From b85b87fabc8dde3c558dd4a7aa516523c0f36b3f Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 15 Oct 2014 14:07:40 +0200 Subject: [PATCH 01/20] update NEWS, 5.6.2 will be a security-only release --- NEWS | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index c44cea0459e..83abd89445f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? 2014, PHP 5.6.2 +?? ??? 2014, PHP 5.6.3 - Core: . Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported @@ -45,6 +45,23 @@ PHP NEWS - SPL: . Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk) +16 Oct 2014, PHP 5.6.2 + +- Core: + . Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). + (CVE-2014-3669) (Stas) + +- cURL: + . Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) + +- EXIF: + . Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) + (Stas) + +- XMLRPC: + . Fixed bug #68027 (Global buffer overflow in mkgmtime() function). + (CVE-2014-3668) (Stas) + 02 Oct 2014, PHP 5.6.1 - Core: From 646b4cca854b0b5fefedbcffa9e6f7ea8149b087 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 15 Oct 2014 14:08:32 +0200 Subject: [PATCH 02/20] PHP-5.6.3 is next --- configure.in | 2 +- main/php_version.h | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in index 223973c59d0..8eb08baa3e2 100644 --- a/configure.in +++ b/configure.in @@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=6 -PHP_RELEASE_VERSION=2 +PHP_RELEASE_VERSION=3 PHP_EXTRA_VERSION="-dev" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 1cd646ed021..be8584d14af 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 6 -#define PHP_RELEASE_VERSION 2 +#define PHP_RELEASE_VERSION 3 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.6.2-dev" -#define PHP_VERSION_ID 50602 +#define PHP_VERSION "5.6.3-dev" +#define PHP_VERSION_ID 50603 From 6d9c9f8f0468f8d90dc233d6fc70dc949349e6da Mon Sep 17 00:00:00 2001 From: Julien Pauli Date: Wed, 15 Oct 2014 14:38:12 +0200 Subject: [PATCH 03/20] Revert "Bug #41631: Observe socket read timeouts in SSL streams" This reverts commit 6569db88081562f68a4f79e52cba83482bdf05fc. Conflicts: ext/openssl/xp_ssl.c --- ext/openssl/xp_ssl.c | 46 -------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 5736caa2e5b..1ce95410947 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -204,59 +204,13 @@ static size_t php_openssl_sockop_write(php_stream *stream, const char *buf, size return didwrite; } -static void php_openssl_stream_wait_for_data(php_netstream_data_t *sock) -{ - int retval; - struct timeval *ptimeout; - - if (sock->socket == -1) { - return; - } - - sock->timeout_event = 0; - - if (sock->timeout.tv_sec == -1) - ptimeout = NULL; - else - ptimeout = &sock->timeout; - - while(1) { - retval = php_pollfd_for(sock->socket, PHP_POLLREADABLE, ptimeout); - - if (retval == 0) - sock->timeout_event = 1; - - if (retval >= 0) - break; - - if (php_socket_errno() != EINTR) - break; - } -} - static size_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) { php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract; - php_netstream_data_t *sock; int nr_bytes = 0; if (sslsock->ssl_active) { int retry = 1; - sock = (php_netstream_data_t*)stream->abstract; - - /* The SSL_read() function will block indefinitely waiting for data on a blocking - socket. If we don't poll for readability first this operation has the potential - to hang forever. To avoid this scenario we poll with a timeout before performing - the actual read. If it times out we're finished. - */ - if (sock->is_blocked && SSL_pending(sslsock->ssl_handle) == 0) { - php_openssl_stream_wait_for_data(sock); - if (sock->timeout_event) { - stream->eof = 1; - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL read operation timed out"); - return nr_bytes; - } - } do { nr_bytes = SSL_read(sslsock->ssl_handle, buf, count); From ed18d67c5e69e4b5713e940568e5b3d0a7392a8d Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Wed, 15 Oct 2014 17:02:54 +0400 Subject: [PATCH 04/20] Fixed bug #68215 (Behavior of foreach has changed) --- Zend/tests/bug68215.phpt | 91 ++++++++++++++++++++++++++++++++++++++++ Zend/zend_hash.h | 7 ++-- Zend/zend_vm_def.h | 17 ++++++-- Zend/zend_vm_execute.h | 20 +++++++-- 4 files changed, 124 insertions(+), 11 deletions(-) create mode 100644 Zend/tests/bug68215.phpt diff --git a/Zend/tests/bug68215.phpt b/Zend/tests/bug68215.phpt new file mode 100644 index 00000000000..c4e8da85156 --- /dev/null +++ b/Zend/tests/bug68215.phpt @@ -0,0 +1,91 @@ +--TEST-- +Bug #68215 (Behavior of foreach has changed) +--FILE-- + array( + 'a' => 'apple', + 'b' => 'banana', + 'c' => 'cranberry', + 'd' => 'mango', + 'e' => 'pineapple' + ), + 'b' => array( + 'a' => 'apple', + 'b' => 'banana', + 'c' => 'cranberry', + 'd' => 'mango', + 'e' => 'pineapple' + ), + 'c' => 'cranberry', + 'd' => 'mango', + 'e' => 'pineapple' +); + +function test(&$child, $entry) +{ + $i = 1; + + foreach ($child AS $key => $fruit) + { + if (!is_numeric($key)) + { + $child[$i] = $fruit; + unset($child[$key]); + $i++; + } + } +} + +$i = 1; + +foreach ($arr AS $key => $fruit) +{ + $arr[$i] = $fruit; + + if (is_array($fruit)) + { + test($arr[$i], $fruit); + } + + unset($arr[$key]); + $i++; +} + +var_dump($arr); +?> +--EXPECT-- +array(5) { + [1]=> + array(5) { + [1]=> + string(5) "apple" + [2]=> + string(6) "banana" + [3]=> + string(9) "cranberry" + [4]=> + string(5) "mango" + [5]=> + string(9) "pineapple" + } + [2]=> + array(5) { + [1]=> + string(5) "apple" + [2]=> + string(6) "banana" + [3]=> + string(9) "cranberry" + [4]=> + string(5) "mango" + [5]=> + string(9) "pineapple" + } + [3]=> + string(9) "cranberry" + [4]=> + string(5) "mango" + [5]=> + string(9) "pineapple" +} diff --git a/Zend/zend_hash.h b/Zend/zend_hash.h index aaa677943d4..5a36ddf28fc 100644 --- a/Zend/zend_hash.h +++ b/Zend/zend_hash.h @@ -170,9 +170,10 @@ ZEND_API void zend_hash_internal_pointer_reset_ex(HashTable *ht, HashPosition *p ZEND_API void zend_hash_internal_pointer_end_ex(HashTable *ht, HashPosition *pos); typedef struct _HashPointer { - HashPosition pos; - HashTable *ht; - zend_ulong h; + HashPosition pos; + HashTable *ht; + zend_ulong h; + zend_string *key; } HashPointer; #define zend_hash_has_more_elements(ht) \ diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index af532e88e40..ae2f0e71614 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -4576,6 +4576,7 @@ ZEND_VM_HANDLER(77, ZEND_FE_RESET, CONST|TMP|VAR|CV, ANY) ptr->pos = pos; ptr->ht = fe_ht; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; is_empty = 0; } else { zend_error(E_WARNING, "Invalid argument supplied for foreach()"); @@ -4630,8 +4631,11 @@ ZEND_VM_HANDLER(78, ZEND_FE_FETCH, VAR, ANY) pos = ptr->h; } else { pos = fe_ht->arHash[ptr->h & fe_ht->nTableMask]; - while (pos != INVALID_IDX) { - if (fe_ht->arData[pos].h == ptr->h && pos == ptr->pos) { + while (1) { + if (pos == INVALID_IDX) { + pos = fe_ht->nInternalPointer; + break; + } else if (fe_ht->arData[pos].h == ptr->h && fe_ht->arData[pos].key == ptr->key) { break; } pos = Z_NEXT(fe_ht->arData[pos].val); @@ -4684,6 +4688,7 @@ ZEND_VM_HANDLER(78, ZEND_FE_FETCH, VAR, ANY) Z_TYPE_P(Z_INDIRECT(p->val)) == IS_UNDEF)); fe_ht->nInternalPointer = ptr->pos = pos; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; ZEND_VM_INC_OPCODE(); ZEND_VM_NEXT_OPCODE(); } else if (EXPECTED(Z_TYPE_P(array) == IS_OBJECT)) { @@ -4707,8 +4712,11 @@ ZEND_VM_HANDLER(78, ZEND_FE_FETCH, VAR, ANY) pos = ptr->h; } else { pos = fe_ht->arHash[ptr->h & fe_ht->nTableMask]; - while (pos != INVALID_IDX) { - if (fe_ht->arData[pos].h == ptr->h && pos == ptr->pos) { + while (1) { + if (pos == INVALID_IDX) { + pos = fe_ht->nInternalPointer; + break; + } else if (fe_ht->arData[pos].h == ptr->h && fe_ht->arData[pos].key == ptr->key) { break; } pos = Z_NEXT(fe_ht->arData[pos].val); @@ -4777,6 +4785,7 @@ ZEND_VM_HANDLER(78, ZEND_FE_FETCH, VAR, ANY) zend_check_property_access(zobj, p->key TSRMLS_CC) == FAILURE)); fe_ht->nInternalPointer = ptr->pos = pos; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; ZEND_VM_INC_OPCODE(); ZEND_VM_NEXT_OPCODE(); } else { diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 0768aa6df27..5d448c34d48 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -3222,6 +3222,7 @@ static int ZEND_FASTCALL ZEND_FE_RESET_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_A ptr->pos = pos; ptr->ht = fe_ht; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; is_empty = 0; } else { zend_error(E_WARNING, "Invalid argument supplied for foreach()"); @@ -10032,6 +10033,7 @@ static int ZEND_FASTCALL ZEND_FE_RESET_SPEC_TMP_HANDLER(ZEND_OPCODE_HANDLER_ARG ptr->pos = pos; ptr->ht = fe_ht; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; is_empty = 0; } else { zend_error(E_WARNING, "Invalid argument supplied for foreach()"); @@ -16747,6 +16749,7 @@ static int ZEND_FASTCALL ZEND_FE_RESET_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARG ptr->pos = pos; ptr->ht = fe_ht; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; is_empty = 0; } else { zend_error(E_WARNING, "Invalid argument supplied for foreach()"); @@ -16801,8 +16804,11 @@ static int ZEND_FASTCALL ZEND_FE_FETCH_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARG pos = ptr->h; } else { pos = fe_ht->arHash[ptr->h & fe_ht->nTableMask]; - while (pos != INVALID_IDX) { - if (fe_ht->arData[pos].h == ptr->h && pos == ptr->pos) { + while (1) { + if (pos == INVALID_IDX) { + pos = fe_ht->nInternalPointer; + break; + } else if (fe_ht->arData[pos].h == ptr->h && fe_ht->arData[pos].key == ptr->key) { break; } pos = Z_NEXT(fe_ht->arData[pos].val); @@ -16855,6 +16861,7 @@ static int ZEND_FASTCALL ZEND_FE_FETCH_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARG Z_TYPE_P(Z_INDIRECT(p->val)) == IS_UNDEF)); fe_ht->nInternalPointer = ptr->pos = pos; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; ZEND_VM_INC_OPCODE(); ZEND_VM_NEXT_OPCODE(); } else if (EXPECTED(Z_TYPE_P(array) == IS_OBJECT)) { @@ -16878,8 +16885,11 @@ static int ZEND_FASTCALL ZEND_FE_FETCH_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARG pos = ptr->h; } else { pos = fe_ht->arHash[ptr->h & fe_ht->nTableMask]; - while (pos != INVALID_IDX) { - if (fe_ht->arData[pos].h == ptr->h && pos == ptr->pos) { + while (1) { + if (pos == INVALID_IDX) { + pos = fe_ht->nInternalPointer; + break; + } else if (fe_ht->arData[pos].h == ptr->h && fe_ht->arData[pos].key == ptr->key) { break; } pos = Z_NEXT(fe_ht->arData[pos].val); @@ -16948,6 +16958,7 @@ static int ZEND_FASTCALL ZEND_FE_FETCH_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARG zend_check_property_access(zobj, p->key TSRMLS_CC) == FAILURE)); fe_ht->nInternalPointer = ptr->pos = pos; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; ZEND_VM_INC_OPCODE(); ZEND_VM_NEXT_OPCODE(); } else { @@ -34388,6 +34399,7 @@ static int ZEND_FASTCALL ZEND_FE_RESET_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS ptr->pos = pos; ptr->ht = fe_ht; ptr->h = fe_ht->arData[pos].h; + ptr->key = fe_ht->arData[pos].key; is_empty = 0; } else { zend_error(E_WARNING, "Invalid argument supplied for foreach()"); From 836a5dfddbe36e6171f29c0548af1c06c7fce6b1 Mon Sep 17 00:00:00 2001 From: Tjerk Meesters Date: Wed, 15 Oct 2014 21:12:13 +0800 Subject: [PATCH 05/20] Fixed bug #68234 Certificate will now expire in 2034 --- ext/openssl/tests/bug65729.pem | 56 ++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/ext/openssl/tests/bug65729.pem b/ext/openssl/tests/bug65729.pem index f0d44a4c780..918445712e9 100644 --- a/ext/openssl/tests/bug65729.pem +++ b/ext/openssl/tests/bug65729.pem @@ -1,28 +1,32 @@ ------BEGIN CERTIFICATE----- -MIICCTCCAXICCQCx2JwIhbRefzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJT -RzESMBAGA1UECBMJVGVzdHZpbGxlMREwDwYDVQQKEwhkYXRpYmJhdzETMBEGA1UE -AxQKKi50ZXN0LmNvbTAeFw0xNDA5MjQxMTMzNTRaFw0yNDA5MjExMTMzNTRaMEkx -CzAJBgNVBAYTAlNHMRIwEAYDVQQIEwlUZXN0dmlsbGUxETAPBgNVBAoTCGRhdGli -YmF3MRMwEQYDVQQDFAoqLnRlc3QuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQDBnR8DYzsN90kISI87kBvw40TQknS7/fuymWCmSrtRQLED8p2QL8PiYCZ8 -UdcFVsv+di7MJvUOzW6dRo2DCu8Rojx3ML8dAtPsQkDdaCXDnOvCTQCAqFmxa1A9 -c5kp0hbzCrucKGckb355A4NumFgX1fjQ705MfjGPgQef1ZtozQIDAQABMA0GCSqG -SIb3DQEBBQUAA4GBAGP07nJo0pI4FdsXuAHWr97XxV4EhHopFMw6svOZ3UtsRzmW -ScmmMdgd3c8ciVxOsztgnzvFq/nrUkw/3n/Xz/gtE7kZt9aS18SnCyyHPJcXmmUE -NsbyZ/7srIqCSrxUkP+N//nToqHxg1pqA/A8RzOOQUAp+UIVF6Zl/kkFNgt8 ------END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDBnR8DYzsN90kISI87kBvw40TQknS7/fuymWCmSrtRQLED8p2Q -L8PiYCZ8UdcFVsv+di7MJvUOzW6dRo2DCu8Rojx3ML8dAtPsQkDdaCXDnOvCTQCA -qFmxa1A9c5kp0hbzCrucKGckb355A4NumFgX1fjQ705MfjGPgQef1ZtozQIDAQAB -AoGADAnkAsbpxh2JKf2xAkgcpKbNAZcJsSLCwsEstEpTSWMXXqJ4T53YtTu7SOGh -2BAkkQbyM/l8JVZ6uUbIx8wnPzqAuB2hEDQHKZVyftDyJh+54Uyz0xV0JdWGWrFh -A+uDt/Zncx2g+qlkQG5J5nHnrd9OAns89wJXpBWA6twlsuECQQD/HC4wxOJzh1XI -YSWHWQulOnlNgZ2zERfmJeRfJ0ncmDOV2ofxOFQ+dMJ36XghPaH52KdxqWI1yQaE -yesx8ygFAkEAwkoF4lBuYdsXucJNDYf8o9MlBvazoriH0y26B/YozJ7iAEFqVvcC -TN+iKDIyiRALwR6a3nzhyFYJ4xyzgSIAKQJBAMnw3seQMsnM6aTS8cgwPr2uifNG -lTT4ZPi0KhEAosFSYhNPh6j1NAq0lnQhhgyaIywJypJ4yNtWpChdRiamGpkCQQDB -iUExPpOmMLwCk7VzrCmS+6pftHIevpi2WU99zMy5f+969665MFb/QqniRpamh/Bd -kGIPDPFQQbyZmqaJFNh5AkEAzy0YVbUT3C/QvstPr5i7ztj7WiW/1zJMamFwY/ZS -1J7e7lqHgRICie5uv1Yvh3w/qmV/7lTLhmlQZd9SJMpXhg== +MIICXgIBAAKBgQDU8RgB8O2uR3ApjlxEX5rpCI+gIaZ3h0RBAF9rNA/s0pPTtX/e +NGJgDyuT/TF6mcv0I/0/s2WSmIE50NW6tgWZ7RoBdVw/MiByPt6vK1aDrggbycN/ +C6RrxrEsdZe3E9CDZCFM1br8/8tnV19Ju80g8zY2MgDjAjSkeXN5yp3kgQIDAQAB +AoGBANFKKRt3TlRVmHLvndYB1YKmzGtJx5CBXV85247FO8W67lpNcGDYQbxCDMXG +PARQ9vl9CeK7EuDzjUdi7z40uujUOJtsLbMP6ikwKFi/tA2cW1yoLionZ3JkfyEr +4Uu8kkkIut0VLX8uuVz/Y03lt8Uzc+GvD2DPhkSQn80f10SFAkEA94EcjwFcwuVi +QofgOPbf7qfOoWDsXYhlMU9g1CaPJiMcMcvgoLK3V514oMDxlkvuLujlYeG9NvRS +tREluGsbywJBANxARX5MSzAkFRNZNZKDUvifdC0BA2Dqzd2iOJRcTdcebGENd7+e +oub/9lVLGrX7T4U2en8IXwJV4UHxwoQLz2MCQQCI1Bj8ui0VFgj/bOy5sUnVP3IN +Z27kuo3u98o5HuQOmmRw5xxU2thfGJBilqg4hdu0lU6SkWCwq9u5fDRVQumHAkAM +mJBg3LQgGLAr3xo1OtVv6o6WVEyBKmyDlFdwBKde+hpwoniKuOPQGitYTWdFqQ2v +LKJsyWnFlGvBfbYGHzbJAkEA17SgCf7Wx7NxuLCSMj/rd25ul0jlIrjx6+/HfyLb ++T2SXXU4g2DBiPngrfJ9jX8QGoLpZiBGcwX3QxssX5FgJQ== -----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIICvDCCAiWgAwIBAgIJANOyJnvPEioVMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV +BAYTAlNHMRIwEAYDVQQIEwlUZXN0dmlsbGUxETAPBgNVBAoTCGRhdGliYmF3MRMw +EQYDVQQDFAoqLnRlc3QuY29tMB4XDTE0MTAxNTEzMDg1OFoXDTM0MTAxMDEzMDg1 +OFowSTELMAkGA1UEBhMCU0cxEjAQBgNVBAgTCVRlc3R2aWxsZTERMA8GA1UEChMI +ZGF0aWJiYXcxEzARBgNVBAMUCioudGVzdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANTxGAHw7a5HcCmOXERfmukIj6AhpneHREEAX2s0D+zSk9O1f940 +YmAPK5P9MXqZy/Qj/T+zZZKYgTnQ1bq2BZntGgF1XD8yIHI+3q8rVoOuCBvJw38L +pGvGsSx1l7cT0INkIUzVuvz/y2dXX0m7zSDzNjYyAOMCNKR5c3nKneSBAgMBAAGj +gaswgagwHQYDVR0OBBYEFErHO0eHLp9YvBWVvvhty/jGie5wMHkGA1UdIwRyMHCA +FErHO0eHLp9YvBWVvvhty/jGie5woU2kSzBJMQswCQYDVQQGEwJTRzESMBAGA1UE +CBMJVGVzdHZpbGxlMREwDwYDVQQKEwhkYXRpYmJhdzETMBEGA1UEAxQKKi50ZXN0 +LmNvbYIJANOyJnvPEioVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +gMv2HUUp0FMTYQ6tL9YgNUNARukxJzGDWweo4/YuNSgI+Ljpye4Nf1MpyDWfhZGc +QbUhfm5CdEvcBzZBtI0lLXs61yGdLnDH/6QHViXP2rlH0yeAABw8+wSdxuiZN1yR +ed4pNXU+tczgW2Ri2+T0ScOZd0XommKHrQnu2T9mMBY= +-----END CERTIFICATE----- From 2728e6f01798b1146b41587d38bf84cdf9988d17 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 15 Oct 2014 19:13:25 +0200 Subject: [PATCH 06/20] Fixed Bug #65171 imagescale() fails Third param (height) is set as optional, but default value = -1 is incorrect Compute correct height to preserve ratio. --- ext/gd/gd.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/ext/gd/gd.c b/ext/gd/gd.c index cbc7219e37c..f86dad58dc2 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -5110,11 +5110,23 @@ PHP_FUNCTION(imagescale) return; } method = tmp_m; - new_width = tmp_w; - new_height = tmp_h; ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd); + if (tmp_h < 0) { + /* preserve ratio */ + long src_x, src_y; + + src_x = gdImageSX(im); + src_y = gdImageSY(im); + if (src_x) { + tmp_h = tmp_w * src_y / src_x; + } + } + + new_width = tmp_w; + new_height = tmp_h; + if (gdImageSetInterpolationMethod(im, method)) { im_scaled = gdImageScale(im, new_width, new_height); } From 503f8193e804ba1eb0847b4c6148844e50a60427 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 15 Oct 2014 19:16:45 +0200 Subject: [PATCH 07/20] NEWS --- NEWS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS b/NEWS index aa8cb7ebf4d..9181fb280fa 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,9 @@ PHP NEWS -Fileinfo: . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) +- GD: + . Fixed bug #65171 (imagescale() fails without height param). (Remi) + - Core: . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita) . Fixed bug #68129 (parse_url() - incomplete support for empty usernames From ff91a48f6ea074ff53a37069b3454840bd08c946 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 15 Oct 2014 19:32:14 +0200 Subject: [PATCH 08/20] Revert "Bug #41631: Fix regression from first attempt (6569db8)" This reverts commit 372844918a318ad712e16f9ec636682424a65403. --- ext/openssl/xp_ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 2f81dc7e47b..feaf09d3c6e 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1852,7 +1852,7 @@ static size_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t coun to hang forever. To avoid this scenario we poll with a timeout before performing the actual read. If it times out we're finished. */ - if (sock->is_blocked && SSL_pending(sslsock->ssl_handle) == 0) { + if (sock->is_blocked) { php_openssl_stream_wait_for_data(sock); if (sock->timeout_event) { stream->eof = 1; From 528e4166a69241a4e2536325d343ee0c33620954 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 15 Oct 2014 19:32:46 +0200 Subject: [PATCH 09/20] Revert "Bug #67965: Fix blocking behavior in non-blocking crypto streams" This reverts commit f86b2193a483f56b0bd056570a0cdb57ebe66e2f. --- ext/openssl/xp_ssl.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index feaf09d3c6e..272a5b1f274 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -2179,19 +2179,17 @@ static int php_openssl_sockop_cast(php_stream *stream, int castas, void **ret TS case PHP_STREAM_AS_FD_FOR_SELECT: if (ret) { - /* OpenSSL has an internal buffer which select() cannot see. If we don't - * fetch it into the stream's buffer, no activity will be reported on the - * stream even though there is data waiting to be read - but we only fetch - * the lower of bytes OpenSSL has ready to give us or chunk_size since we - * weren't asked for any data at this stage. This is only likely to cause - * issues with non-blocking streams, but it's harmless to always do it. */ - size_t pending; - if (stream->writepos == stream->readpos - && sslsock->ssl_active - && (pending = (size_t)SSL_pending(sslsock->ssl_handle)) > 0) { - php_stream_fill_read_buffer(stream, pending < stream->chunk_size - ? pending - : stream->chunk_size); + if (sslsock->ssl_active) { + /* OpenSSL has an internal buffer which select() cannot see. If we don't + fetch it into the stream's buffer, no activity will be reported on the + stream even though there is data waiting to be read - but we only fetch + the number of bytes OpenSSL has ready to give us since we weren't asked + for any data at this stage. This is only likely to cause issues with + non-blocking streams, but it's harmless to always do it. */ + int bytes; + while ((bytes = SSL_pending(sslsock->ssl_handle)) > 0) { + php_stream_fill_read_buffer(stream, (size_t)bytes); + } } *(php_socket_t *)ret = sslsock->s.socket; From 7b8222aa44bbab9928afd57adb1bc04cf291d46c Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 15 Oct 2014 19:33:31 +0200 Subject: [PATCH 10/20] Revert "Merge branch 'PHP-5.4' into PHP-5.5" This reverts commit 30a73658c63a91c413305a4c4d49882fda4dab3e, reversing changes made to 7fac56e0729385bbd2bb040f06a20a697d9de5fd. --- ext/openssl/xp_ssl.c | 13 ------------- main/php_streams.h | 3 --- main/streams/streams.c | 8 ++++---- 3 files changed, 4 insertions(+), 20 deletions(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 272a5b1f274..1a70fb93459 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -2179,19 +2179,6 @@ static int php_openssl_sockop_cast(php_stream *stream, int castas, void **ret TS case PHP_STREAM_AS_FD_FOR_SELECT: if (ret) { - if (sslsock->ssl_active) { - /* OpenSSL has an internal buffer which select() cannot see. If we don't - fetch it into the stream's buffer, no activity will be reported on the - stream even though there is data waiting to be read - but we only fetch - the number of bytes OpenSSL has ready to give us since we weren't asked - for any data at this stage. This is only likely to cause issues with - non-blocking streams, but it's harmless to always do it. */ - int bytes; - while ((bytes = SSL_pending(sslsock->ssl_handle)) > 0) { - php_stream_fill_read_buffer(stream, (size_t)bytes); - } - } - *(php_socket_t *)ret = sslsock->s.socket; } return SUCCESS; diff --git a/main/php_streams.h b/main/php_streams.h index e90976cdca9..d1efa719880 100644 --- a/main/php_streams.h +++ b/main/php_streams.h @@ -297,9 +297,6 @@ PHPAPI size_t _php_stream_write(php_stream *stream, const char *buf, size_t coun #define php_stream_write_string(stream, str) _php_stream_write(stream, str, strlen(str) TSRMLS_CC) #define php_stream_write(stream, buf, count) _php_stream_write(stream, (buf), (count) TSRMLS_CC) -PHPAPI void _php_stream_fill_read_buffer(php_stream *stream, size_t size TSRMLS_DC); -#define php_stream_fill_read_buffer(stream, size) _php_stream_fill_read_buffer((stream), (size) TSRMLS_CC) - #ifdef ZTS PHPAPI size_t _php_stream_printf(php_stream *stream TSRMLS_DC, const char *fmt, ...) PHP_ATTRIBUTE_FORMAT(printf, 3, 4); #else diff --git a/main/streams/streams.c b/main/streams/streams.c index d0d4fffa0a9..67a151014d6 100644 --- a/main/streams/streams.c +++ b/main/streams/streams.c @@ -568,7 +568,7 @@ fprintf(stderr, "stream_free: %s:%p[%s] preserve_handle=%d release_cast=%d remov /* {{{ generic stream operations */ -PHPAPI void _php_stream_fill_read_buffer(php_stream *stream, size_t size TSRMLS_DC) +static void php_stream_fill_read_buffer(php_stream *stream, size_t size TSRMLS_DC) { /* allocate/fill the buffer */ @@ -736,7 +736,7 @@ PHPAPI size_t _php_stream_read(php_stream *stream, char *buf, size_t size TSRMLS break; } } else { - php_stream_fill_read_buffer(stream, size); + php_stream_fill_read_buffer(stream, size TSRMLS_CC); toread = stream->writepos - stream->readpos; if (toread > size) { @@ -972,7 +972,7 @@ PHPAPI char *_php_stream_get_line(php_stream *stream, char *buf, size_t maxlen, } } - php_stream_fill_read_buffer(stream, toread); + php_stream_fill_read_buffer(stream, toread TSRMLS_CC); if (stream->writepos - stream->readpos == 0) { break; @@ -1047,7 +1047,7 @@ PHPAPI char *php_stream_get_record(php_stream *stream, size_t maxlen, size_t *re to_read_now = MIN(maxlen - buffered_len, stream->chunk_size); - php_stream_fill_read_buffer(stream, buffered_len + to_read_now); + php_stream_fill_read_buffer(stream, buffered_len + to_read_now TSRMLS_CC); just_read = STREAM_BUFFERED_AMOUNT(stream) - buffered_len; From 4fb998d42fb517e4888124c809bbc1046e76a0c6 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 15 Oct 2014 19:33:47 +0200 Subject: [PATCH 11/20] Revert "fix TS build" This reverts commit 84a4041ba47e92e7a0ba03938d0ebf88b5fcf6cf. --- ext/openssl/xp_ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 1a70fb93459..2a50f07ef6a 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1807,7 +1807,7 @@ static size_t php_openssl_sockop_write(php_stream *stream, const char *buf, size } /* }}} */ -static void php_openssl_stream_wait_for_data(php_netstream_data_t *sock) +static void php_openssl_stream_wait_for_data(php_netstream_data_t *sock TSRMLS_DC) { int retval; struct timeval *ptimeout; From feadaaed560891b2157057e9dadd2c3f48a90a60 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 15 Oct 2014 19:34:07 +0200 Subject: [PATCH 12/20] Revert "Merge branch 'PHP-5.5' into PHP-5.6" This reverts commit 98e67add15a6b889efe152c23ed15a61f022a63a, reversing changes made to 2cdc1a2b7473eff27c224c66dcb85118b553a147. --- ext/openssl/xp_ssl.c | 46 -------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c index 2a50f07ef6a..debd1f16d2e 100644 --- a/ext/openssl/xp_ssl.c +++ b/ext/openssl/xp_ssl.c @@ -1807,59 +1807,13 @@ static size_t php_openssl_sockop_write(php_stream *stream, const char *buf, size } /* }}} */ -static void php_openssl_stream_wait_for_data(php_netstream_data_t *sock TSRMLS_DC) -{ - int retval; - struct timeval *ptimeout; - - if (sock->socket == -1) { - return; - } - - sock->timeout_event = 0; - - if (sock->timeout.tv_sec == -1) - ptimeout = NULL; - else - ptimeout = &sock->timeout; - - while(1) { - retval = php_pollfd_for(sock->socket, PHP_POLLREADABLE, ptimeout); - - if (retval == 0) - sock->timeout_event = 1; - - if (retval >= 0) - break; - - if (php_socket_errno() != EINTR) - break; - } -} - static size_t php_openssl_sockop_read(php_stream *stream, char *buf, size_t count TSRMLS_DC) /* {{{ */ { php_openssl_netstream_data_t *sslsock = (php_openssl_netstream_data_t*)stream->abstract; - php_netstream_data_t *sock; int nr_bytes = 0; if (sslsock->ssl_active) { int retry = 1; - sock = (php_netstream_data_t*)stream->abstract; - - /* The SSL_read() function will block indefinitely waiting for data on a blocking - socket. If we don't poll for readability first this operation has the potential - to hang forever. To avoid this scenario we poll with a timeout before performing - the actual read. If it times out we're finished. - */ - if (sock->is_blocked) { - php_openssl_stream_wait_for_data(sock); - if (sock->timeout_event) { - stream->eof = 1; - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SSL read operation timed out"); - return nr_bytes; - } - } do { nr_bytes = SSL_read(sslsock->ssl_handle, buf, count); From 2109f5bfe362fdfe840a7014bd62682de3d95c5c Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Wed, 24 Sep 2014 10:27:42 +0200 Subject: [PATCH 13/20] removing the NEWS entry as we had to revert this fix for now --- NEWS | 2 -- 1 file changed, 2 deletions(-) diff --git a/NEWS b/NEWS index 83abd89445f..6429def3a1c 100644 --- a/NEWS +++ b/NEWS @@ -97,8 +97,6 @@ PHP NEWS . Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur) - OpenSSL: - . Fixed bug #41631 (socket timeouts not honored in blocking SSL reads). - (Daniel Lowrey) . Fixed bug #67850 (extension won't build if openssl compiled without SSLv3). (Daniel Lowrey) From a1abdba1eb94f97d9c9194e8e042bd6396b8602e Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 15 Oct 2014 19:47:55 +0200 Subject: [PATCH 14/20] cleanup NEWS --- NEWS | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 9181fb280fa..40737e22b31 100644 --- a/NEWS +++ b/NEWS @@ -2,22 +2,25 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2014, PHP 5.5.19 --Fileinfo: +- Core: + . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita) + . Fixed bug #68129 (parse_url() - incomplete support for empty usernames + and passwords) (Tjerk) + +- Fileinfo: . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) - GD: . Fixed bug #65171 (imagescale() fails without height param). (Remi) -- Core: - . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita) - . Fixed bug #68129 (parse_url() - incomplete support for empty usernames - and passwords) (Tjerk) - Mysqli: . Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) + - ODBC: . Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande) + - SPL: . Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk) From a3beb42ded9d1c016c7f14b66ce6008309b506ec Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 15 Oct 2014 19:49:22 +0200 Subject: [PATCH 15/20] NEWS --- NEWS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 6429def3a1c..8bd27e2a324 100644 --- a/NEWS +++ b/NEWS @@ -15,7 +15,7 @@ PHP NEWS array notation) (Florian) . Implemented 64-bit format codes for pack() and unpack(). (Leigh) --Fileinfo: +- Fileinfo: . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) - FPM: @@ -24,6 +24,9 @@ PHP NEWS . Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses). (Robin Gloster) +- GD: + . Fixed bug #65171 (imagescale() fails without height param). (Remi) + - GMP: . Implemented gmp_random_range() and gmp_random_bits(). (Leigh) From 95278779304d6f513cb1cb5f60b9db75f5dc1981 Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 16 Oct 2014 13:41:27 +0400 Subject: [PATCH 16/20] Removed deprecated fields --- Zend/zend_compile.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/Zend/zend_compile.h b/Zend/zend_compile.h index 089c15f48a9..e9ee6e56d7b 100644 --- a/Zend/zend_compile.h +++ b/Zend/zend_compile.h @@ -59,11 +59,9 @@ typedef union _znode_op { uint32_t constant; uint32_t var; uint32_t num; - zend_ulong hash; uint32_t opline_num; /* Needs to be signed */ zend_op *jmp_addr; zval *zv; - void *ptr; /* Used for passing pointers from the compile to execution phase, currently used for traits */ } znode_op; typedef struct _znode { /* used only during compilation */ From 2a9daf2e15fd145eb89c6b7cd9efa87afa5aa8cc Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 16 Oct 2014 12:10:24 +0200 Subject: [PATCH 17/20] Drop zend_long64 in favor of int64_t Also drop ZEND_HAVE_LONG64, because we already require the presence of a int64_t type. --- Zend/zend_multiply.h | 10 +++++----- Zend/zend_types.h | 14 -------------- 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/Zend/zend_multiply.h b/Zend/zend_multiply.h index 158be220075..ad874ba0390 100644 --- a/Zend/zend_multiply.h +++ b/Zend/zend_multiply.h @@ -84,10 +84,10 @@ } \ } while (0) -#elif SIZEOF_ZEND_LONG == 4 && defined(HAVE_ZEND_LONG64) +#elif SIZEOF_ZEND_LONG == 4 #define ZEND_SIGNED_MULTIPLY_LONG(a, b, lval, dval, usedval) do { \ - zend_long64 __result = (zend_long64) (a) * (zend_long64) (b); \ + int64_t __result = (int64_t) (a) * (int64_t) (b); \ if (__result > ZEND_LONG_MAX || __result < ZEND_LONG_MIN) { \ (dval) = (double) __result; \ (usedval) = 1; \ @@ -206,13 +206,13 @@ static zend_always_inline size_t zend_safe_address(size_t nmemb, size_t size, si return res; } -#elif SIZEOF_SIZE_T == 4 && defined(HAVE_ZEND_LONG64) +#elif SIZEOF_SIZE_T == 4 static zend_always_inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset, int *overflow) { - zend_ulong64 res = (zend_ulong64)nmemb * (zend_ulong64)size + (zend_ulong64)offset; + uint64_t res = (uint64_t) nmemb * (uint64_t) size + (uint64_t) offset; - if (UNEXPECTED(res > (zend_ulong64)0xFFFFFFFFL)) { + if (UNEXPECTED(res > UINT64_C(0xFFFFFFFF))) { *overflow = 1; return 0; } diff --git a/Zend/zend_types.h b/Zend/zend_types.h index e3818dd2a16..eb7154f2931 100644 --- a/Zend/zend_types.h +++ b/Zend/zend_types.h @@ -64,20 +64,6 @@ typedef enum { # endif #endif -#define HAVE_ZEND_LONG64 -#ifdef ZEND_WIN32 -typedef __int64 zend_long64; -typedef unsigned __int64 zend_ulong64; -#elif SIZEOF_LONG_LONG_INT == 8 -typedef long long int zend_long64; -typedef unsigned long long int zend_ulong64; -#elif SIZEOF_LONG_LONG == 8 -typedef long long zend_long64; -typedef unsigned long long zend_ulong64; -#else -# undef HAVE_ZEND_LONG64 -#endif - /* XXX this won't work on X32 platform */ #ifdef ZEND_ENABLE_ZVAL_LONG64 typedef int64_t zend_intptr_t; From b65518faf3307711c6804dde799aee7541413829 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 16 Oct 2014 12:14:37 +0200 Subject: [PATCH 18/20] Fix format strings in zend_alloc --- Zend/zend_alloc.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index 20313fa28c6..f5ffb6491b0 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -962,9 +962,9 @@ not_found: if (heap->real_size + ZEND_MM_CHUNK_SIZE > heap->limit) { if (heap->overflow == 0) { #if ZEND_DEBUG - zend_mm_safe_error(heap, "Allowed memory size of " ZEND_ULONG_FMT " bytes exhausted at %s:%d (tried to allocate " ZEND_ULONG_FMT " bytes)", heap->limit, __zend_filename, __zend_lineno, size); + zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted at %s:%d (tried to allocate %zu bytes)", heap->limit, __zend_filename, __zend_lineno, size); #else - zend_mm_safe_error(heap, "Allowed memory size of " ZEND_ULONG_FMT " bytes exhausted (tried to allocate " ZEND_ULONG_FMT " bytes)", heap->limit, ZEND_MM_PAGE_SIZE * pages_count); + zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted (tried to allocate %zu bytes)", heap->limit, ZEND_MM_PAGE_SIZE * pages_count); #endif return NULL; } @@ -976,9 +976,9 @@ not_found: #if !ZEND_MM_LIMIT zend_mm_safe_error(heap, "Out of memory"); #elif ZEND_DEBUG - zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %lu bytes)", heap->real_size, __zend_filename, __zend_lineno, size); + zend_mm_safe_error(heap, "Out of memory (allocated %zu) at %s:%d (tried to allocate %zu bytes)", heap->real_size, __zend_filename, __zend_lineno, size); #else - zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %lu bytes)", heap->real_size, ZEND_MM_PAGE_SIZE * pages_count); + zend_mm_safe_error(heap, "Out of memory (allocated %zu) (tried to allocate %zu bytes)", heap->real_size, ZEND_MM_PAGE_SIZE * pages_count); #endif return NULL; } @@ -1415,9 +1415,9 @@ static void *zend_mm_realloc_heap(zend_mm_heap *heap, void *ptr, size_t size ZEN if (heap->real_size + (new_size - old_size) > heap->limit) { if (heap->overflow == 0) { #if ZEND_DEBUG - zend_mm_safe_error(heap, "Allowed memory size of " ZEND_ULONG_FMT " bytes exhausted at %s:%d (tried to allocate " ZEND_ULONG_FMT " bytes)", heap->limit, __zend_filename, __zend_lineno, size); + zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted at %s:%d (tried to allocate %zu bytes)", heap->limit, __zend_filename, __zend_lineno, size); #else - zend_mm_safe_error(heap, "Allowed memory size of " ZEND_ULONG_FMT " bytes exhausted (tried to allocate " ZEND_ULONG_FMT " bytes)", heap->limit, size); + zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted (tried to allocate %zu bytes)", heap->limit, size); #endif return NULL; } @@ -1641,9 +1641,9 @@ static void *zend_mm_alloc_huge(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_D if (heap->real_size + new_size > heap->limit) { if (heap->overflow == 0) { #if ZEND_DEBUG - zend_mm_safe_error(heap, "Allowed memory size of " ZEND_ULONG_FMT " bytes exhausted at %s:%d (tried to allocate %lu bytes)", heap->limit, __zend_filename, __zend_lineno, size); + zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted at %s:%d (tried to allocate %zu bytes)", heap->limit, __zend_filename, __zend_lineno, size); #else - zend_mm_safe_error(heap, "Allowed memory size of " ZEND_ULONG_FMT " bytes exhausted (tried to allocate %lu bytes)", heap->limit, size); + zend_mm_safe_error(heap, "Allowed memory size of %zu bytes exhausted (tried to allocate %zu bytes)", heap->limit, size); #endif return NULL; } @@ -1655,9 +1655,9 @@ static void *zend_mm_alloc_huge(zend_mm_heap *heap, size_t size ZEND_FILE_LINE_D #if !ZEND_MM_LIMIT zend_mm_safe_error(heap, "Out of memory"); #elif ZEND_DEBUG - zend_mm_safe_error(heap, "Out of memory (allocated %ld) at %s:%d (tried to allocate %lu bytes)", heap->real_size, __zend_filename, __zend_lineno, size); + zend_mm_safe_error(heap, "Out of memory (allocated %zu) at %s:%d (tried to allocate %zu bytes)", heap->real_size, __zend_filename, __zend_lineno, size); #else - zend_mm_safe_error(heap, "Out of memory (allocated %ld) (tried to allocate %lu bytes)", heap->real_size, size); + zend_mm_safe_error(heap, "Out of memory (allocated %zu) (tried to allocate %zu bytes)", heap->real_size, size); #endif return NULL; } From 876965d20a53d06fbe61e887f6f0c74b6a36d5ec Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 16 Oct 2014 12:17:20 +0200 Subject: [PATCH 19/20] Use intptr_t for zend_intptr_t typedef Current code doesn't work for 64bit zend_long with 32bit pointers. If intptr_t isn't defined on some platform, we should add it to our php_stdint.h header. --- Zend/zend_types.h | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/Zend/zend_types.h b/Zend/zend_types.h index eb7154f2931..383f77caa41 100644 --- a/Zend/zend_types.h +++ b/Zend/zend_types.h @@ -64,14 +64,8 @@ typedef enum { # endif #endif -/* XXX this won't work on X32 platform */ -#ifdef ZEND_ENABLE_ZVAL_LONG64 -typedef int64_t zend_intptr_t; -typedef uint64_t zend_uintptr_t; -#else -typedef int32_t zend_intptr_t; -typedef uint32_t zend_uintptr_t; -#endif +typedef intptr_t zend_intptr_t; +typedef uintptr_t zend_uintptr_t; typedef struct _zend_object_handlers zend_object_handlers; typedef struct _zend_class_entry zend_class_entry; From 53a8584123f359c2c32f1869d98e4dd9e0a7a6ab Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Thu, 16 Oct 2014 12:38:44 +0200 Subject: [PATCH 20/20] Fix allocator for 64bit zend_long with 32bit long --- Zend/zend_alloc.c | 8 ++++++++ Zend/zend_multiply.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index f5ffb6491b0..bae723f2788 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -482,7 +482,11 @@ static void zend_mm_munmap(void *addr, size_t size) static zend_always_inline int zend_mm_bitset_nts(zend_mm_bitset bitset) { #if defined(__GNUC__) +# if SIZEOF_ZEND_LONG == SIZEOF_LONG return __builtin_ctzl(~bitset); +# else + return __builtin_ctzll(~bitset); +# endif #elif defined(_WIN32) unsigned long index; @@ -519,7 +523,11 @@ static zend_always_inline int zend_mm_bitset_nts(zend_mm_bitset bitset) static zend_always_inline int zend_mm_bitset_ntz(zend_mm_bitset bitset) { #if defined(__GNUC__) +# if SIZEOF_ZEND_LONG == SIZEOF_LONG return __builtin_ctzl(bitset); +# else + return __builtin_ctzll(bitset); +# endif #elif defined(_WIN32) unsigned long index; diff --git a/Zend/zend_multiply.h b/Zend/zend_multiply.h index ad874ba0390..6dce8fb6ac2 100644 --- a/Zend/zend_multiply.h +++ b/Zend/zend_multiply.h @@ -117,7 +117,7 @@ static zend_always_inline size_t zend_safe_address(size_t nmemb, size_t size, size_t offset, int *overflow) { size_t res = nmemb; - zend_ulong m_overflow = 0; + size_t m_overflow = 0; __asm__ ("mull %3\n\taddl %4,%0\n\tadcl $0,%1" : "=&a"(res), "=&d" (m_overflow)