From f13a88ac1330f81b692a565156bf5d5a8fa78d15 Mon Sep 17 00:00:00 2001 From: George Wang Date: Wed, 25 Feb 2015 10:48:19 -0500 Subject: [PATCH 01/12] Fixed a bug that header value is not terminated by '\0' when accessed through getenv(). --- sapi/litespeed/lsapilib.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 039d91dcd91..699e86398a5 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -1390,10 +1390,12 @@ char * LSAPI_GetHeader_r( LSAPI_Request * pReq, int headerIndex ) off = pReq->m_pHeaderIndex->m_headerOff[ headerIndex ]; if ( !off ) return NULL; - if ( *(pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) - *( pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + if ( *(pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) + { + *( pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + } return pReq->m_pHttpHeader + off; } @@ -1830,12 +1832,21 @@ ssize_t LSAPI_Write_Stderr_r( LSAPI_Request * pReq, const char * pBuf, size_t le static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) { int i; + char * pValue; for( i = 0; i < H_TRANSFER_ENCODING; ++i ) { if ( pReq->m_pHeaderIndex->m_headerOff[i] ) { if ( strcmp( name, CGI_HEADERS[i] ) == 0 ) - return pReq->m_pHttpHeader + pReq->m_pHeaderIndex->m_headerOff[i]; + { + pValue = pReq->m_pHttpHeader + + pReq->m_pHeaderIndex->m_headerOff[i]; + if ( *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) != '\0') + { + *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) = '\0'; + } + return pValue; + } } } if ( pReq->m_pHeader->m_cntUnknownHeaders > 0 ) @@ -1862,7 +1873,15 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) ++p; ++pKey; } if (( pKey == pKeyEnd )&& (!*p )) - return pReq->m_pHttpHeader + pCur->valueOff; + { + pValue = pReq->m_pHttpHeader + pCur->valueOff; + + if ( *(pValue + pCur->valueLen) != '\0') + { + *(pValue + pCur->valueLen) = '\0'; + } + return pValue; + } ++pCur; } } From 65810bf2596f3d03ec7baf0c5de01235c8ee7e35 Mon Sep 17 00:00:00 2001 From: George Wang Date: Wed, 25 Feb 2015 10:48:19 -0500 Subject: [PATCH 02/12] Fixed a bug that header value is not terminated by '\0' when accessed through getenv(). --- sapi/litespeed/lsapilib.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index cfd25037778..fd94ee908fd 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -1390,10 +1390,12 @@ char * LSAPI_GetHeader_r( LSAPI_Request * pReq, int headerIndex ) off = pReq->m_pHeaderIndex->m_headerOff[ headerIndex ]; if ( !off ) return NULL; - if ( *(pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) - *( pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + if ( *(pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) + { + *( pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + } return pReq->m_pHttpHeader + off; } @@ -1830,12 +1832,21 @@ ssize_t LSAPI_Write_Stderr_r( LSAPI_Request * pReq, const char * pBuf, size_t le static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) { int i; + char * pValue; for( i = 0; i < H_TRANSFER_ENCODING; ++i ) { if ( pReq->m_pHeaderIndex->m_headerOff[i] ) { if ( strcmp( name, CGI_HEADERS[i] ) == 0 ) - return pReq->m_pHttpHeader + pReq->m_pHeaderIndex->m_headerOff[i]; + { + pValue = pReq->m_pHttpHeader + + pReq->m_pHeaderIndex->m_headerOff[i]; + if ( *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) != '\0') + { + *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) = '\0'; + } + return pValue; + } } } if ( pReq->m_pHeader->m_cntUnknownHeaders > 0 ) @@ -1862,7 +1873,15 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) ++p; ++pKey; } if (( pKey == pKeyEnd )&& (!*p )) - return pReq->m_pHttpHeader + pCur->valueOff; + { + pValue = pReq->m_pHttpHeader + pCur->valueOff; + + if ( *(pValue + pCur->valueLen) != '\0') + { + *(pValue + pCur->valueLen) = '\0'; + } + return pValue; + } ++pCur; } } From 4b861bde47a4e1294512ba025cf6f1795bb9a1a5 Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Thu, 26 Feb 2015 14:21:48 +0100 Subject: [PATCH 03/12] Fixed bug #69124 (method name could not be used when by ref) --- Zend/tests/bug69124.phpt | 21 +++++ Zend/zend_vm_def.h | 19 +++-- Zend/zend_vm_execute.h | 171 ++++++++++++++++++++++++++------------- 3 files changed, 151 insertions(+), 60 deletions(-) create mode 100644 Zend/tests/bug69124.phpt diff --git a/Zend/tests/bug69124.phpt b/Zend/tests/bug69124.phpt new file mode 100644 index 00000000000..1959332fbfd --- /dev/null +++ b/Zend/tests/bug69124.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug 69124: Method name must be as string (invalid error message when using reference to a string) +--FILE-- +{$method}(); +} + +$instance = new Foo; +$method = "bar"; + +test($instance, $method); +?> +--EXPECT-- +Success diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 33760decf58..e4cfd7953a4 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -2336,12 +2336,19 @@ ZEND_VM_HANDLER(112, ZEND_INIT_METHOD_CALL, TMPVAR|UNUSED|CV, CONST|TMPVAR|CV) function_name = GET_OP2_ZVAL_PTR(BP_VAR_R); - if (OP2_TYPE != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if (OP2_TYPE != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if ((OP2_TYPE & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = GET_OP1_OBJ_ZVAL_PTR(BP_VAR_R); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 5832af633a7..e411bf446bd 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -19694,12 +19694,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CONST_HANDLER(ZEND_O function_name = EX_CONSTANT(opline->op2); - if (IS_CONST != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_obj_zval_ptr_unused(execute_data); @@ -21907,12 +21914,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_UNUSED_CV_HANDLER(ZEND_OPCO function_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var); - if (IS_CV != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_obj_zval_ptr_unused(execute_data); @@ -23304,12 +23318,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_ function_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_TMP_VAR|IS_VAR) != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_obj_zval_ptr_unused(execute_data); @@ -26829,12 +26850,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_CONST_HANDLER(ZEND_OPCOD function_name = EX_CONSTANT(opline->op2); - if (IS_CONST != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var); @@ -31118,12 +31146,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_CV_HANDLER(ZEND_OPCODE_H function_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var); - if (IS_CV != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var); @@ -33121,12 +33156,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCO function_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_TMP_VAR|IS_VAR) != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op1.var); @@ -34796,12 +34838,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CONST_HANDLER(ZEND_O function_name = EX_CONSTANT(opline->op2); - if (IS_CONST != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if (IS_CONST != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if ((IS_CONST & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); @@ -36414,12 +36463,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_CV_HANDLER(ZEND_OPCO function_name = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var); - if (IS_CV != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if (IS_CV != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if ((IS_CV & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); @@ -37077,12 +37133,19 @@ static int ZEND_FASTCALL ZEND_INIT_METHOD_CALL_SPEC_TMPVAR_TMPVAR_HANDLER(ZEND_ function_name = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2); - if ((IS_TMP_VAR|IS_VAR) != IS_CONST && - UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { - if (UNEXPECTED(EG(exception) != NULL)) { - HANDLE_EXCEPTION(); - } - zend_error_noreturn(E_ERROR, "Method name must be a string"); + if ((IS_TMP_VAR|IS_VAR) != IS_CONST && UNEXPECTED(Z_TYPE_P(function_name) != IS_STRING)) { + do { + if (((IS_TMP_VAR|IS_VAR) & (IS_VAR|IS_CV)) && Z_ISREF_P(function_name)) { + function_name = Z_REFVAL_P(function_name); + if (EXPECTED(Z_TYPE_P(function_name) == IS_STRING)) { + break; + } + } + if (UNEXPECTED(EG(exception) != NULL)) { + HANDLE_EXCEPTION(); + } + zend_error_noreturn(E_ERROR, "Method name must be a string"); + } while (0); } object = _get_zval_ptr_var(opline->op1.var, execute_data, &free_op1); From 2bb9a591758ff39fe5dbeca7be146b9549da4e48 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 26 Feb 2015 17:53:03 +0300 Subject: [PATCH 04/12] Fixed ability to build unspecialized executor --- Zend/zend_vm_def.h | 9 ++++--- Zend/zend_vm_execute.h | 53 ++++++++++++++++++++---------------------- Zend/zend_vm_gen.php | 24 +++++++++---------- 3 files changed, 41 insertions(+), 45 deletions(-) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index e4cfd7953a4..39815b400f5 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1659,14 +1659,13 @@ ZEND_VM_HANDLER(98, ZEND_FETCH_LIST, CONST|TMPVAR|CV, CONST) ZEND_VM_C_LABEL(try_fetch_list): if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - zend_free_op free_op2; - zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), GET_OP2_ZVAL_PTR(BP_VAR_R), OP2_TYPE, BP_VAR_R); + zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), EX_CONSTANT(opline->op2), OP2_TYPE, BP_VAR_R); ZVAL_COPY(EX_VAR(opline->result.var), value); } else if (UNEXPECTED(Z_TYPE_P(container) == IS_OBJECT) && EXPECTED(Z_OBJ_HT_P(container)->read_dimension)) { zval *result = EX_VAR(opline->result.var); - zval *retval = Z_OBJ_HT_P(container)->read_dimension(container, GET_OP2_ZVAL_PTR(BP_VAR_R), BP_VAR_R, result); + zval *retval = Z_OBJ_HT_P(container)->read_dimension(container, EX_CONSTANT(opline->op2), BP_VAR_R, result); if (retval) { if (result != retval) { @@ -3205,7 +3204,7 @@ ZEND_VM_C_LABEL(fcall_end): ZEND_VM_HANDLER(124, ZEND_VERIFY_RETURN_TYPE, CONST|TMP|VAR|UNUSED|CV, UNUSED) { -#if OP1_TYPE != IS_UNUSED +#if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) USE_OPLINE #endif SAVE_OPLINE(); @@ -4450,7 +4449,7 @@ ZEND_VM_HANDLER(71, ZEND_INIT_ARRAY, CONST|TMP|VAR|UNUSED|CV, CONST|TMPVAR|UNUSE if (OP1_TYPE == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if !defined(ZEND_VM_SPEC) || OP1_TYPE != IS_UNUSED +#if !defined(ZEND_VM_SPEC) || (OP1_TYPE != IS_UNUSED) } else { ZEND_VM_DISPATCH_TO_HANDLER(ZEND_ADD_ARRAY_ELEMENT); #endif diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index e411bf446bd..90aa7111f0b 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -4411,7 +4411,6 @@ static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_H try_fetch_list: if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), EX_CONSTANT(opline->op2), IS_CONST, BP_VAR_R); ZVAL_COPY(EX_VAR(opline->result.var), value); @@ -4839,7 +4838,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_H if (IS_CONST == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CONST != IS_UNUSED +#if 0 || (IS_CONST != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -6358,7 +6357,7 @@ static int ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_CONST_UNUSED_HANDLER static int ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_CONST_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { -#if IS_CONST != IS_UNUSED +#if 0 || (IS_CONST != IS_UNUSED) USE_OPLINE #endif SAVE_OPLINE(); @@ -6487,7 +6486,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_UNUSED_HANDLER(ZEND_OPCODE_ if (IS_CONST == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CONST != IS_UNUSED +#if 0 || (IS_CONST != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -7697,7 +7696,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_CV_HANDLER(ZEND_OPCODE_HAND if (IS_CONST == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CONST != IS_UNUSED +#if 0 || (IS_CONST != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -8802,7 +8801,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CONST_TMPVAR_HANDLER(ZEND_OPCODE_ if (IS_CONST == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CONST != IS_UNUSED +#if 0 || (IS_CONST != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CONST_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -9986,7 +9985,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HAN if (IS_TMP_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_TMP_VAR != IS_UNUSED +#if 0 || (IS_TMP_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -10485,7 +10484,7 @@ static int ZEND_FASTCALL ZEND_FETCH_DIM_FUNC_ARG_SPEC_TMP_UNUSED_HANDLER(ZEND_O static int ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_TMP_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { -#if IS_TMP_VAR != IS_UNUSED +#if 0 || (IS_TMP_VAR != IS_UNUSED) USE_OPLINE #endif SAVE_OPLINE(); @@ -10614,7 +10613,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_UNUSED_HANDLER(ZEND_OPCODE_HA if (IS_TMP_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_TMP_VAR != IS_UNUSED +#if 0 || (IS_TMP_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -11068,7 +11067,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLE if (IS_TMP_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_TMP_VAR != IS_UNUSED +#if 0 || (IS_TMP_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -11493,7 +11492,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HA if (IS_TMP_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_TMP_VAR != IS_UNUSED +#if 0 || (IS_TMP_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_TMP_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -14257,7 +14256,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HAN if (IS_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_VAR != IS_UNUSED +#if 0 || (IS_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -15555,7 +15554,7 @@ static int ZEND_FASTCALL ZEND_INIT_STATIC_METHOD_CALL_SPEC_VAR_UNUSED_HANDLER(Z static int ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { -#if IS_VAR != IS_UNUSED +#if 0 || (IS_VAR != IS_UNUSED) USE_OPLINE #endif SAVE_OPLINE(); @@ -15684,7 +15683,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HA if (IS_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_VAR != IS_UNUSED +#if 0 || (IS_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -17151,7 +17150,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE if (IS_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_VAR != IS_UNUSED +#if 0 || (IS_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -18618,7 +18617,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HA if (IS_VAR == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_VAR != IS_UNUSED +#if 0 || (IS_VAR != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_VAR_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -19928,7 +19927,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_ if (IS_UNUSED == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_UNUSED != IS_UNUSED +#if 0 || (IS_UNUSED != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -20892,7 +20891,7 @@ static int ZEND_FASTCALL ZEND_ASSIGN_BW_XOR_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPC static int ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { -#if IS_UNUSED != IS_UNUSED +#if 0 || (IS_UNUSED != IS_UNUSED) USE_OPLINE #endif SAVE_OPLINE(); @@ -20933,7 +20932,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE if (IS_UNUSED == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_UNUSED != IS_UNUSED +#if 0 || (IS_UNUSED != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_UNUSED_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -22050,7 +22049,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HAN if (IS_UNUSED == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_UNUSED != IS_UNUSED +#if 0 || (IS_UNUSED != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -23455,7 +23454,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE if (IS_UNUSED == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_UNUSED != IS_UNUSED +#if 0 || (IS_UNUSED != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_UNUSED_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -26658,7 +26657,6 @@ static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND try_fetch_list: if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), EX_CONSTANT(opline->op2), IS_CONST, BP_VAR_R); ZVAL_COPY(EX_VAR(opline->result.var), value); @@ -27089,7 +27087,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAND if (IS_CV == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CV != IS_UNUSED +#if 0 || (IS_CV != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -29264,7 +29262,7 @@ assign_dim_clean: static int ZEND_FASTCALL ZEND_VERIFY_RETURN_TYPE_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { -#if IS_CV != IS_UNUSED +#if 0 || (IS_CV != IS_UNUSED) USE_OPLINE #endif SAVE_OPLINE(); @@ -29393,7 +29391,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HAN if (IS_CV == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CV != IS_UNUSED +#if 0 || (IS_CV != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_UNUSED_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -31385,7 +31383,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER if (IS_CV == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CV != IS_UNUSED +#if 0 || (IS_CV != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -33397,7 +33395,7 @@ static int ZEND_FASTCALL ZEND_INIT_ARRAY_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HAN if (IS_CV == IS_UNUSED) { ZEND_VM_NEXT_OPCODE(); -#if 0 || IS_CV != IS_UNUSED +#if 0 || (IS_CV != IS_UNUSED) } else { return ZEND_ADD_ARRAY_ELEMENT_SPEC_CV_TMPVAR_HANDLER(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU); #endif @@ -34798,7 +34796,6 @@ static int ZEND_FASTCALL ZEND_FETCH_LIST_SPEC_TMPVAR_CONST_HANDLER(ZEND_OPCODE_ try_fetch_list: if (EXPECTED(Z_TYPE_P(container) == IS_ARRAY)) { - zval *value = zend_fetch_dimension_address_inner(Z_ARRVAL_P(container), EX_CONSTANT(opline->op2), IS_CONST, BP_VAR_R); ZVAL_COPY(EX_VAR(opline->result.var), value); diff --git a/Zend/zend_vm_gen.php b/Zend/zend_vm_gen.php index cad9e8b75b7..c3b16b34783 100644 --- a/Zend/zend_vm_gen.php +++ b/Zend/zend_vm_gen.php @@ -438,16 +438,16 @@ function gen_code($f, $spec, $kind, $export, $code, $op1, $op2, $name) { "/FREE_OP2_IF_VAR\(\)/", "/FREE_OP1_VAR_PTR\(\)/", "/FREE_OP2_VAR_PTR\(\)/", - "/^#ifdef\s+ZEND_VM_SPEC\s*\n/m", - "/^#ifndef\s+ZEND_VM_SPEC\s*\n/m", + "/^#(\s*)ifdef\s+ZEND_VM_SPEC\s*\n/m", + "/^#(\s*)ifndef\s+ZEND_VM_SPEC\s*\n/m", "/\!defined\(ZEND_VM_SPEC\)/m", "/defined\(ZEND_VM_SPEC\)/m", "/ZEND_VM_C_LABEL\(\s*([A-Za-z_]*)\s*\)/m", "/ZEND_VM_C_GOTO\(\s*([A-Za-z_]*)\s*\)/m", - "/^#if\s+1\s*\\|\\|.*[^\\\\]$/m", - "/^#if\s+0\s*&&.*[^\\\\]$/m", - "/^#ifdef\s+ZEND_VM_EXPORT\s*\n/m", - "/^#ifndef\s+ZEND_VM_EXPORT\s*\n/m" + "/^#(\s*)if\s+1\s*\\|\\|.*[^\\\\]$/m", + "/^#(\s*)if\s+0\s*&&.*[^\\\\]$/m", + "/^#(\s*)ifdef\s+ZEND_VM_EXPORT\s*\n/m", + "/^#(\s*)ifndef\s+ZEND_VM_EXPORT\s*\n/m" ), array( $op1_type[$op1], @@ -476,16 +476,16 @@ function gen_code($f, $spec, $kind, $export, $code, $op1, $op2, $name) { $op2_free_op_if_var[$op2], $op1_free_op_var_ptr[$op1], $op2_free_op_var_ptr[$op2], - ($op1!="ANY"||$op2!="ANY")?"#if 1\n":"#if 0\n", - ($op1!="ANY"||$op2!="ANY")?"#if 0\n":"#if 1\n", + ($op1!="ANY"||$op2!="ANY")?"#\\1if 1\n":"#\\1if 0\n", + ($op1!="ANY"||$op2!="ANY")?"#\\1if 0\n":"#\\1if 1\n", ($op1!="ANY"||$op2!="ANY")?"0":"1", ($op1!="ANY"||$op2!="ANY")?"1":"0", "\\1".(($spec && $kind != ZEND_VM_KIND_CALL)?("_SPEC".$prefix[$op1].$prefix[$op2]):""), "goto \\1".(($spec && $kind != ZEND_VM_KIND_CALL)?("_SPEC".$prefix[$op1].$prefix[$op2]):""), - "#if 1", - "#if 0", - $export?"#if 1\n":"#if 0\n", - $export?"#if 0\n":"#if 1\n" + "#\\1if 1", + "#\\1if 0", + $export?"#\\1if 1\n":"#\\1if 0\n", + $export?"#\\1if 0\n":"#\\1if 1\n" ), $code); From e441d71baae89bdc5dc6f75407b4a8f5e42b8fa9 Mon Sep 17 00:00:00 2001 From: Taoguang Chen Date: Fri, 27 Feb 2015 10:41:53 +0800 Subject: [PATCH 05/12] fix bug#68942's patch Fix type confusion bug in unserialize() with DateTimeZone. https://bugs.php.net/bug.php?id=68942 --- ext/date/php_date.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/date/php_date.c b/ext/date/php_date.c index 720cdb61b78..81f6ae41a20 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -3713,7 +3713,7 @@ static int php_date_timezone_initialize_from_hash(zval **return_value, php_timez zval **z_timezone_type = NULL; if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { - if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { + if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { if (SUCCESS == timezone_initialize(*tzobj, Z_STRVAL_PP(z_timezone) TSRMLS_CC)) { return SUCCESS; } From 3e82816ba1a82843a352ce4050b2010fd9932dee Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Feb 2015 11:42:36 +0800 Subject: [PATCH 06/12] Fixed bug #69125 (Array numeric string as key) --- NEWS | 1 + ext/opcache/Optimizer/zend_optimizer.c | 1 + ext/opcache/tests/bug69125.phpt | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+) create mode 100644 ext/opcache/tests/bug69125.phpt diff --git a/NEWS b/NEWS index f8d653fd5b2..a020e6954b4 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,7 @@ PHP NEWS . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) - Opcache: + . Fixed bug #69125 (Array numeric string as key). (Laruence) . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) - OpenSSL: diff --git a/ext/opcache/Optimizer/zend_optimizer.c b/ext/opcache/Optimizer/zend_optimizer.c index ca5d41d8d50..be49b4956bd 100644 --- a/ext/opcache/Optimizer/zend_optimizer.c +++ b/ext/opcache/Optimizer/zend_optimizer.c @@ -241,6 +241,7 @@ static void update_op2_const(zend_op_array *op_array, case ZEND_ISSET_ISEMPTY_DIM_OBJ: case ZEND_ADD_ARRAY_ELEMENT: case ZEND_INIT_ARRAY: + case ZEND_ASSIGN_DIM: case ZEND_UNSET_DIM: case ZEND_FETCH_DIM_R: case ZEND_FETCH_DIM_W: diff --git a/ext/opcache/tests/bug69125.phpt b/ext/opcache/tests/bug69125.phpt new file mode 100644 index 00000000000..913be01b00f --- /dev/null +++ b/ext/opcache/tests/bug69125.phpt @@ -0,0 +1,22 @@ +--TEST-- +Bug #69125 (Array numeric string as key) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +--SKIPIF-- + +--FILE-- + +--EXPECT-- +string(4) "okey" +string(4) "okey" From 4b83d02b4b5d09c5f5aecc739fdd76f835561fe3 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Feb 2015 11:43:41 +0800 Subject: [PATCH 07/12] Update News --- NEWS | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS b/NEWS index 99d2953d0a7..2644b71b023 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,7 @@ . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) - Opcache: + . Fixed bug #69125 (Array numeric string as key). (Laruence) . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) - OpenSSL: From ebfc49aa918044e65b3704933224a807d98b4e68 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Feb 2015 12:00:52 +0800 Subject: [PATCH 08/12] Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build) --- NEWS | 2 ++ main/main.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/NEWS b/NEWS index a020e6954b4..0169572b91d 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP NEWS ?? ??? 2015, PHP 5.5.23 - Core: + . Fixed bug #69121 (Segfault in get_current_user when script owner is not + in passwd with ZTS build). (dan at syneto dot net) . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) . Fixed bug #69017 (Fail to push to the empty array with the constant value diff --git a/main/main.c b/main/main.c index 733786e447f..1f6c4cf04da 100644 --- a/main/main.c +++ b/main/main.c @@ -1247,6 +1247,11 @@ PHPAPI char *php_get_current_user(TSRMLS_D) return ""; } pwd = &_pw; + + if (retpwptr == NULL) { + efree(pwbuf); + return ""; + } #else if ((pwd=getpwuid(pstat->st_uid))==NULL) { return ""; From 414bc8ee03879853f7ed71110c9e901df67b30f3 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Feb 2015 12:01:28 +0800 Subject: [PATCH 09/12] Update NEWs --- NEWS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS b/NEWS index 2644b71b023..f578a059352 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ ?? Feb 2015, PHP 5.6.7 - Core: + . Fixed bug #69121 (Segfault in get_current_user when script owner is not + in passwd with ZTS build). (dan at syneto dot net) . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file From 4eb830b212b3f0c53ed208723520e77a26b13e2b Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Feb 2015 12:02:42 +0800 Subject: [PATCH 10/12] Reorder --- main/main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/main/main.c b/main/main.c index 1f6c4cf04da..8f5bac17b91 100644 --- a/main/main.c +++ b/main/main.c @@ -1246,12 +1246,11 @@ PHPAPI char *php_get_current_user(TSRMLS_D) efree(pwbuf); return ""; } - pwd = &_pw; - if (retpwptr == NULL) { efree(pwbuf); return ""; } + pwd = &_pw; #else if ((pwd=getpwuid(pstat->st_uid))==NULL) { return ""; From 30830bcefd080cf58231aa195418a4223497ea91 Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Fri, 27 Feb 2015 10:42:20 +0100 Subject: [PATCH 11/12] Fixed bug #69115 crash in mail There were two issues - php_pcre_replace could be used directly and sbject_str could be NULL - the Windows sendmail variant was freeing something passed from the outside --- ext/pcre/php_pcre.c | 6 +++++- ext/standard/tests/mail/bug69115.phpt | 12 ++++++++++++ win32/sendmail.c | 1 - 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 ext/standard/tests/mail/bug69115.phpt diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index 8a6ecb5817c..502ec57f423 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -1221,7 +1221,11 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, zend_string *su new_len = result_len + subject_len - start_offset; if (new_len > alloc_len) { alloc_len = new_len; /* now we know exactly how long it is */ - result = zend_string_realloc(result, alloc_len, 0); + if (NULL != result) { + result = zend_string_realloc(result, alloc_len, 0); + } else { + result = zend_string_alloc(alloc_len, 0); + } } /* stick that last bit of string on our output */ memcpy(&result->val[result_len], piece, subject_len - start_offset); diff --git a/ext/standard/tests/mail/bug69115.phpt b/ext/standard/tests/mail/bug69115.phpt new file mode 100644 index 00000000000..b22332c0915 --- /dev/null +++ b/ext/standard/tests/mail/bug69115.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #69115 crash in mail (plus indirect pcre test) +--FILE-- + +===DONE=== +--EXPECTF-- +%A +===DONE=== diff --git a/win32/sendmail.c b/win32/sendmail.c index fd7424dda73..9035c7d37ec 100644 --- a/win32/sendmail.c +++ b/win32/sendmail.c @@ -292,7 +292,6 @@ PHPAPI int TSendMail(char *host, int *error, char **error_message, efree(RPath); } if (headers) { - efree(headers); efree(headers_lc); } /* 128 is safe here, the specifier in snprintf isn't longer than that */ From 1cdee9a5d8f0a116ef0d7c96e528f09559ec11ce Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Fri, 27 Feb 2015 13:45:11 +0300 Subject: [PATCH 12/12] Fixed C++ support --- Zend/zend_operators.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/Zend/zend_operators.h b/Zend/zend_operators.h index 31d84fc5b1f..1ee827e908a 100644 --- a/Zend/zend_operators.h +++ b/Zend/zend_operators.h @@ -90,8 +90,6 @@ ZEND_API zend_uchar _is_numeric_string_ex(const char *str, size_t length, zend_l ZEND_API const char* zend_memnstr_ex(const char *haystack, const char *needle, size_t needle_len, char *end); ZEND_API const char* zend_memnrstr_ex(const char *haystack, const char *needle, size_t needle_len, char *end); -END_EXTERN_C() - #if SIZEOF_ZEND_LONG == 4 # define ZEND_DOUBLE_FITS_LONG(d) (!((d) > ZEND_LONG_MAX || (d) < ZEND_LONG_MIN)) #else @@ -234,7 +232,6 @@ zend_memnrstr(const char *haystack, const char *needle, size_t needle_len, char } } -BEGIN_EXTERN_C() ZEND_API int increment_function(zval *op1); ZEND_API int decrement_function(zval *op2);