archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-7.0' into PHP-7.1

Browse source 
* PHP-7.0:
  Fix bug #73190: memcpy negative parameter _bc_new_num_ex

(cherry picked from commit af1bf873fe)
This commit is contained in:
Anatol Belski 2016-10-12 20:09:24 +02:00
parent 06e7c9983a
commit a8a11b669d
3 changed files with 26 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

25
Zend/zend_exceptions.c
View file

@ -306,10 +306,7 @@ ZEND_METHOD(exception, __construct)
#define CHECK_EXC_TYPE(id, type) \
pvalue = zend_read_property_ex(i_get_exception_base(object), (object), CG(known_strings)[id], 1, &value); \
if (Z_TYPE_P(pvalue) != IS_NULL && Z_TYPE_P(pvalue) != type) { \
zval tmp; \
ZVAL_STR_COPY(&tmp, CG(known_strings)[id]); \
Z_OBJ_HANDLER_P(object, unset_property)(object, &tmp, NULL); \
zval_ptr_dtor(&tmp); \
zend_unset_property(i_get_exception_base(object), object, ZEND_STR_PREVIOUS, sizeof(ZEND_STR_PREVIOUS)-1); \
}
ZEND_METHOD(exception, __wakeup)
@ -323,6 +320,12 @@ ZEND_METHOD(exception, __wakeup)
CHECK_EXC_TYPE(ZEND_STR_LINE, IS_LONG);
CHECK_EXC_TYPE(ZEND_STR_TRACE, IS_ARRAY);
CHECK_EXC_TYPE(ZEND_STR_PREVIOUS, IS_OBJECT);
pvalue = zend_read_property(i_get_exception_base(object), object, ZEND_STR_PREVIOUS, sizeof(ZEND_STR_PREVIOUS)-1, 1, &value);
if (pvalue && Z_TYPE_P(pvalue) != IS_NULL && (Z_TYPE_P(pvalue) != IS_OBJECT ||
!instanceof_function(Z_OBJCE_P(pvalue), i_get_exception_base(object)) ||
pvalue == object)) {
zend_unset_property(i_get_exception_base(object), object, ZEND_STR_PREVIOUS, sizeof(ZEND_STR_PREVIOUS)-1);
}
}
/* }}} */
@ -735,10 +738,24 @@ ZEND_METHOD(exception, __toString)
zend_string_release(file);
zval_ptr_dtor(&trace);
Z_OBJPROP_P(exception)->u.v.nApplyCount++;
exception = GET_PROPERTY(exception, ZEND_STR_PREVIOUS);
if (exception && Z_TYPE_P(exception) == IS_OBJECT && Z_OBJPROP_P(exception)->u.v.nApplyCount > 0) {
exception = NULL;
}
}
zend_string_release(fname);
/* Reset apply counts */
while (exception && Z_TYPE_P(exception) == IS_OBJECT && (base_ce = i_get_exception_base(exception)) && instanceof_function(Z_OBJCE_P(exception), base_ce)) {
if(Z_OBJPROP_P(exception)->u.v.nApplyCount) {
Z_OBJPROP_P(exception)->u.v.nApplyCount--;
} else {
break;
}
exception = GET_PROPERTY(exception, ZEND_STR_PREVIOUS);
}
exception = getThis();
base_ce = i_get_exception_base(exception);

5
ext/bcmath/libbcmath/src/init.c
View file

@ -49,7 +49,10 @@ _bc_new_num_ex (length, scale, persistent)
int length, scale, persistent;
{
bc_num temp;
/* PHP Change: add length check */
if ((size_t)length+(size_t)scale > INT_MAX) {
zend_error(E_ERROR, "Result too long, max is %d", INT_MAX);
}
/* PHP Change: malloc() -> pemalloc(), removed free_list code */
temp = (bc_num) safe_pemalloc (1, sizeof(bc_struct)+length, scale, persistent);
#if 0

3
ext/bcmath/libbcmath/src/outofmem.c
View file

@ -41,6 +41,5 @@
void bc_out_of_memory (void)
{
(void) fprintf (stderr, "bcmath: out of memory!\n");
exit (1);
zend_error_noreturn(E_ERROR, "bcmath: out of memory!");
}