powEqualToken = token_get_all('<?php **=')[1][0]; +var_dump(token_name($powEqualToken)); + +?> +--EXPECT-- +string(5) "T_POW" +string(11) "T_POW_EQUAL" diff --git a/ext/tokenizer/tokenizer_data.c b/ext/tokenizer/tokenizer_data.c index dc48f040f1..beb9ea8e5b 100644 --- a/ext/tokenizer/tokenizer_data.c +++ b/ext/tokenizer/tokenizer_data.c @@ -39,6 +39,7 @@ void tokenizer_register_constants(INIT_FUNC_ARGS) { REGISTER_LONG_CONSTANT("T_LOGICAL_AND", T_LOGICAL_AND, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_PRINT", T_PRINT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_YIELD", T_YIELD, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("T_POW_EQUAL", T_POW_EQUAL, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_SR_EQUAL", T_SR_EQUAL, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_SL_EQUAL", T_SL_EQUAL, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_XOR_EQUAL", T_XOR_EQUAL, CONST_CS | CONST_PERSISTENT); @@ -70,6 +71,7 @@ void tokenizer_register_constants(INIT_FUNC_ARGS) { REGISTER_LONG_CONSTANT("T_INT_CAST", T_INT_CAST, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_DEC", T_DEC, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_INC", T_INC, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("T_POW", T_POW, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_CLONE", T_CLONE, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_NEW", T_NEW, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("T_EXIT", T_EXIT, CONST_CS | CONST_PERSISTENT); @@ -176,6 +178,7 @@ char *get_token_type_name(int token_type) case T_LOGICAL_AND: return "T_LOGICAL_AND"; case T_PRINT: return "T_PRINT"; case T_YIELD: return "T_YIELD"; + case T_POW_EQUAL: return "T_POW_EQUAL"; case T_SR_EQUAL: return "T_SR_EQUAL"; case T_SL_EQUAL: return "T_SL_EQUAL"; case T_XOR_EQUAL: return "T_XOR_EQUAL"; @@ -207,6 +210,7 @@ char *get_token_type_name(int token_type) case T_INT_CAST: return "T_INT_CAST"; case T_DEC: return "T_DEC"; case T_INC: return "T_INC"; + case T_POW: return "T_POW"; case T_CLONE: return "T_CLONE"; case T_NEW: return "T_NEW"; case T_EXIT: return "T_EXIT"; diff --git a/ext/zlib/tests/gzseek_basic2.phpt b/ext/zlib/tests/gzseek_basic2.phpt index 82d305d0fb..8e037af139 100644 --- a/ext/zlib/tests/gzseek_basic2.phpt +++ b/ext/zlib/tests/gzseek_basic2.phpt @@ -24,7 +24,7 @@ gzclose($h); echo "\nreading the output file\n"; $h = gzopen($f, 'r'); echo gzread($h, strlen($str1))."\n"; -echo var_dump(bin2hex(gzread($h, 20))); +var_dump(bin2hex(gzread($h, 20))); echo gzread($h, strlen($str2))."\n"; gzclose($h); unlink($f); diff --git a/ext/zlib/tests/gzseek_variation1.phpt b/ext/zlib/tests/gzseek_variation1.phpt index b260783f11..8512b743bd 100644 --- a/ext/zlib/tests/gzseek_variation1.phpt +++ b/ext/zlib/tests/gzseek_variation1.phpt @@ -20,7 +20,7 @@ gzwrite($h, $str2); gzclose($h); $h = gzopen($f, 'r'); echo gzread($h, strlen($str1))."\n"; -echo var_dump(bin2hex(gzread($h, 20))); +var_dump(bin2hex(gzread($h, 20))); echo gzread($h, strlen($str2))."\n"; gzclose($h); unlink($f); diff --git a/ext/zlib/tests/gzseek_variation4.phpt b/ext/zlib/tests/gzseek_variation4.phpt index 3d0cf67ceb..529a012141 100644 --- a/ext/zlib/tests/gzseek_variation4.phpt +++ b/ext/zlib/tests/gzseek_variation4.phpt @@ -24,7 +24,7 @@ gzclose($h); echo "\nreading the output file\n"; $h = gzopen($f, 'r'); echo gzread($h, strlen($str1))."\n"; -echo var_dump(bin2hex(gzread($h, 20))); +var_dump(bin2hex(gzread($h, 20))); echo gzread($h, strlen($str2))."\n"; gzclose($h); unlink($f); diff --git a/ext/zlib/tests/gzseek_variation5.phpt b/ext/zlib/tests/gzseek_variation5.phpt index 93fb19fdbb..11e4912787 100644 --- a/ext/zlib/tests/gzseek_variation5.phpt +++ b/ext/zlib/tests/gzseek_variation5.phpt @@ -24,7 +24,7 @@ gzclose($h); echo "\nreading the output file\n"; $h = gzopen($f, 'r'); echo gzread($h, strlen($str1))."\n"; -echo var_dump(bin2hex(gzread($h, 20))); +var_dump(bin2hex(gzread($h, 20))); echo gzread($h, strlen($str2))."\n"; gzclose($h); unlink($f); |