[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/reflection/php_reflection.c branches/PHP_5_3/ext/reflection/tests/bug61388.phpt branches/PHP_5_4/ext/reflection/php_reflection.c
cataphract Sun, 18 Mar 2012 18:23:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324337 Log: - Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads when get_properties returns a hash table with (inaccessible) dynamic numeric properties). Bug: https://bugs.php.net/61388 (Assigned) ReflectionObject:getProperties called on ArrayObject throws Segmentation Fault Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c A php/php-src/branches/PHP_5_3/ext/reflection/tests/bug61388.phpt U php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c A php/php-src/branches/PHP_5_4/ext/reflection/tests/bug61388.phpt U php/php-src/trunk/ext/reflection/php_reflection.c A php/php-src/trunk/ext/reflection/tests/bug61388.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-18 18:18:01 UTC (rev 324336) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-18 18:23:27 UTC (rev 324337) @@ -72,6 +72,13 @@ . Fixed bug #61088 (Memory leak in readline_callback_handler_install). (Nikic, Laruence) +- Reflection: + . Fixed bug #61388 (ReflectionObject:getProperties() issues invalid reads +when get_properties returns a hash table with (inaccessible) dynamic +numeric properties). (Gustavo) + . Fixed bug #60968 (Late static binding doesn't work with +ReflectionMethod::invokeArgs()). (Laruence) + - SOAP . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) . Fixed bug #60887 (SoapClient ignores user_agent option and sends no @@ -90,10 +97,6 @@ - SQLite3 extension: . Add createCollation() method. (Brad Dewar) -- Reflection: - . Fixed bug #60968 (Late static binding doesn't work with -ReflectionMethod::invokeArgs()). (Laruence) - - Session: . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) Modified: php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c === --- php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2012-03-18 18:18:01 UTC (rev 324336) +++ php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2012-03-18 18:23:27 UTC (rev 324337) @@ -3667,6 +3667,13 @@ zend_class_entry *ce = *va_arg(args, zend_class_entry**); zval *retval = va_arg(args, zval*), member; + /* under some circumstances, the properties hash table may contain numeric +* properties (e.g. when casting from array). This is a WONT FIX bug, at +* least for the moment. Ignore these */ + if (hash_key-nKeyLength == 0) { + return 0; + } + if (hash_key-arKey[0] == '\0') { return 0; /* non public cannot be dynamic */ } Added: php/php-src/branches/PHP_5_3/ext/reflection/tests/bug61388.phpt === --- php/php-src/branches/PHP_5_3/ext/reflection/tests/bug61388.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/reflection/tests/bug61388.phpt 2012-03-18 18:23:27 UTC (rev 324337) @@ -0,0 +1,32 @@ +--TEST-- +ReflectionObject:getProperties() issues invalid reads when it get_properties returns a hash table with (inaccessible) dynamic numeric properties +--FILE-- +?php +$x = new ArrayObject(); +$x[0] = 'test string 2'; +$x['test'] = 'test string 3'; +$reflObj = new ReflectionObject($x); +print_r($reflObj-getProperties(ReflectionProperty::IS_PUBLIC)); + +$x = (object)array(a, oo = b); +$reflObj = new ReflectionObject($x); +print_r($reflObj-getProperties(ReflectionProperty::IS_PUBLIC)); +--EXPECT-- +Array +( +[0] = ReflectionProperty Object +( +[name] = test +[class] = ArrayObject +) + +) +Array +( +[0] = ReflectionProperty Object +( +[name] = oo +[class] = stdClass +) + +) Property changes on: php/php-src/branches/PHP_5_3/ext/reflection/tests/bug61388.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c === --- php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c 2012-03-18 18:18:01 UTC (rev 324336) +++ php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c 2012-03-18 18:23:27 UTC (rev 324337) @@ -3832,6 +3832,13 @@ zend_class_entry *ce = *va_arg(args, zend_class_entry**); zval *retval = va_arg(args, zval*), member; + /* under some circumstances, the properties hash table may contain numeric +* properties (e.g. when casting from
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/tests/streams/bug61115-1.phpt branches/PHP_5_3/ext/standard/tests/streams/bug61115-2.phpt branches/PHP_5_3/ext/standard
cataphract Sat, 17 Mar 2012 19:37:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324324 Log: - Fixed bug #61371 (resource leak). This bug had two parts, a long standing leak already fixed in trunk/5.3 and now merged onto 5.4 and a leak introduced in fixing bug #61115. This better fix for #61115 fixes the leak (the inhibition for deleting the context was too broad) and so prevents segfaults in new circumstances (where the inhibition was not broad enough). Bugs: https://bugs.php.net/61371 (Verified) stream_context_create() causes memory leaks on use streams_socket_create https://bugs.php.net/61115 (Assigned) Stream related segfault on fatal error in php_stream_context_del_link Changed paths: U php/php-src/branches/PHP_5_3/NEWS A + php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-1.phpt (from php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt:r324314) A + php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-2.phpt (from php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt:r324314) A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61371.phpt U php/php-src/branches/PHP_5_3/main/streams/streams.c U php/php-src/branches/PHP_5_4/ext/standard/streamsfuncs.c A + php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug61115-1.phpt (from php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt:r324314) A + php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug61115-2.phpt (from php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt:r324314) A + php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug61115.phpt (from php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt:r324314) A php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug61371.phpt U php/php-src/branches/PHP_5_4/main/streams/streams.c A + php/php-src/trunk/ext/standard/tests/streams/bug61115-1.phpt (from php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt:r324314) A + php/php-src/trunk/ext/standard/tests/streams/bug61115-2.phpt (from php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt:r324314) A php/php-src/trunk/ext/standard/tests/streams/bug61371.phpt U php/php-src/trunk/main/streams/streams.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-17 17:51:51 UTC (rev 324323) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-17 19:37:30 UTC (rev 324324) @@ -98,6 +98,8 @@ SessionHandler::write()). (Ilia) - Streams: + . Fixed bug #61371 (stream_context_create() causes memory leaks on use +streams_socket_create). (Gustavo) . Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS). (Gustavo) . Fixed bug #61115 (stream related segfault on fatal error in Copied: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-1.phpt (from rev 324314, php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt) === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-1.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-1.phpt 2012-03-17 19:37:30 UTC (rev 324324) @@ -0,0 +1,11 @@ +--TEST-- +Bug #61115: Stream related segfault on fatal error in php_stream_context_del_link - variation 1 +--FILE-- +?php + +$fileResourceTemp = fopen('php://temp', 'wr'); +stream_context_get_options($fileResourceTemp); +ftruncate($fileResourceTemp, PHP_INT_MAX); +? +--EXPECTF-- +Fatal error: Allowed memory size of %d bytes exhausted at %s:%d (tried to allocate %d bytes) in %s on line %d Copied: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-2.phpt (from rev 324314, php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt) === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-2.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115-2.phpt 2012-03-17 19:37:30 UTC (rev 324324) @@ -0,0 +1,10 @@ +--TEST-- +Bug #61115: Stream related segfault on fatal error in php_stream_context_del_link - variation 2 +--FILE-- +?php +stream_socket_client('abc', $var, $var, 0, STREAM_CLIENT_PERSISTENT); + +? +==DONE== +--EXPECT-- +==DONE== Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61371.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61371.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61371.phpt 2012-03-17 19:37:30 UTC (rev 324324) @@ -0,0 +1,40 @@ +--TEST-- +Bug #61371: stream_context_create() causes memory leaks on
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/interbase/ibase_service.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/interbase/ibase_service.c trunk/ext/interbase/ibase_service
iliaaThu, 15 Mar 2012 19:59:26 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324281 Log: Fixed bug #60947 (Segmentation fault while executing ibase_db_info) Bug: https://bugs.php.net/60947 (Assigned) Segmentation fault while executing ibase_db_info Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/interbase/ibase_service.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/interbase/ibase_service.c U php/php-src/trunk/ext/interbase/ibase_service.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-15 16:04:07 UTC (rev 324280) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-15 19:59:26 UTC (rev 324281) @@ -29,6 +29,10 @@ function is by reference). (Nikita Popov) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) +- Ibase + . Fixed bug #60947 (Segmentation fault while executing ibase_db_info). +(Ilia) + - Installation . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) Modified: php/php-src/branches/PHP_5_3/ext/interbase/ibase_service.c === --- php/php-src/branches/PHP_5_3/ext/interbase/ibase_service.c 2012-03-15 16:04:07 UTC (rev 324280) +++ php/php-src/branches/PHP_5_3/ext/interbase/ibase_service.c 2012-03-15 19:59:26 UTC (rev 324281) @@ -321,6 +321,7 @@ heap_p = heap_buf + res_size; } result += 2; + *(result+line_len) = 0; snprintf(heap_p, heap_buf_size - (heap_buf - heap_p), %s\n, result); heap_p += line_len +2; goto query_loop; /* repeat until result is exhausted */ Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-15 16:04:07 UTC (rev 324280) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-15 19:59:26 UTC (rev 324281) @@ -38,6 +38,10 @@ . Fixed bug #52719 (array_walk_recursive crashes if third param of the function is by reference). (Nikita Popov) +- Ibase + . Fixed bug #60947 (Segmentation fault while executing ibase_db_info). +(Ilia) + - Installation . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) Modified: php/php-src/branches/PHP_5_4/ext/interbase/ibase_service.c === --- php/php-src/branches/PHP_5_4/ext/interbase/ibase_service.c 2012-03-15 16:04:07 UTC (rev 324280) +++ php/php-src/branches/PHP_5_4/ext/interbase/ibase_service.c 2012-03-15 19:59:26 UTC (rev 324281) @@ -321,6 +321,7 @@ heap_p = heap_buf + res_size; } result += 2; + *(result+line_len) = 0; snprintf(heap_p, heap_buf_size - (heap_buf - heap_p), %s\n, result); heap_p += line_len +2; goto query_loop; /* repeat until result is exhausted */ Modified: php/php-src/trunk/ext/interbase/ibase_service.c === --- php/php-src/trunk/ext/interbase/ibase_service.c 2012-03-15 16:04:07 UTC (rev 324280) +++ php/php-src/trunk/ext/interbase/ibase_service.c 2012-03-15 19:59:26 UTC (rev 324281) @@ -321,6 +321,7 @@ heap_p = heap_buf + res_size; } result += 2; + *(result+line_len) = 0; snprintf(heap_p, heap_buf_size - (heap_buf - heap_p), %s\n, result); heap_p += line_len +2; goto query_loop; /* repeat until result is exhausted */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_odbc/odbc_stmt.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/pdo_odbc/odbc_stmt.c trunk/ext/pdo_odbc/odbc_stmt.c
iliaaWed, 14 Mar 2012 20:20:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324251 Log: Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). Bug: https://bugs.php.net/61212 (Open) PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pdo_odbc/odbc_stmt.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/pdo_odbc/odbc_stmt.c U php/php-src/trunk/ext/pdo_odbc/odbc_stmt.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-14 20:08:14 UTC (rev 324250) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-14 20:20:33 UTC (rev 324251) @@ -47,6 +47,9 @@ . Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes) +- PDO_odbc + . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia) + - PDO_pgsql . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed rows on postgresql = 9). (ben dot pineau at gmail dot com) Modified: php/php-src/branches/PHP_5_3/ext/pdo_odbc/odbc_stmt.c === --- php/php-src/branches/PHP_5_3/ext/pdo_odbc/odbc_stmt.c 2012-03-14 20:08:14 UTC (rev 324250) +++ php/php-src/branches/PHP_5_3/ext/pdo_odbc/odbc_stmt.c 2012-03-14 20:20:33 UTC (rev 324251) @@ -637,12 +637,14 @@ if (C-fetched_len != SQL_NO_TOTAL) { /* use size suggested by the driver, if it knows it */ - alloced = C-fetched_len + 1; + buf = emalloc(C-fetched_len + 1); + memcpy(buf, C-data, C-fetched_len); + buf[C-fetched_len] = 0; + used = C-fetched_len; + } else { + buf = estrndup(C-data, 256); + used = 255; /* not 256; the driver NUL terminated the buffer */ } - - buf = emalloc(alloced); - memcpy(buf, C-data, 256); - used = 255; /* not 256; the driver NUL terminated the buffer */ do { C-fetched_len = 0; Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-14 20:08:14 UTC (rev 324250) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-14 20:20:33 UTC (rev 324251) @@ -75,6 +75,9 @@ . Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes) +- PDO_odbc + . Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia) + - Phar . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikita Popov) Modified: php/php-src/branches/PHP_5_4/ext/pdo_odbc/odbc_stmt.c === --- php/php-src/branches/PHP_5_4/ext/pdo_odbc/odbc_stmt.c 2012-03-14 20:08:14 UTC (rev 324250) +++ php/php-src/branches/PHP_5_4/ext/pdo_odbc/odbc_stmt.c 2012-03-14 20:20:33 UTC (rev 324251) @@ -637,12 +637,14 @@ if (C-fetched_len != SQL_NO_TOTAL) { /* use size suggested by the driver, if it knows it */ - alloced = C-fetched_len + 1; + buf = emalloc(C-fetched_len + 1); + memcpy(buf, C-data, C-fetched_len); + buf[C-fetched_len] = 0; + used = C-fetched_len; + } else { + buf = estrndup(C-data, 256); + used = 255; /* not 256; the driver NUL terminated the buffer */ } - - buf = emalloc(alloced); - memcpy(buf, C-data, 256); - used = 255; /* not 256; the driver NUL terminated the buffer */ do { C-fetched_len = 0; Modified: php/php-src/trunk/ext/pdo_odbc/odbc_stmt.c === --- php/php-src/trunk/ext/pdo_odbc/odbc_stmt.c 2012-03-14 20:08:14 UTC (rev 324250) +++ php/php-src/trunk/ext/pdo_odbc/odbc_stmt.c 2012-03-14 20:20:33 UTC (rev 324251) @@ -637,12 +637,14 @@ if (C-fetched_len != SQL_NO_TOTAL) { /* use size suggested by the driver, if it knows it */ - alloced = C-fetched_len + 1; + buf = emalloc(C-fetched_len + 1); +
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/basic_functions.c branches/PHP_5_3/ext/standard/tests/time/bug60222.phpt branches/PHP_5_4/NEWS branches/PHP_5_4/ext/sta
iliaaMon, 12 Mar 2012 16:53:07 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324163 Log: Fixed bug #60222 (time_nanosleep() does validate input params). Bug: https://bugs.php.net/60222 (Open) time_nanosleep won't throw a warning for negative second Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c A php/php-src/branches/PHP_5_3/ext/standard/tests/time/bug60222.phpt U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c A php/php-src/branches/PHP_5_4/ext/standard/tests/time/bug60222.phpt U php/php-src/trunk/ext/standard/basic_functions.c A php/php-src/trunk/ext/standard/tests/time/bug60222.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-12 16:19:10 UTC (rev 324162) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-12 16:53:07 UTC (rev 324163) @@ -24,6 +24,7 @@ . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia) . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) + . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia) . Fixed bug #52719 (array_walk_recursive crashes if third param of the function is by reference). (Nikita Popov) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) Modified: php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c === --- php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c 2012-03-12 16:19:10 UTC (rev 324162) +++ php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c 2012-03-12 16:53:07 UTC (rev 324163) @@ -4497,6 +4497,15 @@ return; } + if (tv_sec 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, The seconds value must be greater than 0); + RETURN_FALSE; + } + if (tv_nsec 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, The nanoseconds value must be greater than 0); + RETURN_FALSE; + } + php_req.tv_sec = (time_t) tv_sec; php_req.tv_nsec = tv_nsec; if (!nanosleep(php_req, php_rem)) { Added: php/php-src/branches/PHP_5_3/ext/standard/tests/time/bug60222.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/time/bug60222.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/time/bug60222.phpt 2012-03-12 16:53:07 UTC (rev 324163) @@ -0,0 +1,15 @@ +--TEST-- +Bug #60222 (time_nanosleep() does validate input params) +--FILE-- +?php + var_dump(time_nanosleep(-1, 0)); + var_dump(time_nanosleep(0, -1)); +? +===DONE=== +--EXPECTF-- +Warning: time_nanosleep(): The seconds value must be greater than 0 in %s on line %d +bool(false) + +Warning: time_nanosleep(): The nanoseconds value must be greater than 0 in %s on line %d +bool(false) +===DONE=== Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-12 16:19:10 UTC (rev 324162) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-12 16:53:07 UTC (rev 324163) @@ -87,6 +87,7 @@ - Standard: . Fixed memory leak in substr_replace. (Pierrick) . Make max_file_uploads ini directive settable outside of php.ini (Rasmus) + . Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia) . Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths). (Ilia) Modified: php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c === --- php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c 2012-03-12 16:19:10 UTC (rev 324162) +++ php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c 2012-03-12 16:53:07 UTC (rev 324163) @@ -4432,6 +4432,15 @@ return; } + if (tv_sec 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, The seconds value must be greater than 0); + RETURN_FALSE; + } + if (tv_nsec 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, The nanoseconds value must be greater than 0); + RETURN_FALSE; + } + php_req.tv_sec = (time_t) tv_sec; php_req.tv_nsec = tv_nsec; if (!nanosleep(php_req, php_rem)) { Added: php/php-src/branches/PHP_5_4/ext/standard/tests/time/bug60222.phpt === --- php/php-src/branches/PHP_5_4/ext/standard/tests/time/bug60222.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/standard/tests/time/bug60222.phpt
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/spl/spl_array.c branches/PHP_5_3/ext/spl/tests/bug61347.phpt branches/PHP_5_4/NEWS branches/PHP_5_4/ext/spl/spl_array.c branches
laruence Sun, 11 Mar 2012 08:27:55 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324093 Log: Fixed bug #61347 (inconsist isset behavior of Arrayobject) Bug: https://bugs.php.net/61347 (Open) inconsist isset behavior of Arrayobject Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/spl/spl_array.c A php/php-src/branches/PHP_5_3/ext/spl/tests/bug61347.phpt U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/spl/spl_array.c A php/php-src/branches/PHP_5_4/ext/spl/tests/bug61347.phpt U php/php-src/trunk/ext/spl/spl_array.c A php/php-src/trunk/ext/spl/tests/bug61347.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 04:20:25 UTC (rev 324092) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 08:27:55 UTC (rev 324093) @@ -66,6 +66,7 @@ - SPL . Fixed bug #61326 (ArrayObject comparison). (Gustavo) + . Fixed bug #61347 (inconsist isset behavior of Arrayobject). (Laruence) - SQLite3 extension: . Add createCollation() method. (Brad Dewar) Modified: php/php-src/branches/PHP_5_3/ext/spl/spl_array.c === --- php/php-src/branches/PHP_5_3/ext/spl/spl_array.c 2012-03-11 04:20:25 UTC (rev 324092) +++ php/php-src/branches/PHP_5_3/ext/spl/spl_array.c 2012-03-11 08:27:55 UTC (rev 324093) @@ -578,49 +578,46 @@ } switch(Z_TYPE_P(offset)) { - case IS_STRING: - if (check_empty) { - if (zend_symtable_find(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) tmp) != FAILURE) { -switch (check_empty) { - case 0: - return Z_TYPE_PP(tmp) != IS_NULL; - case 2: - return 1; - default: - return zend_is_true(*tmp); + case IS_STRING: + { +HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); +if (zend_symtable_find(ht, Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1, (void **) tmp) != FAILURE) { + switch (check_empty) { + case 0: + return Z_TYPE_PP(tmp) != IS_NULL; + case 2: + return 1; + default: + return zend_is_true(*tmp); + } } +return 0; } - return 0; - } else { - return zend_symtable_exists(spl_array_get_hash_table(intern, 0 TSRMLS_CC), Z_STRVAL_P(offset), Z_STRLEN_P(offset)+1); - } - case IS_DOUBLE: - case IS_RESOURCE: - case IS_BOOL: - case IS_LONG: - if (offset-type == IS_DOUBLE) { - index = (long)Z_DVAL_P(offset); - } else { - index = Z_LVAL_P(offset); - } - if (check_empty) { - HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); - if (zend_hash_index_find(ht, index, (void **)tmp) != FAILURE) { -switch (check_empty) { - case 0: - return Z_TYPE_PP(tmp) != IS_NULL; - case 2: - return 1; - default: - return zend_is_true(*tmp); + case IS_DOUBLE: + case IS_RESOURCE: + case IS_BOOL: + case IS_LONG: + { +HashTable *ht = spl_array_get_hash_table(intern, 0 TSRMLS_CC); +if (offset-type == IS_DOUBLE) { + index = (long)Z_DVAL_P(offset); +} else { + index = Z_LVAL_P(offset); } +if (zend_hash_index_find(ht, index, (void **)tmp) != FAILURE) { + switch (check_empty) { + case 0: + return Z_TYPE_PP(tmp) != IS_NULL; + case 2: + return 1; + default: + return zend_is_true(*tmp); + } +} +return 0; } - return 0; - } else { - return zend_hash_index_exists(spl_array_get_hash_table(intern, 0 TSRMLS_CC), index); - } - default: - zend_error(E_WARNING, Illegal offset type); + default: + zend_error(E_WARNING, Illegal offset type); } return 0; } /* }}} */ Added: php/php-src/branches/PHP_5_3/ext/spl/tests/bug61347.phpt === --- php/php-src/branches/PHP_5_3/ext/spl/tests/bug61347.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/spl/tests/bug61347.phpt 2012-03-11 08:27:55 UTC (rev 324093) @@ -0,0 +1,40 @@ +--TEST-- +Bug #61347 (inconsist isset behavior of Arrayobject) +--FILE-- +?php +$a = array('b' = NULL, 37 = NULL); +var_dump(isset($a['b'])); //false + +$b = new ArrayObject($a); +var_dump(isset($b['b'])); //false +var_dump(isset($b[37])); //false +var_dump(isset($b['no_exists'])); //false +var_dump(empty($b['b'])); //true +var_dump(empty($b[37])); //true + +var_dump(array_key_exists('b', $b)); //true +var_dump($b['b']); + +$a = array('b' = '', 37 = false); +$b = new ArrayObject($a); +var_dump(isset($b['b'])); //true +var_dump(isset($b[37])); //true +var_dump(isset($b['no_exists'])); //false +var_dump(empty($b['b'])); //true +var_dump(empty($b[37])); //true + + +--EXPECT-- +bool(false) +bool(false) +bool(false) +bool(false) +bool(true) +bool(true) +bool(true) +NULL +bool(true) +bool(true) +bool(false) +bool(true)
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_3/NEWS PHP_5_4/NEWS
laruence Sun, 11 Mar 2012 08:34:06 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324095 Log: Oops, sorry for my poor english Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 08:30:30 UTC (rev 324094) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 08:34:06 UTC (rev 324095) @@ -66,7 +66,7 @@ - SPL . Fixed bug #61326 (ArrayObject comparison). (Gustavo) - . Fixed bug #61347 (inconsist isset behavior of Arrayobject). (Laruence) + . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) - SQLite3 extension: . Add createCollation() method. (Brad Dewar) Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-11 08:30:30 UTC (rev 324094) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-11 08:34:06 UTC (rev 324095) @@ -73,7 +73,7 @@ ReflectionMethod::invokeArgs()). (Laruence) - SPL: - . Fixed bug #61347 (inconsist isset behavior of Arrayobject). (Laruence) + . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) - Standard: . Fixed memory leak in substr_replace. (Pierrick) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_3/NEWS PHP_5_4/NEWS
laruence Sun, 11 Mar 2012 09:02:00 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324099 Log: Re-order them according to README.SVN-RULES Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 08:56:14 UTC (rev 324098) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 09:02:00 UTC (rev 324099) @@ -38,10 +38,10 @@ . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). - PDO_mysql + . Fixed bug #61194 (PDO should export compression flag with myslqnd). +(Johannes) . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't always work). (Johannes) - . Fixed bug #61194 (PDO should export compression flag with myslqnd). -(Johannes) - PDO_pgsql . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed @@ -59,14 +59,14 @@ - SOAP . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) + . Fixed bug #60887 (SoapClient ignores user_agent option and sends no +User-Agent header). (carloschilazo at gmail dot com) . Fixed bug #60842, #51775 (Chunked response parsing error when chunksize length line is 10 bytes). (Ilia) - . Fixed bug #60887 (SoapClient ignores user_agent option and sends no -User-Agent header). (carloschilazo at gmail dot com) - SPL + . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) . Fixed bug #61326 (ArrayObject comparison). (Gustavo) - . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) - SQLite3 extension: . Add createCollation() method. (Brad Dewar) @@ -86,20 +86,20 @@ (Gustavo) . Fixed bug #61115 (stream related segfault on fatal error in php_stream_context_link). (Gustavo) - . Fixed bug #60106 (stream_socket_server silently truncates long unix -socket paths). (Ilia) - . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not -detected together with the last read). (Gustavo) . Fixed bug #60817 (stream_get_line() reads from stream even when there is already sufficient data buffered). stream_get_line() now behaves more like fgets(), as is documented. (Gustavo) + . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not +detected together with the last read). (Gustavo) + . Fixed bug #60106 (stream_socket_server silently truncates long unix +socket paths). (Ilia) - Tidy: . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) - XMLRPC: + . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov) . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) - . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov) - Zlib: . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic) Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-11 08:56:14 UTC (rev 324098) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-11 09:02:00 UTC (rev 324099) @@ -3,9 +3,9 @@ ?? ??? 2012, PHP 5.4.1 RC1 - CLI Server: - . Connection: close instead of Connection: closed (Gustavo) . Implemented FR #60850 (Built in web server does not set $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence) + . Connection: close instead of Connection: closed (Gustavo) - Core: . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) @@ -51,20 +51,20 @@ SessionHandler::write()). (Ilia) - SOAP + . Fixed bug #60887 (SoapClient ignores user_agent option and sends no +User-Agent header). (carloschilazo at gmail dot com) . Fixed bug #60842, #51775 (Chunked response parsing error when chunksize length line is 10 bytes). (Ilia) - . Fixed bug #60887 (SoapClient ignores user_agent option and sends no -User-Agent header). (carloschilazo at gmail dot com) - PDO . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO object). (Laruence) - PDO_mysql + . Fixed bug #61194 (PDO should export compression flag with myslqnd). +(Johannes) . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't always work). (Johannes) - . Fixed bug #61194 (PDO should export compression flag with myslqnd). -(Johannes) - Phar . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
laruence Sun, 11 Mar 2012 09:06:12 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324100 Log: Sorry for wrong order again. Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 09:02:00 UTC (rev 324099) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 09:06:12 UTC (rev 324100) @@ -38,10 +38,10 @@ . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). - PDO_mysql + . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't +always work). (Johannes) . Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes) - . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't -always work). (Johannes) - PDO_pgsql . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/readline/readline.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/readline/readline.c trunk/ext/readline/readline.c
laruence Sun, 11 Mar 2012 09:19:38 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324104 Log: Fixed bug #61088 (Memory leak in readline_callback_handler_install). Bug: https://bugs.php.net/61088 (Assigned) Memory leak in readline_callback_handler_install Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/readline/readline.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/readline/readline.c U php/php-src/trunk/ext/readline/readline.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 09:12:25 UTC (rev 324103) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 09:19:38 UTC (rev 324104) @@ -57,6 +57,10 @@ - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) +- Readline: + . Fixed bug #61088 (Memory leak in readline_callback_handler_install). +(Nikic, Laruence) + - SOAP . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) . Fixed bug #60887 (SoapClient ignores user_agent option and sends no Modified: php/php-src/branches/PHP_5_3/ext/readline/readline.c === --- php/php-src/branches/PHP_5_3/ext/readline/readline.c2012-03-11 09:12:25 UTC (rev 324103) +++ php/php-src/branches/PHP_5_3/ext/readline/readline.c2012-03-11 09:19:38 UTC (rev 324104) @@ -561,9 +561,8 @@ FREE_ZVAL(_prepped_callback); } - MAKE_STD_ZVAL(_prepped_callback); - *_prepped_callback = *callback; - zval_copy_ctor(_prepped_callback); + ALLOC_ZVAL(_prepped_callback); + MAKE_COPY_ZVAL(callback, _prepped_callback); rl_callback_handler_install(prompt, php_rl_callback_handler); Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-11 09:12:25 UTC (rev 324103) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-11 09:19:38 UTC (rev 324104) @@ -46,6 +46,10 @@ . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled). (Johannes) +- Readline: + . Fixed bug #61088 (Memory leak in readline_callback_handler_install). +(Nikic, Laruence) + - Session . Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()). (Ilia) Modified: php/php-src/branches/PHP_5_4/ext/readline/readline.c === --- php/php-src/branches/PHP_5_4/ext/readline/readline.c2012-03-11 09:12:25 UTC (rev 324103) +++ php/php-src/branches/PHP_5_4/ext/readline/readline.c2012-03-11 09:19:38 UTC (rev 324104) @@ -576,9 +576,8 @@ FREE_ZVAL(_prepped_callback); } - MAKE_STD_ZVAL(_prepped_callback); - *_prepped_callback = *callback; - zval_copy_ctor(_prepped_callback); + ALLOC_ZVAL(_prepped_callback); + MAKE_COPY_ZVAL(callback, _prepped_callback); rl_callback_handler_install(prompt, php_rl_callback_handler); Modified: php/php-src/trunk/ext/readline/readline.c === --- php/php-src/trunk/ext/readline/readline.c 2012-03-11 09:12:25 UTC (rev 324103) +++ php/php-src/trunk/ext/readline/readline.c 2012-03-11 09:19:38 UTC (rev 324104) @@ -576,9 +576,8 @@ FREE_ZVAL(_prepped_callback); } - MAKE_STD_ZVAL(_prepped_callback); - *_prepped_callback = *callback; - zval_copy_ctor(_prepped_callback); + ALLOC_ZVAL(_prepped_callback); + MAKE_COPY_ZVAL(callback, _prepped_callback); rl_callback_handler_install(prompt, php_rl_callback_handler); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug61273.phpt branches/PHP_5_3/Zend/zend_execute_API.c branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug61273.phpt br
laruence Sun, 11 Mar 2012 15:28:31 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324108 Log: Fixed bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes) Bug: https://bugs.php.net/61273 (Assigned) call_user_func_array with more than 16333 arguments leaks / crashes Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug61273.phpt U php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c U php/php-src/branches/PHP_5_4/NEWS A php/php-src/branches/PHP_5_4/Zend/tests/bug61273.phpt U php/php-src/branches/PHP_5_4/Zend/zend_execute_API.c A php/php-src/trunk/Zend/tests/bug61273.phpt U php/php-src/trunk/Zend/zend_execute_API.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 15:12:28 UTC (rev 324107) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 15:28:31 UTC (rev 324108) @@ -3,6 +3,8 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61273 (call_user_func_array with more than 16333 arguments +leaks / crashes). (Laruence) . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) Added: php/php-src/branches/PHP_5_3/Zend/tests/bug61273.phpt === --- php/php-src/branches/PHP_5_3/Zend/tests/bug61273.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug61273.phpt 2012-03-11 15:28:31 UTC (rev 324108) @@ -0,0 +1,15 @@ +--TEST-- +Bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes) +--FILE-- +?php +/** + * for 5.3 #define ZEND_VM_STACK_PAGE_SIZE ((64 * 1024) - 64) + * for 5.4 #define ZEND_VM_STACK_PAGE_SIZE ((16 * 1024) - 16) + * we should trick EG(argument_stack) into growing + */ +$args = array_fill(0, 64 * 1024 - 64, *); +call_user_func_array(function($a) {}, $args); +echo strval(okey); +--EXPECTF-- +Warning: Parameter 1 to {closure}() expected to be a reference, value given in %sbug61273.php on line %d +okey Modified: php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c === --- php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c2012-03-11 15:12:28 UTC (rev 324107) +++ php/php-src/branches/PHP_5_3/Zend/zend_execute_API.c2012-03-11 15:28:31 UTC (rev 324108) @@ -877,7 +877,7 @@ if (fci-no_separation !ARG_MAY_BE_SENT_BY_REF(EX(function_state).function, i + 1)) { - if(i) { + if (i || UNEXPECTED(UNEXPECTED(ZEND_VM_STACK_ELEMETS(EG(argument_stack)) == EG(argument_stack)-top))) { /* hack to clean up the stack */ zend_vm_stack_push_nocheck((void *) (zend_uintptr_t)i TSRMLS_CC); zend_vm_stack_clear_multiple(TSRMLS_C); Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-11 15:12:28 UTC (rev 324107) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-11 15:28:31 UTC (rev 324108) @@ -8,6 +8,8 @@ . Connection: close instead of Connection: closed (Gustavo) - Core: + . Fixed bug #61273 (call_user_func_array with more than 16333 arguments +leaks / crashes). (Laruence) . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Added: php/php-src/branches/PHP_5_4/Zend/tests/bug61273.phpt === --- php/php-src/branches/PHP_5_4/Zend/tests/bug61273.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/Zend/tests/bug61273.phpt 2012-03-11 15:28:31 UTC (rev 324108) @@ -0,0 +1,15 @@ +--TEST-- +Bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes) +--FILE-- +?php +/** + * for 5.3 #define ZEND_VM_STACK_PAGE_SIZE ((64 * 1024) - 64) + * for 5.4 #define ZEND_VM_STACK_PAGE_SIZE ((16 * 1024) - 16) + * we should trick EG(argument_stack) into growing + */ +$args = array_fill(0, 64 * 1024 - 64, *); +call_user_func_array(function($a) {}, $args); +echo strval(okey); +--EXPECTF-- +Warning: Parameter 1 to {closure}() expected to be a reference, value given in %sbug61273.php on line %d +okey Modified: php/php-src/branches/PHP_5_4/Zend/zend_execute_API.c === ---
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/spl/spl_directory.c branches/PHP_5_3/ext/spl/tests/SplFileInfo_001.phpt branches/PHP_5_4/ext/spl/spl_directory.c branches/PHP_5_
felipe Sun, 11 Mar 2012 15:42:57 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324110 Log: - Fixed memory leak when calling SplFileInfo's constructor twice Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/spl/spl_directory.c A php/php-src/branches/PHP_5_3/ext/spl/tests/SplFileInfo_001.phpt U php/php-src/branches/PHP_5_4/ext/spl/spl_directory.c A php/php-src/branches/PHP_5_4/ext/spl/tests/SplFileInfo_001.phpt U php/php-src/trunk/ext/spl/spl_directory.c A php/php-src/trunk/ext/spl/tests/SplFileInfo_001.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 15:31:19 UTC (rev 324109) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 15:42:57 UTC (rev 324110) @@ -71,6 +71,7 @@ chunksize length line is 10 bytes). (Ilia) - SPL + . Fixed memory leak when calling SplFileInfo's constructor twice. (Felipe) . Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence) . Fixed bug #61326 (ArrayObject comparison). (Gustavo) Modified: php/php-src/branches/PHP_5_3/ext/spl/spl_directory.c === --- php/php-src/branches/PHP_5_3/ext/spl/spl_directory.c2012-03-11 15:31:19 UTC (rev 324109) +++ php/php-src/branches/PHP_5_3/ext/spl/spl_directory.c2012-03-11 15:42:57 UTC (rev 324110) @@ -366,6 +366,10 @@ void spl_filesystem_info_set_filename(spl_filesystem_object *intern, char *path, int len, int use_copy TSRMLS_DC) /* {{{ */ { char *p1, *p2; + + if (intern-file_name) { + efree(intern-file_name); + } intern-file_name = use_copy ? estrndup(path, len) : path; intern-file_name_len = len; @@ -386,7 +390,10 @@ } else { intern-_path_len = 0; } - + + if (intern-_path) { + efree(intern-_path); + } intern-_path = estrndup(path, intern-_path_len); } /* }}} */ Added: php/php-src/branches/PHP_5_3/ext/spl/tests/SplFileInfo_001.phpt === --- php/php-src/branches/PHP_5_3/ext/spl/tests/SplFileInfo_001.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/spl/tests/SplFileInfo_001.phpt 2012-03-11 15:42:57 UTC (rev 324110) @@ -0,0 +1,11 @@ +--TEST-- +Testing SplFileInfo calling the constructor twice +--FILE-- +?php +$x = new splfileinfo(1); +$x-__construct(1); + +echo done!\n; +? +--EXPECT-- +done! Modified: php/php-src/branches/PHP_5_4/ext/spl/spl_directory.c === --- php/php-src/branches/PHP_5_4/ext/spl/spl_directory.c2012-03-11 15:31:19 UTC (rev 324109) +++ php/php-src/branches/PHP_5_4/ext/spl/spl_directory.c2012-03-11 15:42:57 UTC (rev 324110) @@ -376,6 +376,10 @@ void spl_filesystem_info_set_filename(spl_filesystem_object *intern, char *path, int len, int use_copy TSRMLS_DC) /* {{{ */ { char *p1, *p2; + + if (intern-file_name) { + efree(intern-file_name); + } intern-file_name = use_copy ? estrndup(path, len) : path; intern-file_name_len = len; @@ -396,7 +400,10 @@ } else { intern-_path_len = 0; } - + + if (intern-_path) { + efree(intern-_path); + } intern-_path = estrndup(path, intern-_path_len); } /* }}} */ Added: php/php-src/branches/PHP_5_4/ext/spl/tests/SplFileInfo_001.phpt === --- php/php-src/branches/PHP_5_4/ext/spl/tests/SplFileInfo_001.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/spl/tests/SplFileInfo_001.phpt 2012-03-11 15:42:57 UTC (rev 324110) @@ -0,0 +1,11 @@ +--TEST-- +Testing SplFileInfo calling the constructor twice +--FILE-- +?php +$x = new splfileinfo(1); +$x-__construct(1); + +echo done!\n; +? +--EXPECT-- +done! Modified: php/php-src/trunk/ext/spl/spl_directory.c === --- php/php-src/trunk/ext/spl/spl_directory.c 2012-03-11 15:31:19 UTC (rev 324109) +++ php/php-src/trunk/ext/spl/spl_directory.c 2012-03-11 15:42:57 UTC (rev 324110) @@ -376,6 +376,10 @@ void spl_filesystem_info_set_filename(spl_filesystem_object *intern, char *path, int len, int use_copy TSRMLS_DC) /* {{{ */ { char *p1, *p2; + + if (intern-file_name) { + efree(intern-file_name); + } intern-file_name = use_copy ? estrndup(path, len) : path; intern-file_name_len = len; @@ -396,7 +400,10 @@ } else { intern-_path_len = 0; } - + + if (intern-_path) { + efree(intern-_path); + } intern-_path = estrndup(path,
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60569.phpt branches/PHP_5_3/Zend/zend_exceptions.c branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug60569.phpt bra
iliaaSun, 11 Mar 2012 18:15:13 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324112 Log: Fixed bug #60569 (Nullbyte truncates Exception $message). Bug: https://bugs.php.net/60569 (Open) Nullbyte truncates Exception $message. Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug60569.phpt U php/php-src/branches/PHP_5_3/Zend/zend_exceptions.c U php/php-src/branches/PHP_5_4/NEWS A php/php-src/branches/PHP_5_4/Zend/tests/bug60569.phpt U php/php-src/branches/PHP_5_4/Zend/zend_exceptions.c A php/php-src/trunk/Zend/tests/bug60569.phpt U php/php-src/trunk/Zend/zend_exceptions.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-11 15:56:56 UTC (rev 324111) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-11 18:15:13 UTC (rev 324112) @@ -21,6 +21,7 @@ . Fixed bug #60825 (Segfault when running symfony 2 tests). (Dmitry, Laruence) . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) + . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia) . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) . Fixed bug #52719 (array_walk_recursive crashes if third param of the Added: php/php-src/branches/PHP_5_3/Zend/tests/bug60569.phpt === (Binary files differ) Property changes on: php/php-src/branches/PHP_5_3/Zend/tests/bug60569.phpt ___ Added: svn:mime-type + application/octet-stream Modified: php/php-src/branches/PHP_5_3/Zend/zend_exceptions.c === --- php/php-src/branches/PHP_5_3/Zend/zend_exceptions.c 2012-03-11 15:56:56 UTC (rev 324111) +++ php/php-src/branches/PHP_5_3/Zend/zend_exceptions.c 2012-03-11 18:15:13 UTC (rev 324112) @@ -192,7 +192,7 @@ object = getThis(); if (message) { - zend_update_property_string(default_exception_ce, object, message, sizeof(message)-1, message TSRMLS_CC); + zend_update_property_stringl(default_exception_ce, object, message, sizeof(message)-1, message, message_len TSRMLS_CC); } if (code) { Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-11 15:56:56 UTC (rev 324111) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-11 18:15:13 UTC (rev 324112) @@ -32,6 +32,7 @@ error). (Stefan) . Fixed bug #60573 (type hinting with self keyword causes weird errors). (Laruence) + . Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia) . Fixed bug #52719 (array_walk_recursive crashes if third param of the function is by reference). (Nikita Popov) Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60569.phpt === (Binary files differ) Property changes on: php/php-src/branches/PHP_5_4/Zend/tests/bug60569.phpt ___ Added: svn:mime-type + application/octet-stream Modified: php/php-src/branches/PHP_5_4/Zend/zend_exceptions.c === --- php/php-src/branches/PHP_5_4/Zend/zend_exceptions.c 2012-03-11 15:56:56 UTC (rev 324111) +++ php/php-src/branches/PHP_5_4/Zend/zend_exceptions.c 2012-03-11 18:15:13 UTC (rev 324112) @@ -205,7 +205,7 @@ object = getThis(); if (message) { - zend_update_property_string(default_exception_ce, object, message, sizeof(message)-1, message TSRMLS_CC); + zend_update_property_stringl(default_exception_ce, object, message, sizeof(message)-1, message, message_len TSRMLS_CC); } if (code) { Added: php/php-src/trunk/Zend/tests/bug60569.phpt === (Binary files differ) Property changes on: php/php-src/trunk/Zend/tests/bug60569.phpt ___ Added: svn:mime-type + application/octet-stream Modified: php/php-src/trunk/Zend/zend_exceptions.c === --- php/php-src/trunk/Zend/zend_exceptions.c2012-03-11 15:56:56 UTC (rev 324111) +++ php/php-src/trunk/Zend/zend_exceptions.c2012-03-11 18:15:13 UTC (rev 324112) @@ -205,7 +205,7 @@ object = getThis(); if (message) { - zend_update_property_string(default_exception_ce, object, message, sizeof(message)-1, message TSRMLS_CC); + zend_update_property_stringl(default_exception_ce, object, message, sizeof(message)-1, message, message_len
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/spl/spl_array.c branches/PHP_5_3/ext/spl/tests/bug61326.phpt branches/PHP_5_4/ext/spl/spl_array.c branches/PHP_5_4/ext/spl/tests
cataphract Sat, 10 Mar 2012 17:19:39 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324082 Log: - Fixed bug #61326 (ArrayObject comparison). Bug: https://bugs.php.net/61326 (Assigned) ArrayObject comparison Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/spl/spl_array.c A php/php-src/branches/PHP_5_3/ext/spl/tests/bug61326.phpt U php/php-src/branches/PHP_5_4/ext/spl/spl_array.c A php/php-src/branches/PHP_5_4/ext/spl/tests/bug61326.phpt U php/php-src/trunk/ext/spl/spl_array.c A php/php-src/trunk/ext/spl/tests/bug61326.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-10 16:24:37 UTC (rev 324081) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-10 17:19:39 UTC (rev 324082) @@ -47,6 +47,9 @@ . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed rows on postgresql = 9). (ben dot pineau at gmail dot com) +- PDO_Sqlite extension: + . Add createCollation support. (Damien) + - Phar: . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikic) @@ -60,13 +63,13 @@ chunksize length line is 10 bytes). (Ilia) . Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com) - + +- SPL + . Fixed bug #61326 (ArrayObject comparison). (Gustavo) + - SQLite3 extension: . Add createCollation() method. (Brad Dewar) -- PDO_Sqlite extension: - . Add createCollation support. (Damien) - - Reflection: . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) Modified: php/php-src/branches/PHP_5_3/ext/spl/spl_array.c === --- php/php-src/branches/PHP_5_3/ext/spl/spl_array.c 2012-03-10 16:24:37 UTC (rev 324081) +++ php/php-src/branches/PHP_5_3/ext/spl/spl_array.c 2012-03-10 17:19:39 UTC (rev 324082) @@ -836,6 +836,30 @@ std_object_handlers.unset_property(object, member TSRMLS_CC); } /* }}} */ +static int spl_array_compare_objects(zval *o1, zval *o2 TSRMLS_DC) /* {{{ */ +{ + HashTable *ht1, + *ht2; + spl_array_object *intern1, + *intern2; + int result = 0; + zvaltemp_zv; + + intern1 = (spl_array_object*)zend_object_store_get_object(o1 TSRMLS_CC); + intern2 = (spl_array_object*)zend_object_store_get_object(o2 TSRMLS_CC); + ht1 = spl_array_get_hash_table(intern1, 0 TSRMLS_CC); + ht2 = spl_array_get_hash_table(intern2, 0 TSRMLS_CC); + + zend_compare_symbol_tables(temp_zv, ht1, ht2 TSRMLS_CC); + result = (int)Z_LVAL(temp_zv); + /* if we just compared std.properties, don't do it again */ + if (result == 0 + !(ht1 == intern1-std.properties ht2 == intern2-std.properties)) { + result = std_object_handlers.compare_objects(o1, o2 TSRMLS_CC); + } + return result; +} /* }}} */ + static int spl_array_skip_protected(spl_array_object *intern, HashTable *aht TSRMLS_DC) /* {{{ */ { char *string_key; @@ -2003,6 +2027,8 @@ spl_handler_ArrayObject.has_property = spl_array_has_property; spl_handler_ArrayObject.unset_property = spl_array_unset_property; + spl_handler_ArrayObject.compare_objects = spl_array_compare_objects; + REGISTER_SPL_STD_CLASS_EX(ArrayIterator, spl_array_object_new, spl_funcs_ArrayIterator); REGISTER_SPL_IMPLEMENTS(ArrayIterator, Iterator); REGISTER_SPL_IMPLEMENTS(ArrayIterator, ArrayAccess); Added: php/php-src/branches/PHP_5_3/ext/spl/tests/bug61326.phpt === --- php/php-src/branches/PHP_5_3/ext/spl/tests/bug61326.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/spl/tests/bug61326.phpt 2012-03-10 17:19:39 UTC (rev 324082) @@ -0,0 +1,17 @@ +--TEST-- +Bug #61326: ArrayObject comparison +--FILE-- +?php +$aobj1 = new ArrayObject(array(0)); +$aobj2 = new ArrayObject(array(1)); +var_dump($aobj1 == $aobj2); + +$aobj3 = new ArrayObject(array(0)); +var_dump($aobj1 == $aobj3); + +$aobj3-foo = 'bar'; +var_dump($aobj1 == $aobj3); +--EXPECT-- +bool(false) +bool(true) +bool(false) Property changes on: php/php-src/branches/PHP_5_3/ext/spl/tests/bug61326.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_4/ext/spl/spl_array.c === --- php/php-src/branches/PHP_5_4/ext/spl/spl_array.c 2012-03-10 16:24:37 UTC (rev 324081) +++ php/php-src/branches/PHP_5_4/ext/spl/spl_array.c 2012-03-10 17:19:39 UTC (rev 324082) @@ -862,6 +862,30 @@ std_object_handlers.unset_property(object, member, key TSRMLS_CC); } /* }}} */ +static int spl_array_compare_objects(zval *o1, zval *o2 TSRMLS_DC) /* {{{ */ +{ + HashTable *ht1, + *ht2;
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_pgsql/pgsql_driver.c branches/PHP_5_3/ext/pdo_pgsql/tests/bug61267.phpt branches/PHP_5_4/ext/pdo_pgsql/pgsql_driver.c branch
cataphract Thu, 08 Mar 2012 08:52:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324014 Log: - Fixed bug #61267: pdo_pgsql's PDO::exec() returns the number of SELECTed rows on postgresql = 9 Bug: https://bugs.php.net/61267 (Open) pdo_pgsql's PDO::exec() returns the number of SELECTed rows on postgresql = 9. Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_driver.c A php/php-src/branches/PHP_5_3/ext/pdo_pgsql/tests/bug61267.phpt U php/php-src/branches/PHP_5_4/ext/pdo_pgsql/pgsql_driver.c A php/php-src/branches/PHP_5_4/ext/pdo_pgsql/tests/bug61267.phpt U php/php-src/trunk/ext/pdo_pgsql/pgsql_driver.c A php/php-src/trunk/ext/pdo_pgsql/tests/bug61267.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-08 08:45:31 UTC (rev 324013) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-08 08:52:28 UTC (rev 324014) @@ -2,10 +2,6 @@ ||| ?? ??? 2012, PHP 5.3.11 -- Array: - . Fixed bug #52719 (array_walk_recursive crashes if third param of the -function is by reference). (Nikita Popov) - - Core: . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). @@ -25,6 +21,8 @@ . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) + . Fixed bug #52719 (array_walk_recursive crashes if third param of the +function is by reference). (Nikita Popov) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) - Installation @@ -45,8 +43,13 @@ . Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes) +- PDO_pgsql + . Fixed bug #61267 (pdo_pgsql's PDO::exec() returns the number of SELECTed +rows on postgresql = 9). (ben dot pineau at gmail dot com) + - Phar: - . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikic) + . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL +bytes). (Nikic) - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) Modified: php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_driver.c === --- php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_driver.c 2012-03-08 08:45:31 UTC (rev 324013) +++ php/php-src/branches/PHP_5_3/ext/pdo_pgsql/pgsql_driver.c 2012-03-08 08:52:28 UTC (rev 324014) @@ -299,7 +299,7 @@ return -1; } H-pgoid = PQoidValue(res); - ret = atol(PQcmdTuples(res)); + ret = (qs == PGRES_COMMAND_OK) ? atol(PQcmdTuples(res)) : 0L; PQclear(res); return ret; Added: php/php-src/branches/PHP_5_3/ext/pdo_pgsql/tests/bug61267.phpt === --- php/php-src/branches/PHP_5_3/ext/pdo_pgsql/tests/bug61267.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/pdo_pgsql/tests/bug61267.phpt 2012-03-08 08:52:28 UTC (rev 324014) @@ -0,0 +1,22 @@ +--TEST-- +PDO::exec() returns 0 when the statement is a SELECT. +--SKIPIF-- +?php +if (!extension_loaded('pdo') || !extension_loaded('pdo_pgsql')) die('skip not loaded'); +require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; +require_once dirname(__FILE__) . '/config.inc'; +PDOTest::skip(); +? +--FILE-- +?php +require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; +require_once dirname(__FILE__) . '/config.inc'; +$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); + +$res = $db-exec('SELECT * from generate_series(1, 42);'); +var_dump($res); +echo Done\n; +? +--EXPECTF-- +int(0) +Done Property changes on: php/php-src/branches/PHP_5_3/ext/pdo_pgsql/tests/bug61267.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_4/ext/pdo_pgsql/pgsql_driver.c === --- php/php-src/branches/PHP_5_4/ext/pdo_pgsql/pgsql_driver.c 2012-03-08 08:45:31 UTC (rev 324013) +++ php/php-src/branches/PHP_5_4/ext/pdo_pgsql/pgsql_driver.c 2012-03-08 08:52:28 UTC (rev 324014) @@ -299,7 +299,7 @@ return -1; } H-pgoid = PQoidValue(res); - ret = atol(PQcmdTuples(res)); + ret = (qs == PGRES_COMMAND_OK) ? atol(PQcmdTuples(res)) : 0L; PQclear(res); return ret; Added: php/php-src/branches/PHP_5_4/ext/pdo_pgsql/tests/bug61267.phpt === ---
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/basic_functions.c branches/PHP_5_3/ext/standard/file.h branches/PHP_5_3/main/php_streams.h branches/PHP_5_3/main/stream
cataphract Thu, 08 Mar 2012 12:30:59 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324020 Log: - Fixed bug #61253: Wrappers opened with errors concurrency problem #NOTE: There is a very small possibility that this will further break #extensions that access wrapper-{err_stack, err_count}. On PECL SVN, rar is the #only one and it may leak memory after this. I say further break because #extensions that do that are already broken (will segfault) under ZTS, which is #why this patch is necessary. #There was what I deem as tacit acceptance from 5.3/5.4 RMs on this. Bug: https://bugs.php.net/61253 (Assigned) Wrappers opened with errors concurrency problem Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c U php/php-src/branches/PHP_5_3/ext/standard/file.h U php/php-src/branches/PHP_5_3/main/php_streams.h U php/php-src/branches/PHP_5_3/main/streams/streams.c U php/php-src/branches/PHP_5_4/ext/standard/basic_functions.c U php/php-src/branches/PHP_5_4/ext/standard/file.h U php/php-src/branches/PHP_5_4/main/php_streams.h U php/php-src/branches/PHP_5_4/main/streams/streams.c U php/php-src/trunk/ext/standard/basic_functions.c U php/php-src/trunk/ext/standard/file.h U php/php-src/trunk/main/php_streams.h U php/php-src/trunk/main/streams/streams.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-08 12:23:22 UTC (rev 324019) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-08 12:30:59 UTC (rev 324020) @@ -76,6 +76,8 @@ SessionHandler::write()). (Ilia) - Streams: + . Fixed bug #61253 (Wrappers opened with errors concurrency problem on ZTS). +(Gustavo) . Fixed bug #61115 (stream related segfault on fatal error in php_stream_context_link). (Gustavo) . Fixed bug #60106 (stream_socket_server silently truncates long unix Modified: php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c === --- php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c 2012-03-08 12:23:22 UTC (rev 324019) +++ php/php-src/branches/PHP_5_3/ext/standard/basic_functions.c 2012-03-08 12:30:59 UTC (rev 324020) @@ -3751,6 +3751,8 @@ /* Default to global filters only */ FG(stream_filters) = NULL; + FG(wrapper_errors) = NULL; + return SUCCESS; } /* }}} */ Modified: php/php-src/branches/PHP_5_3/ext/standard/file.h === --- php/php-src/branches/PHP_5_3/ext/standard/file.h 2012-03-08 12:23:22 UTC (rev 324019) +++ php/php-src/branches/PHP_5_3/ext/standard/file.h 2012-03-08 12:30:59 UTC (rev 324020) @@ -123,6 +123,7 @@ php_stream_context *default_context; HashTable *stream_wrappers; /* per-request copy of url_stream_wrappers_hash */ HashTable *stream_filters; /* per-request copy of stream_filters_hash */ + HashTable *wrapper_errors; /* key: wrapper address; value: linked list of char* */ } php_file_globals; #ifdef ZTS Modified: php/php-src/branches/PHP_5_3/main/php_streams.h === --- php/php-src/branches/PHP_5_3/main/php_streams.h 2012-03-08 12:23:22 UTC (rev 324019) +++ php/php-src/branches/PHP_5_3/main/php_streams.h 2012-03-08 12:30:59 UTC (rev 324020) @@ -162,8 +162,8 @@ int is_url; /* so that PG(allow_url_fopen) can be respected */ /* support for wrappers to return (multiple) error messages to the stream opener */ - int err_count; - char **err_stack; + int err_count; /* unused */ + char **err_stack;/* unusued */ }; #define PHP_STREAM_FLAG_NO_SEEK 1 Modified: php/php-src/branches/PHP_5_3/main/streams/streams.c === --- php/php-src/branches/PHP_5_3/main/streams/streams.c 2012-03-08 12:23:22 UTC (rev 324019) +++ php/php-src/branches/PHP_5_3/main/streams/streams.c 2012-03-08 12:30:59 UTC (rev 324020) @@ -148,20 +148,35 @@ /* }}} */ +static zend_llist *php_get_wrapper_errors_list(php_stream_wrapper *wrapper TSRMLS_DC) +{ +zend_llist *list = NULL; +if (!FG(wrapper_errors)) { +return NULL; +} else { +zend_hash_find(FG(wrapper_errors), (const char*)wrapper, +sizeof wrapper, (void**)list); +return list; +} +} + /* {{{ wrapper error reporting */ void php_stream_display_wrapper_errors(php_stream_wrapper *wrapper, const char *path, const char *caption TSRMLS_DC) { char *tmp = estrdup(path); char *msg; int free_msg = 0; - php_stream_wrapper orig_wrapper; if (wrapper) { - if (wrapper-err_count 0) { + zend_llist *err_list = php_get_wrapper_errors_list(wrapper TSRMLS_CC); + if (err_list) { + size_t l = 0; + int brlen; int i; - size_t l; - int brlen; - char
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/session/session.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/session/session.c trunk/ext/session/session.c
iliaaThu, 08 Mar 2012 03:31:46 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324009 Log: Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()) Bug: https://bugs.php.net/60634 (Assigned) Segmentation fault when trying to die() in SessionHandler::write() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/session/session.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/session/session.c U php/php-src/trunk/ext/session/session.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-07 19:47:18 UTC (rev 324008) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-08 03:31:46 UTC (rev 324009) @@ -52,6 +52,7 @@ . Fixed bug #60811 (php-fpm compilation problem). (rasmus) - SOAP + . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) . Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com) @@ -61,9 +62,6 @@ - PDO_Sqlite extension: . Add createCollation support. (Damien) -- SOAP: - . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) - - Reflection: . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) @@ -71,6 +69,8 @@ - Session: . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) + . Fixed bug #60634 (Segmentation fault when trying to die() in +SessionHandler::write()). (Ilia) - Streams: . Fixed bug #61115 (stream related segfault on fatal error in Modified: php/php-src/branches/PHP_5_3/ext/session/session.c === --- php/php-src/branches/PHP_5_3/ext/session/session.c 2012-03-07 19:47:18 UTC (rev 324008) +++ php/php-src/branches/PHP_5_3/ext/session/session.c 2012-03-08 03:31:46 UTC (rev 324009) @@ -1512,9 +1512,7 @@ { if (PS(session_status) == php_session_active) { PS(session_status) = php_session_none; - zend_try { - php_session_save_current_state(TSRMLS_C); - } zend_end_try(); + php_session_save_current_state(TSRMLS_C); } } /* }}} */ @@ -2167,7 +2165,9 @@ { int i; - php_session_flush(TSRMLS_C); + zend_try { + php_session_flush(TSRMLS_C); + } zend_end_try(); php_rshutdown_session_globals(TSRMLS_C); /* this should NOT be done in php_rshutdown_session_globals() */ Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-07 19:47:18 UTC (rev 324008) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-08 03:31:46 UTC (rev 324009) @@ -44,6 +44,10 @@ . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled). (Johannes) +- Session + . Fixed bug #60634 (Segmentation fault when trying to die() in +SessionHandler::write()). (Ilia) + - SOAP . Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com) Modified: php/php-src/branches/PHP_5_4/ext/session/session.c === --- php/php-src/branches/PHP_5_4/ext/session/session.c 2012-03-07 19:47:18 UTC (rev 324008) +++ php/php-src/branches/PHP_5_4/ext/session/session.c 2012-03-08 03:31:46 UTC (rev 324009) @@ -1450,9 +1450,7 @@ { if (PS(session_status) == php_session_active) { PS(session_status) = php_session_none; - zend_try { - php_session_save_current_state(TSRMLS_C); - } zend_end_try(); + php_session_save_current_state(TSRMLS_C); } } /* }}} */ @@ -2142,7 +2140,9 @@ { int i; - php_session_flush(TSRMLS_C); + zend_try { + php_session_flush(TSRMLS_C); + } zend_end_try(); php_rshutdown_session_globals(TSRMLS_C); /* this should NOT be done in php_rshutdown_session_globals() */ Modified: php/php-src/trunk/ext/session/session.c === --- php/php-src/trunk/ext/session/session.c 2012-03-07 19:47:18 UTC (rev 324008) +++ php/php-src/trunk/ext/session/session.c 2012-03-08 03:31:46 UTC (rev 324009) @@ -1450,9 +1450,7 @@ { if (PS(session_status) == php_session_active) { PS(session_status) = php_session_none; - zend_try { - php_session_save_current_state(TSRMLS_C); - } zend_end_try(); + php_session_save_current_state(TSRMLS_C); } } /* }}} */ @@ -2142,7 +2140,9 @@ { int i; -
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/soap/php_sdl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/soap/php_sdl.c trunk/ext/soap/php_sdl.c
dmitry Mon, 05 Mar 2012 12:59:01 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323909 Log: Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header) Bug: https://bugs.php.net/60887 (Assigned) SoapClient ignores user_agent option and sends no User-Agent header Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c U php/php-src/trunk/ext/soap/php_sdl.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-05 12:47:25 UTC (rev 323908) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-05 12:59:01 UTC (rev 323909) @@ -41,7 +41,11 @@ - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) - + +- SOAP + . Fixed bug #60887 (SoapClient ignores user_agent option and sends no +User-Agent header). (carloschilazo at gmail dot com) + - SQLite3 extension: . Add createCollation() method. (Brad Dewar) Modified: php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c === --- php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c 2012-03-05 12:47:25 UTC (rev 323908) +++ php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c 2012-03-05 12:59:01 UTC (rev 323909) @@ -3259,6 +3259,13 @@ context = php_stream_context_alloc(); } + if (zend_hash_find(Z_OBJPROP_P(this_ptr), _user_agent, sizeof(_user_agent), (void **) tmp) == SUCCESS + Z_TYPE_PP(tmp) == IS_STRING Z_STRLEN_PP(tmp) 0) { + smart_str_appends(headers, User-Agent: ); + smart_str_appends(headers, Z_STRVAL_PP(tmp)); + smart_str_appends(headers, \r\n); + } + if (zend_hash_find(Z_OBJPROP_P(this_ptr), _proxy_host, sizeof(_proxy_host), (void **) proxy_host) == SUCCESS Z_TYPE_PP(proxy_host) == IS_STRING zend_hash_find(Z_OBJPROP_P(this_ptr), _proxy_port, sizeof(_proxy_port), (void **) proxy_port) == SUCCESS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-05 12:47:25 UTC (rev 323908) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-05 12:59:01 UTC (rev 323909) @@ -38,6 +38,10 @@ - mbstring: . MFH mb_ereg_replace_callback() for security enhancements. (Rui) +- SOAP + . Fixed bug #60887 (SoapClient ignores user_agent option and sends no +User-Agent header). (carloschilazo at gmail dot com) + - Phar . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikita Popov) Modified: php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c === --- php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c 2012-03-05 12:47:25 UTC (rev 323908) +++ php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c 2012-03-05 12:59:01 UTC (rev 323909) @@ -3259,6 +3259,13 @@ context = php_stream_context_alloc(TSRMLS_C); } + if (zend_hash_find(Z_OBJPROP_P(this_ptr), _user_agent, sizeof(_user_agent), (void **) tmp) == SUCCESS + Z_TYPE_PP(tmp) == IS_STRING Z_STRLEN_PP(tmp) 0) { + smart_str_appends(headers, User-Agent: ); + smart_str_appends(headers, Z_STRVAL_PP(tmp)); + smart_str_appends(headers, \r\n); + } + if (zend_hash_find(Z_OBJPROP_P(this_ptr), _proxy_host, sizeof(_proxy_host), (void **) proxy_host) == SUCCESS Z_TYPE_PP(proxy_host) == IS_STRING zend_hash_find(Z_OBJPROP_P(this_ptr), _proxy_port, sizeof(_proxy_port), (void **) proxy_port) == SUCCESS Modified: php/php-src/trunk/ext/soap/php_sdl.c === --- php/php-src/trunk/ext/soap/php_sdl.c2012-03-05 12:47:25 UTC (rev 323908) +++ php/php-src/trunk/ext/soap/php_sdl.c2012-03-05 12:59:01 UTC (rev 323909) @@ -3259,6 +3259,13 @@ context = php_stream_context_alloc(TSRMLS_C); } + if (zend_hash_find(Z_OBJPROP_P(this_ptr), _user_agent, sizeof(_user_agent), (void **) tmp) == SUCCESS + Z_TYPE_PP(tmp) == IS_STRING Z_STRLEN_PP(tmp) 0) { + smart_str_appends(headers, User-Agent: ); + smart_str_appends(headers, Z_STRVAL_PP(tmp)); + smart_str_appends(headers, \r\n); + } + if (zend_hash_find(Z_OBJPROP_P(this_ptr), _proxy_host, sizeof(_proxy_host), (void **) proxy_host) == SUCCESS Z_TYPE_PP(proxy_host) == IS_STRING zend_hash_find(Z_OBJPROP_P(this_ptr), _proxy_port, sizeof(_proxy_port), (void **) proxy_port) == SUCCESS -- PHP CVS Mailing List (http://www.php.net/) To
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/soap/php_sdl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/soap/php_sdl.c trunk/ext/soap/php_sdl.c
On Mon, Mar 5, 2012 at 13:59, Dmitry Stogov dmi...@php.net wrote: dmitry Mon, 05 Mar 2012 12:59:01 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323909 Log: Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header) Bug: https://bugs.php.net/60887 (Assigned) SoapClient ignores user_agent option and sends no User-Agent header Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c U php/php-src/trunk/ext/soap/php_sdl.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-05 12:47:25 UTC (rev 323908) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-05 12:59:01 UTC (rev 323909) @@ -41,7 +41,11 @@ - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) - + +- SOAP + . Fixed bug #60887 (SoapClient ignores user_agent option and sends no + User-Agent header). (carloschilazo at gmail dot com) + - SQLite3 extension: . Add createCollation() method. (Brad Dewar) Modified: php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c === --- php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c 2012-03-05 12:47:25 UTC (rev 323908) +++ php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c 2012-03-05 12:59:01 UTC (rev 323909) @@ -3259,6 +3259,13 @@ context = php_stream_context_alloc(); } + if (zend_hash_find(Z_OBJPROP_P(this_ptr), _user_agent, sizeof(_user_agent), (void **) tmp) == SUCCESS + Z_TYPE_PP(tmp) == IS_STRING Z_STRLEN_PP(tmp) 0) { + smart_str_appends(headers, User-Agent: ); + smart_str_appends(headers, Z_STRVAL_PP(tmp)); + smart_str_appends(headers, \r\n); + } Shouldn't it fallback on the ini option? -Hannes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/pdo_mysql/mysql_driver.c branches/PHP_5_3/ext/pdo_mysql/pdo_mysql.c branches/PHP_5_3/ext/pdo_mysql/php_pdo_mysql_int.h branches/
johannes Mon, 05 Mar 2012 23:57:24 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323930 Log: Fix bug #61194 PDO should export compression flag with myslqnd Bug: https://bugs.php.net/61194 (Closed) PDO should export compression flag with myslqnd Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_driver.c U php/php-src/branches/PHP_5_3/ext/pdo_mysql/pdo_mysql.c U php/php-src/branches/PHP_5_3/ext/pdo_mysql/php_pdo_mysql_int.h U php/php-src/branches/PHP_5_3/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/pdo_mysql/mysql_driver.c U php/php-src/branches/PHP_5_4/ext/pdo_mysql/pdo_mysql.c U php/php-src/branches/PHP_5_4/ext/pdo_mysql/php_pdo_mysql_int.h U php/php-src/branches/PHP_5_4/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt U php/php-src/trunk/ext/pdo_mysql/mysql_driver.c U php/php-src/trunk/ext/pdo_mysql/pdo_mysql.c U php/php-src/trunk/ext/pdo_mysql/php_pdo_mysql_int.h U php/php-src/trunk/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-05 23:55:12 UTC (rev 323929) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-05 23:57:24 UTC (rev 323930) @@ -36,6 +36,12 @@ - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). +- PDO_mysql + . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't +always work). (Johannes) + . Fixed bug #61194 (PDO should export compression flag with myslqnd). +(Johannes) + - Phar: . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikic) Modified: php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_driver.c === --- php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_driver.c 2012-03-05 23:55:12 UTC (rev 323929) +++ php/php-src/branches/PHP_5_3/ext/pdo_mysql/mysql_driver.c 2012-03-05 23:57:24 UTC (rev 323930) @@ -624,8 +624,8 @@ char *init_cmd = NULL; #ifndef PDO_USE_MYSQLND char *default_file = NULL, *default_group = NULL; - long compress = 0; #endif + long compress = 0; #if defined(HAVE_MYSQL_STMT_PREPARE) || defined(PDO_USE_MYSQLND) char *ssl_key = NULL, *ssl_cert = NULL, *ssl_ca = NULL, *ssl_capath = NULL, *ssl_cipher = NULL; #endif @@ -706,7 +706,7 @@ } efree(default_group); } - +#endif compress = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_COMPRESS, 0 TSRMLS_CC); if (compress) { if (mysql_options(H-server, MYSQL_OPT_COMPRESS, 0)) { @@ -714,7 +714,6 @@ goto cleanup; } } -#endif #if defined(HAVE_MYSQL_STMT_PREPARE) || defined(PDO_USE_MYSQLND) ssl_key = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_KEY, NULL TSRMLS_CC); ssl_cert = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_SSL_CERT, NULL TSRMLS_CC); Modified: php/php-src/branches/PHP_5_3/ext/pdo_mysql/pdo_mysql.c === --- php/php-src/branches/PHP_5_3/ext/pdo_mysql/pdo_mysql.c 2012-03-05 23:55:12 UTC (rev 323929) +++ php/php-src/branches/PHP_5_3/ext/pdo_mysql/pdo_mysql.c 2012-03-05 23:57:24 UTC (rev 323930) @@ -84,8 +84,8 @@ REGISTER_PDO_CLASS_CONST_LONG(MYSQL_ATTR_MAX_BUFFER_SIZE, (long)PDO_MYSQL_ATTR_MAX_BUFFER_SIZE); REGISTER_PDO_CLASS_CONST_LONG(MYSQL_ATTR_READ_DEFAULT_FILE, (long)PDO_MYSQL_ATTR_READ_DEFAULT_FILE); REGISTER_PDO_CLASS_CONST_LONG(MYSQL_ATTR_READ_DEFAULT_GROUP, (long)PDO_MYSQL_ATTR_READ_DEFAULT_GROUP); +#endif REGISTER_PDO_CLASS_CONST_LONG(MYSQL_ATTR_COMPRESS, (long)PDO_MYSQL_ATTR_COMPRESS); -#endif REGISTER_PDO_CLASS_CONST_LONG(MYSQL_ATTR_DIRECT_QUERY, (long)PDO_MYSQL_ATTR_DIRECT_QUERY); REGISTER_PDO_CLASS_CONST_LONG(MYSQL_ATTR_FOUND_ROWS, (long)PDO_MYSQL_ATTR_FOUND_ROWS); REGISTER_PDO_CLASS_CONST_LONG(MYSQL_ATTR_IGNORE_SPACE, (long)PDO_MYSQL_ATTR_IGNORE_SPACE); Modified: php/php-src/branches/PHP_5_3/ext/pdo_mysql/php_pdo_mysql_int.h === --- php/php-src/branches/PHP_5_3/ext/pdo_mysql/php_pdo_mysql_int.h 2012-03-05 23:55:12 UTC (rev 323929) +++ php/php-src/branches/PHP_5_3/ext/pdo_mysql/php_pdo_mysql_int.h 2012-03-05 23:57:24 UTC (rev 323930) @@ -163,8 +163,8 @@ PDO_MYSQL_ATTR_READ_DEFAULT_FILE, PDO_MYSQL_ATTR_READ_DEFAULT_GROUP, PDO_MYSQL_ATTR_MAX_BUFFER_SIZE, +#endif PDO_MYSQL_ATTR_COMPRESS, -#endif PDO_MYSQL_ATTR_DIRECT_QUERY, PDO_MYSQL_ATTR_FOUND_ROWS, PDO_MYSQL_ATTR_IGNORE_SPACE, Modified: php/php-src/branches/PHP_5_3/ext/pdo_mysql/tests/pdo_mysql_class_constants.phpt === ---
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/mysqli/mysqli_prop.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/mysqli/mysqli_prop.c trunk/ext/mysqli/mysqli_prop.c
johannes Tue, 06 Mar 2012 00:15:40 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323931 Log: Fix bug #61003 mysql_stat() require a valid connection Bug: https://bugs.php.net/61003 (Assigned) mysql_stat() require a valid connection Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_prop.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_prop.c U php/php-src/trunk/ext/mysqli/mysqli_prop.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-05 23:57:24 UTC (rev 323930) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-06 00:15:40 UTC (rev 323931) @@ -36,6 +36,9 @@ - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). +- mysqli + . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). + - PDO_mysql . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't always work). (Johannes) Modified: php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_prop.c === --- php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_prop.c 2012-03-05 23:57:24 UTC (rev 323930) +++ php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_prop.c 2012-03-06 00:15:40 UTC (rev 323931) @@ -211,7 +211,11 @@ MAKE_STD_ZVAL(*retval); ZVAL_NULL(*retval); +#if defined(MYSQLI_USE_MYSQLND) CHECK_STATUS(MYSQLI_STATUS_INITIALIZED); +#else + CHECK_STATUS(MYSQLI_STATUS_VALID); +#endif mysql = (MY_MYSQL *)((MYSQLI_RESOURCE *)(obj-ptr))-ptr; Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-05 23:57:24 UTC (rev 323930) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-06 00:15:40 UTC (rev 323931) @@ -38,6 +38,9 @@ - mbstring: . MFH mb_ereg_replace_callback() for security enhancements. (Rui) +- mysqli + . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). + - mysqlnd . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled). (Johannes) Modified: php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_prop.c === --- php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_prop.c 2012-03-05 23:57:24 UTC (rev 323930) +++ php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_prop.c 2012-03-06 00:15:40 UTC (rev 323931) @@ -260,7 +260,11 @@ MAKE_STD_ZVAL(*retval); ZVAL_NULL(*retval); +#if defined(MYSQLI_USE_MYSQLND) CHECK_STATUS(MYSQLI_STATUS_INITIALIZED); +#else + CHECK_STATUS(MYSQLI_STATUS_VALID); +#endif mysql = (MY_MYSQL *)((MYSQLI_RESOURCE *)(obj-ptr))-ptr; Modified: php/php-src/trunk/ext/mysqli/mysqli_prop.c === --- php/php-src/trunk/ext/mysqli/mysqli_prop.c 2012-03-05 23:57:24 UTC (rev 323930) +++ php/php-src/trunk/ext/mysqli/mysqli_prop.c 2012-03-06 00:15:40 UTC (rev 323931) @@ -260,7 +260,11 @@ MAKE_STD_ZVAL(*retval); ZVAL_NULL(*retval); +#if defined(MYSQLI_USE_MYSQLND) CHECK_STATUS(MYSQLI_STATUS_INITIALIZED); +#else + CHECK_STATUS(MYSQLI_STATUS_VALID); +#endif mysql = (MY_MYSQL *)((MYSQLI_RESOURCE *)(obj-ptr))-ptr; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt branches/PHP_5_3/main/streams/xp_socket.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/st
The operation can continue on-successfully so E_NOTICE seemed appropriate, I don't see a problem with escalating this to E_WARNING. On Sat, Mar 3, 2012 at 9:34 PM, Laruence larue...@php.net wrote: Hi: is a WARNING better? :) thanks On Sun, Mar 4, 2012 at 4:36 AM, Ilia Alshanetsky il...@php.net wrote: iliaa Sat, 03 Mar 2012 20:36:14 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323852 Log: Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths) Bug: https://bugs.php.net/60106 (Open) stream_socket_server + long unix socket path = 'Unknown error' Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt U php/php-src/branches/PHP_5_3/main/streams/xp_socket.c U php/php-src/branches/PHP_5_4/NEWS A php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60106.phpt U php/php-src/branches/PHP_5_4/main/streams/xp_socket.c A php/php-src/trunk/ext/standard/tests/streams/bug60106.phpt U php/php-src/trunk/main/streams/xp_socket.c -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/xmlrpc/tests/bug61264.phpt branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/xmlrpc/tests/
nikicSat, 03 Mar 2012 12:46:17 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323850 Log: Fix bug #61264: xmlrpc_parse_method_descriptions leaks temporary variable Bug: https://bugs.php.net/61264 (Open) xmlrpc_parse_method_descriptions leaks temporary variable Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61264.phpt U php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c U php/php-src/branches/PHP_5_4/NEWS A php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61264.phpt U php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c A php/php-src/trunk/ext/xmlrpc/tests/bug61264.phpt U php/php-src/trunk/ext/xmlrpc/xmlrpc-epi-php.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-02 23:07:19 UTC (rev 323849) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-03 12:46:17 UTC (rev 323850) @@ -73,6 +73,7 @@ - XMLRPC: . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) + . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov) - Zlib: . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic) Added: php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61264.phpt === --- php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61264.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61264.phpt 2012-03-03 12:46:17 UTC (rev 323850) @@ -0,0 +1,17 @@ +--TEST-- +Bug #61264: xmlrpc_parse_method_descriptions leaks temporary variable +--FILE-- +?php +$xml = XML +?xml version=1.0 encoding=utf-8? +a + bfoo/b +/a +XML; +var_dump(xmlrpc_parse_method_descriptions($xml)); +? +--EXPECT-- +array(1) { + [b]= + string(3) foo +} Modified: php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c === --- php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c2012-03-02 23:07:19 UTC (rev 323849) +++ php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c2012-03-03 12:46:17 UTC (rev 323850) @@ -1240,8 +1240,7 @@ retval = XMLRPC_to_PHP(xVal); if (retval) { - *return_value = *retval; - zval_copy_ctor(return_value); + RETVAL_ZVAL(retval, 1, 1); } /* dust, sweep, and mop */ XMLRPC_CleanupValue(xVal); Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 23:07:19 UTC (rev 323849) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-03 12:46:17 UTC (rev 323850) @@ -48,6 +48,7 @@ - XMLRPC: . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita Popov) + . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov) - Zlib: . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov) Added: php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61264.phpt === --- php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61264.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61264.phpt 2012-03-03 12:46:17 UTC (rev 323850) @@ -0,0 +1,17 @@ +--TEST-- +Bug #61264: xmlrpc_parse_method_descriptions leaks temporary variable +--FILE-- +?php +$xml = XML +?xml version=1.0 encoding=utf-8? +a + bfoo/b +/a +XML; +var_dump(xmlrpc_parse_method_descriptions($xml)); +? +--EXPECT-- +array(1) { + [b]= + string(3) foo +} Modified: php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c === --- php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c2012-03-02 23:07:19 UTC (rev 323849) +++ php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c2012-03-03 12:46:17 UTC (rev 323850) @@ -1240,8 +1240,7 @@ retval = XMLRPC_to_PHP(xVal); if (retval) { - *return_value = *retval; - zval_copy_ctor(return_value); + RETVAL_ZVAL(retval, 1, 1); } /* dust, sweep, and mop */ XMLRPC_CleanupValue(xVal); Added: php/php-src/trunk/ext/xmlrpc/tests/bug61264.phpt === --- php/php-src/trunk/ext/xmlrpc/tests/bug61264.phpt (rev 0) +++ php/php-src/trunk/ext/xmlrpc/tests/bug61264.phpt2012-03-03 12:46:17 UTC
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt branches/PHP_5_3/main/streams/xp_socket.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/standa
iliaaSat, 03 Mar 2012 20:36:14 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323852 Log: Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths) Bug: https://bugs.php.net/60106 (Open) stream_socket_server + long unix socket path = 'Unknown error' Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt U php/php-src/branches/PHP_5_3/main/streams/xp_socket.c U php/php-src/branches/PHP_5_4/NEWS A php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60106.phpt U php/php-src/branches/PHP_5_4/main/streams/xp_socket.c A php/php-src/trunk/ext/standard/tests/streams/bug60106.phpt U php/php-src/trunk/main/streams/xp_socket.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-03 15:08:21 UTC (rev 323851) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-03 20:36:14 UTC (rev 323852) @@ -62,6 +62,8 @@ - Streams: . Fixed bug #61115 (stream related segfault on fatal error in php_stream_context_link). (Gustavo) + . Fixed bug #60106 (stream_socket_server silently truncates long unix +socket paths). (Ilia) . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) . Fixed bug #60817 (stream_get_line() reads from stream even when there is Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt 2012-03-03 20:36:14 UTC (rev 323852) @@ -0,0 +1,14 @@ +--TEST-- +Bug#60106 (stream_socket_server silently truncates long unix socket paths) +--FILE-- +?php + error_reporting(E_ALL | E_NOTICE); + stream_socket_server(unix:///tmp/ . str_repeat(a, 4096)); +? +===DONE=== +--EXPECTF-- +Notice: stream_socket_server(): socket path exceeded the maximum allowed length of %d bytes and was truncated in %s on line %d + +Warning: stream_socket_server(): unable to connect to unix:///tmp/aaa in %s on line %d +===DONE=== + Modified: php/php-src/branches/PHP_5_3/main/streams/xp_socket.c === --- php/php-src/branches/PHP_5_3/main/streams/xp_socket.c 2012-03-03 15:08:21 UTC (rev 323851) +++ php/php-src/branches/PHP_5_3/main/streams/xp_socket.c 2012-03-03 20:36:14 UTC (rev 323852) @@ -514,6 +514,7 @@ * BUT, to get into this branch of code, the name is too long, * so we don't care. */ xparam-inputs.namelen = sizeof(unix_addr-sun_path) - 1; + php_error_docref(NULL TSRMLS_CC, E_NOTICE, socket path exceeded the maximum allowed length of %ld bytes and was truncated, sizeof(unix_addr-sun_path)); } memcpy(unix_addr-sun_path, xparam-inputs.name, xparam-inputs.namelen); Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-03 15:08:21 UTC (rev 323851) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-03 20:36:14 UTC (rev 323852) @@ -45,6 +45,7 @@ - Standard: . Fixed memory leak in substr_replace. (Pierrick) . Make max_file_uploads ini directive settable outside of php.ini (Rasmus) + . Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths). (Ilia) - XMLRPC: . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita Popov) Added: php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60106.phpt === --- php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60106.phpt (rev 0) +++
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt branches/PHP_5_3/main/streams/xp_socket.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/st
Hi: is a WARNING better? :) thanks On Sun, Mar 4, 2012 at 4:36 AM, Ilia Alshanetsky il...@php.net wrote: iliaa Sat, 03 Mar 2012 20:36:14 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323852 Log: Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths) Bug: https://bugs.php.net/60106 (Open) stream_socket_server + long unix socket path = 'Unknown error' Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60106.phpt U php/php-src/branches/PHP_5_3/main/streams/xp_socket.c U php/php-src/branches/PHP_5_4/NEWS A php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60106.phpt U php/php-src/branches/PHP_5_4/main/streams/xp_socket.c A php/php-src/trunk/ext/standard/tests/streams/bug60106.phpt U php/php-src/trunk/main/streams/xp_socket.c -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/array.c branches/PHP_5_3/ext/standard/tests/array/bug52719.phpt branches/PHP_5_4/NEWS branches/PHP_5_4/ext/standard/arr
nikicFri, 02 Mar 2012 18:05:38 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323837 Log: Fix bug #52719: array_walk_recursive crashes if third param of the function is by reference Bug: https://bugs.php.net/52719 (Re-Opened) array_walk_recursive crashes if third param of the function is by reference Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/array.c A php/php-src/branches/PHP_5_3/ext/standard/tests/array/bug52719.phpt U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/standard/array.c A php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug52719.phpt U php/php-src/trunk/ext/standard/array.c A php/php-src/trunk/ext/standard/tests/array/bug52719.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-02 17:15:10 UTC (rev 323836) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-02 18:05:38 UTC (rev 323837) @@ -2,6 +2,10 @@ ||| ?? ??? 2012, PHP 5.3.11 +- Array: + . Fixed bug #52719 (array_walk_recursive crashes if third param of the +function is by reference). (Nikita Popov) + - Core: . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). Modified: php/php-src/branches/PHP_5_3/ext/standard/array.c === --- php/php-src/branches/PHP_5_3/ext/standard/array.c 2012-03-02 17:15:10 UTC (rev 323836) +++ php/php-src/branches/PHP_5_3/ext/standard/array.c 2012-03-02 18:05:38 UTC (rev 323837) @@ -1044,7 +1044,7 @@ } /* }}} */ -static int php_array_walk(HashTable *target_hash, zval **userdata, int recursive TSRMLS_DC) /* {{{ */ +static int php_array_walk(HashTable *target_hash, zval *userdata, int recursive TSRMLS_DC) /* {{{ */ { zval **args[3], /* Arguments to userland function */ *retval_ptr, /* Return value - unused */ @@ -1056,9 +1056,9 @@ /* Set up known arguments */ args[1] = key; - args[2] = userdata; + args[2] = userdata; if (userdata) { - Z_ADDREF_PP(userdata); + Z_ADDREF_P(userdata); } zend_hash_internal_pointer_reset_ex(target_hash, pos); @@ -1080,7 +1080,7 @@ if (thash-nApplyCount 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, recursion detected); if (userdata) { - zval_ptr_dtor(userdata); + zval_ptr_dtor(userdata); } return 0; } @@ -1133,7 +1133,7 @@ } if (userdata) { - zval_ptr_dtor(userdata); + zval_ptr_dtor(userdata); } return 0; } @@ -1157,7 +1157,7 @@ return; } - php_array_walk(array, userdata ? userdata : NULL, 0 TSRMLS_CC); + php_array_walk(array, userdata, 0 TSRMLS_CC); BG(array_walk_fci) = orig_array_walk_fci; BG(array_walk_fci_cache) = orig_array_walk_fci_cache; RETURN_TRUE; @@ -1182,7 +1182,7 @@ return; } - php_array_walk(array, userdata ? userdata : NULL, 1 TSRMLS_CC); + php_array_walk(array, userdata, 1 TSRMLS_CC); BG(array_walk_fci) = orig_array_walk_fci; BG(array_walk_fci_cache) = orig_array_walk_fci_cache; RETURN_TRUE; Added: php/php-src/branches/PHP_5_3/ext/standard/tests/array/bug52719.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/array/bug52719.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/array/bug52719.phpt 2012-03-02 18:05:38 UTC (rev 323837) @@ -0,0 +1,15 @@ +--TEST-- +Bug #52719: array_walk_recursive crashes if third param of the function is by reference +--FILE-- +?php +$array = array(hello, array(world)); +$userdata = array(); +array_walk_recursive( +$array, +function ($value, $key, $userdata) { }, +$userdata +); +echo Done; +? +--EXPECTF-- +Done Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 17:15:10 UTC (rev 323836) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 18:05:38 UTC (rev 323837) @@ -3,6 +3,8 @@ ?? ??? 2012, PHP 5.4.1 RC1 - Array: + . Fixed bug #52719 (array_walk_recursive crashes if third param of the +function is by reference). (Nikita Popov) . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). (Laruence) Modified: php/php-src/branches/PHP_5_4/ext/standard/array.c === --- php/php-src/branches/PHP_5_4/ext/standard/array.c 2012-03-02 17:15:10 UTC (rev 323836) +++ php/php-src/branches/PHP_5_4/ext/standard/array.c 2012-03-02 18:05:38 UTC (rev 323837) @@ -1050,7 +1050,7 @@ } /* }}} */ -static int php_array_walk(HashTable *target_hash, zval **userdata, int recursive TSRMLS_DC) /* {{{ */ +static int
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/configure.in branches/PHP_5_3/sapi/apache2filter/config.m4 branches/PHP_5_3/sapi/apache2handler/config.m4 branches/PHP_5_4/NEWS bran
sixd Fri, 02 Mar 2012 00:07:41 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323750 Log: Fixed bug #61172 (Add Apache 2.4 support) Bug: https://bugs.php.net/61172 (Open) With Apache 2.4.1, ./configure fails on APXS but stops only on the MySQL check. Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/configure.in U php/php-src/branches/PHP_5_3/sapi/apache2filter/config.m4 U php/php-src/branches/PHP_5_3/sapi/apache2handler/config.m4 U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/sapi/apache2filter/config.m4 U php/php-src/branches/PHP_5_4/sapi/apache2handler/config.m4 U php/php-src/trunk/configure.in U php/php-src/trunk/sapi/apache2filter/config.m4 U php/php-src/trunk/sapi/apache2handler/config.m4 Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-01 23:58:16 UTC (rev 323749) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-02 00:07:41 UTC (rev 323750) @@ -22,6 +22,9 @@ (rui, Gustavo) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) +- Installation + . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) + - Fileinfo . Fixed bug #61173 (Unable to detect error from finfo constructor). (Gustavo) Modified: php/php-src/branches/PHP_5_3/configure.in === --- php/php-src/branches/PHP_5_3/configure.in 2012-03-01 23:58:16 UTC (rev 323749) +++ php/php-src/branches/PHP_5_3/configure.in 2012-03-02 00:07:41 UTC (rev 323750) @@ -1550,6 +1550,21 @@ X fi + if test $PHP_SAPI = apache2handler || test $PHP_SAPI = apache2filter; then +if test $APACHE_VERSION -ge 2004001; then + if test -z $APACHE_THREADED_MPM; then +cat X +++ +|*** WARNING *** | +|| +| You have built PHP for Apache's current non-threaded MPM. | +| If you change Apache to use a threaded MPM you must reconfigure| +| PHP with --enable-maintainer-zts | +X + fi +fi + fi + # Warn about linking Apache with libpthread if oci8 extension is enabled on linux. if test $PHP_OCI8 != no; then if test $PHP_SAPI = apache; then Modified: php/php-src/branches/PHP_5_3/sapi/apache2filter/config.m4 === --- php/php-src/branches/PHP_5_3/sapi/apache2filter/config.m4 2012-03-01 23:58:16 UTC (rev 323749) +++ php/php-src/branches/PHP_5_3/sapi/apache2filter/config.m4 2012-03-02 00:07:41 UTC (rev 323750) @@ -39,7 +39,6 @@ APXS_BINDIR=`$APXS -q BINDIR` APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` APXS_CFLAGS=`$APXS -q CFLAGS` - APXS_MPM=`$APXS -q MPM_NAME` APU_BINDIR=`$APXS -q APU_BINDIR` APR_BINDIR=`$APXS -q APR_BINDIR` @@ -118,8 +117,16 @@ ;; esac - if test $APXS_MPM != prefork test $APXS_MPM != peruser; then -PHP_BUILD_THREAD_SAFE + if test $APACHE_VERSION -lt 2004001; then +APXS_MPM=`$APXS -q MPM_NAME` +if test $APXS_MPM != prefork test $APXS_MPM != peruser test $APXS_MPM != itk; then + PHP_BUILD_THREAD_SAFE +fi + else +APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'` +if test -n $APACHE_THREADED_MPM; then + PHP_BUILD_THREAD_SAFE +fi fi AC_MSG_RESULT(yes) PHP_SUBST(APXS) Modified: php/php-src/branches/PHP_5_3/sapi/apache2handler/config.m4 === --- php/php-src/branches/PHP_5_3/sapi/apache2handler/config.m4 2012-03-01 23:58:16 UTC (rev 323749) +++ php/php-src/branches/PHP_5_3/sapi/apache2handler/config.m4 2012-03-02 00:07:41 UTC (rev 323750) @@ -38,7 +38,6 @@ APXS_BINDIR=`$APXS -q BINDIR` APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` APXS_CFLAGS=`$APXS -q CFLAGS` - APXS_MPM=`$APXS -q MPM_NAME` APU_BINDIR=`$APXS -q APU_BINDIR` APR_BINDIR=`$APXS -q APR_BINDIR` @@ -117,8 +116,16 @@ ;; esac - if test $APXS_MPM != prefork test $APXS_MPM != peruser test $APXS_MPM != itk; then -PHP_BUILD_THREAD_SAFE + if test $APACHE_VERSION -lt 2004001; then +APXS_MPM=`$APXS -q MPM_NAME` +if test $APXS_MPM != prefork test $APXS_MPM != peruser test $APXS_MPM != itk; then + PHP_BUILD_THREAD_SAFE +fi + else +APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'` +if test -n $APACHE_THREADED_MPM; then + PHP_BUILD_THREAD_SAFE +fi fi AC_MSG_RESULT(yes) PHP_SUBST(APXS) Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_3/NEWS PHP_5_3/ext/standard/string.c PHP_5_3/ext/standard/tests/strings/bug60801.phpt PHP_5_4/NEWS PHP_5_4/ext/standard/string.c PHP_5_4/ext/standard/tests/
aharvey Fri, 02 Mar 2012 03:39:04 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323779 Log: MFH: Fix bug #60801 (strpbrk() mishandles NUL byte). (Trunk commit: r322934). Bug: https://bugs.php.net/60801 (Closed) strpbrk() mishandles NUL byte Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/string.c A php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug60801.phpt U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/standard/string.c A php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug60801.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-03-02 03:38:04 UTC (rev 323778) +++ php/php-src/branches/PHP_5_3/NEWS 2012-03-02 03:39:04 UTC (rev 323779) @@ -18,6 +18,7 @@ functions). (Pierre) . Fixed bug #60825 (Segfault when running symfony 2 tests). (Dmitry, Laruence) + . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) Modified: php/php-src/branches/PHP_5_3/ext/standard/string.c === --- php/php-src/branches/PHP_5_3/ext/standard/string.c 2012-03-02 03:38:04 UTC (rev 323778) +++ php/php-src/branches/PHP_5_3/ext/standard/string.c 2012-03-02 03:39:04 UTC (rev 323779) @@ -5240,7 +5240,7 @@ { char *haystack, *char_list; int haystack_len, char_list_len; - char *p; + char *haystack_ptr, *cl_ptr; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ss, haystack, haystack_len, char_list, char_list_len) == FAILURE) { RETURN_FALSE; @@ -5251,11 +5251,15 @@ RETURN_FALSE; } - if ((p = strpbrk(haystack, char_list))) { - RETURN_STRINGL(p, (haystack + haystack_len - p), 1); - } else { - RETURN_FALSE; + for (haystack_ptr = haystack; haystack_ptr (haystack + haystack_len); ++haystack_ptr) { + for (cl_ptr = char_list; cl_ptr (char_list + char_list_len); ++cl_ptr) { + if (*cl_ptr == *haystack_ptr) { + RETURN_STRINGL(haystack_ptr, (haystack + haystack_len - haystack_ptr), 1); + } + } } + + RETURN_FALSE; } /* }}} */ Added: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug60801.phpt === (Binary files differ) Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug60801.phpt ___ Added: svn:mime-type + application/octet-stream Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:38:04 UTC (rev 323778) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:39:04 UTC (rev 323779) @@ -15,6 +15,7 @@ . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). (Laruence) . Fixed bug #60978 (exit code incorrect). (Laruence) + . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) . Fixed bug #60573 (type hinting with self keyword causes weird errors). (Laruence) Modified: php/php-src/branches/PHP_5_4/ext/standard/string.c === --- php/php-src/branches/PHP_5_4/ext/standard/string.c 2012-03-02 03:38:04 UTC (rev 323778) +++ php/php-src/branches/PHP_5_4/ext/standard/string.c 2012-03-02 03:39:04 UTC (rev 323779) @@ -5315,7 +5315,7 @@ { char *haystack, *char_list; int haystack_len, char_list_len; - char *p; + char *haystack_ptr, *cl_ptr; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ss, haystack, haystack_len, char_list, char_list_len) == FAILURE) { RETURN_FALSE; @@ -5326,11 +5326,15 @@ RETURN_FALSE; } - if ((p = strpbrk(haystack, char_list))) { - RETURN_STRINGL(p, (haystack + haystack_len - p), 1); - } else { - RETURN_FALSE; + for (haystack_ptr = haystack; haystack_ptr (haystack + haystack_len); ++haystack_ptr) { + for (cl_ptr = char_list; cl_ptr (char_list + char_list_len); ++cl_ptr) { + if (*cl_ptr == *haystack_ptr) { + RETURN_STRINGL(haystack_ptr, (haystack + haystack_len - haystack_ptr), 1); + } + } } + + RETURN_FALSE; } /* }}} */ Added: php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug60801.phpt
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
sixd Wed, 29 Feb 2012 18:46:17 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323676 Log: Remove backported from 5.4 comments since 5.3 is the base version these bugs are fixed. Reorder. Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-29 18:26:17 UTC (rev 323675) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-29 18:46:17 UTC (rev 323676) @@ -253,32 +253,30 @@ . Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes) - PHP-FPM SAPI: + . Dropped restriction of not setting the same value multiple times, the last +one holds. (giovanni at giacobbi dot net, fat) + . Added .phar to default authorized extensions. (fat) . Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org) . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat) + . Enhance error log when the primary script can't be open. FR #60199. (fat) . Fixed bug #60179 (php_flag and php_value does not work properly). (fat) - . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat) + . Fixed bug #55577 (status.html does not install). (fat) . Fixed bug #55533 (The -d parameter doesn't work). (fat) - . Implemented FR #52569 (Add the ondemand process-manager -to allow zero children). (fat) + . Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat) . Fixed bug #55486 (status show BIG processes number). (fat) - . Fixed bug #55577 (status.html does not install). (fat) - . Backported from 5.4 branch (Dropped restriction of not setting the same -value multiple times, the last one holds). -(giovanni at giacobbi dot net, fat) - . Backported FR #55166 from 5.4 branch (Added process.max to control -the number of process FPM can fork). (fat) - . Backported FR #55181 from 5.4 branch (Enhance security by limiting access -to user defined extensions). (fat) - . Backported FR #54098 from 5.4 branch (Lowered process manager -default value). (fat) - . Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat) + . Enhanced security by limiting access to user defined extensions. +FR #55181. (fat) + . Added process.max to control the number of process FPM can fork. FR #55166. +(fat) . Implemented FR #54577 (Enhanced status page with full status and details about each processes. Also provide a web page (status.html) for real-time FPM status. (fat) - . Enhance error log when the primary script can't be open. FR #60199. (fat) - . Added .phar to default authorized extensions. (fat) + . Lowered default value for Process Manager. FR #54098. (fat) + . Implemented FR #52569 (Add the ondemand process-manager +to allow zero children). (fat) + . Added partial syslog support (on error_log only). FR #52052. (fat) - Postgres: . Fixed bug #60244 (pg_fetch_* functions do not validate that row param @@ -820,7 +818,7 @@ - Tokenizer Extension . Fixed bug #54089 (token_get_all() does not stop after __halt_compiler). -(Ilia) +(Nikita Popov, Ilia) - XSL extension: . Fixed memory leaked introduced by the NULL poisoning patch. -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
sixd Wed, 29 Feb 2012 20:48:17 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323677 Log: Add the CVE numbers that were mentioned in the related php.net announcements Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-29 18:46:17 UTC (rev 323676) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-29 20:48:17 UTC (rev 323677) @@ -79,7 +79,7 @@ - Core: . Added max_input_vars directive to prevent attacks based on hash collisions -(Dmitry). +(CVE-2011-4885) (Dmitry). . Fixed bug #60205 (possible integer overflow in content_length). (Laruence) . Fixed bug #60139 (Anonymous functions create cycles not detected by the GC). (Dmitry) @@ -158,7 +158,7 @@ - EXIF: . Fixed bug #60150 (Integer overflow during the parsing of invalid exif -header). (Stas, flolechaud at gmail dot com) +header). (CVE-2011-4566) (Stas, flolechaud at gmail dot com) - Fileinfo: . Fixed bug #60094 (C++ comment fails in c89). (Laruence) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API change (e.g. sending zval** instead of zval*). So it could be fixed properly only in trunk. Thanks. Dmitry. On 02/25/2012 08:41 AM, Laruence wrote: Dmitry: you might want to review this fix. let me explain why crash before this fix. when doing parse_parameter, then convert the object to string by calling the ce-cast_object, and passed the same pointer(although there was a separation), to the cast_object.. then if __toString method stash $this somewhere, after the parameters clean up, the $this pointer will be impending.. then in the next loop, the return_value will happen used the same adress,, then balalala, cause the segfault.. sorry for my poor english, and hope I have made myself clearly, if there is any question , plz write me. thanks On Sat, Feb 25, 2012 at 12:36 PM, Xinchen Huilarue...@php.net wrote: laruence Sat, 25 Feb 2012 04:36:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323489 Log: Fixed bug #61165 (Segfault - strip_tags()) Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_API.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_API.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -3,6 +3,7 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) . Fixed bug #61072 (Memory leak when restoring an exception handler). Modified: php/php-src/branches/PHP_5_3/Zend/zend_API.c === --- php/php-src/branches/PHP_5_3/Zend/zend_API.c2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/Zend/zend_API.c2012-02-25 04:36:08 UTC (rev 323489) @@ -254,10 +254,15 @@ static int parse_arg_object_to_string(zval **arg TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, IS_STRING TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) ==std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -6,6 +6,7 @@ . World domination - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical Modified: php/php-src/trunk/Zend/zend_API.c === --- php/php-src/trunk/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -262,12 +262,17 @@ static int parse_arg_object_to_string(zval **arg, char **p, int *pl, int type TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, type TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; *pl = Z_STRLEN_PP(arg); *p = Z_STRVAL_PP(arg); return SUCCESS; } + zval_ptr_dtor(obj); }
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) thanks change (e.g. sending zval** instead of zval*). So it could be fixed properly only in trunk. Thanks. Dmitry. On 02/25/2012 08:41 AM, Laruence wrote: Dmitry: you might want to review this fix. let me explain why crash before this fix. when doing parse_parameter, then convert the object to string by calling the ce-cast_object, and passed the same pointer(although there was a separation), to the cast_object.. then if __toString method stash $this somewhere, after the parameters clean up, the $this pointer will be impending.. then in the next loop, the return_value will happen used the same adress,, then balalala, cause the segfault.. sorry for my poor english, and hope I have made myself clearly, if there is any question , plz write me. thanks On Sat, Feb 25, 2012 at 12:36 PM, Xinchen Huilarue...@php.net wrote: laruence Sat, 25 Feb 2012 04:36:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323489 Log: Fixed bug #61165 (Segfault - strip_tags()) Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_API.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_API.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -3,6 +3,7 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) . Fixed bug #61072 (Memory leak when restoring an exception handler). Modified: php/php-src/branches/PHP_5_3/Zend/zend_API.c === --- php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -254,10 +254,15 @@ static int parse_arg_object_to_string(zval **arg TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, IS_STRING TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) ==std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -6,6 +6,7 @@ . World domination - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical Modified: php/php-src/trunk/Zend/zend_API.c === --- php/php-src/trunk/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -262,12 +262,17 @@ static int parse_arg_object_to_string(zval **arg, char **p, int *pl, int type TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg,
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Mon, Feb 27, 2012 at 4:31 PM, Laruence larue...@php.net wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) what I mean temporary is, apply this fix to 5.3 and 5.4 then do the right fix which you said to 5.4.1 :) thanks thanks change (e.g. sending zval** instead of zval*). So it could be fixed properly only in trunk. Thanks. Dmitry. On 02/25/2012 08:41 AM, Laruence wrote: Dmitry: you might want to review this fix. let me explain why crash before this fix. when doing parse_parameter, then convert the object to string by calling the ce-cast_object, and passed the same pointer(although there was a separation), to the cast_object.. then if __toString method stash $this somewhere, after the parameters clean up, the $this pointer will be impending.. then in the next loop, the return_value will happen used the same adress,, then balalala, cause the segfault.. sorry for my poor english, and hope I have made myself clearly, if there is any question , plz write me. thanks On Sat, Feb 25, 2012 at 12:36 PM, Xinchen Huilarue...@php.net wrote: laruence Sat, 25 Feb 2012 04:36:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323489 Log: Fixed bug #61165 (Segfault - strip_tags()) Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_API.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_API.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -3,6 +3,7 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) . Fixed bug #61072 (Memory leak when restoring an exception handler). Modified: php/php-src/branches/PHP_5_3/Zend/zend_API.c === --- php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -254,10 +254,15 @@ static int parse_arg_object_to_string(zval **arg TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, IS_STRING TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) ==std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -6,6 +6,7 @@ . World domination - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical Modified: php/php-src/trunk/Zend/zend_API.c === --- php/php-src/trunk/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -262,12 +262,17 @@ static int parse_arg_object_to_string(zval **arg, char **p, int *pl, int
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On 02/27/2012 12:37 PM, Laruence wrote: On Mon, Feb 27, 2012 at 4:31 PM, Laruencelarue...@php.net wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogovdmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) what I mean temporary is, apply this fix to 5.3 and 5.4 then do the right fix which you said to 5.4.1 :) we won't be able to change API in 5.4.1, so it's for 5.5. Thanks. Dmitry. thanks thanks change (e.g. sending zval** instead of zval*). So it could be fixed properly only in trunk. Thanks. Dmitry. On 02/25/2012 08:41 AM, Laruence wrote: Dmitry: you might want to review this fix. let me explain why crash before this fix. when doing parse_parameter, then convert the object to string by calling the ce-cast_object, and passed the same pointer(although there was a separation), to the cast_object.. then if __toString method stash $this somewhere, after the parameters clean up, the $this pointer will be impending.. then in the next loop, the return_value will happen used the same adress,, then balalala, cause the segfault.. sorry for my poor english, and hope I have made myself clearly, if there is any question , plz write me. thanks On Sat, Feb 25, 2012 at 12:36 PM, Xinchen Huilarue...@php.netwrote: laruence Sat, 25 Feb 2012 04:36:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323489 Log: Fixed bug #61165 (Segfault - strip_tags()) Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_API.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_API.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -3,6 +3,7 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) . Fixed bug #61072 (Memory leak when restoring an exception handler). Modified: php/php-src/branches/PHP_5_3/Zend/zend_API.c === --- php/php-src/branches/PHP_5_3/Zend/zend_API.c2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/Zend/zend_API.c2012-02-25 04:36:08 UTC (rev 323489) @@ -254,10 +254,15 @@ static int parse_arg_object_to_string(zval **arg TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, IS_STRING TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) ==std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -6,6 +6,7 @@ . World domination - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical Modified: php/php-src/trunk/Zend/zend_API.c === --- php/php-src/trunk/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -262,12 +262,17 @@ static int
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Mon, 27 Feb 2012, Laruence wrote: On Mon, Feb 27, 2012 at 4:31 PM, Laruence larue...@php.net wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) what I mean temporary is, apply this fix to 5.3 and 5.4 then do the right fix which you said to 5.4.1 :) You can't break extension APIs between 5.4.0 and 5.4.1 either, API changes can only into trunk. cheers, Derick -- http://derickrethans.nl | http://xdebug.org Like Xdebug? Consider a donation: http://xdebug.org/donate.php twitter: @derickr and @xdebug -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Mon, Feb 27, 2012 at 11:17 AM, Derick Rethans der...@php.net wrote: You can't break extension APIs between 5.4.0 and 5.4.1 either, API changes can only into trunk. And ABI neither. -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to it? Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
I initially looked at the final fix when I discovered the issue. Follow me out on this. This is the current code as-implemented in r323563: 265 zval *obj; 266 MAKE_STD_ZVAL(obj); 267 if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { 268 zval_ptr_dtor(arg); 269 *arg = obj; 270 *pl = Z_STRLEN_PP(arg); 271 *p = Z_STRVAL_PP(arg); 272 return SUCCESS; 273 } 274 efree(obj); The issue that I originally identified (overwriting the argument pointer) is still happening. Is there any reason for overwriting the arg pointer? Wouldn't it be better to just do the Z_STRLEN_PP and Z_STRVAL_PP operations on obj instead, and zval_ptr_dtor it as well (instead of efree, as that way if a reference is stored somewhere it won't result in a double free, or a segfault for accessing freed memory)? Thanks, Anthony On Mon, Feb 27, 2012 at 11:39 AM, Xinchen Hui larue...@gmail.com wrote: Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Tue, Feb 28, 2012 at 1:10 AM, Anthony Ferrara ircmax...@gmail.com wrote: I initially looked at the final fix when I discovered the issue. Follow me out on this. This is the current code as-implemented in r323563: 265 zval *obj; 266 MAKE_STD_ZVAL(obj); 267 if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { 268 zval_ptr_dtor(arg); 269 *arg = obj; 270 *pl = Z_STRLEN_PP(arg); 271 *p = Z_STRVAL_PP(arg); 272 return SUCCESS; 273 } 274 efree(obj); The issue that I originally identified (overwriting the argument pointer) is still happening. Is there any reason for overwriting the arg pointer? Wouldn't it be better to just do the Z_STRLEN_PP and Z_STRVAL_PP operations on obj instead, and zval_ptr_dtor it as well Oops, you are right.. thanks for pointing this out. :) (instead of efree, as that way if a reference is stored somewhere it won't result in a double free, or a segfault for accessing freed memory)? Thanks, Anthony On Mon, Feb 27, 2012 at 11:39 AM, Xinchen Hui larue...@gmail.com wrote: Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- 惠新宸 laruence Senior PHP Engineer http://www.laruence.com -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
On Tue, Feb 28, 2012 at 10:38 AM, Xinchen Hui larue...@gmail.com wrote: On Tue, Feb 28, 2012 at 1:10 AM, Anthony Ferrara ircmax...@gmail.com wrote: I initially looked at the final fix when I discovered the issue. Follow me out on this. This is the current code as-implemented in r323563: 265 zval *obj; 266 MAKE_STD_ZVAL(obj); 267 if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { 268 zval_ptr_dtor(arg); 269 *arg = obj; 270 *pl = Z_STRLEN_PP(arg); 271 *p = Z_STRVAL_PP(arg); 272 return SUCCESS; 273 } 274 efree(obj); The issue that I originally identified (overwriting the argument pointer) is still happening. Is there any reason for overwriting the arg pointer? Wouldn't it be better to just do the Z_STRLEN_PP and Z_STRVAL_PP operations on obj instead, and zval_ptr_dtor it as well Oops, you are right.. thanks for pointing this out. :) Sorry, I miss-read your words. so I revoke my previous words. the reason for why overwriting arg, is we should record that new temp zval(IS_STRING), then release it while doing cleanup parameters. and also, fo 5.3, no p and pl paramters. thanks (instead of efree, as that way if a reference is stored somewhere it won't result in a double free, or a segfault for accessing freed memory)? Thanks, Anthony On Mon, Feb 27, 2012 at 11:39 AM, Xinchen Hui larue...@gmail.com wrote: Sent from my iPad 在 2012-2-28,0:10,Anthony Ferrara ircmax...@gmail.com 写道: Out of curiosity, why are you changing it to copy the object for the result of the cast operation? cast_object should init the result zval, so why go through the step of copying the starting object to plz look at the final fix: r323563 thanks r323563 Wouldn't it be easier just to do: if (Z_OBJ_HANDLER_PP(arg, cast_object)) { zval *result; ALLOC_ZVAL(result); if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, result, type TSRMLS_CC) == SUCCESS) { zval_ptr_dtor(arg); *pl = Z_STRLEN_PP(result); *p = Z_STRVAL_PP(result); zval_ptr_dtor(result); return SUCCESS; } zval_ptr_dtor(result); } Keeping both completely separate, and not having the possibility of corrupting the arg object pointer? As it is right now (with the patch in the first mail), wouldn't the possibility still exist of nuking the arg object pointer which could be used elsewhere (and hence cause the memory leak and segfault when that variable is referenced again)? (Un tested as of yet, just throwing it out there as it seems kind of weird to overwrite the arg pointer for what seems like no reason)... Anthony On Mon, Feb 27, 2012 at 10:22 AM, Richard Lynch c...@l-i-e.com wrote: On Mon, February 27, 2012 2:31 am, Laruence wrote: On Mon, Feb 27, 2012 at 4:00 PM, Dmitry Stogov dmi...@zend.com wrote: Hi Laruence, The attached patch looks wired. The patch on top of it (r323563) makes it better. However, in my opinion it fixes a common problem just in a single place. Each call to __toString() that makes side effects may cause the similar problem. It would be great to make a right fix in zend_std_cast_object_tostring() itself, but probably it would require API Hi: before this fix, I thought about the same idea of that. but, you know, such change will need all exts who implmented their own cast_object handler change there codes too. for now, I exam the usage of std_cast_object_tostring, most of them do the similar things like this fix to avoid this issues(like ZEND_CAST handler). so I think, maybe it's okey for a temporary fix :) Perhaps a better solution would be to make a NEW function that uses zval** and deprecate the old one with memory leaks. Old extensions remain functional, new extension consume less memory. (This presumes I actually understand the issue, which is questionable.) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- 惠新宸 laruence Senior PHP Engineer http://www.laruence.com -- 惠新宸 laruence Senior PHP Engineer http://www.laruence.com -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
nikicSat, 25 Feb 2012 13:04:43 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323506 Log: NEWS for r323330 So cjones doesn't have nightmares :P Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 13:03:53 UTC (rev 323505) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 13:04:43 UTC (rev 323506) @@ -26,6 +26,9 @@ - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). +- Phar: + . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikic) + - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/fileinfo/fileinfo.c branches/PHP_5_3/ext/fileinfo/tests/bug61173.phpt trunk/ext/fileinfo/fileinfo.c trunk/ext/fileinfo/tests/bug
cataphract Fri, 24 Feb 2012 10:01:39 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323472 Log: - Fixed bug #61173 (Unable to detect error from finfo constructor). - Tidied up NEWS Bug: https://bugs.php.net/61173 (Feedback) Unable to detect error from finfo constructor Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/fileinfo/fileinfo.c A php/php-src/branches/PHP_5_3/ext/fileinfo/tests/bug61173.phpt U php/php-src/trunk/ext/fileinfo/fileinfo.c A php/php-src/trunk/ext/fileinfo/tests/bug61173.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-24 10:01:32 UTC (rev 323471) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-24 10:01:39 UTC (rev 323472) @@ -1,22 +1,16 @@ PHPNEWS ||| ?? ??? 2012, PHP 5.3.11 + - Core: . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) - -- Session: - . Fixed bug #60860 (session.save_handler=user without defined function core -dumps). (Felipe) - -- Tidy: - . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) - -- Core: . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) - . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). -(Laruence) + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). + (Laruence) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical + vars). (Laruence) . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) . Fixed bug #60825 (Segfault when running symfony 2 tests). @@ -25,18 +19,12 @@ (rui, Gustavo) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) +- Fileinfo + . Fixed bug #61173 (Unable to detect error from finfo constructor). (Gustavo) + - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). -- Streams: - . Fixed bug #61115 (stream related segfault on fatal error in -php_stream_context_link). (Gustavo) - . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected -together with the last read). (Gustavo) - . Fixed bug #60817 (stream_get_line() reads from stream even when there is -already sufficient data buffered). stream_get_line() now behaves more like -fgets(), as is documented. (Gustavo) - - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) @@ -53,10 +41,22 @@ . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) -- Array: - . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). -(Laruence) +- Session: + . Fixed bug #60860 (session.save_handler=user without defined function core +dumps). (Felipe) +- Streams: + . Fixed bug #61115 (stream related segfault on fatal error in +php_stream_context_link). (Gustavo) + . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not +detected together with the last read). (Gustavo) + . Fixed bug #60817 (stream_get_line() reads from stream even when there is +already sufficient data buffered). stream_get_line() now behaves more like +fgets(), as is documented. (Gustavo) + +- Tidy: + . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) + - XMLRPC: . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) Modified: php/php-src/branches/PHP_5_3/ext/fileinfo/fileinfo.c === --- php/php-src/branches/PHP_5_3/ext/fileinfo/fileinfo.c 2012-02-24 10:01:32 UTC (rev 323471) +++ php/php-src/branches/PHP_5_3/ext/fileinfo/fileinfo.c 2012-02-24 10:01:39 UTC (rev 323472) @@ -76,9 +76,9 @@ } \ } -/* {{{ finfo_objects_dtor +/* {{{ finfo_objects_free */ -static void finfo_objects_dtor(void *object, zend_object_handle handle TSRMLS_DC) +static void finfo_objects_free(void *object TSRMLS_DC) { struct finfo_object *intern = (struct finfo_object *) object; @@ -108,7 +108,8 @@ intern-ptr = NULL; - retval.handle = zend_objects_store_put(intern, finfo_objects_dtor, NULL, NULL TSRMLS_CC); + retval.handle = zend_objects_store_put(intern, NULL, + finfo_objects_free, NULL TSRMLS_CC); retval.handlers = (zend_object_handlers *) finfo_object_handlers; return retval; @@ -276,6 +277,15 @@ } /* }}} */ +#define FILEINFO_DESTROY_OBJECT(object) \ + do { \ + if (object) { \ + zend_object_store_ctor_failed(object TSRMLS_CC); \ + zval_dtor(object); \ +
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
laruence Sat, 25 Feb 2012 04:36:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323489 Log: Fixed bug #61165 (Segfault - strip_tags()) Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_API.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_API.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -3,6 +3,7 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) . Fixed bug #61072 (Memory leak when restoring an exception handler). Modified: php/php-src/branches/PHP_5_3/Zend/zend_API.c === --- php/php-src/branches/PHP_5_3/Zend/zend_API.c2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/Zend/zend_API.c2012-02-25 04:36:08 UTC (rev 323489) @@ -254,10 +254,15 @@ static int parse_arg_object_to_string(zval **arg TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, IS_STRING TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) == std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -6,6 +6,7 @@ . World domination - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical Modified: php/php-src/trunk/Zend/zend_API.c === --- php/php-src/trunk/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -262,12 +262,17 @@ static int parse_arg_object_to_string(zval **arg, char **p, int *pl, int type TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, type TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; *pl = Z_STRLEN_PP(arg); *p = Z_STRVAL_PP(arg); return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) == std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_API.c trunk/NEWS trunk/Zend/zend_API.c
Dmitry: you might want to review this fix. let me explain why crash before this fix. when doing parse_parameter, then convert the object to string by calling the ce-cast_object, and passed the same pointer(although there was a separation), to the cast_object.. then if __toString method stash $this somewhere, after the parameters clean up, the $this pointer will be impending.. then in the next loop, the return_value will happen used the same adress,, then balalala, cause the segfault.. sorry for my poor english, and hope I have made myself clearly, if there is any question , plz write me. thanks On Sat, Feb 25, 2012 at 12:36 PM, Xinchen Hui larue...@php.net wrote: laruence Sat, 25 Feb 2012 04:36:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323489 Log: Fixed bug #61165 (Segfault - strip_tags()) Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_API.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_API.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -3,6 +3,7 @@ ?? ??? 2012, PHP 5.3.11 - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #61095 (Incorect lexing of 0x00*+NUM). (Etienne) . Fixed bug #61072 (Memory leak when restoring an exception handler). Modified: php/php-src/branches/PHP_5_3/Zend/zend_API.c === --- php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/branches/PHP_5_3/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -254,10 +254,15 @@ static int parse_arg_object_to_string(zval **arg TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, IS_STRING TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, IS_STRING TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) == std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/NEWS 2012-02-25 04:36:08 UTC (rev 323489) @@ -6,6 +6,7 @@ . World domination - Core: + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical Modified: php/php-src/trunk/Zend/zend_API.c === --- php/php-src/trunk/Zend/zend_API.c 2012-02-25 03:19:27 UTC (rev 323488) +++ php/php-src/trunk/Zend/zend_API.c 2012-02-25 04:36:08 UTC (rev 323489) @@ -262,12 +262,17 @@ static int parse_arg_object_to_string(zval **arg, char **p, int *pl, int type TSRMLS_DC) /* {{{ */ { if (Z_OBJ_HANDLER_PP(arg, cast_object)) { - SEPARATE_ZVAL_IF_NOT_REF(arg); - if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, type TSRMLS_CC) == SUCCESS) { + zval *obj; + ALLOC_ZVAL(obj); + MAKE_COPY_ZVAL(arg, obj); + if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type TSRMLS_CC) == SUCCESS) { + zval_ptr_dtor(arg); + *arg = obj; *pl = Z_STRLEN_PP(arg); *p = Z_STRVAL_PP(arg); return SUCCESS; } + zval_ptr_dtor(obj); } /* Standard PHP objects */ if (Z_OBJ_HT_PP(arg) == std_object_handlers || !Z_OBJ_HANDLER_PP(arg, cast_object)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
sixd Thu, 23 Feb 2012 19:43:38 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323453 Log: Relocate orphan line Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-23 18:43:05 UTC (rev 323452) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-23 19:43:38 UTC (rev 323453) @@ -242,9 +242,9 @@ - Phar: . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe) . Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp +scanning for __HALT_COMPILER). (Ralph Schindler) . Fixed bug #53872 (internal corruption of phar). (Hannes) . Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes) -scanning for __HALT_COMPILER). (Ralph Schindler) - PHP-FPM SAPI: . Fixed bug #60659 (FPM does not clear auth_user on request accept). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/tests/streams/bug61115.phpt branches/PHP_5_3/main/streams/streams.c trunk/ext/standard/tests/streams/bug61115.phpt trun
cataphract Wed, 22 Feb 2012 11:45:26 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323425 Log: - Fixed bug #61115 (stream related segfault on fatal error in php_stream_context_link). #run-tests.php is not currently detecting the segfault in the test #Missing 5.4 merge Bug: https://bugs.php.net/61115 (Analyzed) Stream related segfault on fatal error in php_stream_context_del_link Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115.phpt U php/php-src/branches/PHP_5_3/main/streams/streams.c A php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt U php/php-src/trunk/main/streams/streams.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-22 11:15:49 UTC (rev 323424) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-22 11:45:26 UTC (rev 323425) @@ -29,6 +29,8 @@ . Fixed bug #60802 (ibase_trans() gives segfault when passing params). - Streams: + . Fixed bug #61115 (stream related segfault on fatal error in +php_stream_context_link). (Gustavo) . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) . Fixed bug #60817 (stream_get_line() reads from stream even when there is Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115.phpt 2012-02-22 11:45:26 UTC (rev 323425) @@ -0,0 +1,13 @@ +--TEST-- +Bug #61115: Stream related segfault on fatal error in php_stream_context_del_link. +--FILE-- +?php + +$arrayLarge = array_fill(0, 113663, '*'); + +$resourceFileTemp = fopen('php://temp', 'r+'); +stream_context_set_params($resourceFileTemp, array()); +preg_replace('', function() {}, $resourceFileTemp); +? +--EXPECTF-- +Catchable fatal error: Object of class Closure could not be converted to string in %s on line %d Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug61115.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/main/streams/streams.c === --- php/php-src/branches/PHP_5_3/main/streams/streams.c 2012-02-22 11:15:49 UTC (rev 323424) +++ php/php-src/branches/PHP_5_3/main/streams/streams.c 2012-02-22 11:45:26 UTC (rev 323425) @@ -320,7 +320,9 @@ int remove_rsrc = 1; int preserve_handle = close_options PHP_STREAM_FREE_PRESERVE_HANDLE ? 1 : 0; int release_cast = 1; - php_stream_context *context = stream-context; + /* on an unclean shutdown, the context may have already been freed (if it +* was created after the stream resource), so don't reference it */ + php_stream_context *context = CG(unclean_shutdown) ? NULL : stream-context; if (stream-flags PHP_STREAM_FLAG_NO_CLOSE) { preserve_handle = 1; @@ -374,8 +376,8 @@ } /* Remove stream from any context link list */ - if (stream-context stream-context-links) { - php_stream_context_del_link(stream-context, stream); + if (context context-links) { + php_stream_context_del_link(context, stream); } if (close_options PHP_STREAM_FREE_CALL_DTOR) { Added: php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt === --- php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt (rev 0) +++ php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt 2012-02-22 11:45:26 UTC (rev 323425) @@ -0,0 +1,13 @@ +--TEST-- +Bug #61115: Stream related segfault on fatal error in php_stream_context_del_link. +--FILE-- +?php + +$arrayLarge = array_fill(0, 113663, '*'); + +$resourceFileTemp = fopen('php://temp', 'r+'); +stream_context_set_params($resourceFileTemp, array()); +preg_replace('', function() {}, $resourceFileTemp); +? +--EXPECTF-- +Catchable fatal error: Object of class Closure could not be converted to string in %s on line %d Property changes on: php/php-src/trunk/ext/standard/tests/streams/bug61115.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/trunk/main/streams/streams.c === --- php/php-src/trunk/main/streams/streams.c2012-02-22 11:15:49 UTC (rev 323424) +++
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
nikicWed, 22 Feb 2012 17:21:57 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323432 Log: NEWS for r323362 Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-22 16:14:47 UTC (rev 323431) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-22 17:21:57 UTC (rev 323432) @@ -60,6 +60,9 @@ - XMLRPC: . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) +- Zlib: + . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikic) + 02 Feb 2012, PHP 5.3.10 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/xmlrpc/tests/bug61097.phpt branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c trunk/ext/xmlrpc/tests/bug61097.phpt trunk/ext/xmlrpc/xm
nikicSat, 18 Feb 2012 14:58:19 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323331 Log: Fix bug #61097 Memory leak in xmlrpc functions copying zvals Needs to be merged to 5.4. Bug: https://bugs.php.net/61097 (Assigned) Memory leak in xmlrpc functions copying zvals Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61097.phpt U php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c A php/php-src/trunk/ext/xmlrpc/tests/bug61097.phpt U php/php-src/trunk/ext/xmlrpc/xmlrpc-epi-php.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-18 13:39:13 UTC (rev 323330) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-18 14:58:19 UTC (rev 323331) @@ -54,6 +54,9 @@ . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). (Laruence) +- XMLRPC: + . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikic) + 02 Feb 2012, PHP 5.3.10 - Core: Added: php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61097.phpt === --- php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61097.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/xmlrpc/tests/bug61097.phpt 2012-02-18 14:58:19 UTC (rev 323331) @@ -0,0 +1,16 @@ +--TEST-- +Bug #61097 (Memory leak in xmlrpc functions copying zvals) +--SKIPIF-- +?php if (!extension_loaded(xmlrpc)) print skip; ? +--FILE-- +?php +$server = xmlrpc_server_create(); + +$method = 'abc'; +xmlrpc_server_register_introspection_callback($server, $method); +xmlrpc_server_register_method($server, 'abc', $method); + +echo 'Done'; +? +--EXPECT-- +Done Modified: php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c === --- php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c2012-02-18 13:39:13 UTC (rev 323330) +++ php/php-src/branches/PHP_5_3/ext/xmlrpc/xmlrpc-epi-php.c2012-02-18 14:58:19 UTC (rev 323331) @@ -1043,9 +1043,8 @@ */ if (XMLRPC_ServerRegisterMethod(server-server_ptr, method_key, php_xmlrpc_callback)) { /* save for later use */ - MAKE_STD_ZVAL(method_name_save); - *method_name_save = **method_name; - zval_copy_ctor(method_name_save); + ALLOC_ZVAL(method_name_save); + MAKE_COPY_ZVAL(method_name, method_name_save); /* register our php method */ add_zval(server-method_map, method_key, method_name_save); @@ -1073,9 +1072,8 @@ if (type == le_xmlrpc_server) { /* save for later use */ - MAKE_STD_ZVAL(method_name_save); - *method_name_save = **method_name; - zval_copy_ctor(method_name_save); + ALLOC_ZVAL(method_name_save); + MAKE_COPY_ZVAL(method_name, method_name_save); /* register our php method */ add_zval(server-introspection_map, NULL, method_name_save); Added: php/php-src/trunk/ext/xmlrpc/tests/bug61097.phpt === --- php/php-src/trunk/ext/xmlrpc/tests/bug61097.phpt (rev 0) +++ php/php-src/trunk/ext/xmlrpc/tests/bug61097.phpt2012-02-18 14:58:19 UTC (rev 323331) @@ -0,0 +1,16 @@ +--TEST-- +Bug #61097 (Memory leak in xmlrpc functions copying zvals) +--SKIPIF-- +?php if (!extension_loaded(xmlrpc)) print skip; ? +--FILE-- +?php +$server = xmlrpc_server_create(); + +$method = 'abc'; +xmlrpc_server_register_introspection_callback($server, $method); +xmlrpc_server_register_method($server, 'abc', $method); + +echo 'Done'; +? +--EXPECT-- +Done Modified: php/php-src/trunk/ext/xmlrpc/xmlrpc-epi-php.c === --- php/php-src/trunk/ext/xmlrpc/xmlrpc-epi-php.c 2012-02-18 13:39:13 UTC (rev 323330) +++ php/php-src/trunk/ext/xmlrpc/xmlrpc-epi-php.c 2012-02-18 14:58:19 UTC (rev 323331) @@ -1043,9 +1043,8 @@ */ if (XMLRPC_ServerRegisterMethod(server-server_ptr, method_key, php_xmlrpc_callback)) { /* save for later use */ - MAKE_STD_ZVAL(method_name_save); - *method_name_save = **method_name; - zval_copy_ctor(method_name_save); + ALLOC_ZVAL(method_name_save); + MAKE_COPY_ZVAL(method_name, method_name_save); /* register our php method */ add_zval(server-method_map, method_key, method_name_save); @@ -1073,9 +1072,8 @@ if (type ==
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
aharvey Sat, 18 Feb 2012 04:32:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323313 Log: Merge 5.3.10 NEWS, per Ondřej's mailing list prod. Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-18 02:18:45 UTC (rev 323312) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-18 04:32:45 UTC (rev 323313) @@ -54,9 +54,11 @@ . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). (Laruence) -?? ??? 2012, PHP 5.3.10 +02 Feb 2012, PHP 5.3.10 -(to be added) +- Core: + . Fixed arbitrary remote code execution vulnerability reported by Stefan +Esser, CVE-2012-0830. (Stas, Dmitry) 10 Jan 2012, PHP 5.3.9 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/main/php_variables.c branches/PHP_5_3/main/rfc1867.c branches/PHP_5_4/NEWS branches/PHP_5_4/main/php_variables.c branches/PHP_5_4/ma
dmitry Tue, 14 Feb 2012 08:58:52 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323202 Log: Improved max_input_vars directive to check nested variables Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/main/php_variables.c U php/php-src/branches/PHP_5_3/main/rfc1867.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/main/php_variables.c U php/php-src/branches/PHP_5_4/main/rfc1867.c U php/php-src/trunk/main/php_variables.c U php/php-src/trunk/main/rfc1867.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-14 08:39:15 UTC (rev 323201) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-14 08:58:52 UTC (rev 323202) @@ -1,6 +1,9 @@ PHPNEWS ||| ?? ??? 2012, PHP 5.3.11 +- Core: + . Improved max_input_vars directive to check nested variables (Dmitry). + - Session: . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) Modified: php/php-src/branches/PHP_5_3/main/php_variables.c === --- php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-14 08:39:15 UTC (rev 323201) +++ php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-14 08:58:52 UTC (rev 323202) @@ -196,21 +196,9 @@ } if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { - if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); - } - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); - } else { - if (index != escaped_index) { - efree(escaped_index); - } - zval_dtor(val); - efree(var_orig); - return; - } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); } if (index != escaped_index) { efree(escaped_index); @@ -255,14 +243,7 @@ zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { zval_ptr_dtor(gpc_element); } else { -if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); - } - zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); -} else { - zval_ptr_dtor(gpc_element); -} +zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); } if (escaped_index != index) { efree(escaped_index); @@ -276,6 +257,7 @@ { char *var, *val, *e, *s, *p; zval *array_ptr = (zval *) arg; + long count = 0; if (SG(request_info).post_data == NULL) { return; @@ -289,6 +271,10 @@ if ((val = memchr(s, '=', (p - s { /* have a value */ unsigned int val_len, new_val_len; + if (++count PG(max_input_vars)) { +php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); +return; + } var = s; php_url_decode(var, (val - s)); @@ -322,6 +308,7 @@ zval *array_ptr; int free_buffer = 0; char *strtok_buf = NULL; + long count = 0; switch (arg) { case PARSE_POST: @@ -411,6 +398,11 @@ } } + if (++count PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); + break; + } + if (val) { /* have a value */ int val_len; unsigned int new_val_len; Modified: php/php-src/branches/PHP_5_3/main/rfc1867.c === --- php/php-src/branches/PHP_5_3/main/rfc1867.c 2012-02-14 08:39:15 UTC (rev 323201) +++ php/php-src/branches/PHP_5_3/main/rfc1867.c 2012-02-14 08:58:52 UTC (rev 323202) @@ -779,6 +779,7 @@ void *event_extra_data = NULL; int llen = 0; int upload_cnt = INI_INT(max_file_uploads); + long count = 0; if (SG(post_max_size) 0
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/zend_builtin_functions.c trunk/NEWS trunk/Zend/zend_builtin_functions.c
laruence Tue, 14 Feb 2012 05:35:34 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323199 Log: Fixed bug #61072 (Memory leak when restoring an exception handler) Bug: https://bugs.php.net/61072 (Open) Memory leak when restoring an exception handler Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/Zend/zend_builtin_functions.c U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/zend_builtin_functions.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-13 20:59:33 UTC (rev 323198) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-14 05:35:34 UTC (rev 323199) @@ -9,6 +9,8 @@ . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) - Core: + . Fixed bug #61072 (Memory leak when restoring an exception handler). +(Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). (Laruence) . Fix bug #60895 (Possible invalid handler usage in windows random Modified: php/php-src/branches/PHP_5_3/Zend/zend_builtin_functions.c === --- php/php-src/branches/PHP_5_3/Zend/zend_builtin_functions.c 2012-02-13 20:59:33 UTC (rev 323198) +++ php/php-src/branches/PHP_5_3/Zend/zend_builtin_functions.c 2012-02-14 05:35:34 UTC (rev 323199) @@ -1516,8 +1516,7 @@ RETURN_TRUE; } - *EG(user_exception_handler) = *exception_handler; - zval_copy_ctor(EG(user_exception_handler)); + MAKE_COPY_ZVAL(exception_handler, EG(user_exception_handler)) if (!had_orig_exception_handler) { RETURN_NULL(); Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-13 20:59:33 UTC (rev 323198) +++ php/php-src/trunk/NEWS 2012-02-14 05:35:34 UTC (rev 323199) @@ -6,6 +6,8 @@ . World domination - Core: + . Fixed bug #61072 (Memory leak when restoring an exception handler). +(Nikic, Laruence) . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). (Laruence) . Fixed bug #60978 (exit code incorrect). (Laruence) Modified: php/php-src/trunk/Zend/zend_builtin_functions.c === --- php/php-src/trunk/Zend/zend_builtin_functions.c 2012-02-13 20:59:33 UTC (rev 323198) +++ php/php-src/trunk/Zend/zend_builtin_functions.c 2012-02-14 05:35:34 UTC (rev 323199) @@ -1615,8 +1615,7 @@ RETURN_TRUE; } - *EG(user_exception_handler) = *exception_handler; - zval_copy_ctor(EG(user_exception_handler)); + MAKE_COPY_ZVAL(exception_handler, EG(user_exception_handler)); if (!had_orig_exception_handler) { RETURN_NULL(); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/array.c trunk/NEWS trunk/ext/standard/array.c
laruence Sun, 12 Feb 2012 04:59:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323160 Log: Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX) Bug: https://bugs.php.net/61058 (Open) array_fill leaks if start index is PHP_INT_MAX Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/array.c U php/php-src/trunk/NEWS U php/php-src/trunk/ext/standard/array.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-11 13:34:06 UTC (rev 323159) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-12 04:59:08 UTC (rev 323160) @@ -45,6 +45,10 @@ . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) +- Array: + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). +(Laruence) + ?? ??? 2012, PHP 5.3.10 (to be added) Modified: php/php-src/branches/PHP_5_3/ext/standard/array.c === --- php/php-src/branches/PHP_5_3/ext/standard/array.c 2012-02-11 13:34:06 UTC (rev 323159) +++ php/php-src/branches/PHP_5_3/ext/standard/array.c 2012-02-12 04:59:08 UTC (rev 323160) @@ -1558,11 +1558,15 @@ num--; zval_add_ref(val); - zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, val, sizeof(zval *), NULL); + if (zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, val, sizeof(zval *), NULL) == FAILURE) { + zval_ptr_dtor(val); + } while (num--) { zval_add_ref(val); - zend_hash_next_index_insert(Z_ARRVAL_P(return_value), val, sizeof(zval *), NULL); + if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), val, sizeof(zval *), NULL) == FAILURE) { + zval_ptr_dtor(val); + } } } /* }}} */ Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-11 13:34:06 UTC (rev 323159) +++ php/php-src/trunk/NEWS 2012-02-12 04:59:08 UTC (rev 323160) @@ -42,4 +42,8 @@ . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) +- Array: + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). +(Laruence) + NOTE: Insert NEWS from last stable release here prior to actual release! Modified: php/php-src/trunk/ext/standard/array.c === --- php/php-src/trunk/ext/standard/array.c 2012-02-11 13:34:06 UTC (rev 323159) +++ php/php-src/trunk/ext/standard/array.c 2012-02-12 04:59:08 UTC (rev 323160) @@ -1564,11 +1564,15 @@ num--; zval_add_ref(val); - zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, val, sizeof(zval *), NULL); + if (zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, val, sizeof(zval *), NULL) == FAILURE) { + zval_ptr_dtor(val); + } while (num--) { zval_add_ref(val); - zend_hash_next_index_insert(Z_ARRVAL_P(return_value), val, sizeof(zval *), NULL); + if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), val, sizeof(zval *), NULL) == FAILURE) { + zval_ptr_dtor(val); + } } } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/main/php_variables.c branches/PHP_5_3/tests/basic/bug61000.phpt trunk/NEWS trunk/main/php_variables.c trunk/tests/basic/bug61000.php
laruence Wed, 08 Feb 2012 14:07:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323123 Log: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). Bug: https://bugs.php.net/61000 (Open) Exceeding max nesting level doesn't delete numerical vars Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/main/php_variables.c A php/php-src/branches/PHP_5_3/tests/basic/bug61000.phpt U php/php-src/trunk/NEWS U php/php-src/trunk/main/php_variables.c A php/php-src/trunk/tests/basic/bug61000.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-08 07:48:48 UTC (rev 323122) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-08 14:07:27 UTC (rev 323123) @@ -16,6 +16,8 @@ . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). +(Laruence) - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). Modified: php/php-src/branches/PHP_5_3/main/php_variables.c === --- php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-08 07:48:48 UTC (rev 323122) +++ php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-08 14:07:27 UTC (rev 323123) @@ -138,10 +138,10 @@ if (track_vars_array) { ht = Z_ARRVAL_P(track_vars_array); - zend_hash_del(ht, var, var_len + 1); + zend_symtable_del(ht, var, var_len + 1); } else if (PG(register_globals)) { ht = EG(active_symbol_table); - zend_hash_del(ht, var, var_len + 1); + zend_symtable_del(ht, var, var_len + 1); } zval_dtor(val); Added: php/php-src/branches/PHP_5_3/tests/basic/bug61000.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/bug61000.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/tests/basic/bug61000.phpt 2012-02-08 14:07:27 UTC (rev 323123) @@ -0,0 +1,38 @@ +--TEST-- +Bug #61000 (Exceeding max nesting level doesn't delete numerical vars) +--INI-- +max_input_nesting_level=2 +--POST-- +1[a][]=foo1[a][b][c]=bar +--GET-- +a[a][]=fooa[a][b][c]=bar +--FILE-- +?php +print_r($_GET); +print_r($_POST); +--EXPECTF-- +Array +( +) +Array +( +) +--TEST-- +Bug #61000 (Exceeding max nesting level doesn't delete numerical vars) +--INI-- +max_input_nesting_level=2 +--POST-- +1[a][]=foo1[a][b][c]=bar +--GET-- +a[a][]=fooa[a][b][c]=bar +--FILE-- +?php +print_r($_GET); +print_r($_POST); +--EXPECTF-- +Array +( +) +Array +( +) Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-08 07:48:48 UTC (rev 323122) +++ php/php-src/trunk/NEWS 2012-02-08 14:07:27 UTC (rev 323123) @@ -9,6 +9,8 @@ . Fixed bug #60573 (type hinting with self keyword causes weird errors). (Laruence) . Fixed bug #60978 (exit code incorrect). (Laruence) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical +vars). (Laruence) - cURL: . Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND, Modified: php/php-src/trunk/main/php_variables.c === --- php/php-src/trunk/main/php_variables.c 2012-02-08 07:48:48 UTC (rev 323122) +++ php/php-src/trunk/main/php_variables.c 2012-02-08 14:07:27 UTC (rev 323123) @@ -133,7 +133,7 @@ if (track_vars_array) { ht = Z_ARRVAL_P(track_vars_array); - zend_hash_del(ht, var, var_len + 1); + zend_symtable_del(ht, var, var_len + 1); } zval_dtor(val); Added: php/php-src/trunk/tests/basic/bug61000.phpt === --- php/php-src/trunk/tests/basic/bug61000.phpt (rev 0) +++ php/php-src/trunk/tests/basic/bug61000.phpt 2012-02-08 14:07:27 UTC (rev 323123) @@ -0,0 +1,38 @@ +--TEST-- +Bug #61000 (Exceeding max nesting level doesn't delete numerical vars) +--INI-- +max_input_nesting_level=2 +--POST-- +1[a][]=foo1[a][b][c]=bar +--GET-- +a[a][]=fooa[a][b][c]=bar +--FILE-- +?php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS trunk/NEWS
laruence Wed, 08 Feb 2012 15:07:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323124 Log: decrescent order #Felipe laruence: yes, we used to use decrescent order of bug id in the NEWS entry. Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/trunk/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-08 14:07:27 UTC (rev 323123) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-08 15:07:28 UTC (rev 323124) @@ -9,15 +9,15 @@ . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) - Core: + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). +(Laruence) + . Fix bug #60895 (Possible invalid handler usage in windows random +functions). (Pierre) + . Fixed bug #60825 (Segfault when running symfony 2 tests). +(Dmitry, Laruence) . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) - . Fixed bug #60825 (Segfault when running symfony 2 tests). -(Dmitry, Laruence) - . Fix bug #60895 (Possible invalid handler usage in windows random -functions). (Pierre) . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) - . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). -(Laruence) - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-08 14:07:27 UTC (rev 323123) +++ php/php-src/trunk/NEWS 2012-02-08 15:07:28 UTC (rev 323124) @@ -6,11 +6,11 @@ . World domination - Core: + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical +vars). (Laruence) + . Fixed bug #60978 (exit code incorrect). (Laruence) . Fixed bug #60573 (type hinting with self keyword causes weird errors). (Laruence) - . Fixed bug #60978 (exit code incorrect). (Laruence) - . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical -vars). (Laruence) - cURL: . Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND, -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/tidy/tests/bug54682.phpt branches/PHP_5_3/ext/tidy/tidy.c branches/PHP_5_4/ext/tidy/tidy.c trunk/ext/tidy/tidy.c
tony2001 Tue, 07 Feb 2012 20:49:10 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323118 Log: fix bug #54682 (tidy null pointer dereference) Bug: https://bugs.php.net/54682 (Re-Opened) tidy NullPD Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/tidy/tests/bug54682.phpt U php/php-src/branches/PHP_5_3/ext/tidy/tidy.c U php/php-src/branches/PHP_5_4/ext/tidy/tidy.c U php/php-src/trunk/ext/tidy/tidy.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-07 20:32:39 UTC (rev 323117) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-07 20:49:10 UTC (rev 323118) @@ -5,6 +5,9 @@ . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) +- Tidy: + . Fixed bug #54682 (tidy null pointer dereference). (Tony, David Soria Parra) + - Core: . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui, Gustavo) Modified: php/php-src/branches/PHP_5_3/ext/tidy/tests/bug54682.phpt === --- php/php-src/branches/PHP_5_3/ext/tidy/tests/bug54682.phpt 2012-02-07 20:32:39 UTC (rev 323117) +++ php/php-src/branches/PHP_5_3/ext/tidy/tests/bug54682.phpt 2012-02-07 20:49:10 UTC (rev 323118) @@ -10,4 +10,4 @@ ? --EXPECTF-- -Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d +Warning: tidy::__construct(): Cannot Load '*' into memory in %s on line %d Modified: php/php-src/branches/PHP_5_3/ext/tidy/tidy.c === --- php/php-src/branches/PHP_5_3/ext/tidy/tidy.c2012-02-07 20:32:39 UTC (rev 323117) +++ php/php-src/branches/PHP_5_3/ext/tidy/tidy.c2012-02-07 20:49:10 UTC (rev 323118) @@ -190,6 +190,7 @@ TidyDoc doc; TidyBuffer *errbuf; unsigned int ref_count; + unsigned int initialized:1; }; struct _PHPTidyObj { @@ -701,6 +702,7 @@ intern-ptdoc = emalloc(sizeof(PHPTidyDoc)); intern-ptdoc-doc = tidyCreate(); intern-ptdoc-ref_count = 1; + intern-ptdoc-initialized = 0; intern-ptdoc-errbuf = emalloc(sizeof(TidyBuffer)); tidyBufInit(intern-ptdoc-errbuf); @@ -1040,7 +1042,9 @@ return FAILURE; } } - + + obj-ptdoc-initialized = 1; + tidyBufInit(buf); tidyBufAppend(buf, string, len); if (tidyParseBuffer(obj-ptdoc-doc, buf) 0) { @@ -1288,7 +1292,7 @@ { TIDY_FETCH_OBJECT; - if (tidyRunDiagnostics(obj-ptdoc-doc) = 0) { + if (obj-ptdoc-initialized tidyRunDiagnostics(obj-ptdoc-doc) = 0) { tidy_doc_update_properties(obj TSRMLS_CC); RETURN_TRUE; } Modified: php/php-src/branches/PHP_5_4/ext/tidy/tidy.c === --- php/php-src/branches/PHP_5_4/ext/tidy/tidy.c2012-02-07 20:32:39 UTC (rev 323117) +++ php/php-src/branches/PHP_5_4/ext/tidy/tidy.c2012-02-07 20:49:10 UTC (rev 323118) @@ -191,6 +191,7 @@ TidyDoc doc; TidyBuffer *errbuf; unsigned intref_count; + unsigned intinitialized:1; }; struct _PHPTidyObj { @@ -688,6 +689,7 @@ intern-ptdoc = emalloc(sizeof(PHPTidyDoc)); intern-ptdoc-doc = tidyCreate(); intern-ptdoc-ref_count = 1; + intern-ptdoc-initialized = 0; intern-ptdoc-errbuf = emalloc(sizeof(TidyBuffer)); tidyBufInit(intern-ptdoc-errbuf); @@ -1047,7 +1049,9 @@ return FAILURE; } } - + + obj-ptdoc-initialized = 1; + tidyBufInit(buf); tidyBufAttach(buf, (byte *) string, len); if (tidyParseBuffer(obj-ptdoc-doc, buf) 0) { @@ -1336,7 +1340,7 @@ { TIDY_FETCH_OBJECT; - if (tidyRunDiagnostics(obj-ptdoc-doc) = 0) { + if (obj-ptdoc-initialized tidyRunDiagnostics(obj-ptdoc-doc) = 0) { tidy_doc_update_properties(obj TSRMLS_CC); RETURN_TRUE; } Modified: php/php-src/trunk/ext/tidy/tidy.c === --- php/php-src/trunk/ext/tidy/tidy.c 2012-02-07 20:32:39 UTC (rev 323117) +++ php/php-src/trunk/ext/tidy/tidy.c 2012-02-07 20:49:10 UTC (rev 323118) @@ -191,6 +191,7 @@ TidyDoc doc; TidyBuffer *errbuf; unsigned intref_count; + unsigned intinitialized:1; }; struct _PHPTidyObj { @@ -688,6 +689,7 @@
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/reflection/php_reflection.c branches/PHP_5_3/ext/reflection/tests/bug60367.phpt trunk/NEWS trunk/ext/reflection/php_reflecti
On Fri, Feb 3, 2012 at 17:27, Xinchen Hui larue...@php.net wrote: laruence Fri, 03 Feb 2012 16:27:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323045 Log: Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()) Bug: https://bugs.php.net/60968 (Assigned) Late static binding doesn't work with ReflectionMethod::invokeArgs() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c U php/php-src/branches/PHP_5_3/ext/reflection/tests/bug60367.phpt U php/php-src/trunk/NEWS U php/php-src/trunk/ext/reflection/php_reflection.c U php/php-src/trunk/ext/reflection/tests/bug60367.phpt There is no need to update the trunk NEWS when its included in previous versions. -Hannes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/reflection/php_reflection.c branches/PHP_5_3/ext/reflection/tests/bug60367.phpt trunk/NEWS trunk/ext/reflection/php_reflecti
Hi bjori: On Sat, Feb 4, 2012 at 8:33 PM, Hannes Magnusson hannes.magnus...@gmail.com wrote: On Fri, Feb 3, 2012 at 17:27, Xinchen Hui larue...@php.net wrote: laruence Fri, 03 Feb 2012 16:27:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323045 Log: Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()) Bug: https://bugs.php.net/60968 (Assigned) Late static binding doesn't work with ReflectionMethod::invokeArgs() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c U php/php-src/branches/PHP_5_3/ext/reflection/tests/bug60367.phpt U php/php-src/trunk/NEWS U php/php-src/trunk/ext/reflection/php_reflection.c U php/php-src/trunk/ext/reflection/tests/bug60367.phpt There is no need to update the trunk NEWS when its included in previous versions. I was told that we should update both 5.3/5.4 NEWS when fixe bugs. since 5.4 is in freeze period, so I update trunk NEWS. thanks -Hannes -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS ext/standard/tests/general_functions/bug60227.phpt ext/standard/tests/general_functions/bug60227_1.phpt ext/standard/tests/general_functions/bug60227
cataphract Fri, 03 Feb 2012 08:48:34 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323041 Log: - Merging r323033 into 5.3 (see bug #60227). Bug: https://bugs.php.net/60227 (Closed) header() cannot detect the multi-line header with CR(0x0D). Changed paths: U php/php-src/branches/PHP_5_3/NEWS D php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt A + php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_1.phpt (from php/php-src/trunk/ext/standard/tests/general_functions/bug60227_1.phpt:r323033) A + php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_2.phpt (from php/php-src/trunk/ext/standard/tests/general_functions/bug60227_2.phpt:r323033) U php/php-src/branches/PHP_5_3/main/SAPI.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-03 08:14:39 UTC (rev 323040) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-03 08:48:34 UTC (rev 323041) @@ -7,7 +7,7 @@ - Core: . Fixed bug #60227 (header() cannot detect the multi-line header with CR). -(rui) +(rui, Gustavo) . Fixed bug #60825 (Segfault when running symfony 2 tests). (Dmitry, Laruence) . Fix bug #60895 (Possible invalid handler usage in windows random Deleted: php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt 2012-02-03 08:14:39 UTC (rev 323040) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt 2012-02-03 08:48:34 UTC (rev 323041) @@ -1,20 +0,0 @@ ---TEST-- -Bug #60227 (header() cannot detect the multi-line header with CR) ---FILE-- -?php -header(X-Foo1: a); -header(X-Foo2: b\n ); -header(X-Foo3: c\r\n ); -header(X-Foo4: d\r ); -header(X-Foo5: e\rSet-Cookie: ID=123); -echo 'foo'; -? ---EXPECTF-- -Warning: Header may not contain more than a single header, new line detected. in %s on line %d -foo ---EXPECTHEADERS-- -X-Foo1: a -X-Foo2: b -X-Foo3: c -X-Foo4: d - Copied: php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_1.phpt (from rev 323033, php/php-src/trunk/ext/standard/tests/general_functions/bug60227_1.phpt) === --- php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_1.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_1.phpt 2012-02-03 08:48:34 UTC (rev 323041) @@ -0,0 +1,20 @@ +--TEST-- +Bug #60227 (header() cannot detect the multi-line header with CR) +--FILE-- +?php +header(X-Foo1: a); +header(X-Foo2: b\n ); +header(X-Foo3: c\r\n ); +header(X-Foo4: d\r ); +header(X-Foo5: e\rSet-Cookie: ID=123); +echo 'foo'; +? +--EXPECTF-- +Warning: Header may not contain more than a single header, new line detected. in %s on line %d +foo +--EXPECTHEADERS-- +X-Foo1: a +X-Foo2: b +X-Foo3: c +X-Foo4: d + Copied: php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_2.phpt (from rev 323033, php/php-src/trunk/ext/standard/tests/general_functions/bug60227_2.phpt) === --- php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_2.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227_2.phpt 2012-02-03 08:48:34 UTC (rev 323041) @@ -0,0 +1,14 @@ +--TEST-- +Bug #60227 (header() cannot detect the multi-line header with CR), \r before \n +--FILE-- +?php +header(X-foo: e\n foo); +header(X-Foo6: e\rSet-Cookie: ID=123\n d); +echo 'foo'; +? +--EXPECTF-- +Warning: Header may not contain more than a single header, new line detected. in %s on line %d +foo +--EXPECTHEADERS-- +X-foo: e +foo Modified: php/php-src/branches/PHP_5_3/main/SAPI.c === --- php/php-src/branches/PHP_5_3/main/SAPI.c2012-02-03 08:14:39 UTC (rev 323040) +++ php/php-src/branches/PHP_5_3/main/SAPI.c2012-02-03 08:48:34 UTC (rev 323041) @@ -591,10 +591,11 @@ } } else { /* new line safety check */ - char *s = header_line, *e = header_line + header_line_len, *p; - while (s e ((p = memchr(s, '\n', (e - s))) || (p = memchr(s, '\r', (e - s) { - if (*(p + 1) == ' ' || *(p + 1) == '\t') { - s = p + 1; + char *s = header_line; + while (s = strpbrk(s, \n\r)) { + if (s[1] == ' ' || s[1] == '\t') { + /* RFC 2616 allows new lines if followed by SP or HT */ +
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/reflection/php_reflection.c branches/PHP_5_3/ext/reflection/tests/bug60367.phpt trunk/NEWS trunk/ext/reflection/php_reflection.c
laruence Fri, 03 Feb 2012 16:27:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323045 Log: Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()) Bug: https://bugs.php.net/60968 (Assigned) Late static binding doesn't work with ReflectionMethod::invokeArgs() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c U php/php-src/branches/PHP_5_3/ext/reflection/tests/bug60367.phpt U php/php-src/trunk/NEWS U php/php-src/trunk/ext/reflection/php_reflection.c U php/php-src/trunk/ext/reflection/tests/bug60367.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-03 16:21:08 UTC (rev 323044) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-03 16:27:35 UTC (rev 323045) @@ -36,6 +36,10 @@ - SOAP: . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) +- Reflection: + . Fixed bug #60968 (Late static binding doesn't work with +ReflectionMethod::invokeArgs()). (Laruence) + ?? ??? 2012, PHP 5.3.10 (to be added) Modified: php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c === --- php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2012-02-03 16:21:08 UTC (rev 323044) +++ php/php-src/branches/PHP_5_3/ext/reflection/php_reflection.c 2012-02-03 16:27:35 UTC (rev 323045) @@ -2744,7 +2744,7 @@ fcc.initialized = 1; fcc.function_handler = mptr; fcc.calling_scope = obj_ce; - fcc.called_scope = obj_ce; + fcc.called_scope = intern-ce; fcc.object_ptr = object; result = zend_call_function(fci, fcc TSRMLS_CC); Modified: php/php-src/branches/PHP_5_3/ext/reflection/tests/bug60367.phpt === --- php/php-src/branches/PHP_5_3/ext/reflection/tests/bug60367.phpt 2012-02-03 16:21:08 UTC (rev 323044) +++ php/php-src/branches/PHP_5_3/ext/reflection/tests/bug60367.phpt 2012-02-03 16:27:35 UTC (rev 323045) @@ -20,7 +20,9 @@ $method = new ReflectionMethod(b::call); $method-invoke(null); +$method-invokeArgs(null, array()); $method = new ReflectionMethod(A::call); $method-invoke(null); +$method-invokeArgs(null, array()); --EXPECTF-- -BA +BBAA Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-02-03 16:21:08 UTC (rev 323044) +++ php/php-src/trunk/NEWS 2012-02-03 16:27:35 UTC (rev 323045) @@ -35,4 +35,8 @@ - pgsql . Added pg_escape_literal() and pg_escape_identifier() (Yasuo) +- Reflection: + . Fixed bug #60968 (Late static binding doesn't work with +ReflectionMethod::invokeArgs()). (Laruence) + NOTE: Insert NEWS from last stable release here prior to actual release! Modified: php/php-src/trunk/ext/reflection/php_reflection.c === --- php/php-src/trunk/ext/reflection/php_reflection.c 2012-02-03 16:21:08 UTC (rev 323044) +++ php/php-src/trunk/ext/reflection/php_reflection.c 2012-02-03 16:27:35 UTC (rev 323045) @@ -2920,7 +2920,7 @@ fcc.initialized = 1; fcc.function_handler = mptr; fcc.calling_scope = obj_ce; - fcc.called_scope = obj_ce; + fcc.called_scope = intern-ce; fcc.object_ptr = object; result = zend_call_function(fci, fcc TSRMLS_CC); Modified: php/php-src/trunk/ext/reflection/tests/bug60367.phpt === --- php/php-src/trunk/ext/reflection/tests/bug60367.phpt2012-02-03 16:21:08 UTC (rev 323044) +++ php/php-src/trunk/ext/reflection/tests/bug60367.phpt2012-02-03 16:27:35 UTC (rev 323045) @@ -20,7 +20,9 @@ $method = new ReflectionMethod(b::call); $method-invoke(null); +$method-invokeArgs(null, array()); $method = new ReflectionMethod(A::call); $method-invoke(null); +$method-invokeArgs(null, array()); --EXPECTF-- -BA +BBAA -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS configure.in main/php_version.h
johannes Thu, 02 Feb 2012 17:25:23 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323024 Log: This will be PHP 5.3.11, 5.3.10 will be released from other branch Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/configure.in U php/php-src/branches/PHP_5_3/main/php_version.h Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-02 17:22:05 UTC (rev 323023) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-02 17:25:23 UTC (rev 323024) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? ?? 2012, PHP 5.3.10 +?? ??? 2012, PHP 5.3.11 - Session: . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) @@ -36,6 +36,10 @@ - SOAP: . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) +?? ??? 2012, PHP 5.3.10 + +(to be added) + 10 Jan 2012, PHP 5.3.9 - Core: Modified: php/php-src/branches/PHP_5_3/configure.in === --- php/php-src/branches/PHP_5_3/configure.in 2012-02-02 17:22:05 UTC (rev 323023) +++ php/php-src/branches/PHP_5_3/configure.in 2012-02-02 17:25:23 UTC (rev 323024) @@ -41,7 +41,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 -PHP_RELEASE_VERSION=10 +PHP_RELEASE_VERSION=11 PHP_EXTRA_VERSION=-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_3/main/php_version.h === --- php/php-src/branches/PHP_5_3/main/php_version.h 2012-02-02 17:22:05 UTC (rev 323023) +++ php/php-src/branches/PHP_5_3/main/php_version.h 2012-02-02 17:25:23 UTC (rev 323024) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 3 -#define PHP_RELEASE_VERSION 10 +#define PHP_RELEASE_VERSION 11 #define PHP_EXTRA_VERSION -dev -#define PHP_VERSION 5.3.10-dev -#define PHP_VERSION_ID 50310 +#define PHP_VERSION 5.3.11-dev +#define PHP_VERSION_ID 50311 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/soap/php_sdl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/soap/php_sdl.c trunk/ext/soap/php_sdl.c
dmitry Wed, 01 Feb 2012 11:26:57 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322992 Log: Fixed basic HTTP authentication for WSDL sub requests Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c U php/php-src/trunk/ext/soap/php_sdl.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-01 11:07:56 UTC (rev 322991) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-01 11:26:57 UTC (rev 322992) @@ -33,6 +33,9 @@ - PDO_Sqlite extension: . Add createCollation support. (Damien) +- SOAP: + . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) + 10 Jan 2012, PHP 5.3.9 - Core: Modified: php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c === --- php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c 2012-02-01 11:07:56 UTC (rev 322991) +++ php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c 2012-02-01 11:26:57 UTC (rev 322992) @@ -242,6 +242,40 @@ if (!s) return; s = strchr(s+3, '/'); l2 = s - (char*)uri; + if (l1 != l2) { + /* check for http://...:80/ */ + if (l1 11 + ctx-sdl-source[4] == ':' + ctx-sdl-source[l1-3] == ':' + ctx-sdl-source[l1-2] == '8' + ctx-sdl-source[l1-1] == '0') { + l1 -= 3; + } + if (l2 11 + uri[4] == ':' + uri[l2-3] == ':' + uri[l2-2] == '8' + uri[l2-1] == '0') { + l2 -= 3; + } + /* check for https://...:443/ */ + if (l1 13 + ctx-sdl-source[4] == 's' + ctx-sdl-source[l1-4] == ':' + ctx-sdl-source[l1-3] == '4' + ctx-sdl-source[l1-2] == '4' + ctx-sdl-source[l1-1] == '3') { + l1 -= 4; + } + if (l2 13 + uri[4] == 's' + uri[l2-4] == ':' + uri[l2-3] == '4' + uri[l2-2] == '4' + uri[l2-1] == '3') { + l2 -= 4; + } + } if (l1 != l2 || memcmp(ctx-sdl-source, uri, l1) != 0) { /* another server. clear authentication credentals */ context = php_libxml_switch_context(NULL TSRMLS_CC); Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-01 11:07:56 UTC (rev 322991) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-01 11:26:57 UTC (rev 322992) @@ -16,6 +16,9 @@ . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) +- SOAP: + . Fixed basic HTTP authentication for WSDL sub requests. (Dmitry) + 19 Jan 2012, PHP 5.4.0 RC6 - Core: Modified: php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c === --- php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c 2012-02-01 11:07:56 UTC (rev 322991) +++ php/php-src/branches/PHP_5_4/ext/soap/php_sdl.c 2012-02-01 11:26:57 UTC (rev 322992) @@ -242,6 +242,40 @@ if (!s) return; s = strchr(s+3, '/'); l2 = s - (char*)uri; + if (l1 != l2) { + /* check for http://...:80/ */ + if (l1 11 + ctx-sdl-source[4] == ':' + ctx-sdl-source[l1-3] == ':' + ctx-sdl-source[l1-2] == '8' + ctx-sdl-source[l1-1] == '0') { + l1 -= 3; + } + if (l2 11 + uri[4] == ':' + uri[l2-3] == ':' + uri[l2-2] == '8' + uri[l2-1] == '0') { + l2 -= 3; + } + /* check for https://...:443/ */ + if (l1 13 + ctx-sdl-source[4] == 's' + ctx-sdl-source[l1-4] == ':' + ctx-sdl-source[l1-3] == '4' + ctx-sdl-source[l1-2] == '4' + ctx-sdl-source[l1-1] == '3') { + l1 -= 4; + } + if (l2 13 + uri[4] == 's' + uri[l2-4] == ':' + uri[l2-3] == '4' + uri[l2-2] == '4' + uri[l2-1] == '3') { + l2 -= 4; + } + } if (l1 != l2 || memcmp(ctx-sdl-source, uri, l1) != 0) {
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c branches/PHP_5_4/NEWS branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c trunk/TSRM/tsrm_virtual_cwd.c
dmitry Mon, 30 Jan 2012 10:08:11 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322927 Log: Fixed bug #51860 (Include fails with toplevel symlink to /) Bug: https://bugs.php.net/51860 (Assigned) Include fails with toplevel symlink to / Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c U php/php-src/trunk/TSRM/tsrm_virtual_cwd.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-30 10:08:11 UTC (rev 322927) @@ -12,6 +12,7 @@ (Dmitry, Laruence) . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) + . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). Modified: php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c === --- php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c2012-01-30 10:08:11 UTC (rev 322927) @@ -773,6 +773,9 @@ while (1) { if (len = start) { + if (link_is_dir) { + *link_is_dir = 1; + } return start; } @@ -789,6 +792,10 @@ continue; } else if (i == len - 2 path[i] == '.' path[i+1] == '.') { /* remove '..' and previous directory */ + is_dir = 1; + if (link_is_dir) { + *link_is_dir = 1; + } if (i - 1 = start) { return start ? start : len; } @@ -1214,9 +1221,14 @@ return 1; } memcpy(resolved_path, state-cwd, state_cwd_length); - resolved_path[state_cwd_length] = DEFAULT_SLASH; - memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); - path_length += state_cwd_length + 1; + if (resolved_path[state_cwd_length-1] == DEFAULT_SLASH) { + memcpy(resolved_path + state_cwd_length, path, path_length + 1); + path_length += state_cwd_length; + } else { + resolved_path[state_cwd_length] = DEFAULT_SLASH; + memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); + path_length += state_cwd_length + 1; + } } } else { #ifdef TSRM_WIN32 Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-30 10:08:11 UTC (rev 322927) @@ -4,6 +4,7 @@ - Core: . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) + . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) - OpenSSL: . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. Modified: php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c === --- php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c2012-01-30 10:08:11 UTC (rev 322927) @@ -760,6 +760,9 @@ while (1) { if (len = start) { + if (link_is_dir) { + *link_is_dir = 1; + } return start; } @@ -776,6 +779,10 @@ continue; } else if (i == len - 2 path[i] == '.' path[i+1] == '.') { /* remove '..' and previous directory */ + is_dir = 1; + if (link_is_dir) { + *link_is_dir = 1; + } if (i - 1 = start) { return start ? start : len; } @@ -1200,9 +1207,14 @@ return 1; } memcpy(resolved_path,
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_3/NEWS PHP_5_3/ext/session/mod_user.c PHP_5_3/ext/session/tests/bug60860.phpt PHP_5_4/NEWS PHP_5_4/ext/session/mod_user.c PHP_5_4/ext/session/tests/bug60860
felipe Sat, 28 Jan 2012 21:02:09 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322909 Log: - Fixed bug #60860 (session.save_handler=user without defined function core dumps) Bug: https://bugs.php.net/60860 (Assigned) session.save_handler=user without defined function core dumps Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/session/mod_user.c A php/php-src/branches/PHP_5_3/ext/session/tests/bug60860.phpt U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/session/mod_user.c A php/php-src/branches/PHP_5_4/ext/session/tests/bug60860.phpt Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-28 20:07:31 UTC (rev 322908) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-28 21:02:09 UTC (rev 322909) @@ -1,6 +1,9 @@ PHPNEWS ||| ?? ?? 2012, PHP 5.3.10 +- Session: + . Fixed bug #60860 (session.save_handler=user without defined function core +dumps). (Felipe) - Core: . Fixed bug #60227 (header() cannot detect the multi-line header with CR). Modified: php/php-src/branches/PHP_5_3/ext/session/mod_user.c === --- php/php-src/branches/PHP_5_3/ext/session/mod_user.c 2012-01-28 20:07:31 UTC (rev 322908) +++ php/php-src/branches/PHP_5_3/ext/session/mod_user.c 2012-01-28 21:02:09 UTC (rev 322909) @@ -86,6 +86,13 @@ zval *args[2]; static char dummy = 0; STDVARS1; + + if (PSF(open) == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, + user session functions not defined); + + return FAILURE; + } SESS_ZVAL_STRING((char*)save_path, args[0]); SESS_ZVAL_STRING((char*)session_name, args[1]); Added: php/php-src/branches/PHP_5_3/ext/session/tests/bug60860.phpt === --- php/php-src/branches/PHP_5_3/ext/session/tests/bug60860.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/session/tests/bug60860.phpt 2012-01-28 21:02:09 UTC (rev 322909) @@ -0,0 +1,17 @@ +--TEST-- +Bug #60860 (session.save_handler=user without defined function core dumps) +--SKIPIF-- +?php include('skipif.inc'); ? +--INI-- +session.save_handler=user +--FILE-- +?php + +session_start(); +echo ok\n; + +? +--EXPECTF-- +Warning: session_start(): user session functions not defined in %s on line 3 + +Fatal error: session_start(): Failed to initialize storage module: user (path: ) in %s on line 3 Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-28 20:07:31 UTC (rev 322908) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-28 21:02:09 UTC (rev 322909) @@ -8,6 +8,10 @@ - OpenSSL: . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. CVE-2011-3389. (Scott) + +- Session: + . Fixed bug #60860 (session.save_handler=user without defined function core +dumps). (Felipe) 19 Jan 2012, PHP 5.4.0 RC6 Modified: php/php-src/branches/PHP_5_4/ext/session/mod_user.c === --- php/php-src/branches/PHP_5_4/ext/session/mod_user.c 2012-01-28 20:07:31 UTC (rev 322908) +++ php/php-src/branches/PHP_5_4/ext/session/mod_user.c 2012-01-28 21:02:09 UTC (rev 322909) @@ -80,6 +80,13 @@ { zval *args[2]; STDVARS; + + if (PSF(open) == NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, + user session functions not defined); + + return FAILURE; + } SESS_ZVAL_STRING((char*)save_path, args[0]); SESS_ZVAL_STRING((char*)session_name, args[1]); Added: php/php-src/branches/PHP_5_4/ext/session/tests/bug60860.phpt === --- php/php-src/branches/PHP_5_4/ext/session/tests/bug60860.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/session/tests/bug60860.phpt 2012-01-28 21:02:09 UTC (rev 322909) @@ -0,0 +1,17 @@ +--TEST-- +Bug #60860 (session.save_handler=user without defined function core dumps) +--SKIPIF-- +?php include('skipif.inc'); ? +--INI-- +session.save_handler=user +--FILE-- +?php + +session_start(); +echo ok\n; + +? +--EXPECTF-- +Warning: session_start(): user session functions not defined in %s on line 3 + +Fatal error: session_start(): Failed to initialize storage module: user (path: ) in %s on line 3 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
rasmus Sun, 29 Jan 2012 03:59:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322914 Log: createCollation() Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-29 03:57:29 UTC (rev 322913) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-29 03:59:35 UTC (rev 322914) @@ -26,6 +26,9 @@ - PHP-FPM SAPI: . Fixed bug #60811 (php-fpm compilation problem). (rasmus) +- SQLite3 extension: + . Add createCollation() method. (Brad Dewar) + 10 Jan 2012, PHP 5.3.9 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
rasmus Sun, 29 Jan 2012 04:23:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322917 Log: createCollation Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-29 04:22:23 UTC (rev 322916) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-29 04:23:27 UTC (rev 322917) @@ -29,6 +29,9 @@ - SQLite3 extension: . Add createCollation() method. (Brad Dewar) +- PDO_Sqlite extension: + . Add createCollation support. (Damien) + 10 Jan 2012, PHP 5.3.9 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/win32/winutil.c branches/PHP_5_4/NEWS branches/PHP_5_4/win32/winutil.c trunk/win32/winutil.c
pajoye Fri, 27 Jan 2012 10:56:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322843 Log: - fix #60895, possible invalid handler usage Bug: https://bugs.php.net/60895 (Open) null pointer dereference in php_win32_free_rng_lock() Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/win32/winutil.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/win32/winutil.c U php/php-src/trunk/win32/winutil.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-27 10:00:18 UTC (rev 322842) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-27 10:56:33 UTC (rev 322843) @@ -3,23 +3,25 @@ ?? ?? 2012, PHP 5.3.10 - Core: - . Fixed bug #60227 (header() cannot detect the multi-line header with CR). - (rui) - . Fixed bug #60825 (Segfault when running symfony 2 tests). - (Dmitry, Laruence) + . Fixed bug #60227 (header() cannot detect the multi-line header with CR). +(rui) + . Fixed bug #60825 (Segfault when running symfony 2 tests). +(Dmitry, Laruence) + . Fix bug #60895 (Possible invalid handler usage in windows random +functions). (Pierre) - Firebird Database extension (ibase): - . Fixed bug #60802 (ibase_trans() gives segfault when passing params). + . Fixed bug #60802 (ibase_trans() gives segfault when passing params). - Streams: - . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected - together with the last read). (Gustavo) - . Fixed bug #60817 (stream_get_line() reads from stream even when there is - already sufficient data buffered). stream_get_line() now behaves more like - fgets(), as is documented. (Gustavo) + . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected +together with the last read). (Gustavo) + . Fixed bug #60817 (stream_get_line() reads from stream even when there is +already sufficient data buffered). stream_get_line() now behaves more like +fgets(), as is documented. (Gustavo) - PHP-FPM SAPI: - . Fixed bug #60811 (php-fpm compilation problem). (rasmus) + . Fixed bug #60811 (php-fpm compilation problem). (rasmus) 10 Jan 2012, PHP 5.3.9 Modified: php/php-src/branches/PHP_5_3/win32/winutil.c === --- php/php-src/branches/PHP_5_3/win32/winutil.c2012-01-27 10:00:18 UTC (rev 322842) +++ php/php-src/branches/PHP_5_3/win32/winutil.c2012-01-27 10:56:33 UTC (rev 322843) @@ -62,8 +62,10 @@ void php_win32_free_rng_lock() { tsrm_mutex_lock(php_lock_win32_cryptoctx); - CryptReleaseContext(hCryptProv, 0); - has_crypto_ctx = 0; + if (has_crypto_ctx == 1) { + CryptReleaseContext(hCryptProv, 0); + has_crypto_ctx = 0; + } tsrm_mutex_unlock(php_lock_win32_cryptoctx); tsrm_mutex_free(php_lock_win32_cryptoctx); Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-27 10:00:18 UTC (rev 322842) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-27 10:56:33 UTC (rev 322843) @@ -1,9 +1,14 @@ PHPNEWS ||| ?? Jan 2012, PHP 5.4.0 RC 7 -- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. - CVE-2011-3389. (Scott) +- Core: + . Fix bug #60895 (Possible invalid handler usage in windows random +functions). (Pierre) +- OpenSSL: + . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. +CVE-2011-3389. (Scott) + 19 Jan 2012, PHP 5.4.0 RC6 - Core: Modified: php/php-src/branches/PHP_5_4/win32/winutil.c === --- php/php-src/branches/PHP_5_4/win32/winutil.c2012-01-27 10:00:18 UTC (rev 322842) +++ php/php-src/branches/PHP_5_4/win32/winutil.c2012-01-27 10:56:33 UTC (rev 322843) @@ -62,8 +62,10 @@ void php_win32_free_rng_lock() { tsrm_mutex_lock(php_lock_win32_cryptoctx); - CryptReleaseContext(hCryptProv, 0); - has_crypto_ctx = 0; + if (has_crypto_ctx == 1) { + CryptReleaseContext(hCryptProv, 0); + has_crypto_ctx = 0; + } tsrm_mutex_unlock(php_lock_win32_cryptoctx); tsrm_mutex_free(php_lock_win32_cryptoctx); Modified: php/php-src/trunk/win32/winutil.c === --- php/php-src/trunk/win32/winutil.c 2012-01-27 10:00:18 UTC (rev 322842) +++ php/php-src/trunk/win32/winutil.c 2012-01-27 10:56:33 UTC (rev 322843) @@ -62,8 +62,10 @@ void php_win32_free_rng_lock() { tsrm_mutex_lock(php_lock_win32_cryptoctx); -
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
Sent from my iPhone 在 2012-1-25,15:49,Dmitry Stogov dmi...@zend.com 写道: On 01/25/2012 11:36 AM, Rasmus Lerdorf wrote: Still a known crash bug though. This is what our RCs are supposed to catch, right? This is not a single way to crash PHP with especially prepared code. Some of these ways are never going to be fixed. For me it doesn't mater if this patch will be committed before or after release. Anyway, the patch may have effect only on very specific PHP code and shouldn't make any harm. Indeed, I think we should been careful with *big* patch which might introduce new issues when in code freeze phase. Considering this little fix, it is no harm to commit to RC. :) Anyway it also okey for me to commit after release, since this is really a trivial bug and there are already one patche for me need to be remembered ci after 5.4.0 released. :) Thanks Thanks. Dmitry. On 01/24/2012 11:34 PM, Dmitry Stogov wrote: Hi Stas, Not a big problem, just yet another way to crash PHP locally with tricky code. It may be committed after release as well. Thanks. Dmitry. On 01/25/2012 11:29 AM, Stas Malyshev wrote: Hi! Now it looks fine. I think it should be committed into 5.4 as well. Stas? That would probably require new RC, i.e. release will have to be pushed back. How serious is the problem we're talking about? -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
hi! we need another RC anyway. There is another trait segfault and that openssl security bug. Cheers, On Wed, Jan 25, 2012 at 8:29 AM, Stas Malyshev smalys...@sugarcrm.com wrote: Hi! Now it looks fine. I think it should be committed into 5.4 as well. Stas? That would probably require new RC, i.e. release will have to be pushed back. How serious is the problem we're talking about? -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
to be more specific: If we do not want to delay 5.4 any further (and I think we should not delay it any longer after this RC). We should simply stop any kind of commits after it, to follow the golden release rule. Only very critical security issues should be allowed, after approvals. It is also easy to release 5.4.1 shortly after final. Cheers, On Wed, Jan 25, 2012 at 10:25 AM, Pierre Joye pierre@gmail.com wrote: hi! we need another RC anyway. There is another trait segfault and that openssl security bug. Cheers, On Wed, Jan 25, 2012 at 8:29 AM, Stas Malyshev smalys...@sugarcrm.com wrote: Hi! Now it looks fine. I think it should be committed into 5.4 as well. Stas? That would probably require new RC, i.e. release will have to be pushed back. How serious is the problem we're talking about? -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
Hi! Considering this little fix, it is no harm to commit to RC. :) Anyway it also okey for me to commit after release, since this is really a trivial bug and there are already one patche for me need to be remembered ci after 5.4.0 released. :) OK, it looks like we're going to have another RC anyway, so please commit it to 5.4 too. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests/bug
laruence Tue, 24 Jan 2012 14:39:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322678 Log: Re-fixed bug #60825 (Segfault when running symfony 2 tests) Bug: https://bugs.php.net/60825 (Critical) Segfault when running symfony 2 tests Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/tests/bug60825.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-24 14:39:45 UTC (rev 322678) @@ -5,6 +5,8 @@ - Core: . Fixed bug #60227 (header() cannot detect the multi-line header with CR). (rui) + . Fixed bug #60825 (Segfault when running symfony 2 tests). + (Dmitry, Laruence) - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). Added: php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt === --- php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt 2012-01-24 14:39:45 UTC (rev 322678) @@ -0,0 +1,19 @@ +--TEST-- +Bug #60825 (Segfault when running symfony 2 tests) +--DESCRIPTION-- +run this with valgrind +--FILE-- +?php +class test { + public static $x; + public function __toString() { + self::$x = $this; + return __FILE__; + } +} +$a = new test; +require_once $a; +debug_zval_dump(test::$x); +? +--EXPECTF-- +string(%d) %sbug60825.php refcount(2) Modified: php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h === --- php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h 2012-01-24 14:39:45 UTC (rev 322678) @@ -3224,14 +3224,15 @@ int return_value_used; zend_free_op free_op1; zval *inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R); - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename-type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(tmp_inc_filename); - convert_to_string(tmp_inc_filename); - inc_filename = tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } return_value_used = RETURN_VALUE_USED(opline); @@ -3297,8 +3298,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==tmp_inc_filename) { - zval_dtor(tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(tmp_inc_filename); } FREE_OP1(); EX_T(opline-result.u.var).var.ptr_ptr = EX_T(opline-result.u.var).var.ptr; Modified: php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h === --- php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h 2012-01-24 13:28:39 UTC (rev 322677) +++ php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h 2012-01-24 14:39:45 UTC (rev 322678) @@ -1902,14 +1902,15 @@ int return_value_used; zval *inc_filename = opline-op1.u.constant; - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename-type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(tmp_inc_filename); - convert_to_string(tmp_inc_filename); - inc_filename = tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); + inc_filename = tmp_inc_filename; } return_value_used = RETURN_VALUE_USED(opline); @@ -1975,8 +1976,8 @@ EMPTY_SWITCH_DEFAULT_CASE() } } - if (inc_filename==tmp_inc_filename) { - zval_dtor(tmp_inc_filename); + if (tmp_inc_filename) { + zval_ptr_dtor(tmp_inc_filename); } EX_T(opline-result.u.var).var.ptr_ptr = EX_T(opline-result.u.var).var.ptr; @@ -5190,14 +5191,15 @@ int return_value_used; zend_free_op free_op1; zval *inc_filename = _get_zval_ptr_tmp(opline-op1, EX(Ts), free_op1 TSRMLS_CC); - zval tmp_inc_filename; + zval *tmp_inc_filename = NULL; zend_bool failure_retval=0; if (inc_filename-type!=IS_STRING) { - tmp_inc_filename = *inc_filename; - zval_copy_ctor(tmp_inc_filename); - convert_to_string(tmp_inc_filename); - inc_filename = tmp_inc_filename; + MAKE_STD_ZVAL(tmp_inc_filename); + *tmp_inc_filename = *inc_filename; + zval_copy_ctor(tmp_inc_filename); + convert_to_string(tmp_inc_filename); +
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
HI Dmitry: could you please review this improved fix? thanks On Tue, Jan 24, 2012 at 10:39 PM, Xinchen Hui larue...@php.net wrote: laruence Tue, 24 Jan 2012 14:39:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322678 Log: Re-fixed bug #60825 (Segfault when running symfony 2 tests) Bug: https://bugs.php.net/60825 (Critical) Segfault when running symfony 2 tests Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/tests/bug60825.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
Hi, Now it looks fine. I think it should be committed into 5.4 as well. Stas? Thanks. Dmitry. On 01/24/2012 06:43 PM, Laruence wrote: HI Dmitry: could you please review this improved fix? thanks On Tue, Jan 24, 2012 at 10:39 PM, Xinchen Huilarue...@php.net wrote: laruence Tue, 24 Jan 2012 14:39:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322678 Log: Re-fixed bug #60825 (Segfault when running symfony 2 tests) Bug: https://bugs.php.net/60825 (Critical) Segfault when running symfony 2 tests Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/Zend/tests/bug60825.phpt U php/php-src/branches/PHP_5_3/Zend/zend_vm_def.h U php/php-src/branches/PHP_5_3/Zend/zend_vm_execute.h U php/php-src/trunk/NEWS U php/php-src/trunk/Zend/tests/bug60825.phpt U php/php-src/trunk/Zend/zend_vm_def.h U php/php-src/trunk/Zend/zend_vm_execute.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
Hi! Now it looks fine. I think it should be committed into 5.4 as well. Stas? That would probably require new RC, i.e. release will have to be pushed back. How serious is the problem we're talking about? -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
Hi Stas, Not a big problem, just yet another way to crash PHP locally with tricky code. It may be committed after release as well. Thanks. Dmitry. On 01/25/2012 11:29 AM, Stas Malyshev wrote: Hi! Now it looks fine. I think it should be committed into 5.4 as well. Stas? That would probably require new RC, i.e. release will have to be pushed back. How serious is the problem we're talking about? -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
Still a known crash bug though. This is what our RCs are supposed to catch, right? On 01/24/2012 11:34 PM, Dmitry Stogov wrote: Hi Stas, Not a big problem, just yet another way to crash PHP locally with tricky code. It may be committed after release as well. Thanks. Dmitry. On 01/25/2012 11:29 AM, Stas Malyshev wrote: Hi! Now it looks fine. I think it should be committed into 5.4 as well. Stas? That would probably require new RC, i.e. release will have to be pushed back. How serious is the problem we're talking about? -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
Hi! Still a known crash bug though. This is what our RCs are supposed to catch, right? Right, but judging by current patten we're pushing the release further and further without any obvious end in sight. If we will wait with the release until we have 0 bugs in PHP (or even 0 possibility of segfault) we will never release, let alone adhere to any release RFC (which we already behind by 2 months). That's why I want to make a distinction between critical and non-critical things and not commit non-critical things now. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/Zend/tests/bug60825.phpt branches/PHP_5_3/Zend/zend_vm_def.h branches/PHP_5_3/Zend/zend_vm_execute.h trunk/NEWS trunk/Zend/tests
On 01/25/2012 11:36 AM, Rasmus Lerdorf wrote: Still a known crash bug though. This is what our RCs are supposed to catch, right? This is not a single way to crash PHP with especially prepared code. Some of these ways are never going to be fixed. For me it doesn't mater if this patch will be committed before or after release. Anyway, the patch may have effect only on very specific PHP code and shouldn't make any harm. Thanks. Dmitry. On 01/24/2012 11:34 PM, Dmitry Stogov wrote: Hi Stas, Not a big problem, just yet another way to crash PHP locally with tricky code. It may be committed after release as well. Thanks. Dmitry. On 01/25/2012 11:29 AM, Stas Malyshev wrote: Hi! Now it looks fine. I think it should be committed into 5.4 as well. Stas? That would probably require new RC, i.e. release will have to be pushed back. How serious is the problem we're talking about? -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt branches/PHP_5_3/ext/standa
cataphract Sun, 22 Jan 2012 20:30:37 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322582 Log: - Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). - Fixed bug #60817 (stream_get_line() reads from stream even when there is already sufficient data buffered). stream_get_line() now behaves more like fgets(), as is documented. #withheld commit to 5.4 Bugs: https://bugs.php.net/60455 (Closed) stream_get_line reports two lines instead of one https://bugs.php.net/60817 (Assigned) stream_get_line() incorrectly blocks Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt U php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_04.phpt A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60817.phpt U php/php-src/branches/PHP_5_3/main/streams/streams.c U php/php-src/trunk/ext/standard/tests/streams/bug60455_02.phpt U php/php-src/trunk/ext/standard/tests/streams/bug60455_03.phpt A php/php-src/trunk/ext/standard/tests/streams/bug60455_04.phpt A php/php-src/trunk/ext/standard/tests/streams/bug60817.phpt U php/php-src/trunk/main/streams/streams.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-22 20:09:22 UTC (rev 322581) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-22 20:30:37 UTC (rev 322582) @@ -3,12 +3,21 @@ ?? ?? 2012, PHP 5.3.10 - Core: - . fixed bug #60227: header() cannot detect the multi-line header with CR (rui). + . Fixed bug #60227 (header() cannot detect the multi-line header with CR). + (rui) + - Firebird Database extension (ibase): - . Fixed bug #60802: ibase_trans() gives segfault when passing params + . Fixed bug #60802 (ibase_trans() gives segfault when passing params). +- Streams: + . Further fix for bug #60455 (stream_get_line misbehaves if EOF is not detected + together with the last read). (Gustavo) + . Fixed bug #60817 (stream_get_line() reads from stream even when there is + already sufficient data buffered). stream_get_line() now behaves more like + fgets(), as is documented. (Gustavo) + - PHP-FPM SAPI: - . fixed bug #60811: php-fpm compilation problem (rasmus) + . Fixed bug #60811 (php-fpm compilation problem). (rasmus) 10 Jan 2012, PHP 5.3.9 Modified: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt 2012-01-22 20:09:22 UTC (rev 322581) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt 2012-01-22 20:30:37 UTC (rev 322582) @@ -28,3 +28,4 @@ } --EXPECT-- string(1) a +bool(false) Modified: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt 2012-01-22 20:09:22 UTC (rev 322581) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt 2012-01-22 20:30:37 UTC (rev 322582) @@ -47,7 +47,9 @@ --EXPECT-- string(1) a string(1) b +bool(false) string(1) a string(0) +bool(false) string(1) a string(0) Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_04.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_04.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_04.phpt 2012-01-22 20:30:37 UTC (rev 322582) @@ -0,0 +1,32 @@ +--TEST-- +Bug #60455: stream_get_line and 1-line with maxlen size followed by 0-length +read with EOL indication +--FILE-- +?php +class TestStream { + private $s = 0; + function stream_open($path, $mode, $options, $opened_path) { + return true; + } + function stream_read($count) { + if ($this-s++ == 0) + return a\n; + + return ; + } + function stream_eof() { + return $this-s = 2; + } + +} + +stream_wrapper_register(test, TestStream); + +$f = fopen(test://, r); +while (!feof($f)) { +$line = stream_get_line($f, 2, \n); +var_dump($line); +} +--EXPECT-- +string(1) a +bool(false) Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_04.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60817.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60817.phpt
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
mariuz Thu, 19 Jan 2012 22:35:35 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322479 Log: Added the bugfixing notes to the NEWS file Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-19 22:35:22 UTC (rev 322478) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-19 22:35:35 UTC (rev 322479) @@ -4,6 +4,8 @@ - Core: . fixed bug #60227: header() cannot detect the multi-line header with CR (rui). +- Firebird Database extension (ibase): + . Fixed bug #60802: ibase_trans() gives segfault when passing params 10 Jan 2012, PHP 5.3.9 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
rasmus Thu, 19 Jan 2012 22:41:39 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322480 Log: . Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-19 22:35:35 UTC (rev 322479) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-19 22:41:39 UTC (rev 322480) @@ -7,6 +7,9 @@ - Firebird Database extension (ibase): . Fixed bug #60802: ibase_trans() gives segfault when passing params +- PHP-FPM SAPI: + . fixed bug #60811: php-fpm compilation problem (rasmus) + 10 Jan 2012, PHP 5.3.9 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS ext/standard/tests/general_functions/bug60227.phpt main/SAPI.c
hirokawa Sat, 14 Jan 2012 07:41:01 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322263 Log: MFH: fixed bug #60227: header() cannot detect the multi-line header with CR. Bug: https://bugs.php.net/60227 (Closed) header() cannot detect the multi-line header with CR(0x0D). Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt U php/php-src/branches/PHP_5_3/main/SAPI.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-14 06:47:23 UTC (rev 322262) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-14 07:41:01 UTC (rev 322263) @@ -1,5 +1,10 @@ PHPNEWS ||| +?? ?? 2012, PHP 5.3.10 + +- Core: + . fixed bug #60227: header() cannot detect the multi-line header with CR (rui). + 10 Jan 2012, PHP 5.3.9 - Core: Added: php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt 2012-01-14 07:41:01 UTC (rev 322263) @@ -0,0 +1,20 @@ +--TEST-- +Bug #60227 (header() cannot detect the multi-line header with CR) +--FILE-- +?php +header(X-Foo1: a); +header(X-Foo2: b\n ); +header(X-Foo3: c\r\n ); +header(X-Foo4: d\r ); +header(X-Foo5: e\rSet-Cookie: ID=123); +echo 'foo'; +? +--EXPECTF-- +Warning: Header may not contain more than a single header, new line detected. in %s on line %d +foo +--EXPECTHEADERS-- +X-Foo1: a +X-Foo2: b +X-Foo3: c +X-Foo4: d + Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/general_functions/bug60227.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/main/SAPI.c === --- php/php-src/branches/PHP_5_3/main/SAPI.c2012-01-14 06:47:23 UTC (rev 322262) +++ php/php-src/branches/PHP_5_3/main/SAPI.c2012-01-14 07:41:01 UTC (rev 322263) @@ -592,7 +592,7 @@ } else { /* new line safety check */ char *s = header_line, *e = header_line + header_line_len, *p; - while (s e (p = memchr(s, '\n', (e - s { + while (s e ((p = memchr(s, '\n', (e - s))) || (p = memchr(s, '\r', (e - s) { if (*(p + 1) == ' ' || *(p + 1) == '\t') { s = p + 1; continue; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS configure.in main/php_version.h
johannes Tue, 10 Jan 2012 11:21:57 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322014 Log: PHP 5.3.9 Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/configure.in U php/php-src/branches/PHP_5_3/main/php_version.h Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-10 11:03:26 UTC (rev 322013) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-10 11:21:57 UTC (rev 322014) @@ -1,156 +1,21 @@ PHPNEWS ||| -?? ??? 2012, PHP 5.3.9 +10 Jan 2012, PHP 5.3.9 -- Pdo Firebird: - . Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn). - . Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count). -(Mariuz) - -22 Dec 2011, PHP 5.3.9RC4 - - Core: . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). - -- OpenSSL: - . Fix segfault with older versions of OpenSSL. (Scott) - -- Streams: - . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together -with the last read). (Gustavo) - -- Pdo Firebird: - . Fixed bug #48877 (bindValue and bindParam do not work for PDO Firebird). -(Mariuz) - -- PHP-FPM SAPI: - . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). -(fat) - . Fixed bug #60659 (FPM does not clear auth_user on request accept). -(bonbons at linux-vserver dot org) - - -08 Dec 2011, PHP 5.3.9RC3 - -- Filter: - . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized -domain name addresses containing 1 -). (Ilia) - -- cURL: - . Fixed bug #60439 (curl_copy_handle segfault when used with -CURLOPT_PROGRESSFUNCTION). (Pierrick) - - -- Date: - . Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret D). -(Derick) - . Fixed bug #53502 (strtotime with timezone memory leak). (Derick) - . Fixed bug #52062 (large timestamps with DateTime::getTimestamp and -DateTime::setTimestamp). (Derick) - . Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz' -format). (Derick) - . Fixed bug #52113 (Seg fault while creating (by unserialization) -DatePeriod). (Derick) - -- SOAP - . Fixed bug #54911 (Access to a undefined member in inherit SoapClient may -cause Segmentation Fault). (Dmitry) - -24 Nov 2011, PHP 5.3.9RC2 - -- Core: - . Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) -(Dmitry). - . Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe) - . Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs). -(klightspeed at netspace dot net dot au) - . Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent -directory). (Felipe) - . Fixed invalid free in call_user_method() function. (Felipe) - -- Zend Engine: - . Fixed bug #43200 (Interface implementation / inheritence not possible in -abstract classes). (Felipe) - -- PHP-FPM SAPI: - . Fixed bug #60179 (php_flag and php_value does not work properly). (fat) - . Enhance error log when the primary script can't be open. FR #60199. (fat) - . Added .phar to default authorized extensions. (fat) - -- BCmath: - . Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm) - -- Date: - . Fixed bug #60373 (Startup errors with log_errors on cause segfault). -(Derick) - . Fixed bug #60236 (TLA timezone dates are not converted properly from -timestamp). (Derick) - . Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with -time zone type 2). (Derick) - -- EXIF: - . Fixed bug #60150 (Integer overflow during the parsing of invalid exif -header). (Stas, flolechaud at gmail dot com) - -- Fileinfo: - . Fixed possible memory leak in finfo_open(). (Felipe) - . Fixed memory leak when calling the Finfo constructor twice. (Felipe) - -- Intl: - . Fixed bug #60192 (SegFault when Collator not constructed -properly). (Florian) - . Fixed memory leak in several Intl locale functions. (Felipe) - -- Gd: - . Fixed bug #60160 (imagefill() doesn't work correctly -for small images). (Florian) - -- Mbstring: - . Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe) - -- MS SQL: - . Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe) - -- OpenSSL: - . Fixed bug #60279 (Fixed NULL pointer dereference in -stream_socket_enable_crypto, case when ssl_handle of session_stream is not -initialized.) (shm) - -- Oracle Database extension (OCI8): - . Fixed bug #59985 (show normal warning text for OCI_NO_DATA). -(Chris Jones) - -- Phar: - . Fixed bug #60261 (NULL pointer dereference in phar). (Felipe) - . Fixed bug #60164
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
mariuz Tue, 10 Jan 2012 06:53:37 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321994 Log: added fixed Pdo Firebird bugs to the NEWS section Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-10 05:33:14 UTC (rev 321993) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-10 06:53:37 UTC (rev 321994) @@ -2,6 +2,11 @@ ||| ?? ??? 2012, PHP 5.3.9 +- Pdo Firebird: + . Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn). + . Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count). +(Mariuz) + 22 Dec 2011, PHP 5.3.9RC4 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/sapi/fpm/fpm/fpm_request.c branches/PHP_5_4/NEWS branches/PHP_5_4/sapi/fpm/fpm/fpm_request.c trunk/sapi/fpm/fpm/fpm_request.c
fat Wed, 04 Jan 2012 21:18:26 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321770 Log: - Fixed bug #60659 (FPM does not clear auth_user on request accept) Bug: https://bugs.php.net/60659 (Open) FPM does not clear auth_user on request accept Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_request.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_request.c U php/php-src/trunk/sapi/fpm/fpm/fpm_request.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-04 20:40:13 UTC (rev 321769) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-04 21:18:26 UTC (rev 321770) @@ -22,6 +22,7 @@ - PHP-FPM SAPI: . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat) + . Fixed bug #60659 (FPM does not clear auth_user on request accept). (fat) 08 Dec 2011, PHP 5.3.9RC3 Modified: php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_request.c === --- php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_request.c 2012-01-04 20:40:13 UTC (rev 321769) +++ php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_request.c 2012-01-04 21:18:26 UTC (rev 321770) @@ -92,6 +92,8 @@ proc-request_method[0] = '\0'; proc-script_filename[0] = '\0'; proc-query_string[0] = '\0'; + proc-query_string[0] = '\0'; + proc-auth_user[0] = '\0'; proc-content_length = 0; fpm_scoreboard_proc_release(proc); Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-04 20:40:13 UTC (rev 321769) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-04 21:18:26 UTC (rev 321770) @@ -23,6 +23,7 @@ - PHP-FPM SAPI: . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat) + . Fixed bug #60659 (FPM does not clear auth_user on request accept). (fat) - Improved Session extension: . Fixed bug #60640 (invalid return values). (Arpad) Modified: php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_request.c === --- php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_request.c 2012-01-04 20:40:13 UTC (rev 321769) +++ php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_request.c 2012-01-04 21:18:26 UTC (rev 321770) @@ -92,6 +92,8 @@ proc-request_method[0] = '\0'; proc-script_filename[0] = '\0'; proc-query_string[0] = '\0'; + proc-query_string[0] = '\0'; + proc-auth_user[0] = '\0'; proc-content_length = 0; fpm_scoreboard_proc_release(proc); Modified: php/php-src/trunk/sapi/fpm/fpm/fpm_request.c === --- php/php-src/trunk/sapi/fpm/fpm/fpm_request.c2012-01-04 20:40:13 UTC (rev 321769) +++ php/php-src/trunk/sapi/fpm/fpm/fpm_request.c2012-01-04 21:18:26 UTC (rev 321770) @@ -92,6 +92,8 @@ proc-request_method[0] = '\0'; proc-script_filename[0] = '\0'; proc-query_string[0] = '\0'; + proc-query_string[0] = '\0'; + proc-auth_user[0] = '\0'; proc-content_length = 0; fpm_scoreboard_proc_release(proc); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_3/NEWS PHP_5_4/NEWS
fat Wed, 04 Jan 2012 21:19:55 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321771 Log: - Fixed credits for bug #60659 Bug: https://bugs.php.net/60659 (Open) FPM does not clear auth_user on request accept Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-04 21:18:26 UTC (rev 321770) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-04 21:19:55 UTC (rev 321771) @@ -22,7 +22,8 @@ - PHP-FPM SAPI: . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat) - . Fixed bug #60659 (FPM does not clear auth_user on request accept). (fat) + . Fixed bug #60659 (FPM does not clear auth_user on request accept). +(bonbons at linux-vserver dot org) 08 Dec 2011, PHP 5.3.9RC3 Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-04 21:18:26 UTC (rev 321770) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-04 21:19:55 UTC (rev 321771) @@ -23,7 +23,8 @@ - PHP-FPM SAPI: . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat) - . Fixed bug #60659 (FPM does not clear auth_user on request accept). (fat) + . Fixed bug #60659 (FPM does not clear auth_user on request accept). +(bonbons at linux-vserver dot org) - Improved Session extension: . Fixed bug #60640 (invalid return values). (Arpad) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/sapi/fpm/fpm/fastcgi.c branches/PHP_5_3/sapi/fpm/fpm/fastcgi.h branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c branches/PHP_5_4/NEWS branch
fat Tue, 03 Jan 2012 22:26:11 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321734 Log: - Fixed bug #60629 (memory corruption when web server closed the fcgi fd) Bug: https://bugs.php.net/60629 (Feedback) memory corruption when web server closed the fcgi fd(?) Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.c U php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.h U php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fastcgi.c U php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fastcgi.h U php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fpm_main.c U php/php-src/trunk/sapi/fpm/fpm/fastcgi.c U php/php-src/trunk/sapi/fpm/fpm/fastcgi.h U php/php-src/trunk/sapi/fpm/fpm/fpm_main.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-01-03 21:47:16 UTC (rev 321733) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-03 22:26:11 UTC (rev 321734) @@ -19,7 +19,11 @@ . Fixed bug #48877 (bindValue and bindParam do not work for PDO Firebird). (Mariuz) +- PHP-FPM SAPI: + . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). +(fat) + 08 Dec 2011, PHP 5.3.9RC3 - Filter: Modified: php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.c === --- php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.c 2012-01-03 21:47:16 UTC (rev 321733) +++ php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.c 2012-01-03 22:26:11 UTC (rev 321734) @@ -946,7 +946,7 @@ return 1; } -int fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int len) +ssize_t fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int len) { int limit, rest; Modified: php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.h === --- php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.h 2012-01-03 21:47:16 UTC (rev 321733) +++ php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fastcgi.h 2012-01-03 22:26:11 UTC (rev 321734) @@ -127,7 +127,7 @@ int fcgi_read(fcgi_request *req, char *str, int len); -int fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int len); +ssize_t fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int len); int fcgi_flush(fcgi_request *req, int close); void fcgi_set_mgmt_var(const char * name, size_t name_len, const char * value, size_t value_len); Modified: php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c === --- php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c2012-01-03 21:47:16 UTC (rev 321733) +++ php/php-src/branches/PHP_5_3/sapi/fpm/fpm/fpm_main.c2012-01-03 22:26:11 UTC (rev 321734) @@ -268,7 +268,7 @@ static inline size_t sapi_cgibin_single_write(const char *str, uint str_length TSRMLS_DC) { - size_t ret; + ssize_t ret; /* sapi has started which means everyhting must be send through fcgi */ if (fpm_is_running) { @@ -277,7 +277,7 @@ if (ret = 0) { return 0; } - return ret; + return (size_t)ret; } /* sapi has not started, output to stdout instead of fcgi */ @@ -286,7 +286,7 @@ if (ret = 0) { return 0; } - return ret; + return (size_t)ret; #else return fwrite(str, 1, MIN(str_length, 16384), stdout); #endif Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-03 21:47:16 UTC (rev 321733) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-03 22:26:11 UTC (rev 321734) @@ -18,7 +18,11 @@ - Intl: . Fixed build on Fedora 15 / Ubuntu 11. (Hannes) +- PHP-FPM SAPI: + . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). +(fat) + 22 Dec 2011, PHP 5.4.0 RC4 - Core: . Added max_input_vars directive to prevent attacks based on hash collisions Modified: php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fastcgi.c === --- php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fastcgi.c 2012-01-03 21:47:16 UTC (rev 321733) +++ php/php-src/branches/PHP_5_4/sapi/fpm/fpm/fastcgi.c 2012-01-03 22:26:11 UTC (rev 321734) @@ -946,7 +946,7 @@ return 1; } -int fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int len) +ssize_t fcgi_write(fcgi_request *req, fcgi_request_type type, const char *str, int len) { int limit, rest; Modified:
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
mariuz Tue, 27 Dec 2011 11:05:58 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321434 Log: Forgot to add the Pdo Firebird related bug to the News Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-27 10:54:47 UTC (rev 321433) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-27 11:05:58 UTC (rev 321434) @@ -15,6 +15,11 @@ . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) +- Pdo Firebird: + . Fixed bug #48877 (bindValue and bindParam do not work for PDO Firebird). +(Mariuz) + + 08 Dec 2011, PHP 5.3.9RC3 - Filter: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS configure.in main/php_version.h
johannes Thu, 22 Dec 2011 12:33:04 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321327 Log: PHP 5.3.9RC4 Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/configure.in U php/php-src/branches/PHP_5_3/main/php_version.h Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-22 11:55:42 UTC (rev 321326) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-22 12:33:04 UTC (rev 321327) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? ??? 2011, PHP 5.3.9 +22 Dec 2011, PHP 5.3.9RC4 - Core: . Added max_input_vars directive to prevent attacks based on hash collisions Modified: php/php-src/branches/PHP_5_3/configure.in === --- php/php-src/branches/PHP_5_3/configure.in 2011-12-22 11:55:42 UTC (rev 321326) +++ php/php-src/branches/PHP_5_3/configure.in 2011-12-22 12:33:04 UTC (rev 321327) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 PHP_RELEASE_VERSION=9 -PHP_EXTRA_VERSION=RC4-dev +PHP_EXTRA_VERSION=RC4 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_3/main/php_version.h === --- php/php-src/branches/PHP_5_3/main/php_version.h 2011-12-22 11:55:42 UTC (rev 321326) +++ php/php-src/branches/PHP_5_3/main/php_version.h 2011-12-22 12:33:04 UTC (rev 321327) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 3 #define PHP_RELEASE_VERSION 9 -#define PHP_EXTRA_VERSION RC4-dev -#define PHP_VERSION 5.3.9RC4-dev +#define PHP_EXTRA_VERSION RC4 +#define PHP_VERSION 5.3.9RC4 #define PHP_VERSION_ID 50309 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS configure.in main/php_version.h
johannes Thu, 22 Dec 2011 12:36:40 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321329 Log: Back to -dev Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/configure.in U php/php-src/branches/PHP_5_3/main/php_version.h Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-22 12:35:09 UTC (rev 321328) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-22 12:36:40 UTC (rev 321329) @@ -1,5 +1,7 @@ PHPNEWS ||| +?? ??? 2012, PHP 5.3.9 + 22 Dec 2011, PHP 5.3.9RC4 - Core: Modified: php/php-src/branches/PHP_5_3/configure.in === --- php/php-src/branches/PHP_5_3/configure.in 2011-12-22 12:35:09 UTC (rev 321328) +++ php/php-src/branches/PHP_5_3/configure.in 2011-12-22 12:36:40 UTC (rev 321329) @@ -42,7 +42,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 PHP_RELEASE_VERSION=9 -PHP_EXTRA_VERSION=RC4 +PHP_EXTRA_VERSION=RC5-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_3/main/php_version.h === --- php/php-src/branches/PHP_5_3/main/php_version.h 2011-12-22 12:35:09 UTC (rev 321328) +++ php/php-src/branches/PHP_5_3/main/php_version.h 2011-12-22 12:36:40 UTC (rev 321329) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 3 #define PHP_RELEASE_VERSION 9 -#define PHP_EXTRA_VERSION RC4 -#define PHP_VERSION 5.3.9RC4 +#define PHP_EXTRA_VERSION RC5-dev +#define PHP_VERSION 5.3.9RC5-dev #define PHP_VERSION_ID 50309 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
hi, do you have a test case for this crash? Cheers, On Sun, Dec 18, 2011 at 6:14 AM, Scott MacVicar scott...@php.net wrote: scottmac Sun, 18 Dec 2011 05:14:32 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321094 Log: Fix segfault in older versions of OpenSSL (before 0.9.8i) Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -6,6 +6,9 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Streams: . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4713,7 +4713,9 @@ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); } EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); - EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) { outlen += i; Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -5,11 +5,16 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). . Fixed bug #60536 (Traits Segfault). (Laruence) + - CLI SAPI: . Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404). (Laruence) . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in SAPI). (Laruence, Derick) + +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Pdo Firebird: . Fixed bug #48877 (bindValue and bindParam do not work for PDO Firebird). (Mariuz) Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4740,7 +4740,9 @@ if (options OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); } - EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) { outlen += i; Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4736,7 +4736,9 @@ if (options OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); } - EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) { outlen += i; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
I'm +1 on adding it for several reasons, one of which is there are plenty of RHEL 5 (and OL 5) sites out there. Chris PS the testcase wasn't attached to your email. On 12/18/2011 12:03 PM, Scott MacVicar wrote: It's not worth adding a test for, it's never going to re-occur and it only affects 4 year old versions of OpenSSL. Basically RHEL 5 is the only thing with a problem. I wrote one but don't want to add a somewhat useless test. Attached, but the extra second to test running isn't worth it. - Scott On 18 Dec 2011, at 03:49, Pierre Joye wrote: hi, do you have a test case for this crash? Cheers, On Sun, Dec 18, 2011 at 6:14 AM, Scott MacVicarscott...@php.net wrote: scottmac Sun, 18 Dec 2011 05:14:32 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321094 Log: Fix segfault in older versions of OpenSSL (before 0.9.8i) Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -6,6 +6,9 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Streams: . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4713,7 +4713,9 @@ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); } EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); - EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i,i)) { outlen += i; Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -5,11 +5,16 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). . Fixed bug #60536 (Traits Segfault). (Laruence) + - CLI SAPI: . Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404). (Laruence) . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in SAPI). (Laruence, Derick) + +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Pdo Firebird: . Fixed bug #48877 (bindValue and bindParam do not work for PDO Firebird). (Mariuz) Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4740,7 +4740,9 @@ if (options OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); } - EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i,i)) { outlen += i; Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4736,7 +4736,9 @@ if (options OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); } - EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf,i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i,i)) { outlen += i;
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
On Sun, Dec 18, 2011 at 9:03 PM, Scott MacVicar sc...@macvicar.net wrote: It's not worth adding a test for, it's never going to re-occur and it only affects 4 year old versions of OpenSSL. Basically RHEL 5 is the only thing with a problem. I wrote one but don't want to add a somewhat useless test. Attached, but the extra second to test running isn't worth it. As you have one at hand please apply it as well. There are still systems with patched ssl version (using this release) out there. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/openssl/openssl.c branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
scottmac Sun, 18 Dec 2011 05:14:32 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321094 Log: Fix segfault in older versions of OpenSSL (before 0.9.8i) Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/openssl/openssl.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c U php/php-src/trunk/ext/openssl/openssl.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -6,6 +6,9 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Streams: . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) Modified: php/php-src/branches/PHP_5_3/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_3/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4713,7 +4713,9 @@ EVP_CIPHER_CTX_set_key_length(cipher_ctx, password_len); } EVP_EncryptInit_ex(cipher_ctx, NULL, NULL, key, (unsigned char *)iv); - EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) { outlen += i; Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-18 05:14:32 UTC (rev 321094) @@ -5,11 +5,16 @@ . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). . Fixed bug #60536 (Traits Segfault). (Laruence) + - CLI SAPI: . Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404). (Laruence) . Fixed bug #60523 (PHP Errors are not reported in browsers using built-in SAPI). (Laruence, Derick) + +- OpenSSL: + . Fix segfault with older versions of OpenSSL. (Scott) + - Pdo Firebird: . Fixed bug #48877 (bindValue and bindParam do not work for PDO Firebird). (Mariuz) Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c === --- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4740,7 +4740,9 @@ if (options OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); } - EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) { outlen += i; Modified: php/php-src/trunk/ext/openssl/openssl.c === --- php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 01:04:35 UTC (rev 321093) +++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-18 05:14:32 UTC (rev 321094) @@ -4736,7 +4736,9 @@ if (options OPENSSL_ZERO_PADDING) { EVP_CIPHER_CTX_set_padding(cipher_ctx, 0); } - EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + if (data_len 0) { + EVP_EncryptUpdate(cipher_ctx, outbuf, i, (unsigned char *)data, data_len); + } outlen = i; if (EVP_EncryptFinal(cipher_ctx, (unsigned char *)outbuf + i, i)) { outlen += i; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS main/main.c main/php_globals.h main/php_variables.c
dmitry Thu, 15 Dec 2011 08:47:03 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321038 Log: Added max_input_vars directive to prevent attacks based on hash collisions Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/main/main.c U php/php-src/branches/PHP_5_3/main/php_globals.h U php/php-src/branches/PHP_5_3/main/php_variables.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-15 08:47:03 UTC (rev 321038) @@ -2,6 +2,10 @@ ||| ?? ??? 2011, PHP 5.3.9 +- Core: + . Added max_input_vars directive to prevent attacks based on hash collisions +(Dmitry). + - Streams: . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) Modified: php/php-src/branches/PHP_5_3/main/main.c === --- php/php-src/branches/PHP_5_3/main/main.c2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/main/main.c2011-12-15 08:47:03 UTC (rev 321038) @@ -512,6 +512,7 @@ STD_PHP_INI_ENTRY(post_max_size, 8M, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY(upload_tmp_dir, NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(max_input_nesting_level, 64, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level,php_core_globals, core_globals) + STD_PHP_INI_ENTRY(max_input_vars, 1000, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals) STD_PHP_INI_ENTRY(user_dir, NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(variables_order,EGPCS, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order,php_core_globals, core_globals) Modified: php/php-src/branches/PHP_5_3/main/php_globals.h === --- php/php-src/branches/PHP_5_3/main/php_globals.h 2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/main/php_globals.h 2011-12-15 08:47:03 UTC (rev 321038) @@ -174,6 +174,8 @@ #ifdef PHP_WIN32 zend_bool windows_show_crt_warning; #endif + + long max_input_vars; }; Modified: php/php-src/branches/PHP_5_3/main/php_variables.c === --- php/php-src/branches/PHP_5_3/main/php_variables.c 2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/main/php_variables.c 2011-12-15 08:47:03 UTC (rev 321038) @@ -191,6 +191,9 @@ } if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { + if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); + } MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); @@ -236,6 +239,9 @@ zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { zval_ptr_dtor(gpc_element); } else { + if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); + } zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS main/main.c main/php_globals.h main/php_variables.c
hi Dmitry, As of yesterday, please add it to php.ini and to the UPGRADING guide :) Thanks! On Thu, Dec 15, 2011 at 9:47 AM, Dmitry Stogov dmi...@php.net wrote: dmitry Thu, 15 Dec 2011 08:47:03 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321038 Log: Added max_input_vars directive to prevent attacks based on hash collisions Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/main/main.c U php/php-src/branches/PHP_5_3/main/php_globals.h U php/php-src/branches/PHP_5_3/main/php_variables.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-15 08:47:03 UTC (rev 321038) @@ -2,6 +2,10 @@ ||| ?? ??? 2011, PHP 5.3.9 +- Core: + . Added max_input_vars directive to prevent attacks based on hash collisions + (Dmitry). + - Streams: . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo) Modified: php/php-src/branches/PHP_5_3/main/main.c === --- php/php-src/branches/PHP_5_3/main/main.c 2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/main/main.c 2011-12-15 08:47:03 UTC (rev 321038) @@ -512,6 +512,7 @@ STD_PHP_INI_ENTRY(post_max_size, 8M, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY(upload_tmp_dir, NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(max_input_nesting_level, 64, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level, php_core_globals, core_globals) + STD_PHP_INI_ENTRY(max_input_vars, 1000, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals) STD_PHP_INI_ENTRY(user_dir, NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(variables_order, EGPCS, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order, php_core_globals, core_globals) Modified: php/php-src/branches/PHP_5_3/main/php_globals.h === --- php/php-src/branches/PHP_5_3/main/php_globals.h 2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/main/php_globals.h 2011-12-15 08:47:03 UTC (rev 321038) @@ -174,6 +174,8 @@ #ifdef PHP_WIN32 zend_bool windows_show_crt_warning; #endif + + long max_input_vars; }; Modified: php/php-src/branches/PHP_5_3/main/php_variables.c === --- php/php-src/branches/PHP_5_3/main/php_variables.c 2011-12-15 07:28:28 UTC (rev 321037) +++ php/php-src/branches/PHP_5_3/main/php_variables.c 2011-12-15 08:47:03 UTC (rev 321038) @@ -191,6 +191,9 @@ } if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { + if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); + } MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); @@ -236,6 +239,9 @@ zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { zval_ptr_dtor(gpc_element); } else { + if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_ERROR, Input variables exceeded %ld.
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/standard/tests/streams/bug60455_01.phpt branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt branches/PHP_5_3/ext/standa
cataphract Sun, 11 Dec 2011 21:08:15 + Revision: http://svn.php.net/viewvc?view=revisionrevision=320876 Log: - Fixed bug #60455: stream_get_line misbehaves if EOF is not detected together with the last read. Bug: https://bugs.php.net/60455 (Open) stream_get_line reports two lines instead of one Changed paths: U php/php-src/branches/PHP_5_3/NEWS A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_01.phpt A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt A php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt U php/php-src/branches/PHP_5_3/main/streams/streams.c A php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60455_01.phpt A php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60455_02.phpt A php/php-src/branches/PHP_5_4/ext/standard/tests/streams/bug60455_03.phpt U php/php-src/branches/PHP_5_4/main/streams/streams.c A php/php-src/trunk/ext/standard/tests/streams/bug60455_01.phpt A php/php-src/trunk/ext/standard/tests/streams/bug60455_02.phpt A php/php-src/trunk/ext/standard/tests/streams/bug60455_03.phpt U php/php-src/trunk/main/streams/streams.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-11 20:40:36 UTC (rev 320875) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-11 21:08:15 UTC (rev 320876) @@ -2,6 +2,10 @@ ||| ?? ??? 2011, PHP 5.3.9 +- Streams: + . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together +with the last read). (Gustavo) + 08 Dec 2011, PHP 5.3.9RC3 - Filter: Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_01.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_01.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_01.phpt 2011-12-11 21:08:15 UTC (rev 320876) @@ -0,0 +1,21 @@ +--TEST-- +Bug #60455: stream_get_line and 1-line noeol input +--FILE-- +?php + +//It's critical the read on the stream returns the input but doesn't set EOF +//flag the first time. This is why we need to use sockets. + +$domain = (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' ? STREAM_PF_INET : STREAM_PF_UNIX); +$sockets = stream_socket_pair($domain, STREAM_SOCK_STREAM, STREAM_IPPROTO_IP) + or die(stream_socket_pair); +fwrite($sockets[0], a); +stream_socket_shutdown($sockets[0], STREAM_SHUT_RDWR); + +$f = $sockets[1]; +while (!feof($f)) { +$line = stream_get_line($f, 99, \n); +var_dump($line); +} +--EXPECT-- +string(1) a Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_01.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt 2011-12-11 21:08:15 UTC (rev 320876) @@ -0,0 +1,30 @@ +--TEST-- +Bug #60455: stream_get_line and 1-line followed by eol input +--FILE-- +?php +class TestStream { + private $s = 0; + function stream_open($path, $mode, $options, $opened_path) { + return true; + } + function stream_read($count) { + if ($this-s++ == 0) + return a\n; + + return ; + } + function stream_eof() { + return $this-s = 2; + } + +} + +stream_wrapper_register(test, TestStream); + +$f = fopen(test://, r); +while (!feof($f)) { +$line = stream_get_line($f, 99, \n); +var_dump($line); +} +--EXPECT-- +string(1) a Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_02.phpt ___ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Added: php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/streams/bug60455_03.phpt 2011-12-11 21:08:15 UTC (rev 320876) @@ -0,0 +1,53 @@ +--TEST-- +Bug #60455: stream_get_line and 2 lines, one possibly empty +--FILE-- +?php +class TestStream { + private $lines = array(); + private $s = 0; + private $eofth = 3; + function stream_open($path, $mode, $options, $opened_path) { + $this-lines[] = a\n; + $this-lines[] = ($path == test://nonempty2nd ? b\n : \n); + if ($path ==
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/ NEWS
johannes Thu, 08 Dec 2011 11:00:16 + Revision: http://svn.php.net/viewvc?view=revisionrevision=320652 Log: - These changes were done after RC2. Changed paths: U php/php-src/branches/PHP_5_3/NEWS Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2011-12-08 09:20:31 UTC (rev 320651) +++ php/php-src/branches/PHP_5_3/NEWS 2011-12-08 11:00:16 UTC (rev 320652) @@ -5,6 +5,26 @@ . Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized domain name addresses containing 1 -). (Ilia) +- cURL: + . Fixed bug #60439 (curl_copy_handle segfault when used with +CURLOPT_PROGRESSFUNCTION). (Pierrick) + + +- Date: + . Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret D). +(Derick) + . Fixed bug #53502 (strtotime with timezone memory leak). (Derick) + . Fixed bug #52062 (large timestamps with DateTime::getTimestamp and +DateTime::setTimestamp). (Derick) + . Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz' +format). (Derick) + . Fixed bug #52113 (Seg fault while creating (by unserialization) +DatePeriod). (Derick) + +- SOAP + . Fixed bug #54911 (Access to a undefined member in inherit SoapClient may +cause Segmentation Fault). (Dmitry) + 24 Nov 2011, PHP 5.3.9RC2 - Core: @@ -29,10 +49,6 @@ - BCmath: . Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm) -- cURL: - . Fixed bug #60439 (curl_copy_handle segfault when used with -CURLOPT_PROGRESSFUNCTION). (Pierrick) - - Date: . Fixed bug #60373 (Startup errors with log_errors on cause segfault). (Derick) @@ -40,17 +56,6 @@ timestamp). (Derick) . Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with time zone type 2). (Derick) - . Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret D). -(Derick) - . Fixed bug #54596 (incorrect years for DateTime objects created with 4-digit -years). (Derick) - . Fixed bug #53502 (strtotime with timezone memory leak). (Derick) - . Fixed bug #52062 (large timestamps with DateTime::getTimestamp and -DateTime::setTimestamp). (Derick) - . Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz' -format). (Derick) - . Fixed bug #52113 (Seg fault while creating (by unserialization) -DatePeriod). (Derick) - EXIF: . Fixed bug #60150 (Integer overflow during the parsing of invalid exif @@ -94,8 +99,6 @@ is 0). (Ilia) - SOAP - . Fixed bug #54911 (Access to a undefined member in inherit SoapClient may -cause Segmentation Fault). (Dmitry) . Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL: Extra content at the end of the doc, when server uses chunked transfer encoding with spaces after chunk size). (Dmitry) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php