Added zend_eval_stringl and made create_function(), etc. binary-safe

Zend/zend_builtin_functions.c

@@ -1696,7 +1696,7 @@ ZEND_FUNCTION(get_defined_vars)
    Creates an anonymous function, and returns its name (funny, eh?) */
 ZEND_FUNCTION(create_function)
 {
-	char *eval_code, *function_name;
+	char *eval_code, function_name[sizeof("0lambda_") + MAX_LENGTH_OF_LONG];
 	int eval_code_length, function_name_length;
 	zstr args, code;
 	int args_len, code_len;
@@ -1740,16 +1740,31 @@ ZEND_FUNCTION(create_function)
 		code_len = len;
 	}
 
-	eval_code_length = sizeof(LAMBDA_DECLARE_ENCODING "function " LAMBDA_TEMP_FUNCNAME)
+	eval_code = (char *) emalloc(sizeof(LAMBDA_DECLARE_ENCODING "function " LAMBDA_TEMP_FUNCNAME)
 			+args_len
 			+2	/* for the args parentheses */
 			+2	/* for the curly braces */
-			+code_len;
+			+code_len);
 
-	eval_code = (char *) emalloc(eval_code_length);
-	sprintf(eval_code, "%sfunction " LAMBDA_TEMP_FUNCNAME "(%s){%s}",
-		(type == IS_UNICODE) ? LAMBDA_DECLARE_ENCODING : "",
-		args.s, code.s);
+	if (type == IS_UNICODE) {
+		eval_code_length = sizeof(LAMBDA_DECLARE_ENCODING "function " LAMBDA_TEMP_FUNCNAME "(") - 1;
+		memcpy(eval_code, LAMBDA_DECLARE_ENCODING "function " LAMBDA_TEMP_FUNCNAME "(", eval_code_length);
+	} else {
+		eval_code_length = sizeof("function " LAMBDA_TEMP_FUNCNAME "(") - 1;
+		memcpy(eval_code, "function " LAMBDA_TEMP_FUNCNAME "(", eval_code_length);
+	}
+
+	memcpy(eval_code + eval_code_length, args.s, args_len);
+	eval_code_length += args_len;
+
+	eval_code[eval_code_length++] = ')';
+	eval_code[eval_code_length++] = '{';
+
+	memcpy(eval_code + eval_code_length, code.s, code_len);
+	eval_code_length += code_len;
+
+	eval_code[eval_code_length++] = '}';
+	eval_code[eval_code_length] = '\0';
 
 	if (type == IS_UNICODE) {
 		efree(args.s);
@@ -1757,7 +1772,7 @@ ZEND_FUNCTION(create_function)
 	}
 
 	eval_name = zend_make_compiled_string_description("runtime-created function" TSRMLS_CC);
-	retval = zend_eval_string(eval_code, NULL, eval_name TSRMLS_CC);
+	retval = zend_eval_stringl(eval_code, eval_code_length, NULL, eval_name TSRMLS_CC);
 	efree(eval_code);
 	efree(eval_name);
 
@@ -1771,15 +1786,13 @@ ZEND_FUNCTION(create_function)
 		new_function = *func;
 		function_add_ref(&new_function TSRMLS_CC);
 
-		function_name = (char *) emalloc(sizeof("0lambda_")+MAX_LENGTH_OF_LONG);
+		function_name[0] = '\0';
 
 		do {
-			sprintf(function_name, "%clambda_%d", 0, ++EG(lambda_count));
-			function_name_length = strlen(function_name+1)+1;
+			function_name_length = 1 + sprintf(function_name + 1, "lambda_%d", ++EG(lambda_count));
 		} while (zend_hash_add(EG(function_table), function_name, function_name_length+1, &new_function, sizeof(zend_function), NULL)==FAILURE);
 		zend_hash_del(EG(function_table), LAMBDA_TEMP_FUNCNAME, sizeof(LAMBDA_TEMP_FUNCNAME));
-		RETVAL_ASCII_STRINGL(function_name, function_name_length, 0);
-		efree(function_name);
+		RETURN_ASCII_STRINGL(function_name, function_name_length, 0);
 	} else {
 		RETURN_FALSE;
 	}

Zend/zend_execute.h

@@ -79,9 +79,13 @@ ZEND_API int zend_lookup_class_ex(char *name, int name_length, char *autoload_na
 ZEND_API int zend_u_lookup_class(zend_uchar type, zstr name, int name_length, zend_class_entry ***ce TSRMLS_DC);
 ZEND_API int zend_u_lookup_class_ex(zend_uchar type, zstr name, int name_length, zstr autoload_name, int do_normalize, zend_class_entry ***ce TSRMLS_DC);
 ZEND_API int zend_eval_string(char *str, zval *retval_ptr, char *string_name TSRMLS_DC);
+ZEND_API int zend_eval_stringl(char *str, int str_len, zval *retval_ptr, char *string_name TSRMLS_DC);
 ZEND_API int zend_eval_string_ex(char *str, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC);
+ZEND_API int zend_eval_stringl_ex(char *str, int str_len, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC);
 ZEND_API int zend_u_eval_string(zend_uchar type, zstr str, zval *retval_ptr, char *string_name TSRMLS_DC);
+ZEND_API int zend_u_eval_stringl(zend_uchar type, zstr str, int str_len, zval *retval_ptr, char *string_name TSRMLS_DC);
 ZEND_API int zend_u_eval_string_ex(zend_uchar type, zstr str, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC);
+ZEND_API int zend_u_eval_stringl_ex(zend_uchar type, zstr str, int str_len, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC);
 
 static inline int i_zend_is_true(zval *op)
 {

Zend/zend_execute_API.c

@@ -1191,7 +1191,7 @@ ZEND_API int zend_lookup_class(char *name, int name_length, zend_class_entry ***
 }
 /* }}} */
 
-ZEND_API int zend_u_eval_string(zend_uchar type, zstr string, zval *retval_ptr, char *string_name TSRMLS_DC) /* {{{ */
+ZEND_API int zend_u_eval_stringl(zend_uchar type, zstr string, int str_len, zval *retval_ptr, char *string_name TSRMLS_DC) /* {{{ */
 {
 	zval pv;
 	zend_op_array *new_op_array;
@@ -1203,30 +1203,28 @@ ZEND_API int zend_u_eval_string(zend_uchar type, zstr string, zval *retval_ptr,
 		UChar *str = string.u;
 
 		if (retval_ptr) {
-			int l = u_strlen(str);
-			Z_USTRLEN(pv) = l + sizeof("return ;") - 1;
+			Z_USTRLEN(pv) = str_len + sizeof("return ;") - 1;
 			Z_USTRVAL(pv) = eumalloc(Z_USTRLEN(pv) + 1);
 			u_memcpy(Z_USTRVAL(pv), u_return, sizeof("return ") - 1);
-			u_memcpy(Z_USTRVAL(pv) + sizeof("return ") - 1, str, l);
+			u_memcpy(Z_USTRVAL(pv) + sizeof("return ") - 1, str, str_len);
 			Z_USTRVAL(pv)[Z_USTRLEN(pv) - 1] = 0x3B /*';'*/;
 			Z_USTRVAL(pv)[Z_USTRLEN(pv)] = 0;
 		} else {
-			Z_USTRLEN(pv) = u_strlen(str);
+			Z_USTRLEN(pv) = str_len;
 			Z_USTRVAL(pv) = str;
 		}
 	} else {
 		char *str = string.s;
 
 		if (retval_ptr) {
-			int l = strlen(str);
-			Z_STRLEN(pv) = l + sizeof("return ;") - 1;
+			Z_STRLEN(pv) = str_len + sizeof("return ;") - 1;
 			Z_STRVAL(pv) = emalloc(Z_STRLEN(pv) + 1);
 			memcpy(Z_STRVAL(pv), "return ", sizeof("return ") - 1);
-			memcpy(Z_STRVAL(pv) + sizeof("return ") - 1, str, l);
+			memcpy(Z_STRVAL(pv) + sizeof("return ") - 1, str, str_len);
 			Z_STRVAL(pv)[Z_STRLEN(pv) - 1] = ';';
 			Z_STRVAL(pv)[Z_STRLEN(pv)] = '\0';
 		} else {
-			Z_STRLEN(pv) = strlen(str);
+			Z_STRLEN(pv) = str_len;
 			Z_STRVAL(pv) = str;
 		}
 	}
@@ -1282,17 +1280,29 @@ ZEND_API int zend_u_eval_string(zend_uchar type, zstr string, zval *retval_ptr,
 }
 /* }}} */
 
-ZEND_API int zend_eval_string(char *str, zval *retval_ptr, char *string_name TSRMLS_DC) /* {{{ */
+ZEND_API int zend_u_eval_string(zend_uchar type, zstr str, zval *retval_ptr, char *string_name TSRMLS_DC) /* {{{ */
 {
-	return zend_u_eval_string(IS_STRING, ZSTR(str), retval_ptr, string_name TSRMLS_CC);
+	return zend_u_eval_stringl(type, str, ZSTR_LEN(type, str), retval_ptr, string_name TSRMLS_CC);
 }
 /* }}} */
 
-ZEND_API int zend_u_eval_string_ex(zend_uchar type, zstr str, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC) /* {{{ */
+ZEND_API int zend_eval_stringl(char *str, int str_len, zval *retval_ptr, char *string_name TSRMLS_DC) /* {{{ */
+{
+	return zend_u_eval_stringl(IS_STRING, ZSTR(str), str_len, retval_ptr, string_name TSRMLS_CC);
+}
+/* }}} */
+
+ZEND_API int zend_eval_string(char *str, zval *retval_ptr, char *string_name TSRMLS_DC) /* {{{ */
+{
+	return zend_u_eval_stringl(IS_STRING, ZSTR(str), strlen(str), retval_ptr, string_name TSRMLS_CC);
+}
+/* }}} */
+
+ZEND_API int zend_u_eval_stringl_ex(zend_uchar type, zstr str, int str_len, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC) /* {{{ */
 {
 	int result;
 
-	result = zend_u_eval_string(type, str, retval_ptr, string_name TSRMLS_CC);
+	result = zend_u_eval_stringl(type, str, str_len, retval_ptr, string_name TSRMLS_CC);
 	if (handle_exceptions && EG(exception)) {
 		zend_exception_error(EG(exception), E_ERROR TSRMLS_CC);
 		result = FAILURE;
@@ -1301,9 +1311,21 @@ ZEND_API int zend_u_eval_string_ex(zend_uchar type, zstr str, zval *retval_ptr,
 }
 /* }}} */
 
+ZEND_API int zend_u_eval_string_ex(zend_uchar type, zstr str, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC) /* {{{ */
+{
+	return zend_u_eval_stringl_ex(type, str, ZSTR_LEN(type, str), retval_ptr, string_name, handle_exceptions TSRMLS_CC);
+}
+/* }}} */
+
+ZEND_API int zend_eval_stringl_ex(char *str, int str_len, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC) /* {{{ */
+{
+	return zend_u_eval_stringl_ex(IS_STRING, ZSTR(str), str_len, retval_ptr, string_name, handle_exceptions TSRMLS_CC);
+}
+/* }}} */
+
 ZEND_API int zend_eval_string_ex(char *str, zval *retval_ptr, char *string_name, int handle_exceptions TSRMLS_DC) /* {{{ */
 {
-	return zend_u_eval_string_ex(IS_STRING, ZSTR(str), retval_ptr, string_name, handle_exceptions TSRMLS_CC);
+	return zend_u_eval_stringl_ex(IS_STRING, ZSTR(str), strlen(str), retval_ptr, string_name, handle_exceptions TSRMLS_CC);
 }
 /* }}} */
 

ext/interbase/php_ibase_udf.c

@@ -165,7 +165,7 @@ void exec_php(BLOBCALLBACK b, PARAMDSC *res, ISC_SHORT *init)
 #endif
 			/* feed it to the parser */
 			zend_first_try {
-				result = zend_eval_string(code, NULL, "Firebird Embedded PHP engine" TSRMLS_CC);
+				result = zend_eval_stringl(code, b->blob_total_length, NULL, "Firebird Embedded PHP engine" TSRMLS_CC);
 			} zend_end_try();
 	}
 	

ext/mbstring/php_mbregex.c

@@ -918,9 +918,9 @@ static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOp
 			if (eval) {
 				zval v;
 				/* null terminate buffer */
-				smart_str_appendc(&eval_buf, '\0');
+				smart_str_0(&eval_buf);
 				/* do eval */
-				if (zend_eval_string(eval_buf.c, &v, description TSRMLS_CC) == FAILURE) {
+				if (zend_eval_stringl(eval_buf.c, eval_buf.len, &v, description TSRMLS_CC) == FAILURE) {
 					efree(description);
 					php_error_docref(NULL TSRMLS_CC,E_ERROR, "Failed evaluating code: %s%s", PHP_EOL, eval_buf.c);
 					/* zend_error() does not return in this case */

ext/pcre/php_pcre.c

@@ -1025,7 +1025,7 @@ static int preg_do_eval(char *eval_str, int eval_str_len, char *subject,
 	UG(runtime_encoding_conv) = UG(utf8_conv);
 	compiled_string_description = zend_make_compiled_string_description("regexp code" TSRMLS_CC);
 	/* Run the code */
-	if (zend_eval_string(code.c, &retval, compiled_string_description TSRMLS_CC) == FAILURE) {
+	if (zend_eval_stringl(code.c, code.len, &retval, compiled_string_description TSRMLS_CC) == FAILURE) {
 		efree(compiled_string_description);
 		UG(runtime_encoding_conv) = orig_runtime_conv;
 		php_error_docref(NULL TSRMLS_CC,E_ERROR, "Failed evaluating code: %s%s", PHP_EOL, code.c);

ext/standard/assert.c

@@ -156,15 +156,18 @@ PHP_FUNCTION(assert)
 	if (Z_TYPE_PP(assertion) == IS_STRING || Z_TYPE_PP(assertion) == IS_UNICODE) {
 		zval retval;
 		int old_error_reporting = 0; /* shut up gcc! */
+		int myeval_len;
 
 		if (Z_TYPE_PP(assertion) == IS_UNICODE) {
 			tmp = **assertion;
 			zval_copy_ctor(&tmp);
 			convert_to_string(&tmp);
 			myeval = Z_STRVAL(tmp);
+			myeval_len = Z_STRLEN(tmp);
 			free_tmp = 1;
 		} else {
 			myeval = Z_STRVAL_PP(assertion);
+			myeval_len = Z_STRLEN_PP(assertion);
 		}
 
 		if (ASSERTG(quiet_eval)) {
@@ -173,7 +176,7 @@ PHP_FUNCTION(assert)
 		}
 
 		compiled_string_description = zend_make_compiled_string_description("assert code" TSRMLS_CC);
-		if (zend_eval_string(myeval, &retval, compiled_string_description TSRMLS_CC) == FAILURE) {
+		if (zend_eval_stringl(myeval, myeval_len, &retval, compiled_string_description TSRMLS_CC) == FAILURE) {
 			efree(compiled_string_description);
 			php_error_docref(NULL TSRMLS_CC, E_RECOVERABLE_ERROR, "Failure evaluating code: %s%s", PHP_EOL, myeval);
 			if (free_tmp) {

sapi/cli/php_cli.c

@@ -1169,7 +1169,7 @@ int main(int argc, char *argv[])
 						continue;
 					}
 
-					zend_eval_string(code, NULL, "php shell code" TSRMLS_CC);
+					zend_eval_stringl(code, pos, NULL, "php shell code" TSRMLS_CC);
 					pos = 0;
 					
 					if (php_last_char != '\0' && php_last_char != '\n') {