diff options
| -rw-r--r-- | NEWS | 17 | ||||
| -rw-r--r-- | TSRM/tsrm_virtual_cwd.c | 9 | ||||
| -rw-r--r-- | TSRM/tsrm_win32.c | 5 | ||||
| -rw-r--r-- | config.guess | 2 | ||||
| -rw-r--r-- | ext/filter/filter_private.h | 6 | ||||
| -rw-r--r-- | ext/gd/libgd/gd_png.c | 4 | ||||
| -rw-r--r-- | ext/libxml/libxml.c | 2 | ||||
| -rw-r--r-- | ext/libxml/tests/004.phpt | 22 | ||||
| -rw-r--r-- | ext/libxml/tests/bug63389.phpt | 14 | ||||
| -rw-r--r-- | ext/mbstring/mb_gpc.c | 6 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug63447_001.phpt | 20 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug63447_002.phpt | 20 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug63447_003.phpt | 34 | ||||
| -rw-r--r-- | ext/mysqlnd/mysqlnd_wireprotocol.c | 2 | ||||
| -rw-r--r-- | ext/pcre/php_pcre.c | 2 | ||||
| -rw-r--r-- | ext/pdo_pgsql/pgsql_statement.c | 14 | ||||
| -rw-r--r-- | ext/pdo_pgsql/tests/bug62593.phpt | 51 | ||||
| -rw-r--r-- | ext/reflection/php_reflection.c | 2 | ||||
| -rw-r--r-- | ext/reflection/tests/bug63399.phpt | 49 | ||||
| -rw-r--r-- | ext/reflection/tests/traits005.phpt | 6 |
20 files changed, 262 insertions, 25 deletions
@@ -6,6 +6,10 @@ PHP NEWS . Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence) . Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes). (Tony, Andrew Sitnikov) + . Fixed bug #63241 (PHP fails to open Windows deduplicated files). + (daniel dot stelter-gliese at innogames dot de) + . Fixed bug #62444 (Handle leak in is_readable on windows). + (krazyest at seznam dot cz) - Curl: . Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST). @@ -15,6 +19,14 @@ PHP NEWS . Fixed bug #63248 (Load multiple magic files from a directory under Windows). (Anatoliy) +- Libxml + . Fixed bug #63389 (Missing context check on libxml_set_streams_context() + causes memleak). (Laruence) + +- Mbstring: + . Fixed bug #63447 (max_input_vars doesn't filter variables when + mbstring.encoding_translation = On). (Laruence) + - OCI8: . Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro) (Chris Jones) @@ -29,6 +41,10 @@ PHP NEWS . Fixed bug #63297 (Phar fails to write an openssl based signature). (Anatoliy) +- Reflection: + . Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves + traitnames). (Laruence) + 18 Oct 2012, PHP 5.4.8 - CLI server: @@ -1329,6 +1345,7 @@ PHP NEWS - Gd: . Fixed bug #60160 (imagefill() doesn't work correctly for small images). (Florian) + . Fixed potential memory leak on a png error (Rasmus, Paul Saab) - Intl: . Fixed bug #60192 (SegFault when Collator not constructed diff --git a/TSRM/tsrm_virtual_cwd.c b/TSRM/tsrm_virtual_cwd.c index 683d6a4d52..6779b56974 100644 --- a/TSRM/tsrm_virtual_cwd.c +++ b/TSRM/tsrm_virtual_cwd.c @@ -40,6 +40,10 @@ # define IO_REPARSE_TAG_SYMLINK 0xA000000C # endif +# ifndef IO_REPARSE_TAG_DEDUP +# define IO_REPARSE_TAG_DEDUP 0x80000013 +# endif + # ifndef VOLUME_NAME_NT # define VOLUME_NAME_NT 0x2 # endif @@ -945,6 +949,11 @@ static int tsrm_realpath_r(char *path, int start, int len, int *ll, time_t *t, i return -1; }; substitutename[substitutename_len] = 0; + } + else if (pbuffer->ReparseTag == IO_REPARSE_TAG_DEDUP) { + isabsolute = 1; + memcpy(substitutename, path, len + 1); + substitutename_len = len; } else { tsrm_free_alloca(pbuffer, use_heap_large); return -1; diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c index b40af77c44..c33b599147 100644 --- a/TSRM/tsrm_win32.c +++ b/TSRM/tsrm_win32.c @@ -193,7 +193,7 @@ Finished: TSRM_API int tsrm_win32_access(const char *pathname, int mode TSRMLS_DC) { time_t t; - HANDLE thread_token; + HANDLE thread_token = NULL; PSID token_sid; SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION; GENERIC_MAPPING gen_map = { FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, FILE_ALL_ACCESS }; @@ -363,6 +363,9 @@ Finished_Impersonate: } Finished: + if(thread_token != NULL) { + CloseHandle(thread_token); + } if(real_path != NULL) { free(real_path); real_path = NULL; diff --git a/config.guess b/config.guess index f32079abda..d407b8cde6 100644 --- a/config.guess +++ b/config.guess @@ -532,7 +532,7 @@ EOF echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[456]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h index 2ec2f62fae..0f76d7a032 100644 --- a/ext/filter/filter_private.h +++ b/ext/filter/filter_private.h @@ -109,8 +109,10 @@ if (len < 1 && return_if_empty) { \ RETURN_VALIDATION_FAILED \ } \ - while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \ - len--; \ + if (len > 0) { \ + while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \ + len--; \ + } \ } \ } diff --git a/ext/gd/libgd/gd_png.c b/ext/gd/libgd/gd_png.c index 49f7cb0777..bdbb7ee7d3 100644 --- a/ext/gd/libgd/gd_png.c +++ b/ext/gd/libgd/gd_png.c @@ -127,8 +127,8 @@ gdImagePtr gdImageCreateFromPngCtx (gdIOCtx * infile) png_color_16p trans_gray_rgb; png_color_16p trans_color_rgb; png_bytep trans; - png_bytep image_data = NULL; - png_bytepp row_pointers = NULL; + volatile png_bytep image_data = NULL; + volatile png_bytepp row_pointers = NULL; gdImagePtr im = NULL; int i, j, *open = NULL; volatile int transparent = -1; diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c index a39c875b2c..c97ee6724d 100644 --- a/ext/libxml/libxml.c +++ b/ext/libxml/libxml.c @@ -918,7 +918,7 @@ static PHP_FUNCTION(libxml_set_streams_context) { zval *arg; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &arg) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &arg) == FAILURE) { return; } if (LIBXML(stream_context)) { diff --git a/ext/libxml/tests/004.phpt b/ext/libxml/tests/004.phpt index 8bdf593b93..aa87ab7503 100644 --- a/ext/libxml/tests/004.phpt +++ b/ext/libxml/tests/004.phpt @@ -27,26 +27,26 @@ echo "Done\n"; ?> --EXPECTF-- -Warning: stream_context_create(): options should have the form ["wrappername"]["optionname"] = $value in %s004.php on line 10 -NULL +Warning: stream_context_create(): options should have the form ["wrappername"]["optionname"] = $value in %s004.php on line %d -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 -bool(true) +Warning: libxml_set_streams_context() expects parameter 1 to be resource, null given in %s004.php on line %d NULL - -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 bool(true) -NULL -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 -bool(true) +Warning: libxml_set_streams_context() expects parameter 1 to be resource, string given in %s004.php on line %d NULL +bool(true) -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 +Warning: libxml_set_streams_context() expects parameter 1 to be resource, integer given in %s004.php on line %d +NULL bool(true) + +Warning: libxml_set_streams_context() expects parameter 1 to be resource, object given in %s004.php on line %d NULL +bool(true) -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 +Warning: libxml_set_streams_context() expects parameter 1 to be resource, array given in %s004.php on line %d +NULL bool(true) NULL bool(true) diff --git a/ext/libxml/tests/bug63389.phpt b/ext/libxml/tests/bug63389.phpt new file mode 100644 index 0000000000..e9498aae08 --- /dev/null +++ b/ext/libxml/tests/bug63389.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #63389 (Missing context check on libxml_set_streams_context() causes memleak) +--SKIPIF-- +<?php if (!extension_loaded('libxml')) die('skip'); ?> +--FILE-- +<?php +$fp = fopen("php://input", "r"); +libxml_set_streams_context($fp); +libxml_set_streams_context("a"); +echo "okey"; +?> +--EXPECTF-- +Warning: libxml_set_streams_context() expects parameter 1 to be resource, string given in %sbug63389.php on line %d +okey diff --git a/ext/mbstring/mb_gpc.c b/ext/mbstring/mb_gpc.c index 0797b893d3..4e40e625d4 100644 --- a/ext/mbstring/mb_gpc.c +++ b/ext/mbstring/mb_gpc.c @@ -254,6 +254,12 @@ const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_i n++; var = php_strtok_r(NULL, info->separator, &strtok_buf); } + + if (n > (PG(max_input_vars) * 2)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + goto out; + } + num = n; /* make sure to process initilized vars only */ /* initialize converter */ diff --git a/ext/mbstring/tests/bug63447_001.phpt b/ext/mbstring/tests/bug63447_001.phpt new file mode 100644 index 0000000000..51302994db --- /dev/null +++ b/ext/mbstring/tests/bug63447_001.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- +<?php +extension_loaded('mbstring') or die('skip'); +?> +--INI-- +max_input_nesting_level=10 +max_input_vars=5 +mbstring.encoding_translation=1 +--POST-- +a=1&b=2&c=3&d=4&e=5&f=6 +--FILE-- +<?php +var_dump($_POST); +?> +--EXPECT-- +Warning: Unknown: Input variables exceeded 5. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 +array(0) { +} diff --git a/ext/mbstring/tests/bug63447_002.phpt b/ext/mbstring/tests/bug63447_002.phpt new file mode 100644 index 0000000000..e51089b794 --- /dev/null +++ b/ext/mbstring/tests/bug63447_002.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- +<?php +extension_loaded('mbstring') or die('skip'); +?> +--INI-- +max_input_nesting_level=10 +max_input_vars=4 +mbstring.encoding_translation=1 +--POST-- +a=1&b=2&c=3&d=4&e=5 +--FILE-- +<?php +var_dump($_POST); +?> +--EXPECT-- +Warning: Unknown: Input variables exceeded 4. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 +array(0) { +} diff --git a/ext/mbstring/tests/bug63447_003.phpt b/ext/mbstring/tests/bug63447_003.phpt new file mode 100644 index 0000000000..a4a7e14851 --- /dev/null +++ b/ext/mbstring/tests/bug63447_003.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- +<?php +extension_loaded('mbstring') or die('skip'); +?> +--INI-- +max_input_nesting_level=5 +max_input_vars=100 +mbstring.encoding_translation=1 +--POST-- +a=1&b[][][]=2&c[][][][][][]=7 +--FILE-- +<?php +print_r($_POST); +?> +--EXPECT-- +Array +( + [a] => 1 + [b] => Array + ( + [0] => Array + ( + [0] => Array + ( + [0] => 2 + ) + + ) + + ) + +) diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c index ce94ad8d8e..face502cd6 100644 --- a/ext/mysqlnd/mysqlnd_wireprotocol.c +++ b/ext/mysqlnd/mysqlnd_wireprotocol.c @@ -1201,7 +1201,7 @@ php_mysqlnd_rset_field_read(void * _packet, MYSQLND_CONN_DATA * conn TSRMLS_DC) p += 2; BAIL_IF_NO_MORE_DATA; - meta->decimals = uint2korr(p); + meta->decimals = uint1korr(p); p += 1; BAIL_IF_NO_MORE_DATA; diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index 2f892c8e94..b18c9edc7f 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -1866,7 +1866,7 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_preg_match, 0, 0, 2) ZEND_ARG_INFO(0, offset) ZEND_END_ARG_INFO() -ZEND_BEGIN_ARG_INFO_EX(arginfo_preg_match_all, 0, 0, 3) +ZEND_BEGIN_ARG_INFO_EX(arginfo_preg_match_all, 0, 0, 2) ZEND_ARG_INFO(0, pattern) ZEND_ARG_INFO(0, subject) ZEND_ARG_INFO(1, subpatterns) /* array */ diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c index c35ee33c7f..1dc0d58e97 100644 --- a/ext/pdo_pgsql/pgsql_statement.c +++ b/ext/pdo_pgsql/pgsql_statement.c @@ -362,8 +362,20 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data * } break; } + } else { +#endif + if (param->is_param) { + /* We need to manually convert to a pg native boolean value */ + if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_BOOL && + ((param->param_type & PDO_PARAM_INPUT_OUTPUT) != PDO_PARAM_INPUT_OUTPUT)) { + SEPARATE_ZVAL(¶m->parameter); + param->param_type = PDO_PARAM_STR; + ZVAL_STRINGL(param->parameter, Z_BVAL_P(param->parameter) ? "t" : "f", 1, 1); + } + } +#if HAVE_PQPREPARE } -#endif +#endif return 1; } diff --git a/ext/pdo_pgsql/tests/bug62593.phpt b/ext/pdo_pgsql/tests/bug62593.phpt new file mode 100644 index 0000000000..e3ebf46ed5 --- /dev/null +++ b/ext/pdo_pgsql/tests/bug62593.phpt @@ -0,0 +1,51 @@ +--TEST-- +PDO PgSQL Bug #62593 (Emulate prepares behave strangely with PARAM_BOOL) +--SKIPIF-- +<?php +if (!extension_loaded('pdo') || !extension_loaded('pdo_pgsql')) die('skip not loaded'); +require dirname(__FILE__) . '/config.inc'; +require dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; +PDOTest::skip(); +?> +--FILE-- +<?php +require dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; +$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); +$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true); +$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT); +$errors = array(); + +$value = true; +$query = $db->prepare('SELECT :foo IS FALSE as val_is_false'); +$query->bindValue(':foo', $value, PDO::PARAM_BOOL); +$query->execute(); +$errors[] = $query->errorInfo(); +var_dump($value); + +$query->bindValue(':foo', 0, PDO::PARAM_BOOL); +$query->execute(); +$errors[] = $query->errorInfo(); + +// Verify bindParam maintains reference and only passes when execute is called +$value = true; +$query->bindParam(':foo', $value, PDO::PARAM_BOOL); +$value = false; +$query->execute(); +$errors[] = $query->errorInfo(); +var_dump($value); + +$expect = 'No errors found'; + +foreach ($errors as $error) +{ + if (strpos('Invalid text representation', $error[2]) !== false) + { + $expect = 'Invalid boolean found'; + } +} +echo $expect; +?> +--EXPECTF-- +bool(true) +bool(false) +No errors found diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 7c9981924d..53b2389d63 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -4465,7 +4465,7 @@ ZEND_METHOD(reflection_class, getTraitAliases) zend_trait_method_reference *cur_ref = ce->trait_aliases[i]->trait_method; if (ce->trait_aliases[i]->alias) { - method_name_len = spprintf(&method_name, 0, "%s::%s", cur_ref->class_name, cur_ref->method_name); + method_name_len = spprintf(&method_name, 0, "%s::%s", cur_ref->ce->name, cur_ref->method_name); add_assoc_stringl_ex(return_value, ce->trait_aliases[i]->alias, ce->trait_aliases[i]->alias_len + 1, method_name, method_name_len, 0); } i++; diff --git a/ext/reflection/tests/bug63399.phpt b/ext/reflection/tests/bug63399.phpt new file mode 100644 index 0000000000..393b861690 --- /dev/null +++ b/ext/reflection/tests/bug63399.phpt @@ -0,0 +1,49 @@ +--TEST-- +Bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves traitnames) +--FILE-- +<?php +trait Trait1 { + public function run() {} + public function say() {} +} + +trait Trait2 { + public function run() {} + public function say() {} +} + +class MyClass +{ + use Trait1, Trait2 { + Trait1::run as execute; + Trait1::say insteadof Trait2; + Trait2::run insteadof Trait1; + Trait2::say as talk; + } +} + +$ref = new ReflectionClass('MyClass'); + +print_r($ref->getTraitAliases()); +print_r($ref->getTraits()); + +?> +--EXPECT-- +Array +( + [execute] => Trait1::run + [talk] => Trait2::say +) +Array +( + [Trait1] => ReflectionClass Object + ( + [name] => Trait1 + ) + + [Trait2] => ReflectionClass Object + ( + [name] => Trait2 + ) + +) diff --git a/ext/reflection/tests/traits005.phpt b/ext/reflection/tests/traits005.phpt index 1496a35ec9..4cfa6c04f0 100644 --- a/ext/reflection/tests/traits005.phpt +++ b/ext/reflection/tests/traits005.phpt @@ -28,14 +28,14 @@ array(0) { class C3: array(1) { ["a1"]=> - string(10) "(null)::m1" + string(6) "T1::m1" } class C4: array(2) { ["a1"]=> - string(10) "(null)::m1" + string(6) "T1::m1" ["a2"]=> - string(10) "(null)::m2" + string(6) "T1::m2" } |