From 5f357f341da33f15aebd918b61566dd0d1fa21eb Mon Sep 17 00:00:00 2001
From: George Peter Banyard <girgias@php.net>
Date: Thu, 23 Feb 2023 05:35:39 +0000
Subject: [PATCH 1/2] Fix GH-10672 (pg_lo_open segfaults in the strict_types
 mode)

We need to use the proper ZPP qualifier for zend_string

Closes GH-10677
---
 NEWS                         |  3 +++
 ext/pgsql/pgsql.c            |  2 +-
 ext/pgsql/tests/gh10672.phpt | 39 ++++++++++++++++++++++++++++++++++++
 3 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 ext/pgsql/tests/gh10672.phpt

diff --git a/NEWS b/NEWS
index 13b0575e2a5..0d4a42041f5 100644
--- a/NEWS
+++ b/NEWS
@@ -50,6 +50,9 @@ PHP                                                                        NEWS
   . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
     (Michael Voříšek)
 
+- PGSQL:
+  . Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias)
+
 - Phar:
   . Fix incorrect check in phar tar parsing. (nielsdos)
 
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 4422e4259a5..a0c83fd955a 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2464,7 +2464,7 @@ PHP_FUNCTION(pg_lo_open)
 		CHECK_PGSQL_LINK(link);
 	}
 	else if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS(),
-								 "Ols", &pgsql_link, pgsql_link_ce, &oid_long, &mode) == SUCCESS) {
+								 "OlS", &pgsql_link, pgsql_link_ce, &oid_long, &mode) == SUCCESS) {
 		if (oid_long <= (zend_long)InvalidOid) {
 			zend_value_error("Invalid OID value passed");
 			RETURN_THROWS();
diff --git a/ext/pgsql/tests/gh10672.phpt b/ext/pgsql/tests/gh10672.phpt
new file mode 100644
index 00000000000..2f334e573da
--- /dev/null
+++ b/ext/pgsql/tests/gh10672.phpt
@@ -0,0 +1,39 @@
+--TEST--
+GH-10672 (pg_lo_open segfaults in the strict_types mode)
+--EXTENSIONS--
+pgsql
+--SKIPIF--
+<?php
+include("skipif.inc");
+?>
+--FILE--
+<?php
+declare(strict_types=1);
+
+include "config.inc";
+
+$db = pg_connect($conn_str);
+pg_query($db, "DROP TABLE IF EXISTS gh10672");
+pg_query($db, "CREATE TABLE gh10672 (bar text);");
+
+// Begin a transaction
+pg_query($db, 'BEGIN');
+
+// Create an empty large object
+$oid = pg_lo_create($db);
+
+if ($oid === false) {
+    die(pg_last_error($db));
+}
+
+// Open the large object for writing
+$lob = pg_lo_open($db, $oid, 'w');
+
+if ($oid === false) {
+    die(pg_last_error($db));
+}
+
+echo 'The large object has been opened successfully.', PHP_EOL;
+?>
+--EXPECT--
+The large object has been opened successfully.

From 91db3a1b85b6e04b78fe24e3c456fd121d9aadb3 Mon Sep 17 00:00:00 2001
From: Pierrick Charron <pierrick@php.net>
Date: Thu, 16 Feb 2023 23:53:05 -0500
Subject: [PATCH 2/2] Fixed bug GH-10270 Unable to return CURL_READFUNC_PAUSE
 in readfunc callback

Closes GH-10607

Signed-off-by: George Peter Banyard <girgias@php.net>
---
 NEWS                               |  2 ++
 ext/curl/interface.c               |  2 ++
 ext/curl/tests/curl_pause_001.phpt | 47 ++++++++++++++++++++++++++++++
 ext/curl/tests/responder/get.inc   |  3 ++
 4 files changed, 54 insertions(+)
 create mode 100644 ext/curl/tests/curl_pause_001.phpt

diff --git a/NEWS b/NEWS
index 0d4a42041f5..72b49066207 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,8 @@ PHP                                                                        NEWS
 
 - Curl:
   . Fixed deprecation warning at compile time. (Max Kellermann)
+  . Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc
+    callback). (Pierrick Charron)
 
 - Date:
   . Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick)
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 7eb081700c2..8e881a78f35 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1547,6 +1547,8 @@ static size_t curl_read(char *data, size_t size, size_t nmemb, void *ctx)
 				if (Z_TYPE(retval) == IS_STRING) {
 					length = MIN((int) (size * nmemb), Z_STRLEN(retval));
 					memcpy(data, Z_STRVAL(retval), length);
+				} else if (Z_TYPE(retval) == IS_LONG) {
+					length = Z_LVAL_P(&retval);
 				}
 				zval_ptr_dtor(&retval);
 			}
diff --git a/ext/curl/tests/curl_pause_001.phpt b/ext/curl/tests/curl_pause_001.phpt
new file mode 100644
index 00000000000..1fce0dd4afa
--- /dev/null
+++ b/ext/curl/tests/curl_pause_001.phpt
@@ -0,0 +1,47 @@
+--TEST--
+Test CURL_READFUNC_PAUSE and curl_pause()
+--EXTENSIONS--
+curl
+--FILE--
+<?php
+include 'server.inc';
+$host = curl_cli_server_start();
+
+class Input {
+	private static $RESPONSES = [
+		'Foo bar ',
+		CURL_READFUNC_PAUSE,
+		'baz qux',
+		null
+	];
+	private int $res = 0;
+	public function __invoke($ch, $hReadHandle, $iMaxOut)
+	{
+		return self::$RESPONSES[$this->res++];
+	}
+}
+
+$inputHandle = fopen(__FILE__, 'r');
+
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "{$host}/get.inc?test=input");
+curl_setopt($ch, CURLOPT_UPLOAD,       1);
+curl_setopt($ch, CURLOPT_READFUNCTION, new Input);
+curl_setopt($ch, CURLOPT_INFILE,       $inputHandle);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+
+$mh = curl_multi_init();
+curl_multi_add_handle($mh, $ch);
+do {
+	$status = curl_multi_exec($mh, $active);
+	curl_pause($ch, CURLPAUSE_CONT);
+	if ($active) {
+		usleep(100);
+		curl_multi_select($mh);
+	}
+} while ($active && $status == CURLM_OK);
+
+echo curl_multi_getcontent($ch);
+?>
+--EXPECT--
+string(15) "Foo bar baz qux"
diff --git a/ext/curl/tests/responder/get.inc b/ext/curl/tests/responder/get.inc
index 4ed9ae02823..c139c8c7d43 100644
--- a/ext/curl/tests/responder/get.inc
+++ b/ext/curl/tests/responder/get.inc
@@ -4,6 +4,9 @@
     case 'post':
       var_dump($_POST);
       break;
+    case 'input':
+      var_dump(file_get_contents('php://input'));
+      break;
     case 'getpost':
       var_dump($_GET);
       var_dump($_POST);