Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/zlib/tests/bug61139.phpt ext/zlib/zlib_fopen_wrapper.c
Why is this test creating the file in the root directory?
And should it be created at all since the function fails?
-Hannes
On Fri, Mar 2, 2012 at 15:16, Nikita Popov ni...@php.net wrote:
nikic Fri, 02 Mar 2012 14:16:47 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323819
Log:
Merge: Fix bug #61139: gzopen leaks when specifying invalid mode
Bug: https://bugs.php.net/61139 (Assigned) gzopen leaks when specifying
invalid mode
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt
U php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 14:08:11 UTC (rev 323818)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 14:16:47 UTC (rev 323819)
@@ -43,6 +43,9 @@
- XMLRPC:
. Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
Popov)
+- Zlib:
+ . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita
Popov)
+
01 Mar 2012, PHP 5.4.0
- Installation:
Added: php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt
===
--- php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt 2012-03-02
14:16:47 UTC (rev 323819)
@@ -0,0 +1,14 @@
+--TEST--
+Bug #61139 (gzopen leaks when specifying invalid mode)
+--SKIPIF--
+?php
+if (!extension_loaded('zlib')) {
+ die('skip - zlib extension not loaded');
+}
+?
+--FILE--
+?php
+
+gzopen('someFile', 'c');
+--EXPECTF--
+Warning: gzopen(): gzopen failed in %s on line %d
Modified: php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c
===
--- php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c 2012-03-02
14:08:11 UTC (rev 323818)
+++ php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c 2012-03-02
14:16:47 UTC (rev 323819)
@@ -109,7 +109,7 @@
php_stream *php_stream_gzopen(php_stream_wrapper *wrapper, char *path, char
*mode, int options,
char **opened_path,
php_stream_context *context STREAMS_DC TSRMLS_DC)
{
- struct php_gz_stream_data_t *self = {0};
+ struct php_gz_stream_data_t *self;
php_stream *stream = NULL, *innerstream = NULL;
/* sanity check the stream: it can be either read-only or write-only */
@@ -120,8 +120,6 @@
return NULL;
}
- self = emalloc(sizeof(*self));
-
if (strncasecmp(compress.zlib://, path, 16) == 0) {
path += 16;
} else if (strncasecmp(zlib:, path, 5) == 0) {
@@ -134,32 +132,29 @@
int fd;
if (SUCCESS == php_stream_cast(innerstream, PHP_STREAM_AS_FD,
(void **) fd, REPORT_ERRORS)) {
- self-gz_file = gzdopen(dup(fd), mode);
+ self = emalloc(sizeof(*self));
self-stream = innerstream;
- if (self-gz_file) {
+ self-gz_file = gzdopen(dup(fd), mode);
+
+ if (self-gz_file) {
stream =
php_stream_alloc_rel(php_stream_gzio_ops, self, 0, mode);
if (stream) {
stream-flags |=
PHP_STREAM_FLAG_NO_BUFFER;
return stream;
}
+
gzclose(self-gz_file);
}
+
+ efree(self);
if (options REPORT_ERRORS) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,
gzopen failed);
}
- } else if (innerstream) {
- php_stream_close(innerstream);
}
- }
- if (stream) {
- php_stream_close(stream);
+ php_stream_close(innerstream);
}
-
- if (self) {
- efree(self);
- }
-
+
return NULL;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
iliaaSat, 17 Mar 2012 17:51:51 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324323 Log: Fixed typo Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-17 10:37:21 UTC (rev 324322) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-17 17:51:51 UTC (rev 324323) @@ -12,7 +12,7 @@ exist in ISO-8859-1). (Gustavo) . Fixed bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes). (Laruence) - . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) + . Fixed bug #61225 (Incorrect lexing of 0b00*+NUM). (Pierrick) . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Popov) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/standard/info.c trunk/ext/standard/info.c
aharvey Fri, 16 Mar 2012 02:07:46 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=324289
Log:
Fix bug #61409 (Bad formatting on phpinfo()). Patch by Jakub Vrana.
Bug: https://bugs.php.net/61409 (Assigned) Bad formatting on php_info()
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/info.c
U php/php-src/trunk/ext/standard/info.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-15 23:17:06 UTC (rev 324288)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-16 02:07:46 UTC (rev 324289)
@@ -96,6 +96,7 @@
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
. Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
+ . Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
. Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
. Fixed bug #60106 (stream_socket_server silently truncates long unix socket
paths). (Ilia)
Modified: php/php-src/branches/PHP_5_4/ext/standard/info.c
===
--- php/php-src/branches/PHP_5_4/ext/standard/info.c2012-03-15 23:17:06 UTC
(rev 324288)
+++ php/php-src/branches/PHP_5_4/ext/standard/info.c2012-03-16 02:07:46 UTC
(rev 324289)
@@ -117,7 +117,7 @@
HashPosition pos;
if (!sapi_module.phpinfo_as_text) {
- php_info_printf(tr class=\v\tdRegistered
%s/tdtd, name);
+ php_info_printf(trtd class=\e\Registered
%s/tdtd class=\v\, name);
} else {
php_info_printf(\nRegistered %s = , name);
}
Modified: php/php-src/trunk/ext/standard/info.c
===
--- php/php-src/trunk/ext/standard/info.c 2012-03-15 23:17:06 UTC (rev
324288)
+++ php/php-src/trunk/ext/standard/info.c 2012-03-16 02:07:46 UTC (rev
324289)
@@ -117,7 +117,7 @@
HashPosition pos;
if (!sapi_module.phpinfo_as_text) {
- php_info_printf(tr class=\v\tdRegistered
%s/tdtd, name);
+ php_info_printf(trtd class=\e\Registered
%s/tdtd class=\v\, name);
} else {
php_info_printf(\nRegistered %s = , name);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
pajoye Tue, 13 Mar 2012 12:55:33 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324185 Log: - add CVE Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-13 11:03:09 UTC (rev 324184) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-13 12:55:33 UTC (rev 324185) @@ -317,9 +317,9 @@ been added. (Scott) . Added http_response_code() function. FR #52555. (Paul Dragoonis, Kalle) . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern). -(Stas) +(CVE-2012-1172). (Stas) . Fixed bug #54374 (Insufficient validating of upload name leading to -corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com) +corrupted $_FILES indices). (CVE-2012-1172). (Stas, lekensteyn at gmail dot com) - Improved CLI SAPI: . Added built-in web server that is intended for testing purpose. -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/standard/html.c branches/PHP_5_4/ext/standard/tests/strings/bug61374.phpt trunk/ext/standard/html.c trunk/ext/standard/tests/str
cataphract Tue, 13 Mar 2012 18:08:30 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=324199
Log:
- Fixed bug #61374: html_entity_decode tries to decode code points that don't
exist in ISO-8859-1.
Bug: https://bugs.php.net/61374 (Assigned) html_entity_decode tries to decode
code points that don't exist in ISO-8859-1
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/html.c
A php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug61374.phpt
U php/php-src/trunk/ext/standard/html.c
A php/php-src/trunk/ext/standard/tests/strings/bug61374.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-13 16:09:42 UTC (rev 324198)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-13 18:08:30 UTC (rev 324199)
@@ -8,6 +8,8 @@
. Connection: close instead of Connection: closed (Gustavo)
- Core:
+ . Fixed bug #61374 (html_entity_decode tries to decode code points that don't
+exist in ISO-8859-1). (Gustavo)
. Fixed bug #61273 (call_user_func_array with more than 16333 arguments
leaks / crashes). (Laruence)
. Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick)
Modified: php/php-src/branches/PHP_5_4/ext/standard/html.c
===
--- php/php-src/branches/PHP_5_4/ext/standard/html.c2012-03-13 16:09:42 UTC
(rev 324198)
+++ php/php-src/branches/PHP_5_4/ext/standard/html.c2012-03-13 18:08:30 UTC
(rev 324199)
@@ -1004,8 +1004,9 @@
/* code2 == '\0' always true for current
maps */)
goto invalid_code;
- /* deal with encodings other than utf-8/iso-8859-1 */
- if (!CHARSET_UNICODE_COMPAT(charset)) {
+ /* UTF-8 doesn't need mapping (ISO-8859-1 doesn't either, but
+* the call is needed to ensure the codepoint = U+00FF) */
+ if (charset != cs_utf_8) {
/* replace unicode code point */
if (map_from_unicode(code, charset, code) == FAILURE
|| code2 != 0)
goto invalid_code; /* not representable in
target charset */
Added: php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug61374.phpt
===
--- php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug61374.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug61374.phpt
2012-03-13 18:08:30 UTC (rev 324199)
@@ -0,0 +1,7 @@
+--TEST--
+Bug #61374: html_entity_decode tries to decode code points that don't exist in
ISO-8859-1
+--FILE--
+?php
+echo html_entity_decode('OElig;', 0, 'ISO-8859-1');
+--EXPECT--
+OElig;
Property changes on:
php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug61374.phpt
___
Added: svn:keywords
+ Id Rev Revision
Added: svn:eol-style
+ native
Modified: php/php-src/trunk/ext/standard/html.c
===
--- php/php-src/trunk/ext/standard/html.c 2012-03-13 16:09:42 UTC (rev
324198)
+++ php/php-src/trunk/ext/standard/html.c 2012-03-13 18:08:30 UTC (rev
324199)
@@ -1004,8 +1004,9 @@
/* code2 == '\0' always true for current
maps */)
goto invalid_code;
- /* deal with encodings other than utf-8/iso-8859-1 */
- if (!CHARSET_UNICODE_COMPAT(charset)) {
+ /* UTF-8 doesn't need mapping (ISO-8859-1 doesn't either, but
+* the call is needed to ensure the codepoint = U+00FF) */
+ if (charset != cs_utf_8) {
/* replace unicode code point */
if (map_from_unicode(code, charset, code) == FAILURE
|| code2 != 0)
goto invalid_code; /* not representable in
target charset */
Added: php/php-src/trunk/ext/standard/tests/strings/bug61374.phpt
===
--- php/php-src/trunk/ext/standard/tests/strings/bug61374.phpt
(rev 0)
+++ php/php-src/trunk/ext/standard/tests/strings/bug61374.phpt 2012-03-13
18:08:30 UTC (rev 324199)
@@ -0,0 +1,7 @@
+--TEST--
+Bug #61374: html_entity_decode tries to decode code points that don't exist in
ISO-8859-1
+--FILE--
+?php
+echo html_entity_decode('OElig;', 0, 'ISO-8859-1');
+--EXPECT--
+OElig;
Property changes on: php/php-src/trunk/ext/standard/tests/strings/bug61374.phpt
___
Added: svn:keywords
+ Id Rev Revision
Added: svn:eol-style
+ native
--
PHP CVS Mailing List
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
rasmus Mon, 12 Mar 2012 15:21:15 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324160 Log: Remove reference to default_charset here since the it isn't really about the ini option at all. That only comes into play when you force it by passing and empty encoding string to those functions. Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-12 14:52:02 UTC (rev 324159) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-12 15:21:15 UTC (rev 324160) @@ -168,8 +168,8 @@ . Changed error handlers to only generate docref links when the docref_root php.ini setting is not empty. (Derick) . Changed silent conversion of array to string to produce a notice. (Patrick) - . Changed default value of default_charset php.ini option from ISO-8859-1 to -UTF-8. (Rasmus) + . Changed default encoding from ISO-8859-1 to UTF-8 when not specified in +htmlspecialchars and htmlentities. (Rasmus) . Changed casting of null/''/false into an Object when adding a property from E_STRICT into a warning. (Scott) . Changed E_ALL to include E_STRICT. (Stas) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/sapi/cli/php_cli_server.c branches/PHP_5_4/sapi/cli/tests/php_cli_server_017.phpt trunk/sapi/cli/php_cli_server.c trunk/sapi/cli/tes
laruence Sun, 11 Mar 2012 08:56:14 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=324098
Log:
Implemented FR #60850 (Built in web server does not set
$_SERVER['SCRIPT_FILENAME'] when using router)
Bug: https://bugs.php.net/60850 (Open) Built in web server does not set
$_SERVER['SCRIPT_FILENAME'] when using router
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c
A php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_017.phpt
U php/php-src/trunk/sapi/cli/php_cli_server.c
A php/php-src/trunk/sapi/cli/tests/php_cli_server_017.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-11 08:41:40 UTC (rev 324097)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-11 08:56:14 UTC (rev 324098)
@@ -4,6 +4,8 @@
- CLI Server:
. Connection: close instead of Connection: closed (Gustavo)
+ . Implemented FR #60850 (Built in web server does not set
+$_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
- Core:
. Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick)
Modified: php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c
===
--- php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c 2012-03-11
08:41:40 UTC (rev 324097)
+++ php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c 2012-03-11
08:56:14 UTC (rev 324098)
@@ -599,6 +599,11 @@
sapi_cli_server_register_variable(track_vars_array, SCRIPT_NAME,
client-request.vpath TSRMLS_CC);
if (SG(request_info).path_translated) {
sapi_cli_server_register_variable(track_vars_array,
SCRIPT_FILENAME, SG(request_info).path_translated TSRMLS_CC);
+ } else if (client-server-router) {
+ char *temp;
+ spprintf(temp, 0, %s/%s, client-server-document_root,
client-server-router);
+ sapi_cli_server_register_variable(track_vars_array,
SCRIPT_FILENAME, temp TSRMLS_CC);
+ efree(temp);
}
if (client-request.path_info) {
sapi_cli_server_register_variable(track_vars_array,
PATH_INFO, client-request.path_info TSRMLS_CC);
Added: php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_017.phpt
===
--- php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_017.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_017.phpt
2012-03-11 08:56:14 UTC (rev 324098)
@@ -0,0 +1,44 @@
+--TEST--
+Implement Req #60850 (Built in web server does not set
$_SERVER['SCRIPT_FILENAME'] when using router)
+--SKIPIF--
+?php
+include skipif.inc;
+?
+--FILE--
+?php
+include php_cli_server.inc;
+php_cli_server_start(PHP
+var_dump(\$_SERVER['SCRIPT_FILENAME']);
+PHP
+);
+
+list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS);
+$port = intval($port)?:80;
+
+$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
+if (!$fp) {
+ die(connect failed);
+}
+
+if(fwrite($fp, HEADER
+POST / HTTP/1.1
+Host: {$host}
+
+
+HEADER
+)) {
+ while (!feof($fp)) {
+ echo fgets($fp);
+ }
+}
+
+fclose($fp);
+?
+--EXPECTF--
+HTTP/1.1 200 OK
+Host: %s
+Connection: close
+X-Powered-By: %s
+Content-type: text/html
+
+string(%d) %s/tests/index.php
Modified: php/php-src/trunk/sapi/cli/php_cli_server.c
===
--- php/php-src/trunk/sapi/cli/php_cli_server.c 2012-03-11 08:41:40 UTC (rev
324097)
+++ php/php-src/trunk/sapi/cli/php_cli_server.c 2012-03-11 08:56:14 UTC (rev
324098)
@@ -599,6 +599,11 @@
sapi_cli_server_register_variable(track_vars_array, SCRIPT_NAME,
client-request.vpath TSRMLS_CC);
if (SG(request_info).path_translated) {
sapi_cli_server_register_variable(track_vars_array,
SCRIPT_FILENAME, SG(request_info).path_translated TSRMLS_CC);
+ } else if (client-server-router) {
+ char *temp;
+ spprintf(temp, 0, %s/%s, client-server-document_root,
client-server-router);
+ sapi_cli_server_register_variable(track_vars_array,
SCRIPT_FILENAME, temp TSRMLS_CC);
+ efree(temp);
}
if (client-request.path_info) {
sapi_cli_server_register_variable(track_vars_array,
PATH_INFO, client-request.path_info TSRMLS_CC);
Added: php/php-src/trunk/sapi/cli/tests/php_cli_server_017.phpt
===
--- php/php-src/trunk/sapi/cli/tests/php_cli_server_017.phpt
(rev 0)
+++ php/php-src/trunk/sapi/cli/tests/php_cli_server_017.phpt2012-03-11
08:56:14 UTC (rev 324098)
@@ -0,0 +1,44 @@
+--TEST--
+Implement Req #60850 (Built in web server does not set
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
laruence Sun, 11 Mar 2012 09:07:02 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324101 Log: Same wrong order here Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-11 09:06:12 UTC (rev 324100) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-11 09:07:02 UTC (rev 324101) @@ -61,10 +61,10 @@ object). (Laruence) - PDO_mysql + . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't +always work). (Johannes) . Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes) - . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't -always work). (Johannes) - Phar . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
cataphract Wed, 07 Mar 2012 19:47:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=324008 Log: - Updated NEWS with news of bug #61306 having been resolved (see r323988). - Tidied up NEWS Bug: https://bugs.php.net/61306 (Assigned) Segfault at end of request Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-07 17:34:24 UTC (rev 324007) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-07 19:47:18 UTC (rev 324008) @@ -2,35 +2,34 @@ ||| ?? ??? 2012, PHP 5.4.1 RC1 -- Array: - . Fixed bug #52719 (array_walk_recursive crashes if third param of the -function is by reference). (Nikita Popov) - . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). -(Laruence) - - CLI Server: . Connection: close instead of Connection: closed (Gustavo) - Core: - . Fixed bug #60573 (type hinting with self keyword causes weird errors). + . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) + . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita +Popov) + . Fixed bug #61087 (Memory leak in parse_ini_file when specifying +invalid scanner mode). (Nikic, Laruence) + . Fixed bug #61072 (Memory leak when restoring an exception handler). +(Nikic, Laruence) + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). (Laruence) + . Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan) + . Fixed bug #61011 (Crash when an exception is thrown by __autoload +accessing a static property). (Laruence) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical +vars). (Laruence) + . Fixed bug #60978 (exit code incorrect). (Laruence) + . Fixed bug #60911 (Confusing error message when extending traits). (Stefan) + . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) . Fixed bug #60717 (Order of traits in use statement can cause a fatal error). (Stefan) - . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) - . Fixed bug #60911 (Confusing error message when extending traits). (Stefan) - . Fixed bug #60978 (exit code incorrect). (Laruence) - . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical -vars). (Laruence) - . Fixed bug #61011 (Crash when an exception is thrown by __autoload -accessing a static property). (Laruence) - . Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan) - . Fixed bug #61072 (Memory leak when restoring an exception handler). -(Nikic, Laruence) - . Fixed bug #61087 (Memory leak in parse_ini_file when specifying -invalid scanner mode). (Nikic, Laruence) - . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Popov) - . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) - . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) + . Fixed bug #60573 (type hinting with self keyword causes weird errors). +(Laruence) + . Fixed bug #52719 (array_walk_recursive crashes if third param of the +function is by reference). (Nikita Popov) - Installation . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) @@ -70,15 +69,19 @@ - Standard: . Fixed memory leak in substr_replace. (Pierrick) . Make max_file_uploads ini directive settable outside of php.ini (Rasmus) - . Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths). (Ilia) + . Fixed bug #60106 (stream_socket_server silently truncates long unix socket +paths). (Ilia) - XMLRPC: - . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita Popov) - . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov) + . Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary +variable). (Nikita Popov) + . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita +Popov) - Zlib: + . Fixed bug #61306 (initialization of global inappropriate for ZTS). (Gustavo) + . Fixed bug #61287 (A particular string fails to decompress). (Mike) . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov) - . Fixed bug #61287 (A particular string fails to decompress). (Mike) 01 Mar 2012, PHP 5.4.0 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/pdo/pdo_dbh.c trunk/ext/pdo/pdo_dbh.c
laruence Tue, 06 Mar 2012 03:45:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323935 Log: Fixed bug #61292 (Segfault while calling a method on an overloaded PDO object) Bug: https://bugs.php.net/61292 (Verified) Segfault while calling a method on an overloaded PDO object. Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/pdo/pdo_dbh.c U php/php-src/trunk/ext/pdo/pdo_dbh.c Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-06 02:21:04 UTC (rev 323934) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-06 03:45:27 UTC (rev 323935) @@ -49,6 +49,10 @@ . Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com) +- PDO + . Fixed bug #61292 (Segfault while calling a method on an overloaded PDO +object). (Laruence) + - PDO_mysql . Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't always work). (Johannes) Modified: php/php-src/branches/PHP_5_4/ext/pdo/pdo_dbh.c === --- php/php-src/branches/PHP_5_4/ext/pdo/pdo_dbh.c 2012-03-06 02:21:04 UTC (rev 323934) +++ php/php-src/branches/PHP_5_4/ext/pdo/pdo_dbh.c 2012-03-06 03:45:27 UTC (rev 323935) @@ -343,6 +343,7 @@ pdbh-def_stmt_ce = dbh-def_stmt_ce; pdbh-def_stmt_ctor_args = dbh-def_stmt_ctor_args; pdbh-std.properties = dbh-std.properties; + pdbh-std.properties_table = dbh-std.properties_table; } /* kill the non-persistent thingamy */ efree(dbh); Modified: php/php-src/trunk/ext/pdo/pdo_dbh.c === --- php/php-src/trunk/ext/pdo/pdo_dbh.c 2012-03-06 02:21:04 UTC (rev 323934) +++ php/php-src/trunk/ext/pdo/pdo_dbh.c 2012-03-06 03:45:27 UTC (rev 323935) @@ -343,6 +343,7 @@ pdbh-def_stmt_ce = dbh-def_stmt_ce; pdbh-def_stmt_ctor_args = dbh-def_stmt_ctor_args; pdbh-std.properties = dbh-std.properties; + pdbh-std.properties_table = dbh-std.properties_table; } /* kill the non-persistent thingamy */ efree(dbh); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/traits/bug60717.phpt branches/PHP_5_4/Zend/tests/traits/bugs/abstract-methods06.phpt branches/PHP_5_4/Zend/zend_compile.c
gron Sun, 04 Mar 2012 18:26:11 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323891
Log:
Fixed Bug #60717 (Order of traits in use statement can cause a fatal error)
# Compatibility is now correctly checked in both directions.
# Introduced helper method for the test.
Bug: https://bugs.php.net/60717 (Assigned) Order of traits in use statement can
cause a fatal error
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60717.phpt
U
php/php-src/branches/PHP_5_4/Zend/tests/traits/bugs/abstract-methods06.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
A php/php-src/trunk/Zend/tests/traits/bug60717.phpt
U php/php-src/trunk/Zend/tests/traits/bugs/abstract-methods06.phpt
U php/php-src/trunk/Zend/zend_compile.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-04 17:21:16 UTC (rev 323890)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-04 18:26:11 UTC (rev 323891)
@@ -14,6 +14,8 @@
- Core:
. Fixed bug #60573 (type hinting with self keyword causes weird errors).
(Laruence)
+ . Fixed bug #60717 (Order of traits in use statement can cause a fatal
+error). (Stefan)
. Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
. Fixed bug #60978 (exit code incorrect). (Laruence)
. Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
Added: php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60717.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60717.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60717.phpt 2012-03-04 18:26:11 UTC (rev 323891)
@@ -0,0 +1,73 @@
+--TEST--
+Bug #60717 (Order of traits in use statement can cause unexpected unresolved abstract method)
+--FILE--
+?php
+
+namespace HTML
+{
+ interface Helper
+ {
+ function text($text);
+ function attributes(array $attributes = null);
+ function textArea(array $attributes = null, $value);
+ }
+
+ trait TextUTF8
+ {
+ function text($text) {}
+ }
+
+ trait TextArea
+ {
+ function textArea(array $attributes = null, $value) {}
+ abstract function attributes(array $attributes = null);
+ abstract function text($text);
+ }
+
+ trait HTMLAttributes
+ {
+ function attributes(array $attributes = null) { }
+ abstract function text($text);
+ }
+
+ class HTMLHelper implements Helper
+ {
+ use TextArea, HTMLAttributes, TextUTF8;
+ }
+
+ class HTMLHelper2 implements Helper
+ {
+ use TextArea, TextUTF8, HTMLAttributes;
+ }
+
+ class HTMLHelper3 implements Helper
+ {
+ use HTMLAttributes, TextArea, TextUTF8;
+ }
+
+ class HTMLHelper4 implements Helper
+ {
+ use HTMLAttributes, TextUTF8, TextArea;
+ }
+
+ class HTMLHelper5 implements Helper
+ {
+ use TextUTF8, TextArea, HTMLAttributes;
+ }
+
+ class HTMLHelper6 implements Helper
+ {
+ use TextUTF8, HTMLAttributes, TextArea;
+ }
+
+ $o = new HTMLHelper;
+$o = new HTMLHelper2;
+$o = new HTMLHelper3;
+$o = new HTMLHelper4;
+$o = new HTMLHelper5;
+$o = new HTMLHelper6;
+echo 'Done';
+}
+
+--EXPECT--
+Done
Modified: php/php-src/branches/PHP_5_4/Zend/tests/traits/bugs/abstract-methods06.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/traits/bugs/abstract-methods06.phpt 2012-03-04 17:21:16 UTC (rev 323890)
+++ php/php-src/branches/PHP_5_4/Zend/tests/traits/bugs/abstract-methods06.phpt 2012-03-04 18:26:11 UTC (rev 323891)
@@ -23,4 +23,4 @@
?
--EXPECTF--
-Fatal error: Declaration of THelloB::hello() must be compatible with THelloA::hello($a) in %s on line %d
\ No newline at end of file
+Fatal error: Declaration of THelloA::hello($a) must be compatible with THelloB::hello() in %s on line %d
\ No newline at end of file
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2012-03-04 17:21:16 UTC (rev 323890)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2012-03-04 18:26:11 UTC (rev 323891)
@@ -3623,6 +3623,18 @@
}
/* }}} */
+static zend_bool zend_traits_method_compatibility_check(zend_function *fn, zend_function *other_fn TSRMLS_DC) /* {{{ */
+{
+ zend_uintfn_flags = fn-common.scope-ce_flags;
+ zend_uint other_flags = other_fn-common.scope-ce_flags;
+
+ return zend_do_perform_implementation_check(fn, other_fn TSRMLS_CC)
+ zend_do_perform_implementation_check(other_fn, fn TSRMLS_CC)
+ ((fn_flags ZEND_ACC_FINAL) == (other_flags ZEND_ACC_FINAL)) /* equal final qualifier */
+ ((fn_flags ZEND_ACC_STATIC)== (other_flags ZEND_ACC_STATIC)); /* equal static qualifier */
+}
+/* }}} */
+
static int zend_traits_merge_functions(zend_function *fn TSRMLS_DC, int
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/traits/bug55524.phpt branches/PHP_5_4/Zend/zend_compile.c trunk/Zend/tests/traits/bug55524.phpt trunk/Zend/zend_compile.c
gron Sun, 04 Mar 2012 18:33:33 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323892
Log:
Fixed Bug #60911 (Confusing error message when extending traits)
Bug: https://bugs.php.net/60911 (Assigned) Confusing error message when
extending traits
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/tests/traits/bug55524.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
U php/php-src/trunk/Zend/tests/traits/bug55524.phpt
U php/php-src/trunk/Zend/zend_compile.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-04 18:26:11 UTC (rev 323891)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-04 18:33:33 UTC (rev 323892)
@@ -17,6 +17,7 @@
. Fixed bug #60717 (Order of traits in use statement can cause a fatal
error). (Stefan)
. Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
+ . Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
. Fixed bug #60978 (exit code incorrect). (Laruence)
. Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
vars). (Laruence)
Modified: php/php-src/branches/PHP_5_4/Zend/tests/traits/bug55524.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/traits/bug55524.phpt
2012-03-04 18:26:11 UTC (rev 323891)
+++ php/php-src/branches/PHP_5_4/Zend/tests/traits/bug55524.phpt
2012-03-04 18:33:33 UTC (rev 323892)
@@ -12,4 +12,4 @@
echo 'DONE';
?
--EXPECTF--
-Fatal error: A trait (Foo) cannot extend a class in %s on line %d
+Fatal error: A trait (Foo) cannot extend a class. Traits can only be composed
from other traits with the 'use' keyword. Error in %s on line %d
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c2012-03-04 18:26:11 UTC
(rev 323891)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c2012-03-04 18:33:33 UTC
(rev 323892)
@@ -4995,7 +4995,7 @@
if (doing_inheritance) {
/* Make sure a trait does not try to extend a class */
if ((new_class_entry-ce_flags ZEND_ACC_TRAIT) == ZEND_ACC_TRAIT) {
- zend_error(E_COMPILE_ERROR, A trait (%s) cannot extend a class,
new_class_entry-name);
+ zend_error(E_COMPILE_ERROR, A trait (%s) cannot extend a class.
Traits can only be composed from other traits with the 'use' keyword. Error,
new_class_entry-name);
}
opline-extended_value = parent_class_name-u.op.var;
Modified: php/php-src/trunk/Zend/tests/traits/bug55524.phpt
===
--- php/php-src/trunk/Zend/tests/traits/bug55524.phpt 2012-03-04 18:26:11 UTC
(rev 323891)
+++ php/php-src/trunk/Zend/tests/traits/bug55524.phpt 2012-03-04 18:33:33 UTC
(rev 323892)
@@ -12,4 +12,4 @@
echo 'DONE';
?
--EXPECTF--
-Fatal error: A trait (Foo) cannot extend a class in %s on line %d
+Fatal error: A trait (Foo) cannot extend a class. Traits can only be composed
from other traits with the 'use' keyword. Error in %s on line %d
Modified: php/php-src/trunk/Zend/zend_compile.c
===
--- php/php-src/trunk/Zend/zend_compile.c 2012-03-04 18:26:11 UTC (rev
323891)
+++ php/php-src/trunk/Zend/zend_compile.c 2012-03-04 18:33:33 UTC (rev
323892)
@@ -4995,7 +4995,7 @@
if (doing_inheritance) {
/* Make sure a trait does not try to extend a class */
if ((new_class_entry-ce_flags ZEND_ACC_TRAIT) == ZEND_ACC_TRAIT) {
- zend_error(E_COMPILE_ERROR, A trait (%s) cannot extend a class,
new_class_entry-name);
+ zend_error(E_COMPILE_ERROR, A trait (%s) cannot extend a class.
Traits can only be composed from other traits with the 'use' keyword. Error,
new_class_entry-name);
}
opline-extended_value = parent_class_name-u.op.var;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/traits/bug61052.phpt branches/PHP_5_4/Zend/zend_compile.c trunk/Zend/tests/traits/bug61052.phpt trunk/Zend/zend_compile.c
gron Sun, 04 Mar 2012 19:34:19 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323898
Log:
Fixed Bug #61052 (Missing error check in trait 'insteadof' clause)
Bug: https://bugs.php.net/61052 (Assigned) missing error check in trait
'insteadof' clause
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/traits/bug61052.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
A php/php-src/trunk/Zend/tests/traits/bug61052.phpt
U php/php-src/trunk/Zend/zend_compile.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-04 19:30:01 UTC (rev 323897)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-04 19:34:19 UTC (rev 323898)
@@ -23,6 +23,7 @@
vars). (Laruence)
. Fixed bug #61011 (Crash when an exception is thrown by __autoload
accessing a static property). (Laruence)
+ . Fixed bug #61052 (Missing error check in trait 'insteadof' clause).
(Stefan)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
. Fixed bug #61087 (Memory leak in parse_ini_file when specifying
Added: php/php-src/branches/PHP_5_4/Zend/tests/traits/bug61052.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/traits/bug61052.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/traits/bug61052.phpt
2012-03-04 19:34:19 UTC (rev 323898)
@@ -0,0 +1,18 @@
+--TEST--
+Bug #61052 (missing error check in trait 'insteadof' clause)
+--FILE--
+?php
+trait T1 {
+ function foo(){ echo T1\n; }
+}
+trait T2 {
+ function foo(){ echo T2\n; }
+}
+class C {
+ use T1, T2 {
+T1::foo insteadof T1;
+ }
+}
+C::foo();
+--EXPECTF--
+Fatal error: Inconsistent insteadof definition. The method foo is to be used
from T1, but T1 is also on the exclude list in %s on line %d
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c2012-03-04 19:30:01 UTC
(rev 323897)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c2012-03-04 19:34:19 UTC
(rev 323898)
@@ -3984,13 +3984,28 @@
/** With the other traits, we are more
permissive.
We do not give errors for those. This
allows to be more
- defensive in such definitions. */
+ defensive in such definitions.
+ However, we want to make sure that the
insteadof declartion
+ is consistent in itself.
+*/
j = 0;
while (cur_precedence-exclude_from_classes[j])
{
char* class_name =
(char*)cur_precedence-exclude_from_classes[j];
zend_uint name_length =
strlen(class_name);
cur_precedence-exclude_from_classes[j]
= zend_fetch_class(class_name, name_length, ZEND_FETCH_CLASS_TRAIT TSRMLS_CC);
+
+ /* make sure that the trait method is
not from a class mentioned in
+exclude_from_classes, for consistency
*/
+ if (cur_precedence-trait_method-ce ==
cur_precedence-exclude_from_classes[i]) {
+ zend_error(E_COMPILE_ERROR,
+
Inconsistent insteadof definition.
+ The method
%s is to be used from %s, but %s is also on the exclude list,
+
cur_method_ref-method_name,
+
cur_precedence-trait_method-ce-name,
+
cur_precedence-trait_method-ce-name);
+ }
+
efree(class_name);
j++;
}
Added: php/php-src/trunk/Zend/tests/traits/bug61052.phpt
===
--- php/php-src/trunk/Zend/tests/traits/bug61052.phpt
(rev 0)
+++ php/php-src/trunk/Zend/tests/traits/bug61052.phpt 2012-03-04 19:34:19 UTC
(rev 323898)
@@ -0,0 +1,18 @@
+--TEST--
+Bug #61052 (missing error check in trait 'insteadof' clause)
+--FILE--
+?php
+trait T1 {
+ function foo(){ echo T1\n; }
+}
+trait T2 {
+
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/phar/phar_object.c
nikicFri, 02 Mar 2012 08:21:54 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323804
Log:
Merge: Fix bug #61184 Phar::webPhar() generates headers with trailing NUL bytes
Bug: https://bugs.php.net/61184 (Assigned) Phar::webPhar() generates headers
with trailing NUL bytes
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/phar/phar_object.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 08:04:51 UTC (rev 323803)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 08:21:54 UTC (rev 323804)
@@ -28,6 +28,9 @@
- Installation
. Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
+- Phar
+ . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL
bytes). (Nikita Popov)
+
- Reflection:
. Fixed bug #60968 (Late static binding doesn't work with
ReflectionMethod::invokeArgs()). (Laruence)
Modified: php/php-src/branches/PHP_5_4/ext/phar/phar_object.c
===
--- php/php-src/branches/PHP_5_4/ext/phar/phar_object.c 2012-03-02 08:04:51 UTC
(rev 323803)
+++ php/php-src/branches/PHP_5_4/ext/phar/phar_object.c 2012-03-02 08:21:54 UTC
(rev 323804)
@@ -428,7 +428,7 @@
sapi_header_line ctr = {0};
ctr.response_code = 403;
- ctr.line_len = sizeof(HTTP/1.0 403 Access Denied);
+ ctr.line_len = sizeof(HTTP/1.0 403 Access Denied)-1;
ctr.line = HTTP/1.0 403 Access Denied;
sapi_header_op(SAPI_HEADER_REPLACE, ctr TSRMLS_CC);
sapi_send_headers(TSRMLS_C);
@@ -453,7 +453,7 @@
}
ctr.response_code = 404;
- ctr.line_len = sizeof(HTTP/1.0 404 Not Found)+1;
+ ctr.line_len = sizeof(HTTP/1.0 404 Not Found)-1;
ctr.line = HTTP/1.0 404 Not Found;
sapi_header_op(SAPI_HEADER_REPLACE, ctr TSRMLS_CC);
sapi_send_headers(TSRMLS_C);
@@ -893,7 +893,7 @@
char *tmp = NULL, sa = '\0';
sapi_header_line ctr = {0};
ctr.response_code = 301;
- ctr.line_len = sizeof(HTTP/1.1 301 Moved
Permanently)+1;
+ ctr.line_len = sizeof(HTTP/1.1 301 Moved
Permanently)-1;
ctr.line = HTTP/1.1 301 Moved Permanently;
sapi_header_op(SAPI_HEADER_REPLACE, ctr TSRMLS_CC);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
nikicFri, 02 Mar 2012 08:25:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323805 Log: Forgot NEWS for r323803 Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 08:21:54 UTC (rev 323804) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 08:25:28 UTC (rev 323805) @@ -20,6 +20,7 @@ . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) . Fixed bug #60573 (type hinting with self keyword causes weird errors). (Laruence) + . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Popov) - Standard: . Fixed memory leak in substr_replace. (Pierrick) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
Hi Nikic: just FYI, I was told that, the entries in NEWS should be in desc order(in a category) by bug id :) thanks On Fri, Mar 2, 2012 at 4:25 PM, Nikita Popov ni...@php.net wrote: nikic Fri, 02 Mar 2012 08:25:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323805 Log: Forgot NEWS for r323803 Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 08:21:54 UTC (rev 323804) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 08:25:28 UTC (rev 323805) @@ -20,6 +20,7 @@ . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) . Fixed bug #60573 (type hinting with self keyword causes weird errors). (Laruence) + . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Popov) - Standard: . Fixed memory leak in substr_replace. (Pierrick) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/xmlrpc/tests/bug61097.phpt ext/xmlrpc/xmlrpc-epi-php.c
nikicFri, 02 Mar 2012 14:08:11 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323818
Log:
Merge: Fix bug #61097: Memory leak in xmlrpc functions copying zvals
Bug: https://bugs.php.net/61097 (Assigned) Memory leak in xmlrpc functions
copying zvals
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61097.phpt
U php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 13:17:32 UTC (rev 323817)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 14:08:11 UTC (rev 323818)
@@ -40,6 +40,9 @@
. Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
(Laruence)
+- XMLRPC:
+ . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
Popov)
+
01 Mar 2012, PHP 5.4.0
- Installation:
Added: php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61097.phpt
===
--- php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61097.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/ext/xmlrpc/tests/bug61097.phpt 2012-03-02
14:08:11 UTC (rev 323818)
@@ -0,0 +1,16 @@
+--TEST--
+Bug #61097 (Memory leak in xmlrpc functions copying zvals)
+--SKIPIF--
+?php if (!extension_loaded(xmlrpc)) print skip; ?
+--FILE--
+?php
+$server = xmlrpc_server_create();
+
+$method = 'abc';
+xmlrpc_server_register_introspection_callback($server, $method);
+xmlrpc_server_register_method($server, 'abc', $method);
+
+echo 'Done';
+?
+--EXPECT--
+Done
Modified: php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c
===
--- php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c2012-03-02
13:17:32 UTC (rev 323817)
+++ php/php-src/branches/PHP_5_4/ext/xmlrpc/xmlrpc-epi-php.c2012-03-02
14:08:11 UTC (rev 323818)
@@ -1043,9 +1043,8 @@
*/
if (XMLRPC_ServerRegisterMethod(server-server_ptr, method_key,
php_xmlrpc_callback)) {
/* save for later use */
- MAKE_STD_ZVAL(method_name_save);
- *method_name_save = **method_name;
- zval_copy_ctor(method_name_save);
+ ALLOC_ZVAL(method_name_save);
+ MAKE_COPY_ZVAL(method_name, method_name_save);
/* register our php method */
add_zval(server-method_map, method_key,
method_name_save);
@@ -1073,9 +1072,8 @@
if (type == le_xmlrpc_server) {
/* save for later use */
- MAKE_STD_ZVAL(method_name_save);
- *method_name_save = **method_name;
- zval_copy_ctor(method_name_save);
+ ALLOC_ZVAL(method_name_save);
+ MAKE_COPY_ZVAL(method_name, method_name_save);
/* register our php method */
add_zval(server-introspection_map, NULL, method_name_save);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/zlib/tests/bug61139.phpt ext/zlib/zlib_fopen_wrapper.c
nikicFri, 02 Mar 2012 14:16:47 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323819
Log:
Merge: Fix bug #61139: gzopen leaks when specifying invalid mode
Bug: https://bugs.php.net/61139 (Assigned) gzopen leaks when specifying invalid
mode
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt
U php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 14:08:11 UTC (rev 323818)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 14:16:47 UTC (rev 323819)
@@ -43,6 +43,9 @@
- XMLRPC:
. Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita
Popov)
+- Zlib:
+ . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita
Popov)
+
01 Mar 2012, PHP 5.4.0
- Installation:
Added: php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt
===
--- php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/ext/zlib/tests/bug61139.phpt 2012-03-02
14:16:47 UTC (rev 323819)
@@ -0,0 +1,14 @@
+--TEST--
+Bug #61139 (gzopen leaks when specifying invalid mode)
+--SKIPIF--
+?php
+if (!extension_loaded('zlib')) {
+ die('skip - zlib extension not loaded');
+}
+?
+--FILE--
+?php
+
+gzopen('someFile', 'c');
+--EXPECTF--
+Warning: gzopen(): gzopen failed in %s on line %d
Modified: php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c
===
--- php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c 2012-03-02
14:08:11 UTC (rev 323818)
+++ php/php-src/branches/PHP_5_4/ext/zlib/zlib_fopen_wrapper.c 2012-03-02
14:16:47 UTC (rev 323819)
@@ -109,7 +109,7 @@
php_stream *php_stream_gzopen(php_stream_wrapper *wrapper, char *path, char
*mode, int options,
char **opened_path,
php_stream_context *context STREAMS_DC TSRMLS_DC)
{
- struct php_gz_stream_data_t *self = {0};
+ struct php_gz_stream_data_t *self;
php_stream *stream = NULL, *innerstream = NULL;
/* sanity check the stream: it can be either read-only or write-only */
@@ -120,8 +120,6 @@
return NULL;
}
- self = emalloc(sizeof(*self));
-
if (strncasecmp(compress.zlib://, path, 16) == 0) {
path += 16;
} else if (strncasecmp(zlib:, path, 5) == 0) {
@@ -134,32 +132,29 @@
int fd;
if (SUCCESS == php_stream_cast(innerstream, PHP_STREAM_AS_FD,
(void **) fd, REPORT_ERRORS)) {
- self-gz_file = gzdopen(dup(fd), mode);
+ self = emalloc(sizeof(*self));
self-stream = innerstream;
- if (self-gz_file) {
+ self-gz_file = gzdopen(dup(fd), mode);
+
+ if (self-gz_file) {
stream =
php_stream_alloc_rel(php_stream_gzio_ops, self, 0, mode);
if (stream) {
stream-flags |=
PHP_STREAM_FLAG_NO_BUFFER;
return stream;
}
+
gzclose(self-gz_file);
}
+
+ efree(self);
if (options REPORT_ERRORS) {
php_error_docref(NULL TSRMLS_CC, E_WARNING,
gzopen failed);
}
- } else if (innerstream) {
- php_stream_close(innerstream);
}
- }
- if (stream) {
- php_stream_close(stream);
+ php_stream_close(innerstream);
}
-
- if (self) {
- efree(self);
- }
-
+
return NULL;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/mbstring/mbstring.c ext/mbstring/php_mbregex.c ext/mbstring/php_mbregex.h ext/mbstring/tests/mb_ereg_replace_callback.phpt
hirokawa Fri, 02 Mar 2012 14:19:05 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323820
Log:
MFH mb_ereg_replace_callback() for security enhancements.
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/mbstring/mbstring.c
U php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c
U php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.h
A
php/php-src/branches/PHP_5_4/ext/mbstring/tests/mb_ereg_replace_callback.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 14:16:47 UTC (rev 323819)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 14:19:05 UTC (rev 323820)
@@ -46,6 +46,9 @@
- Zlib:
. Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov)
+- mbstring:
+ . MFH mb_ereg_replace_callback() for security enhancements. (Rui)
+
01 Mar 2012, PHP 5.4.0
- Installation:
Modified: php/php-src/branches/PHP_5_4/ext/mbstring/mbstring.c
===
--- php/php-src/branches/PHP_5_4/ext/mbstring/mbstring.c 2012-03-02 14:16:47 UTC (rev 323819)
+++ php/php-src/branches/PHP_5_4/ext/mbstring/mbstring.c 2012-03-02 14:19:05 UTC (rev 323820)
@@ -467,6 +467,13 @@
ZEND_ARG_INFO(0, string)
ZEND_END_ARG_INFO()
+ZEND_BEGIN_ARG_INFO_EX(arginfo_mb_ereg_replace_callback, 0, 0, 3)
+ ZEND_ARG_INFO(0, pattern)
+ ZEND_ARG_INFO(0, callback)
+ ZEND_ARG_INFO(0, string)
+ ZEND_ARG_INFO(0, option)
+ZEND_END_ARG_INFO()
+
ZEND_BEGIN_ARG_INFO_EX(arginfo_mb_split, 0, 0, 2)
ZEND_ARG_INFO(0, pattern)
ZEND_ARG_INFO(0, string)
Modified: php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c
===
--- php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c 2012-03-02 14:16:47 UTC (rev 323819)
+++ php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c 2012-03-02 14:19:05 UTC (rev 323820)
@@ -784,7 +784,7 @@
/* }}} */
/* {{{ _php_mb_regex_ereg_replace_exec */
-static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOptionType options)
+static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOptionType options, int is_callable)
{
zval **arg_pattern_zval;
@@ -794,6 +794,9 @@
char *replace;
int replace_len;
+ zend_fcall_info arg_replace_fci;
+ zend_fcall_info_cache arg_replace_fci_cache;
+
char *string;
int string_len;
@@ -826,12 +829,22 @@
char *option_str = NULL;
int option_str_len = 0;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Zss|s,
- arg_pattern_zval,
- replace, replace_len,
- string, string_len,
- option_str, option_str_len) == FAILURE) {
- RETURN_FALSE;
+ if (!is_callable) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Zss|s,
+ arg_pattern_zval,
+ replace, replace_len,
+ string, string_len,
+ option_str, option_str_len) == FAILURE) {
+RETURN_FALSE;
+ }
+ } else {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Zfs|s,
+ arg_pattern_zval,
+ arg_replace_fci, arg_replace_fci_cache,
+ string, string_len,
+ option_str, option_str_len) == FAILURE) {
+RETURN_FALSE;
+ }
}
if (option_str != NULL) {
@@ -859,7 +872,7 @@
RETURN_FALSE;
}
- if (eval) {
+ if (eval || is_callable) {
pbuf = eval_buf;
description = zend_make_compiled_string_description(mbregex replace TSRMLS_CC);
} else {
@@ -867,6 +880,13 @@
description = NULL;
}
+ if (is_callable) {
+ if (eval) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Option 'e' cannot be used with replacement callback);
+ RETURN_FALSE;
+ }
+ }
+
/* do the actual work */
err = 0;
pos = (OnigUChar *)string;
@@ -889,28 +909,32 @@
#endif
/* copy the part of the string before the match */
smart_str_appendl(out_buf, pos, (size_t)((OnigUChar *)(string + regs-beg[0]) - pos));
- /* copy replacement and backrefs */
- i = 0;
- p = replace;
- while (i replace_len) {
-int fwd = (int) php_mb_mbchar_bytes_ex(p, enc);
-n = -1;
-if ((replace_len - i) = 2 fwd == 1
+
+ if (!is_callable) {
+/* copy replacement and backrefs */
+i = 0;
+p = replace;
+while (i replace_len) {
+ int fwd = (int) php_mb_mbchar_bytes_ex(p, enc);
+ n = -1;
+ if ((replace_len - i) = 2 fwd == 1
p[0] == '\\' p[1] = '0' p[1] = '9') {
- n = p[1] - '0';
-}
-if (n = 0 n regs-num_regs) {
- if (regs-beg[n] = 0 regs-beg[n] regs-end[n] regs-end[n] = string_len) {
- smart_str_appendl(pbuf, string + regs-beg[n], regs-end[n] - regs-beg[n]);
+ n = p[1] - '0';
}
- p += 2;
- i += 2;
-} else {
- smart_str_appendl(pbuf, p, fwd);
- p += fwd;
- i += fwd;
+ if (n = 0 n regs-num_regs) {
+ if (regs-beg[n] = 0 regs-beg[n] regs-end[n]
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
sixd Fri, 02 Mar 2012 15:46:51 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323823 Log: Reorder Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 15:43:37 UTC (rev 323822) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 15:46:51 UTC (rev 323823) @@ -2,43 +2,47 @@ ||| ?? ??? 2012, PHP 5.4.1 RC1 +- Array: + . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). +(Laruence) + - CLI Server: . Connection: close instead of Connection: closed (Gustavo) - Core: - . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) - . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) + . Fixed bug #60573 (type hinting with self keyword causes weird errors). +(Laruence) + . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) + . Fixed bug #60978 (exit code incorrect). (Laruence) + . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical +vars). (Laruence) + . Fixed bug #61011 (Crash when an exception is thrown by __autoload +accessing a static property). (Laruence) + . Fixed bug #61072 (Memory leak when restoring an exception handler). +(Nikic, Laruence) . Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode). (Nikic, Laruence) - . Fixed bug #61072 (Memory leak when restoring an exception handler). -(Nikic, Laruence) - . Fixed bug #61011 (Crash when an exception is thrown by __autoload -accessing a static property). (Laruence) - . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical -vars). (Laruence) - . Fixed bug #60978 (exit code incorrect). (Laruence) - . Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam) - . Fixed bug #60573 (type hinting with self keyword causes weird errors). -(Laruence) . Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Popov) + . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) + . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) -- Standard: - . Fixed memory leak in substr_replace. (Pierrick) - . make max_file_uploads ini directive settable outside of php.ini (Rasmus) - - Installation . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) +- mbstring: + . MFH mb_ereg_replace_callback() for security enhancements. (Rui) + - Phar - . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikita Popov) + . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL +bytes). (Nikita Popov) - Reflection: . Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence) -- Array: - . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). -(Laruence) +- Standard: + . Fixed memory leak in substr_replace. (Pierrick) + . Make max_file_uploads ini directive settable outside of php.ini (Rasmus) - XMLRPC: . Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita Popov) @@ -46,9 +50,6 @@ - Zlib: . Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov) -- mbstring: - . MFH mb_ereg_replace_callback() for security enhancements. (Rui) - 01 Mar 2012, PHP 5.4.0 - Installation: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/string.c
pierrick Thu, 01 Mar 2012 15:10:29 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323710
Log:
Fixed memory leak in substr_replace
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/string.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-01 15:10:23 UTC (rev 323709)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-01 15:10:29 UTC (rev 323710)
@@ -1,7 +1,10 @@
PHPNEWS
|||
?? ??? 2012, PHP 5.4.1 RC1
-
+
+- Standard:
+ . Fixed memory leak in substr_replace. (Pierrick)
+
01 Mar 2012, PHP 5.4.0
- autoconf 2.59+ is now supported (and required) for generating the
Modified: php/php-src/branches/PHP_5_4/ext/standard/string.c
===
--- php/php-src/branches/PHP_5_4/ext/standard/string.c 2012-03-01 15:10:23 UTC
(rev 323709)
+++ php/php-src/branches/PHP_5_4/ext/standard/string.c 2012-03-01 15:10:29 UTC
(rev 323710)
@@ -2518,6 +2518,9 @@
if(Z_REFCOUNT_P(orig_str) != refcount) {
php_error_docref(NULL
TSRMLS_CC, E_WARNING, Argument was modified while replacing);
+ if(Z_TYPE_PP(tmp_repl) !=
IS_STRING) {
+ zval_dtor(repl_str);
+ }
break;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/string.c
On 03/01/2012 07:10 PM, Pierrick Charron wrote: pierrick Thu, 01 Mar 2012 15:10:29 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323710 Log: Fixed memory leak in substr_replace +test ? -- Wbr, Antony Dovgal --- http://pinba.org - realtime profiling for PHP -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
sixd Thu, 01 Mar 2012 17:59:59 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323721
Log:
Tidy up PHP 5.4.0 section, incuding removing most (?) bugs in new
features found/fixed during RC phase, and removing 5.4 section entries
for bugs already publicly released in PHP = 5.3.10.
There are still many things in UPGRADING not mentioned here.
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-01 17:51:54 UTC (rev 323720)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-01 17:59:59 UTC (rev 323721)
@@ -7,25 +7,30 @@
01 Mar 2012, PHP 5.4.0
-- autoconf 2.59+ is now supported (and required) for generating the
- configure script with ./buildconf. Autoconf 2.60+ is desirable
- otherwise the configure help order may be incorrect. (Rasmus, Chris Jones)
+- Installation:
+ . autoconf 2.59+ is now supported (and required) for generating the
+configure script with ./buildconf. Autoconf 2.60+ is desirable
+otherwise the configure help order may be incorrect. (Rasmus, Chris Jones)
- Removed legacy features:
. break/continue $var syntax. (Dmitry)
- . Safe mode and all related ini options. (Kalle)
- . register_globals and register_long_arrays ini options. (Kalle)
+ . Safe mode and all related php.ini options. (Kalle)
+ . register_globals and register_long_arrays php.ini options. (Kalle)
. import_request_variables(). (Kalle)
. allow_call_time_pass_reference. (Pierrick)
- . define_syslog_variables ini option and its associated function. (Kalle)
- . highlight.bg ini option. (Kalle)
+ . define_syslog_variables php.ini option and its associated function. (Kalle)
+ . highlight.bg php.ini option. (Kalle)
+ . safe_mode, safe_mode_gid, safe_mode_include_dir,
+safe_mode_exec_dir, safe_mode_allowed_env_vars and
+safe_mode_protected_env_vars php.ini options.
+ . zend.ze1_compatibility_mode php.ini option.
. Session bug compatibility mode (session.bug_compat_42 and
-session.bug_compat_warn ini options). (Kalle)
+session.bug_compat_warn php.ini options). (Kalle)
. session_is_registered(), session_register() and session_unregister()
functions. (Kalle)
- . y2k_compliance ini option. (Kalle)
+ . y2k_compliance php.ini option. (Kalle)
. magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
-ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
+php.ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
but always return false, set_magic_quotes_runtime raises an
E_CORE_ERROR. (Pierrick, Pierre)
. Removed support for putenv(TZ=..) for setting the timezone. (Derick)
@@ -33,21 +38,21 @@
date.timezone or date_default_timezone_set(). Instead of a guessed
timezone, UTC is now used instead. (Derick)
-- Moved extensions to PECL: (Johannes)
+- Moved extensions to PECL:
. ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are
-not affected)
+not affected) (Johannes)
- General improvements:
. Added short array syntax support ([1,2,3]), see UPGRADING guide for full
details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com,
Pierre)
- . Added binary numbers format (0b001010). (Jonah dot Harris at gmail dot com)
+ . Added binary number format (0b001010). (Jonah dot Harris at gmail dot com)
. Added support for Class::{expr}() syntax (Pierrick)
- . Added multibyte support by default. Previously php had to be compiled
-with --enable-zend-multibyte. Now it can be enabled or disabled through
-zend.multibyte directive in php.ini. (Dmitry)
+ . Added multibyte support by default. Previously PHP had to be compiled
+with --enable-zend-multibyte. Now it can be enabled or disabled through
+the zend.multibyte directive in php.ini. (Dmitry)
. Removed compile time dependency from ext/mbstring (Dmitry)
- . Added support for Traits. (Stefan)
+ . Added support for Traits. (Stefan, with fixes by Dmitry and Laruence)
. Added closure $this support back. (Stas)
. Added array dereferencing support. (Felipe)
. Added callable typehint. (Hannes)
@@ -59,21 +64,21 @@
. Implemented Zend Signal Handling (configurable option --enable-zend-signals,
off by default). (Lucas Nealan, Arnaud Le Blanc, Brian Shire, Ilia)
. Improved output layer, see README.NEW-OUTPUT-API for internals. (Mike)
- . Improved unix build system to allow building multiple PHP binary SAPIs and
+ . Improved UNIX build system to allow building multiple PHP binary SAPIs and
one SAPI module the same time. FR #53271, FR #52419. (Jani)
. Implemented closure rebinding as parameter to bindTo. (Gustavo Lopes)
. Improved the warning message of incompatible arguments. (Laruence)
. Improved ternary operator performance when returning arrays. (Arnaud, Dmitry)
.
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/string.c
Test for bug #55871 is already covering this issue. P. On 1 March 2012 11:35, Antony Dovgal t...@daylessday.org wrote: On 03/01/2012 07:10 PM, Pierrick Charron wrote: pierrick Thu, 01 Mar 2012 15:10:29 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323710 Log: Fixed memory leak in substr_replace +test ? -- Wbr, Antony Dovgal --- http://pinba.org - realtime profiling for PHP -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS main/main.c
rasmus Thu, 01 Mar 2012 22:49:03 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323739 Log: Merge: make max_file_uploads PHP_INI_SYSTEM|PHP_INI_PERDIR Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/main/main.c Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-01 22:48:49 UTC (rev 323738) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-01 22:49:03 UTC (rev 323739) @@ -4,6 +4,7 @@ - Standard: . Fixed memory leak in substr_replace. (Pierrick) + . make max_file_uploads ini directive settable outside of php.ini (Rasmus) 01 Mar 2012, PHP 5.4.0 Modified: php/php-src/branches/PHP_5_4/main/main.c === --- php/php-src/branches/PHP_5_4/main/main.c2012-03-01 22:48:49 UTC (rev 323738) +++ php/php-src/branches/PHP_5_4/main/main.c2012-03-01 22:49:03 UTC (rev 323739) @@ -552,7 +552,7 @@ PHP_INI_ENTRY(mail.force_extra_parameters,NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra) PHP_INI_ENTRY(disable_functions, , PHP_INI_SYSTEM, NULL) PHP_INI_ENTRY(disable_classes,, PHP_INI_SYSTEM, NULL) - PHP_INI_ENTRY(max_file_uploads, 20, PHP_INI_SYSTEM, NULL) + PHP_INI_ENTRY(max_file_uploads, 20, PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) STD_PHP_INI_BOOLEAN(allow_url_fopen, 1, PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) STD_PHP_INI_BOOLEAN(allow_url_include,0, PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug61165.phpt branches/PHP_5_4/Zend/zend_API.c trunk/NEWS
laruence Fri, 02 Mar 2012 02:51:57 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323765
Log:
MFH: Fix bug #61165 (Segfault - strip_tags())
Bug: https://bugs.php.net/61165 (Assigned) Segfault - strip_tags()
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug61165.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_API.c
U php/php-src/trunk/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 02:38:18 UTC (rev 323764)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 02:51:57 UTC (rev 323765)
@@ -4,6 +4,7 @@
- Core:
. Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick)
+ . Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug61165.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug61165.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug61165.phpt 2012-03-02
02:51:57 UTC (rev 323765)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #61165 (Segfault - strip_tags())
+--FILE--
+?php
+
+$handler = NULL;
+class T {
+public $_this;
+
+public function __toString() {
+ global $handler;
+ $handler = $this;
+$this-_this = $this; // -- uncoment this
+return 'A';
+}
+}
+
+$t = new T;
+for ($i = 0; $i 3; $i++) {
+strip_tags($t);
+ strip_tags(new T);
+}
+var_dump($handler);
+--EXPECTF--
+object(T)#%d (1) {
+ [_this]=
+ *RECURSION*
+}
Modified: php/php-src/branches/PHP_5_4/Zend/zend_API.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_API.c2012-03-02 02:38:18 UTC
(rev 323764)
+++ php/php-src/branches/PHP_5_4/Zend/zend_API.c2012-03-02 02:51:57 UTC
(rev 323765)
@@ -262,12 +262,16 @@
static int parse_arg_object_to_string(zval **arg, char **p, int *pl, int type
TSRMLS_DC) /* {{{ */
{
if (Z_OBJ_HANDLER_PP(arg, cast_object)) {
- SEPARATE_ZVAL_IF_NOT_REF(arg);
- if (Z_OBJ_HANDLER_PP(arg, cast_object)(*arg, *arg, type
TSRMLS_CC) == SUCCESS) {
+ zval *obj;
+ MAKE_STD_ZVAL(obj);
+ if (Z_OBJ_HANDLER_P(*arg, cast_object)(*arg, obj, type
TSRMLS_CC) == SUCCESS) {
+ zval_ptr_dtor(arg);
+ *arg = obj;
*pl = Z_STRLEN_PP(arg);
*p = Z_STRVAL_PP(arg);
return SUCCESS;
}
+ efree(obj);
}
/* Standard PHP objects */
if (Z_OBJ_HT_PP(arg) == std_object_handlers || !Z_OBJ_HANDLER_PP(arg,
cast_object)) {
Modified: php/php-src/trunk/NEWS
===
--- php/php-src/trunk/NEWS 2012-03-02 02:38:18 UTC (rev 323764)
+++ php/php-src/trunk/NEWS 2012-03-02 02:51:57 UTC (rev 323765)
@@ -6,7 +6,6 @@
. World domination
- Core:
- . Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
. Fixed bug #61011 (Crash when an exception is thrown by __autoload
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_builtin_functions.c trunk/NEWS
laruence Fri, 02 Mar 2012 02:56:08 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323766
Log:
MFH: Fixed bug #61072 (Memory leak when restoring an exception handler).
Bug: https://bugs.php.net/61072 (Assigned) Memory leak when restoring an
exception handler
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend_builtin_functions.c
U php/php-src/trunk/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 02:51:57 UTC (rev 323765)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 02:56:08 UTC (rev 323766)
@@ -5,6 +5,8 @@
- Core:
. Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick)
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
+ . Fixed bug #61072 (Memory leak when restoring an exception handler).
+(Nikic, Laruence)
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
Modified: php/php-src/branches/PHP_5_4/Zend/zend_builtin_functions.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_builtin_functions.c 2012-03-02
02:51:57 UTC (rev 323765)
+++ php/php-src/branches/PHP_5_4/Zend/zend_builtin_functions.c 2012-03-02
02:56:08 UTC (rev 323766)
@@ -1615,8 +1615,7 @@
RETURN_TRUE;
}
- *EG(user_exception_handler) = *exception_handler;
- zval_copy_ctor(EG(user_exception_handler));
+ MAKE_COPY_ZVAL(exception_handler, EG(user_exception_handler));
if (!had_orig_exception_handler) {
RETURN_NULL();
Modified: php/php-src/trunk/NEWS
===
--- php/php-src/trunk/NEWS 2012-03-02 02:51:57 UTC (rev 323765)
+++ php/php-src/trunk/NEWS 2012-03-02 02:56:08 UTC (rev 323766)
@@ -6,8 +6,6 @@
. World domination
- Core:
- . Fixed bug #61072 (Memory leak when restoring an exception handler).
-(Nikic, Laruence)
. Fixed bug #61011 (Crash when an exception is thrown by __autoload
accessing a static property). (Laruence)
. Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug61011.phpt branches/PHP_5_4/Zend/zend_vm_def.h branches/PHP_5_4/Zend/zend_vm_execute.h trunk/NEWS
laruence Fri, 02 Mar 2012 03:12:15 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323767
Log:
MFH: Fixed bug #61011 (Crash when an exception is thrown by __autoload
accessing a static property)
Bug: https://bugs.php.net/61011 (Assigned) Crash when an exception is thrown by
__autoload accessing a static property
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug61011.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h
U php/php-src/branches/PHP_5_4/Zend/zend_vm_execute.h
U php/php-src/trunk/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 02:56:08 UTC (rev 323766)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:12:15 UTC (rev 323767)
@@ -7,6 +7,8 @@
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
+ . Fixed bug #61011 (Crash when an exception is thrown by __autoload
+accessing a static property). (Laruence)
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug61011.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug61011.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug61011.phpt 2012-03-02 03:12:15 UTC (rev 323767)
@@ -0,0 +1,35 @@
+--TEST--
+Bug #61011 (Crash when an exception is thrown by __autoload accessing a static property)
+--FILE--
+?php
+function __autoload($name) {
+ throw new Exception($name);
+}
+try {
+ echo AAA::$a; //zend_fetch_var_address_helper
+} catch (Exception $e) {
+ try {
+ echo AAA::XXX; //ZEND_FETCH_CONSTANT
+ } catch (Exception $e) {
+ try {
+ echo AAA::foo(); //ZEND_INIT_STATIC_METHOD_CALL
+ } catch (Exception $e) {
+ try {
+unset(AAA::$a); // ZEND_UNSET_VAR
+ } catch (Exception $e){
+try {
+ isset(::$a); // ZEND_ISSET_ISEMPTY_VAR
+} catch (Exception $e) {
+ try {
+ $a = array(AAA, foo);
+ $a(); //ZEND_INIT_FCALL_BY_NAME
+ } catch (Exception $e) {
+ }
+}
+ }
+ }
+ }
+}
+echo 'okey';
+--EXPECT--
+okey
Modified: php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h
===
--- php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h 2012-03-02 02:56:08 UTC (rev 323766)
+++ php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h 2012-03-02 03:12:15 UTC (rev 323767)
@@ -1039,6 +1039,14 @@
ce = CACHED_PTR(opline-op2.literal-cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline-op2.zv), Z_STRLEN_P(opline-op2.zv), opline-op2.literal + 1, 0 TSRMLS_CC);
+if (UNEXPECTED(ce == NULL)) {
+ if (OP1_TYPE != IS_CONST varname == tmp_varname) {
+ zval_dtor(tmp_varname);
+ }
+ FREE_OP1();
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
+}
CACHE_PTR(opline-op2.literal-cache_slot, ce);
}
} else {
@@ -2234,7 +2242,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline-op1.zv), Z_STRLEN_P(opline-op1.zv), opline-op1.literal + 1, opline-extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
-zend_error_noreturn(E_ERROR, Class '%s' not found, Z_STRVAL_P(opline-op1.zv));
+CHECK_EXCEPTION();
+ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline-op1.literal-cache_slot, ce);
}
@@ -2414,7 +2423,8 @@
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, Class '%s' not found, Z_STRVAL_PP(obj));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
EX(called_scope) = ce;
EX(object) = NULL;
@@ -2964,6 +2974,7 @@
catch_ce = CACHED_PTR(opline-op1.literal-cache_slot);
} else {
catch_ce = zend_fetch_class_by_name(Z_STRVAL_P(opline-op1.zv), Z_STRLEN_P(opline-op1.zv), opline-op1.literal + 1, ZEND_FETCH_CLASS_NO_AUTOLOAD TSRMLS_CC);
+
CACHE_PTR(opline-op1.literal-cache_slot, catch_ce);
}
ce = Z_OBJCE_P(EG(exception));
@@ -3492,7 +3503,8 @@
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline-op1.zv), Z_STRLEN_P(opline-op1.zv), opline-op1.literal + 1, opline-extended_value TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
- zend_error_noreturn(E_ERROR, Undefined class constant '%s', Z_STRVAL_P(opline-op2.zv));
+ CHECK_EXCEPTION();
+ ZEND_VM_NEXT_OPCODE();
}
CACHE_PTR(opline-op1.literal-cache_slot, ce);
}
@@ -3879,6 +3891,16 @@
ce = CACHED_PTR(opline-op2.literal-cache_slot);
} else {
ce = zend_fetch_class_by_name(Z_STRVAL_P(opline-op2.zv), Z_STRLEN_P(opline-op2.zv), opline-op2.literal + 1, 0 TSRMLS_CC);
+if (UNEXPECTED(ce == NULL)) {
+ if (OP1_TYPE !=
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/php_variables.c branches/PHP_5_4/tests/basic/bug61000.phpt trunk/NEWS
laruence Fri, 02 Mar 2012 03:18:04 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323769
Log:
MFH: Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
vars)
Bug: https://bugs.php.net/61000 (Assigned) Exceeding max nesting level doesn't
delete numerical vars
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/php_variables.c
A php/php-src/branches/PHP_5_4/tests/basic/bug61000.phpt
U php/php-src/trunk/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:14:20 UTC (rev 323768)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:18:04 UTC (rev 323769)
@@ -9,6 +9,8 @@
(Nikic, Laruence)
. Fixed bug #61011 (Crash when an exception is thrown by __autoload
accessing a static property). (Laruence)
+ . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
+vars). (Laruence)
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
Modified: php/php-src/branches/PHP_5_4/main/php_variables.c
===
--- php/php-src/branches/PHP_5_4/main/php_variables.c 2012-03-02 03:14:20 UTC
(rev 323768)
+++ php/php-src/branches/PHP_5_4/main/php_variables.c 2012-03-02 03:18:04 UTC
(rev 323769)
@@ -133,7 +133,7 @@
if (track_vars_array) {
ht = Z_ARRVAL_P(track_vars_array);
- zend_hash_del(ht, var, var_len + 1);
+ zend_symtable_del(ht, var, var_len + 1);
}
zval_dtor(val);
Added: php/php-src/branches/PHP_5_4/tests/basic/bug61000.phpt
===
--- php/php-src/branches/PHP_5_4/tests/basic/bug61000.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/tests/basic/bug61000.phpt 2012-03-02
03:18:04 UTC (rev 323769)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #61000 (Exceeding max nesting level doesn't delete numerical vars)
+--INI--
+max_input_nesting_level=2
+--POST--
+1[a][]=foo1[a][b][c]=bar
+--GET--
+a[a][]=fooa[a][b][c]=bar
+--FILE--
+?php
+print_r($_GET);
+print_r($_POST);
+--EXPECTF--
+Array
+(
+)
+Array
+(
+)
Modified: php/php-src/trunk/NEWS
===
--- php/php-src/trunk/NEWS 2012-03-02 03:14:20 UTC (rev 323768)
+++ php/php-src/trunk/NEWS 2012-03-02 03:18:04 UTC (rev 323769)
@@ -6,8 +6,6 @@
. World domination
- Core:
- . Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
-vars). (Laruence)
. Fixed bug #60978 (exit code incorrect). (Laruence)
. Fixed bug #60573 (type hinting with self keyword causes weird errors).
(Laruence)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug60978.phpt branches/PHP_5_4/Zend/zend_execute_API.c trunk/NEWS trunk/Zend/tests/bug60978.phpt
laruence Fri, 02 Mar 2012 03:25:41 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323771
Log:
MFH: Fixed bug #60978 (exit code incorrect)
Bug: https://bugs.php.net/60978 (Assigned) exit code incorrect
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug60978.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_execute_API.c
U php/php-src/trunk/NEWS
U php/php-src/trunk/Zend/tests/bug60978.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:20:50 UTC (rev 323770)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:25:41 UTC (rev 323771)
@@ -11,6 +11,7 @@
accessing a static property). (Laruence)
. Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
vars). (Laruence)
+ . Fixed bug #60978 (exit code incorrect). (Laruence)
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60978.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60978.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60978.phpt 2012-03-02
03:25:41 UTC (rev 323771)
@@ -0,0 +1,10 @@
+--TEST--
+Bug #60978 (exit code incorrect)
+--FILE--
+?php
+$php = getenv('TEST_PHP_EXECUTABLE');
+exec($php . ' -n -r exit(2);', $output, $exit_code);
+echo $exit_code;
+?
+--EXPECT--
+2
Property changes on: php/php-src/branches/PHP_5_4/Zend/tests/bug60978.phpt
___
Added: svn:executable
+ *
Modified: php/php-src/branches/PHP_5_4/Zend/zend_execute_API.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_execute_API.c2012-03-02
03:20:50 UTC (rev 323770)
+++ php/php-src/branches/PHP_5_4/Zend/zend_execute_API.c2012-03-02
03:25:41 UTC (rev 323771)
@@ -1195,7 +1195,13 @@
}
CG(interactive) = 0;
- zend_execute(new_op_array TSRMLS_CC);
+ zend_try {
+ zend_execute(new_op_array TSRMLS_CC);
+ } zend_catch {
+ destroy_op_array(new_op_array TSRMLS_CC);
+ efree(new_op_array);
+ zend_bailout();
+ } zend_end_try();
CG(interactive) = orig_interactive;
if (local_retval_ptr) {
Modified: php/php-src/trunk/NEWS
===
--- php/php-src/trunk/NEWS 2012-03-02 03:20:50 UTC (rev 323770)
+++ php/php-src/trunk/NEWS 2012-03-02 03:25:41 UTC (rev 323771)
@@ -6,7 +6,6 @@
. World domination
- Core:
- . Fixed bug #60978 (exit code incorrect). (Laruence)
. Fixed bug #60573 (type hinting with self keyword causes weird errors).
(Laruence)
Modified: php/php-src/trunk/Zend/tests/bug60978.phpt
===
--- php/php-src/trunk/Zend/tests/bug60978.phpt 2012-03-02 03:20:50 UTC (rev
323770)
+++ php/php-src/trunk/Zend/tests/bug60978.phpt 2012-03-02 03:25:41 UTC (rev
323771)
@@ -3,7 +3,7 @@
--FILE--
?php
$php = getenv('TEST_PHP_EXECUTABLE');
-exec($php . ' -r exit(2);', $output, $exit_code);
+exec($php . '-n -r exit(2);', $output, $exit_code);
echo $exit_code;
?
--EXPECT--
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug60573.phpt branches/PHP_5_4/Zend/zend_compile.c trunk/NEWS
laruence Fri, 02 Mar 2012 03:32:12 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323773
Log:
MFH: Fixed bug #60573 (type hinting with self keyword causes weird errors)
Bug: https://bugs.php.net/60573 (Assigned) type hinting with self keyword
causes weird errors
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug60573.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
U php/php-src/trunk/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:29:24 UTC (rev 323772)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:32:12 UTC (rev 323773)
@@ -12,6 +12,8 @@
. Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical
vars). (Laruence)
. Fixed bug #60978 (exit code incorrect). (Laruence)
+ . Fixed bug #60573 (type hinting with self keyword causes weird errors).
+(Laruence)
- Standard:
. Fixed memory leak in substr_replace. (Pierrick)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60573.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60573.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60573.phpt 2012-03-02
03:32:12 UTC (rev 323773)
@@ -0,0 +1,84 @@
+--TEST--
+Bug #60573 (type hinting with self keyword causes weird errors)
+--FILE--
+?php
+class Foo1 {
+
+public function setSelf(self $s) { }
+
+}
+
+class Bar1 extends Foo1 {
+
+public function setSelf(parent $s) { }
+
+}
+
+class Foo2 {
+
+public function setSelf(Foo2 $s) { }
+
+}
+
+class Bar2 extends Foo2 {
+
+public function setSelf(parent $s) { }
+
+}
+
+class Base {
+}
+
+class Foo3 extends Base{
+
+public function setSelf(parent $s) { }
+
+}
+
+class Bar3 extends Foo3 {
+
+public function setSelf(Base $s) { }
+
+}
+
+class Foo4 {
+
+public function setSelf(self $s) { }
+
+}
+
+class Bar4 extends Foo4 {
+
+public function setSelf(self $s) { }
+
+}
+
+class Foo5 extends Base {
+
+public function setSelf(parent $s) { }
+
+}
+
+class Bar5 extends Foo5 {
+
+public function setSelf(parent $s) { }
+
+}
+
+abstract class Foo6 extends Base {
+
+abstract public function setSelf(parent $s);
+
+}
+
+class Bar6 extends Foo6 {
+
+public function setSelf(Foo6 $s) { }
+
+}
+--EXPECTF--
+Strict Standards: Declaration of Bar4::setSelf() should be compatible with
Foo4::setSelf(Foo4 $s) in %sbug60573.php on line %d
+
+Strict Standards: Declaration of Bar5::setSelf() should be compatible with
Foo5::setSelf(Base $s) in %sbug60573.php on line %d
+
+Fatal error: Declaration of Bar6::setSelf() must be compatible with
Foo6::setSelf(Base $s) in %sbug60573.php on line %d
Property changes on: php/php-src/branches/PHP_5_4/Zend/tests/bug60573.phpt
___
Added: svn:executable
+ *
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c2012-03-02 03:29:24 UTC
(rev 323772)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c2012-03-02 03:32:12 UTC
(rev 323773)
@@ -2958,30 +2958,57 @@
/* Only one has a type hint and the other one doesn't */
return 0;
}
- if (fe-common.arg_info[i].class_name
-strcasecmp(fe-common.arg_info[i].class_name,
proto-common.arg_info[i].class_name)!=0) {
- const char *colon;
- if (fe-common.type != ZEND_USER_FUNCTION) {
- return 0;
- } else if (strchr(proto-common.arg_info[i].class_name,
'\\') != NULL ||
- (colon =
zend_memrchr(fe-common.arg_info[i].class_name, '\\',
fe-common.arg_info[i].class_name_len)) == NULL ||
- strcasecmp(colon+1,
proto-common.arg_info[i].class_name) != 0) {
- zend_class_entry **fe_ce, **proto_ce;
- int found, found2;
-
- found =
zend_lookup_class(fe-common.arg_info[i].class_name,
fe-common.arg_info[i].class_name_len, fe_ce TSRMLS_CC);
- found2 =
zend_lookup_class(proto-common.arg_info[i].class_name,
proto-common.arg_info[i].class_name_len, proto_ce TSRMLS_CC);
-
- /* Check for class alias */
- if (found != SUCCESS || found2 != SUCCESS ||
- (*fe_ce)-type == ZEND_INTERNAL_CLASS ||
- (*proto_ce)-type ==
ZEND_INTERNAL_CLASS ||
- *fe_ce != *proto_ce) {
+ if
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/reflection/php_reflection.c branches/PHP_5_4/ext/reflection/tests/bug60367.phpt trunk/NEWS
laruence Fri, 02 Mar 2012 03:36:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323777 Log: MFH: Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()) Bug: https://bugs.php.net/60968 (Assigned) Late static binding doesn't work with ReflectionMethod::invokeArgs() Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c U php/php-src/branches/PHP_5_4/ext/reflection/tests/bug60367.phpt U php/php-src/trunk/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:34:03 UTC (rev 323776) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:36:30 UTC (rev 323777) @@ -22,6 +22,10 @@ - Installation . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) +- Reflection: + . Fixed bug #60968 (Late static binding doesn't work with +ReflectionMethod::invokeArgs()). (Laruence) + 01 Mar 2012, PHP 5.4.0 - Installation: Modified: php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c === --- php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c 2012-03-02 03:34:03 UTC (rev 323776) +++ php/php-src/branches/PHP_5_4/ext/reflection/php_reflection.c 2012-03-02 03:36:30 UTC (rev 323777) @@ -2920,7 +2920,7 @@ fcc.initialized = 1; fcc.function_handler = mptr; fcc.calling_scope = obj_ce; - fcc.called_scope = obj_ce; + fcc.called_scope = intern-ce; fcc.object_ptr = object; result = zend_call_function(fci, fcc TSRMLS_CC); Modified: php/php-src/branches/PHP_5_4/ext/reflection/tests/bug60367.phpt === --- php/php-src/branches/PHP_5_4/ext/reflection/tests/bug60367.phpt 2012-03-02 03:34:03 UTC (rev 323776) +++ php/php-src/branches/PHP_5_4/ext/reflection/tests/bug60367.phpt 2012-03-02 03:36:30 UTC (rev 323777) @@ -20,7 +20,9 @@ $method = new ReflectionMethod(b::call); $method-invoke(null); +$method-invokeArgs(null, array()); $method = new ReflectionMethod(A::call); $method-invoke(null); +$method-invokeArgs(null, array()); --EXPECTF-- -BA +BBAA Modified: php/php-src/trunk/NEWS === --- php/php-src/trunk/NEWS 2012-03-02 03:34:03 UTC (rev 323776) +++ php/php-src/trunk/NEWS 2012-03-02 03:36:30 UTC (rev 323777) @@ -31,10 +31,6 @@ - pgsql . Added pg_escape_literal() and pg_escape_identifier() (Yasuo) -- Reflection: - . Fixed bug #60968 (Late static binding doesn't work with -ReflectionMethod::invokeArgs()). (Laruence) - - Array: . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). (Laruence) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS sapi/cli/php_cli_server.c
rasmus Fri, 02 Mar 2012 03:38:04 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323778
Log:
CLI Server was sending Connection: closed instead of Connection: close
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:36:30 UTC (rev 323777)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:38:04 UTC (rev 323778)
@@ -2,6 +2,9 @@
|||
?? ??? 2012, PHP 5.4.1 RC1
+- CLI Server:
+ . Connection: close instead of Connection: closed (Rasmus)
+
- Core:
. Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick)
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
Modified: php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c
===
--- php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c 2012-03-02
03:36:30 UTC (rev 323777)
+++ php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c 2012-03-02
03:38:04 UTC (rev 323778)
@@ -351,7 +351,7 @@
smart_str_appendl_ex(buffer, \r\n, 2, persistent);
}
}
- smart_str_appendl_ex(buffer, Connection: closed\r\n,
sizeof(Connection: closed\r\n) - 1, persistent);
+ smart_str_appendl_ex(buffer, Connection: close\r\n,
sizeof(Connection: close\r\n) - 1, persistent);
} /* }}} */
static const char *get_mime_type(const char *ext, size_t ext_len) /* {{{ */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
rasmus Fri, 02 Mar 2012 03:40:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323780 Log: Actually, this was a merge from trunk, and Gustavo did it originally. Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:39:04 UTC (rev 323779) +++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:40:08 UTC (rev 323780) @@ -3,7 +3,7 @@ ?? ??? 2012, PHP 5.4.1 RC1 - CLI Server: - . Connection: close instead of Connection: closed (Rasmus) + . Connection: close instead of Connection: closed (Gustavo) - Core: . Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/standard/array.c branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt trunk/NEWS
laruence Fri, 02 Mar 2012 03:40:40 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323782
Log:
MFH: Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX)
Bug: https://bugs.php.net/61058 (Assigned) array_fill leaks if start index is
PHP_INT_MAX
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/array.c
A php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt
U php/php-src/trunk/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:40:30 UTC (rev 323781)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:40:40 UTC (rev 323782)
@@ -30,6 +30,10 @@
. Fixed bug #60968 (Late static binding doesn't work with
ReflectionMethod::invokeArgs()). (Laruence)
+- Array:
+ . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
+(Laruence)
+
01 Mar 2012, PHP 5.4.0
- Installation:
Modified: php/php-src/branches/PHP_5_4/ext/standard/array.c
===
--- php/php-src/branches/PHP_5_4/ext/standard/array.c 2012-03-02 03:40:30 UTC
(rev 323781)
+++ php/php-src/branches/PHP_5_4/ext/standard/array.c 2012-03-02 03:40:40 UTC
(rev 323782)
@@ -1563,12 +1563,17 @@
array_init_size(return_value, num);
num--;
+ zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, val,
sizeof(zval *), NULL);
zval_add_ref(val);
- zend_hash_index_update(Z_ARRVAL_P(return_value), start_key, val,
sizeof(zval *), NULL);
while (num--) {
- zval_add_ref(val);
- zend_hash_next_index_insert(Z_ARRVAL_P(return_value), val,
sizeof(zval *), NULL);
+ if (zend_hash_next_index_insert(Z_ARRVAL_P(return_value), val,
sizeof(zval *), NULL) == SUCCESS) {
+ zval_add_ref(val);
+ } else {
+ zval_dtor(return_value);
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Cannot add
element to the array as the next element is already occupied);
+ RETURN_FALSE;
+ }
}
}
/* }}} */
Added: php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt
===
--- php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/ext/standard/tests/array/bug61058.phpt
2012-03-02 03:40:40 UTC (rev 323782)
@@ -0,0 +1,8 @@
+--TEST--
+Bug #61058 (array_fill leaks if start index is PHP_INT_MAX)
+--FILE--
+?php
+array_fill(PHP_INT_MAX, 2, '*');
+?
+--EXPECTF--
+Warning: array_fill(): Cannot add element to the array as the next element is
already occupied in %sbug61058.php on line %d
Modified: php/php-src/trunk/NEWS
===
--- php/php-src/trunk/NEWS 2012-03-02 03:40:30 UTC (rev 323781)
+++ php/php-src/trunk/NEWS 2012-03-02 03:40:40 UTC (rev 323782)
@@ -31,8 +31,4 @@
- pgsql
. Added pg_escape_literal() and pg_escape_identifier() (Yasuo)
-- Array:
- . Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX).
-(Laruence)
-
NOTE: Insert NEWS from last stable release here prior to actual release!
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS Zend/tests/bug61087.phpt Zend/zend_ini_scanner.c Zend/zend_ini_scanner.l Zend/zend_ini_scanner_defs.h
laruence Fri, 02 Mar 2012 03:52:06 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323786
Log:
MFH: Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid
scanner mode)
Bug: https://bugs.php.net/61087 (Assigned) Memory leak in parse_ini_file when
specifying invalid scanner mode
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug61087.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_ini_scanner.c
U php/php-src/branches/PHP_5_4/Zend/zend_ini_scanner.l
U php/php-src/branches/PHP_5_4/Zend/zend_ini_scanner_defs.h
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:51:26 UTC (rev 323785)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-03-02 03:52:06 UTC (rev 323786)
@@ -8,6 +8,8 @@
- Core:
. Fixed bug #61225 (Incorect lexing of 0b00*+NUM). (Pierrick)
. Fixed bug #61165 (Segfault - strip_tags()). (Laruence)
+ . Fixed bug #61087 (Memory leak in parse_ini_file when specifying
+invalid scanner mode). (Nikic, Laruence)
. Fixed bug #61072 (Memory leak when restoring an exception handler).
(Nikic, Laruence)
. Fixed bug #61011 (Crash when an exception is thrown by __autoload
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug61087.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug61087.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug61087.phpt 2012-03-02 03:52:06 UTC (rev 323786)
@@ -0,0 +1,10 @@
+--TEST--
+Bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode)
+--FILE--
+?php
+// the used file is actually irrelevant, so just use this file
+// even though it's not an .ini
+parse_ini_file(__FILE__, false, 100);
+?
+--EXPECTF--
+Warning: Invalid scanner mode in %s on line %d
Modified: php/php-src/branches/PHP_5_4/Zend/zend_ini_scanner.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_ini_scanner.c 2012-03-02 03:51:26 UTC (rev 323785)
+++ php/php-src/branches/PHP_5_4/Zend/zend_ini_scanner.c 2012-03-02 03:52:06 UTC (rev 323786)
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.13.5 on Mon Jan 17 14:03:33 2011 */
+/* Generated by re2c 0.13.5 on Fri Mar 2 11:49:21 2012 */
#line 1 Zend/zend_ini_scanner.l
/*
+--+
@@ -230,12 +230,15 @@
char *buf;
size_t size;
- if (zend_stream_fixup(fh, buf, size TSRMLS_CC) == FAILURE ||
- init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE
- ) {
+ if (zend_stream_fixup(fh, buf, size TSRMLS_CC) == FAILURE) {
return FAILURE;
}
+ if (init_ini_scanner(scanner_mode, fh TSRMLS_CC) == FAILURE) {
+ zend_file_handle_dtor(fh TSRMLS_CC);
+ return FAILURE;
+ }
+
yy_scan_buffer(buf, size TSRMLS_CC);
return SUCCESS;
@@ -330,7 +333,7 @@
}
}
-#line 334 Zend/zend_ini_scanner.c
+#line 337 Zend/zend_ini_scanner.c
{
YYCTYPE yych;
unsigned int yyaccept = 0;
@@ -459,7 +462,7 @@
yy3:
YYDEBUG(3, *YYCURSOR);
yyleng = YYCURSOR - SCNG(yy_text);
-#line 426 Zend/zend_ini_scanner.l
+#line 429 Zend/zend_ini_scanner.l
{ /* Get option name */
/* Eat leading whitespace */
EAT_LEADING_WHITESPACE();
@@ -469,7 +472,7 @@
RETURN_TOKEN(TC_LABEL, yytext, yyleng);
}
-#line 473 Zend/zend_ini_scanner.c
+#line 476 Zend/zend_ini_scanner.c
yy4:
YYDEBUG(4, *YYCURSOR);
yyaccept = 0;
@@ -478,24 +481,24 @@
yy5:
YYDEBUG(5, *YYCURSOR);
yyleng = YYCURSOR - SCNG(yy_text);
-#line 544 Zend/zend_ini_scanner.l
+#line 547 Zend/zend_ini_scanner.l
{
/* eat whitespace */
goto restart;
}
-#line 487 Zend/zend_ini_scanner.c
+#line 490 Zend/zend_ini_scanner.c
yy6:
YYDEBUG(6, *YYCURSOR);
++YYCURSOR;
yy7:
YYDEBUG(7, *YYCURSOR);
yyleng = YYCURSOR - SCNG(yy_text);
-#line 549 Zend/zend_ini_scanner.l
+#line 552 Zend/zend_ini_scanner.l
{
SCNG(lineno)++;
return END_OF_LINE;
}
-#line 499 Zend/zend_ini_scanner.c
+#line 502 Zend/zend_ini_scanner.c
yy8:
YYDEBUG(8, *YYCURSOR);
yych = *++YYCURSOR;
@@ -530,11 +533,11 @@
++YYCURSOR;
YYDEBUG(11, *YYCURSOR);
yyleng = YYCURSOR - SCNG(yy_text);
-#line 472 Zend/zend_ini_scanner.l
+#line 475 Zend/zend_ini_scanner.l
{ /* Disallow these chars outside option values */
return yytext[0];
}
-#line 538 Zend/zend_ini_scanner.c
+#line 541 Zend/zend_ini_scanner.c
yy12:
YYDEBUG(12, *YYCURSOR);
yyaccept = 1;
@@ -551,11 +554,11 @@
goto yy54;
YYDEBUG(15, *YYCURSOR);
yyleng = YYCURSOR - SCNG(yy_text);
-#line 572 Zend/zend_ini_scanner.l
+#line 575 Zend/zend_ini_scanner.l
{
return 0;
}
-#line 559 Zend/zend_ini_scanner.c
+#line 562 Zend/zend_ini_scanner.c
yy16:
YYDEBUG(16, *YYCURSOR);
++YYCURSOR;
@@ -564,7 +567,7 @@
yy17:
YYDEBUG(17, *YYCURSOR);
yyleng = YYCURSOR -
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/standard/var_unserializer.c branches/PHP_5_4/ext/standard/var_unserializer.re trunk/ext/standard/var_unserializer.c trunk/ext/st
pajoye Tue, 28 Feb 2012 18:36:10 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323633
Log:
- fix bug #60879, unserialize does not invoke __wakeup
Bug: https://bugs.php.net/60879 (Closed) unserialize() Does not invoke
__wakeup() on object
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.c
U php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.re
U php/php-src/trunk/ext/standard/var_unserializer.c
U php/php-src/trunk/ext/standard/var_unserializer.re
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-28 17:22:32 UTC (rev 323632)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-28 18:36:10 UTC (rev 323633)
@@ -13,6 +13,8 @@
default (Stas).
. Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false). (Gustavo)
+ . Fixed bug #60879 (unserialize() Does not invoke __wakeup() on object).
+(Pierre, Steve)
. Fixed output layer compat function not passing along input buffer with
php_output_context_pass() if the output_handler_func does not set out_str
(releaze3 at gmail dot com, Mike)
Modified: php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.c
===
--- php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.c
2012-02-28 17:22:32 UTC (rev 323632)
+++ php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.c
2012-02-28 18:36:10 UTC (rev 323633)
@@ -375,6 +375,9 @@
return elements;
}
+#ifdef PHP_WIN32
+# pragma optimize(, off)
+#endif
static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
{
zval *retval_ptr = NULL;
@@ -399,6 +402,9 @@
return finish_nested_data(UNSERIALIZE_PASSTHRU);
}
+#ifdef PHP_WIN32
+# pragma optimize(, on)
+#endif
PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
{
Modified: php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.re
===
--- php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.re
2012-02-28 17:22:32 UTC (rev 323632)
+++ php/php-src/branches/PHP_5_4/ext/standard/var_unserializer.re
2012-02-28 18:36:10 UTC (rev 323633)
@@ -379,6 +379,9 @@
return elements;
}
+#ifdef PHP_WIN32
+# pragma optimize(, off)
+#endif
static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
{
zval *retval_ptr = NULL;
@@ -403,6 +406,9 @@
return finish_nested_data(UNSERIALIZE_PASSTHRU);
}
+#ifdef PHP_WIN32
+# pragma optimize(, on)
+#endif
PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
{
Modified: php/php-src/trunk/ext/standard/var_unserializer.c
===
--- php/php-src/trunk/ext/standard/var_unserializer.c 2012-02-28 17:22:32 UTC
(rev 323632)
+++ php/php-src/trunk/ext/standard/var_unserializer.c 2012-02-28 18:36:10 UTC
(rev 323633)
@@ -375,6 +375,9 @@
return elements;
}
+#ifdef PHP_WIN32
+# pragma optimize(, off)
+#endif
static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
{
zval *retval_ptr = NULL;
@@ -399,6 +402,9 @@
return finish_nested_data(UNSERIALIZE_PASSTHRU);
}
+#ifdef PHP_WIN32
+# pragma optimize(, on)
+#endif
PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
{
Modified: php/php-src/trunk/ext/standard/var_unserializer.re
===
--- php/php-src/trunk/ext/standard/var_unserializer.re 2012-02-28 17:22:32 UTC
(rev 323632)
+++ php/php-src/trunk/ext/standard/var_unserializer.re 2012-02-28 18:36:10 UTC
(rev 323633)
@@ -379,6 +379,9 @@
return elements;
}
+#ifdef PHP_WIN32
+# pragma optimize(, off)
+#endif
static inline int object_common2(UNSERIALIZE_PARAMETER, long elements)
{
zval *retval_ptr = NULL;
@@ -403,6 +406,9 @@
return finish_nested_data(UNSERIALIZE_PASSTHRU);
}
+#ifdef PHP_WIN32
+# pragma optimize(, on)
+#endif
PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER)
{
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
Stas, Some of those bug fixes listed under 5.4.0 are already fixed in 5.3.10. Random examples include the OCI8 fixes, OpenSSL fix 60279, Tidy fix 54682, and CURL fix 60439. Do you need a hand sorting out the dups? Chris On 02/28/2012 04:50 PM, Stanislav Malyshev wrote: stas Wed, 29 Feb 2012 00:50:00 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323645 Log: prepare NEWS for 5.4.0 Changed paths: U php/php-src/branches/PHP_5_4/NEWS -- Email: christopher.jo...@oracle.com Tel: +1 650 506 8630 Blog: http://blogs.oracle.com/opal/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Wed, 29 Feb 2012 07:24:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323658 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-29 07:22:43 UTC (rev 323657) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-29 07:24:27 UTC (rev 323658) @@ -1,5 +1,7 @@ PHPNEWS ||| +?? ??? 2012, PHP 5.4.1 RC1 + 01 Mar 2012, PHP 5.4.0 - autoconf 2.59+ is now supported (and required) for generating the Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2012-02-29 07:22:43 UTC (rev 323657) +++ php/php-src/branches/PHP_5_4/configure.in 2012-02-29 07:24:27 UTC (rev 323658) @@ -119,8 +119,8 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 -PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION= +PHP_RELEASE_VERSION=1 +PHP_EXTRA_VERSION=RC1-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-29 07:22:43 UTC (rev 323657) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-29 07:24:27 UTC (rev 323658) @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 -#define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION -#define PHP_VERSION 5.4.0 -#define PHP_VERSION_ID 50400 +#define PHP_RELEASE_VERSION 1 +#define PHP_EXTRA_VERSION RC1-dev +#define PHP_VERSION 5.4.1RC1-dev +#define PHP_VERSION_ID 50401 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
mike Thu, 16 Feb 2012 09:04:32 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323251 Log: NEWS for r323219 Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-16 08:00:00 UTC (rev 323250) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-16 09:04:32 UTC (rev 323251) @@ -10,6 +10,9 @@ default (Stas). . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false). (Gustavo) + . Fixed output layer compat function not passing along input buffer with +php_output_context_pass() if the output_handler_func does not set out_str +(releaze3 at gmail dot com, Mike) - CGI/FastCGI SAPI . Fixed reinitialization of SAPI callbacks after php_module_startup(). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/Zend.m4 branches/PHP_5_4/Zend/zend.h branches/PHP_5_4/main/main.c trunk/Zend/Zend.m4 trunk/Zend/zend.h trunk/main/main.c
stas Thu, 16 Feb 2012 01:51:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323245 Log: make ZEND_SIGNALS configurable, off by default also make ZEND_SIGNALS enabled and disabled binary-compatible Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/Zend/Zend.m4 U php/php-src/branches/PHP_5_4/Zend/zend.h U php/php-src/branches/PHP_5_4/main/main.c U php/php-src/trunk/Zend/Zend.m4 U php/php-src/trunk/Zend/zend.h U php/php-src/trunk/main/main.c Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-16 00:51:37 UTC (rev 323244) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-16 01:51:45 UTC (rev 323245) @@ -4,6 +4,8 @@ - Core: . Added ability to reset user opcode handlers (Yoram). . Improved max_input_vars directive to check nested variables (Dmitry). + . Made ZEND_SIGNALS configurable via --enable-zend-signals, off by +default (Stas). . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false). (Gustavo) Modified: php/php-src/branches/PHP_5_4/Zend/Zend.m4 === --- php/php-src/branches/PHP_5_4/Zend/Zend.m4 2012-02-16 00:51:37 UTC (rev 323244) +++ php/php-src/branches/PHP_5_4/Zend/Zend.m4 2012-02-16 01:51:45 UTC (rev 323245) @@ -393,14 +393,20 @@ AC_CHECK_FUNCS(mremap) +AC_ARG_ENABLE(zend-signals, +[ --enable-zend-signals Use zend signal handling],[ + ZEND_SIGNALS=$enableval +],[ + ZEND_SIGNALS=no +]) + AC_CHECK_FUNC(sigaction, [ - ZEND_SIGNALS=yes - AC_DEFINE(ZEND_SIGNALS, 1, [Use zend signal handling]) AC_DEFINE(HAVE_SIGACTION, 1, [Whether sigaction() is available]) ], [ ZEND_SIGNALS=no ]) if test $ZEND_SIGNALS = yes; then + AC_DEFINE(ZEND_SIGNALS, 1, [Use zend signal handling]) CFLAGS=$CFLAGS -DZEND_SIGNALS fi Modified: php/php-src/branches/PHP_5_4/Zend/zend.h === --- php/php-src/branches/PHP_5_4/Zend/zend.h2012-02-16 00:51:37 UTC (rev 323244) +++ php/php-src/branches/PHP_5_4/Zend/zend.h2012-02-16 01:51:45 UTC (rev 323245) @@ -531,10 +531,8 @@ int (*write_function)(const char *str, uint str_length); FILE *(*fopen_function)(const char *filename, char **opened_path TSRMLS_DC); void (*message_handler)(long message, const void *data TSRMLS_DC); -#ifndef ZEND_SIGNALS void (*block_interruptions)(void); void (*unblock_interruptions)(void); -#endif int (*get_configuration_directive)(const char *name, uint name_length, zval *contents); void (*ticks_function)(int ticks); void (*on_timeout)(int seconds TSRMLS_DC); @@ -677,10 +675,8 @@ extern ZEND_API int (*zend_printf)(const char *format, ...) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 1, 2); extern ZEND_API zend_write_func_t zend_write; extern ZEND_API FILE *(*zend_fopen)(const char *filename, char **opened_path TSRMLS_DC); -#ifndef ZEND_SIGNALS extern ZEND_API void (*zend_block_interruptions)(void); extern ZEND_API void (*zend_unblock_interruptions)(void); -#endif extern ZEND_API void (*zend_ticks_function)(int ticks); extern ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args) ZEND_ATTRIBUTE_PTR_FORMAT(printf, 4, 0); extern ZEND_API void (*zend_on_timeout)(int seconds TSRMLS_DC); Modified: php/php-src/branches/PHP_5_4/main/main.c === --- php/php-src/branches/PHP_5_4/main/main.c2012-02-16 00:51:37 UTC (rev 323244) +++ php/php-src/branches/PHP_5_4/main/main.c2012-02-16 01:51:45 UTC (rev 323245) @@ -1999,10 +1999,8 @@ zuf.write_function = php_output_wrapper; zuf.fopen_function = php_fopen_wrapper_for_zend; zuf.message_handler = php_message_handler_for_zend; -#ifndef ZEND_SIGNALS zuf.block_interruptions = sapi_module.block_interruptions; zuf.unblock_interruptions = sapi_module.unblock_interruptions; -#endif zuf.get_configuration_directive = php_get_configuration_directive_for_zend; zuf.ticks_function = php_run_ticks; zuf.on_timeout = php_on_timeout; Modified: php/php-src/trunk/Zend/Zend.m4 === --- php/php-src/trunk/Zend/Zend.m4 2012-02-16 00:51:37 UTC (rev 323244) +++ php/php-src/trunk/Zend/Zend.m4 2012-02-16 01:51:45 UTC (rev 323245) @@ -393,14 +393,20 @@ AC_CHECK_FUNCS(mremap) +AC_ARG_ENABLE(zend-signals, +[ --enable-zend-signals Use zend signal handling],[ + ZEND_SIGNALS=$enableval +],[ + ZEND_SIGNALS=no +]) + AC_CHECK_FUNC(sigaction, [ - ZEND_SIGNALS=yes - AC_DEFINE(ZEND_SIGNALS, 1, [Use zend signal handling])
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/Zend.m4 branches/PHP_5_4/Zend/zend.h branches/PHP_5_4/main/main.c trunk/Zend/Zend.m4 trunk/Zend/zend.h trunk/main/main.c
On 02/15/2012 05:51 PM, Stanislav Malyshev wrote: stas Thu, 16 Feb 2012 01:51:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323245 Log: make ZEND_SIGNALS configurable, off by default also make ZEND_SIGNALS enabled and disabled binary-compatible Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/Zend/Zend.m4 U php/php-src/branches/PHP_5_4/Zend/zend.h U php/php-src/branches/PHP_5_4/main/main.c U php/php-src/trunk/Zend/Zend.m4 U php/php-src/trunk/Zend/zend.h U php/php-src/trunk/main/main.c Did you run the tests? Just from a quick skim I think this would break both the pcntl and the posix extension. -Rasmus -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/Zend.m4 branches/PHP_5_4/Zend/zend.h branches/PHP_5_4/main/main.c trunk/Zend/Zend.m4 trunk/Zend/zend.h trunk/main/main.c
On 02/15/2012 08:52 PM, Rasmus Lerdorf wrote: On 02/15/2012 05:51 PM, Stanislav Malyshev wrote: stas Thu, 16 Feb 2012 01:51:45 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323245 Log: make ZEND_SIGNALS configurable, off by default also make ZEND_SIGNALS enabled and disabled binary-compatible Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/Zend/Zend.m4 U php/php-src/branches/PHP_5_4/Zend/zend.h U php/php-src/branches/PHP_5_4/main/main.c U php/php-src/trunk/Zend/Zend.m4 U php/php-src/trunk/Zend/zend.h U php/php-src/trunk/main/main.c Did you run the tests? Just from a quick skim I think this would break both the pcntl and the posix extension. ok, the pcntl test failures were due to the API bump and not having recompiled shared extensions that rely on zend_signals posix seems ok -Rasmus -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/Zend.m4 branches/PHP_5_4/Zend/zend.h branches/PHP_5_4/main/main.c trunk/Zend/Zend.m4 trunk/Zend/zend.h trunk/main/main.c
Hi! Did you run the tests? Just from a quick skim I think this would break both the pcntl and the posix extension. Yes, I did - no (new) fails both on Mac and Linux. If you see any please tell me. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 16 Feb 2012 07:45:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323247 Log: 5.4.0rc8 Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-16 04:02:04 UTC (rev 323246) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-16 07:45:08 UTC (rev 323247) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? Feb 2012, PHP 5.4.0 RC 8 +15 Feb 2012, PHP 5.4.0 RC 8 - Core: . Added ability to reset user opcode handlers (Yoram). . Improved max_input_vars directive to check nested variables (Dmitry). Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2012-02-16 04:02:04 UTC (rev 323246) +++ php/php-src/branches/PHP_5_4/configure.in 2012-02-16 07:45:08 UTC (rev 323247) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC8-dev +PHP_EXTRA_VERSION=RC8 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-16 04:02:04 UTC (rev 323246) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-16 07:45:08 UTC (rev 323247) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC8-dev -#define PHP_VERSION 5.4.0RC8-dev +#define PHP_EXTRA_VERSION RC8 +#define PHP_VERSION 5.4.0RC8 #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 16 Feb 2012 07:47:02 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323248 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-16 07:45:08 UTC (rev 323247) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-16 07:47:02 UTC (rev 323248) @@ -1,5 +1,7 @@ PHPNEWS ||| +?? ??? 2012, PHP 5.4.0 RC 9 + 15 Feb 2012, PHP 5.4.0 RC 8 - Core: . Added ability to reset user opcode handlers (Yoram). Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2012-02-16 07:45:08 UTC (rev 323247) +++ php/php-src/branches/PHP_5_4/configure.in 2012-02-16 07:47:02 UTC (rev 323248) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC8 +PHP_EXTRA_VERSION=RC9-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-16 07:45:08 UTC (rev 323247) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-16 07:47:02 UTC (rev 323248) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC8 -#define PHP_VERSION 5.4.0RC8 +#define PHP_EXTRA_VERSION RC9-dev +#define PHP_VERSION 5.4.0RC9-dev #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_execute.c trunk/Zend/zend_execute.c
dmitry Tue, 14 Feb 2012 09:27:08 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323204
Log:
Added ability to reset user opcode handlers (Yoram)
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend_execute.c
U php/php-src/trunk/Zend/zend_execute.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-14 09:26:38 UTC (rev 323203)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-14 09:27:08 UTC (rev 323204)
@@ -2,6 +2,7 @@
|||
?? Feb 2012, PHP 5.4.0 RC 8
- Core:
+ . Added ability to reset user opcode handlers (Yoram).
. Improved max_input_vars directive to check nested variables (Dmitry).
. Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false). (Gustavo)
Modified: php/php-src/branches/PHP_5_4/Zend/zend_execute.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_execute.c2012-02-14 09:26:38 UTC
(rev 323203)
+++ php/php-src/branches/PHP_5_4/Zend/zend_execute.c2012-02-14 09:27:08 UTC
(rev 323204)
@@ -1512,7 +1512,12 @@
ZEND_API int zend_set_user_opcode_handler(zend_uchar opcode,
user_opcode_handler_t handler)
{
if (opcode != ZEND_USER_OPCODE) {
- zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ if (handler == NULL) {
+ /* restore the original handler */
+ zend_user_opcodes[opcode] = opcode;
+ } else {
+ zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ }
zend_user_opcode_handlers[opcode] = handler;
return SUCCESS;
}
Modified: php/php-src/trunk/Zend/zend_execute.c
===
--- php/php-src/trunk/Zend/zend_execute.c 2012-02-14 09:26:38 UTC (rev
323203)
+++ php/php-src/trunk/Zend/zend_execute.c 2012-02-14 09:27:08 UTC (rev
323204)
@@ -1512,7 +1512,12 @@
ZEND_API int zend_set_user_opcode_handler(zend_uchar opcode,
user_opcode_handler_t handler)
{
if (opcode != ZEND_USER_OPCODE) {
- zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ if (handler == NULL) {
+ /* restore the original handler */
+ zend_user_opcodes[opcode] = opcode;
+ } else {
+ zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ }
zend_user_opcode_handlers[opcode] = handler;
return SUCCESS;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/sapi/cgi/cgi_main.c trunk/sapi/cgi/cgi_main.c
dmitry Tue, 14 Feb 2012 13:31:23 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323212
Log:
Fixed reinitialization of SAPI callbacks after php_module_startup()
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c
U php/php-src/trunk/sapi/cgi/cgi_main.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-14 13:05:31 UTC (rev 323211)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-14 13:31:23 UTC (rev 323212)
@@ -7,6 +7,10 @@
. Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false). (Gustavo)
+- CGI/FastCGI SAPI
+ . Fixed reinitialization of SAPI callbacks after php_module_startup().
+(Dmitry)
+
02 Feb 2012, PHP 5.4.0 RC 7
- Core:
. Fixed bug #60895 (Possible invalid handler usage in windows random
Modified: php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c
===
--- php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c2012-02-14 13:05:31 UTC
(rev 323211)
+++ php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c2012-02-14 13:31:23 UTC
(rev 323212)
@@ -1860,6 +1860,15 @@
php_optind = orig_optind;
php_optarg = orig_optarg;
+ if (fastcgi || bindpath) {
+ /* Override SAPI callbacks */
+ cgi_sapi_module.ub_write = sapi_fcgi_ub_write;
+ cgi_sapi_module.flush= sapi_fcgi_flush;
+ cgi_sapi_module.read_post= sapi_fcgi_read_post;
+ cgi_sapi_module.getenv = sapi_fcgi_getenv;
+ cgi_sapi_module.read_cookies = sapi_fcgi_read_cookies;
+ }
+
#ifdef ZTS
SG(request_info).path_translated = NULL;
#endif
@@ -1929,13 +1938,6 @@
fastcgi = fcgi_is_fastcgi();
}
if (fastcgi) {
- /* Override SAPI callbacks */
- sapi_module.ub_write = sapi_fcgi_ub_write;
- sapi_module.flush= sapi_fcgi_flush;
- sapi_module.read_post= sapi_fcgi_read_post;
- sapi_module.getenv = sapi_fcgi_getenv;
- sapi_module.read_cookies = sapi_fcgi_read_cookies;
-
/* How many times to run PHP scripts before dying */
if (getenv(PHP_FCGI_MAX_REQUESTS)) {
max_requests = atoi(getenv(PHP_FCGI_MAX_REQUESTS));
Modified: php/php-src/trunk/sapi/cgi/cgi_main.c
===
--- php/php-src/trunk/sapi/cgi/cgi_main.c 2012-02-14 13:05:31 UTC (rev
323211)
+++ php/php-src/trunk/sapi/cgi/cgi_main.c 2012-02-14 13:31:23 UTC (rev
323212)
@@ -1859,6 +1859,15 @@
php_optind = orig_optind;
php_optarg = orig_optarg;
+ if (fastcgi || bindpath) {
+ /* Override SAPI callbacks */
+ cgi_sapi_module.ub_write = sapi_fcgi_ub_write;
+ cgi_sapi_module.flush= sapi_fcgi_flush;
+ cgi_sapi_module.read_post= sapi_fcgi_read_post;
+ cgi_sapi_module.getenv = sapi_fcgi_getenv;
+ cgi_sapi_module.read_cookies = sapi_fcgi_read_cookies;
+ }
+
#ifdef ZTS
SG(request_info).path_translated = NULL;
#endif
@@ -1928,13 +1937,6 @@
fastcgi = fcgi_is_fastcgi();
}
if (fastcgi) {
- /* Override SAPI callbacks */
- sapi_module.ub_write = sapi_fcgi_ub_write;
- sapi_module.flush= sapi_fcgi_flush;
- sapi_module.read_post= sapi_fcgi_read_post;
- sapi_module.getenv = sapi_fcgi_getenv;
- sapi_module.read_cookies = sapi_fcgi_read_cookies;
-
/* How many times to run PHP scripts before dying */
if (getenv(PHP_FCGI_MAX_REQUESTS)) {
max_requests = atoi(getenv(PHP_FCGI_MAX_REQUESTS));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
cataphract Sun, 05 Feb 2012 09:59:33 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323074
Log:
- Merge r323056 (see bug #60965).
Bug: https://bugs.php.net/60965 (Critical) Buffer overflow on
htmlspecialchars/entities with $double=false
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/html.c
A + php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug60965.phpt
(from
php/php-src/trunk/ext/standard/tests/strings/bug60965.phpt:r323056)
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-05 09:58:50 UTC (rev 323073)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-05 09:59:33 UTC (rev 323074)
@@ -1,10 +1,13 @@
PHPNEWS
|||
?? Feb 2012, PHP 5.4.0 RC 8
+- Core:
+ . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
+$double=false). (Gustavo)
02 Feb 2012, PHP 5.4.0 RC 7
- Core:
- . Fix bug #60895 (Possible invalid handler usage in windows random
+ . Fixed bug #60895 (Possible invalid handler usage in windows random
functions). (Pierre)
. Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
. Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
Modified: php/php-src/branches/PHP_5_4/ext/standard/html.c
===
--- php/php-src/branches/PHP_5_4/ext/standard/html.c2012-02-05 09:58:50 UTC
(rev 323073)
+++ php/php-src/branches/PHP_5_4/ext/standard/html.c2012-02-05 09:59:33 UTC
(rev 323074)
@@ -1215,7 +1215,6 @@
size_t cursor, maxlen, len;
char *replaced;
enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
- int matches_map;
int doctype = flags ENT_HTML_DOC_TYPE_MASK;
entity_table_opt entity_table;
const enc_to_uni *to_uni_table = NULL;
@@ -1253,12 +1252,14 @@
}
}
+ /* initial estimate */
if (oldlen 64) {
maxlen = 128;
} else {
maxlen = 2 * oldlen;
}
- replaced = emalloc(maxlen);
+
+ replaced = emalloc(maxlen + 1);
len = 0;
cursor = 0;
while (cursor oldlen) {
@@ -1271,7 +1272,7 @@
/* guarantee we have at least 40 bytes to write.
* In HTML5, entities may take up to 33 bytes */
if (len + 40 maxlen) {
- replaced = erealloc(replaced, maxlen += 128);
+ replaced = erealloc(replaced, (maxlen += 128) + 1);
}
if (status == FAILURE) {
@@ -1291,7 +1292,6 @@
mbsequence = old[cursor_before];
mbseqlen = cursor - cursor_before;
}
- matches_map = 0;
if (this_char != '') { /* no entity on this position */
const unsigned char *rep= NULL;
@@ -1302,12 +1302,15 @@
goto pass_char_through;
if (all) { /* false that
CHARSET_PARTIAL_SUPPORT(charset) */
- /* look for entity for this char */
if (to_uni_table != NULL) {
+ /* !CHARSET_UNICODE_COMPAT therefore
not UTF-8; since UTF-8
+* is the only multibyte encoding with
!CHARSET_PARTIAL_SUPPORT,
+* we're using a single byte encoding */
map_to_unicode(this_char, to_uni_table,
this_char);
if (this_char == 0x) /* no mapping;
pass through */
goto pass_char_through;
}
+ /* the cursor may advance */
find_entity_for_char(this_char, charset,
entity_table.ms_table, rep,
rep_len, old, oldlen, cursor);
} else {
@@ -1397,6 +1400,10 @@
}
}
/* checks passed; copy entity to result */
+ /* entity size is unbounded, we may need more
memory */
+ if (maxlen len + ent_len + 2 /* and ; */) {
+ replaced = erealloc(replaced, (maxlen
+= ent_len + 128) + 1);
+ }
replaced[len++] = '';
memcpy(replaced[len], old[cursor], ent_len);
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
I didn't carefully review this patch, but doesn't this code suffer from
potential math overflow?
i.e. with strlen($input_str) INT_MAX/2 (or UINT_MAX/2)
Nuno
- Original Message -
From: Gustavo André dos Santos Lopes cataphr...@php.net
To: php-cvs@lists.php.net
Sent: Sunday, February 05, 2012 9:59 AM
Subject: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
cataphract Sun, 05 Feb 2012 09:59:33 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323074
Log:
- Merge r323056 (see bug #60965).
Bug: https://bugs.php.net/60965 (Critical) Buffer overflow on
htmlspecialchars/entities with $double=false
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/standard/html.c
A +
php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug60965.phpt
(from
php/php-src/trunk/ext/standard/tests/strings/bug60965.phpt:r323056)
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-05 09:58:50 UTC (rev 323073)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-05 09:59:33 UTC (rev 323074)
@@ -1,10 +1,13 @@
PHP
NEWS
|||
?? Feb 2012, PHP 5.4.0 RC 8
+- Core:
+ . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
+$double=false). (Gustavo)
02 Feb 2012, PHP 5.4.0 RC 7
- Core:
- . Fix bug #60895 (Possible invalid handler usage in windows random
+ . Fixed bug #60895 (Possible invalid handler usage in windows random
functions). (Pierre)
. Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
. Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
Modified: php/php-src/branches/PHP_5_4/ext/standard/html.c
===
--- php/php-src/branches/PHP_5_4/ext/standard/html.c 2012-02-05 09:58:50
UTC (rev 323073)
+++ php/php-src/branches/PHP_5_4/ext/standard/html.c 2012-02-05 09:59:33
UTC (rev 323074)
@@ -1215,7 +1215,6 @@
size_t cursor, maxlen, len;
char *replaced;
enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
- int matches_map;
int doctype = flags ENT_HTML_DOC_TYPE_MASK;
entity_table_opt entity_table;
const enc_to_uni *to_uni_table = NULL;
@@ -1253,12 +1252,14 @@
}
}
+ /* initial estimate */
if (oldlen 64) {
maxlen = 128;
} else {
maxlen = 2 * oldlen;
}
- replaced = emalloc(maxlen);
+
+ replaced = emalloc(maxlen + 1);
len = 0;
cursor = 0;
while (cursor oldlen) {
@@ -1271,7 +1272,7 @@
/* guarantee we have at least 40 bytes to write.
* In HTML5, entities may take up to 33 bytes */
if (len + 40 maxlen) {
- replaced = erealloc(replaced, maxlen += 128);
+ replaced = erealloc(replaced, (maxlen += 128) + 1);
}
if (status == FAILURE) {
@@ -1291,7 +1292,6 @@
mbsequence = old[cursor_before];
mbseqlen = cursor - cursor_before;
}
- matches_map = 0;
if (this_char != '') { /* no entity on this position */
const unsigned char *rep = NULL;
@@ -1302,12 +1302,15 @@
goto pass_char_through;
if (all) { /* false that CHARSET_PARTIAL_SUPPORT(charset) */
- /* look for entity for this char */
if (to_uni_table != NULL) {
+ /* !CHARSET_UNICODE_COMPAT therefore not UTF-8; since UTF-8
+ * is the only multibyte encoding with !CHARSET_PARTIAL_SUPPORT,
+ * we're using a single byte encoding */
map_to_unicode(this_char, to_uni_table, this_char);
if (this_char == 0x) /* no mapping; pass through */
goto pass_char_through;
}
+ /* the cursor may advance */
find_entity_for_char(this_char, charset, entity_table.ms_table, rep,
rep_len, old, oldlen, cursor);
} else {
@@ -1397,6 +1400,10 @@
}
}
/* checks passed; copy entity to result */
+ /* entity size is unbounded, we may need more memory */
+ if (maxlen len + ent_len + 2 /* and ; */) {
+ replaced = erealloc(replaced, (maxlen += ent_len + 128) + 1);
+ }
replaced[len++] = '';
memcpy(replaced[len], old[cursor], ent_len);
len += ent_len;
Copied:
php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug60965.phpt
(from rev 323056,
php/php-src/trunk/ext/standard/tests/strings/bug60965.phpt)
===
--- php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug60965.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/ext/standard/tests/strings/bug60965.phpt
2012-02-05 09:59:33 UTC (rev 323074)
@@ -0,0 +1,10 @@
+--TEST--
+Bug #60965: Buffer overflow on htmlspecialchars/entities with
$double=false
+--FILE--
+?php
+echo
htmlspecialchars('#x05;',
+ENT_QUOTES, 'UTF-8', false), \n;
+echo Done.\n;
+--EXPECT--
+quot;quot;quot;quot;quot;quot;quot
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
On Sun, 5 Feb 2012 10:55:39 -, Nuno Lopes wrote: I didn't carefully review this patch, but doesn't this code suffer from potential math overflow? i.e. with strlen($input_str) INT_MAX/2 (or UINT_MAX/2) All the length and position variables are of type size_t, so I'd say we'd be out of memory long before that could be a problem (unless there's some architecture of which I'm not aware where SIZE_T is low enough for this to be a problem). -- Gustavo Lopes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
On Sun, 05 Feb 2012 14:00:11 +0100, Gustavo Lopes wrote: On Sun, 5 Feb 2012 10:55:39 -, Nuno Lopes wrote: I didn't carefully review this patch, but doesn't this code suffer from potential math overflow? i.e. with strlen($input_str) INT_MAX/2 (or UINT_MAX/2) All the length and position variables are of type size_t, so I'd say we'd be out of memory long before that could be a problem (unless there's some architecture of which I'm not aware where SIZE_T is low enough for this to be a problem). read: SIZE_MAX, not SIZE_T -- Gustavo Lopes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
2012/2/5 Gustavo Lopes glo...@nebm.ist.utl.pt: All the length and position variables are of type size_t, so I'd say we'd be out of memory long before that could be a problem (unless there's some architecture of which I'm not aware where SIZE_T is low enough for this to be a problem). read: SIZE_MAX, not SIZE_T By the way, SIZE_MAX (can be up to 65k or so afair) should not be used in relation with buffer (string or other) length. It defines the maximum size of a single object allocation that the compiler can manage. Not sure if it is actually what you want here. -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
On Sun, 5 Feb 2012 14:37:27 +0100, Pierre Joye wrote: 2012/2/5 Gustavo Lopes glo...@nebm.ist.utl.pt: All the length and position variables are of type size_t, so I'd say we'd be out of memory long before that could be a problem (unless there's some architecture of which I'm not aware where SIZE_T is low enough for this to be a problem). read: SIZE_MAX, not SIZE_T By the way, SIZE_MAX (can be up to 65k or so afair) should not be used in relation with buffer (string or other) length. It defines the maximum size of a single object allocation that the compiler can manage. Not sure if it is actually what you want here. SIZE_MAX is indeed the limit of size_t. See ISO/IEC 9899:TC3, section 7.18.3 on http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf (page 259). Forgetting the irrelevant case where size_t is 16 bit wide, there is indeed a potential problem if size_t is 32-bit wide. First, if you can pass a string with about 2GB you could the multiplication by 2 would wrap around. But you could even pass a smaller string (possibly 10/15 times less, I don't know what's the maximum expansion factor of htmlentities) and then it could wrap in the reallocation. I'll take this into account. -- Gustavo Lopes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
On Sun, 05 Feb 2012 15:00:11 +0100, Gustavo Lopes wrote: On Sun, 5 Feb 2012 14:37:27 +0100, Pierre Joye wrote: 2012/2/5 Gustavo Lopes glo...@nebm.ist.utl.pt: All the length and position variables are of type size_t, so I'd say we'd be out of memory long before that could be a problem (unless there's some architecture of which I'm not aware where SIZE_T is low enough for this to be a problem). read: SIZE_MAX, not SIZE_T By the way, SIZE_MAX (can be up to 65k or so afair) should not be used in relation with buffer (string or other) length. It defines the maximum size of a single object allocation that the compiler can manage. Not sure if it is actually what you want here. SIZE_MAX is indeed the limit of size_t. See ISO/IEC 9899:TC3, section 7.18.3 on http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf (page 259). Forgetting the irrelevant case where size_t is 16 bit wide, there is indeed a potential problem if size_t is 32-bit wide. First, if you can pass a string with about 2GB you could the multiplication by 2 would wrap around. But you could even pass a smaller string (possibly 10/15 times less, I don't know what's the maximum expansion factor of htmlentities) and then it could wrap in the reallocation. I'll take this into account. See http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/html.c?r1=323079r2=323078pathrev=323079 I don't know if this is worth merging to 5.4 at this point; after all 5.3 has the same problem. -- Gustavo Lopes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/standard/html.c ext/standard/tests/strings/bug60965.phpt
On Sun, 05 Feb 2012 15:00:11 +0100, Gustavo Lopes wrote: On Sun, 5 Feb 2012 14:37:27 +0100, Pierre Joye wrote: 2012/2/5 Gustavo Lopes glo...@nebm.ist.utl.pt: All the length and position variables are of type size_t, so I'd say we'd be out of memory long before that could be a problem (unless there's some architecture of which I'm not aware where SIZE_T is low enough for this to be a problem). read: SIZE_MAX, not SIZE_T By the way, SIZE_MAX (can be up to 65k or so afair) should not be used in relation with buffer (string or other) length. It defines the maximum size of a single object allocation that the compiler can manage. Not sure if it is actually what you want here. SIZE_MAX is indeed the limit of size_t. See ISO/IEC 9899:TC3, section 7.18.3 on http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf (page 259). Forgetting the irrelevant case where size_t is 16 bit wide, there is indeed a potential problem if size_t is 32-bit wide. First, if you can pass a string with about 2GB you could the multiplication by 2 would wrap around. But you could even pass a smaller string (possibly 10/15 times less, I don't know what's the maximum expansion factor of htmlentities) and then it could wrap in the reallocation. I'll take this into account. See http://svn.php.net/viewvc/php/php-src/trunk/ext/standard/html.c?r1=323079r2=323078pathrev=323079 I don't know if this is worth merging to 5.4 at this point; after all 5.3 has the same problem. Obrigado! I think this bug (although probably exploitable) is low risk, since it requires a large 'memory_limit' value to be triggable. Your last patch seems good to me. Nuno -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 02 Feb 2012 06:08:29 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323009 Log: 5.4.0 rc7 Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-01 23:20:30 UTC (rev 323008) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-02 06:08:29 UTC (rev 323009) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? Jan 2012, PHP 5.4.0 RC 7 +02 Feb 2012, PHP 5.4.0 RC 7 - Core: . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2012-02-01 23:20:30 UTC (rev 323008) +++ php/php-src/branches/PHP_5_4/configure.in 2012-02-02 06:08:29 UTC (rev 323009) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC7-dev +PHP_EXTRA_VERSION=RC7 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-01 23:20:30 UTC (rev 323008) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-02 06:08:29 UTC (rev 323009) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC7-dev -#define PHP_VERSION 5.4.0RC7-dev +#define PHP_EXTRA_VERSION RC7 +#define PHP_VERSION 5.4.0RC7 #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 02 Feb 2012 06:09:50 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323010 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-02 06:08:29 UTC (rev 323009) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-02 06:09:50 UTC (rev 323010) @@ -1,5 +1,7 @@ PHPNEWS ||| +?? Feb 2012, PHP 5.4.0 RC 8 + 02 Feb 2012, PHP 5.4.0 RC 7 - Core: . Fix bug #60895 (Possible invalid handler usage in windows random Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2012-02-02 06:08:29 UTC (rev 323009) +++ php/php-src/branches/PHP_5_4/configure.in 2012-02-02 06:09:50 UTC (rev 323010) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC7 +PHP_EXTRA_VERSION=RC8-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-02 06:08:29 UTC (rev 323009) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-02-02 06:09:50 UTC (rev 323010) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC7 -#define PHP_VERSION 5.4.0RC7 +#define PHP_EXTRA_VERSION RC8-dev +#define PHP_VERSION 5.4.0RC8-dev #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_vm_def.h branches/PHP_5_4/Zend/zend_vm_execute.h trunk/Zend/zend_vm_def.h trunk/Zend/zend_vm_execute.h
dmitry Mon, 30 Jan 2012 10:51:02 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322928
Log:
Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h
U php/php-src/branches/PHP_5_4/Zend/zend_vm_execute.h
U php/php-src/trunk/Zend/zend_vm_def.h
U php/php-src/trunk/Zend/zend_vm_execute.h
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-30 10:08:11 UTC (rev 322927)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-30 10:51:02 UTC (rev 322928)
@@ -5,6 +5,8 @@
. Fix bug #60895 (Possible invalid handler usage in windows random
functions). (Pierre)
. Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
+ . Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods.
+(Dmitry)
- OpenSSL:
. Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
Modified: php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h
===
--- php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h 2012-01-30 10:08:11 UTC (rev 322927)
+++ php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h 2012-01-30 10:51:02 UTC (rev 322928)
@@ -2187,6 +2187,7 @@
zend_error_noreturn(E_ERROR, Call to undefined method %s::%s(), Z_OBJ_CLASS_NAME_P(EX(object)), function_name_strval);
}
if (OP2_TYPE == IS_CONST
+ EXPECTED(EX(fbc)-type = ZEND_USER_FUNCTION)
EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)
EXPECTED(EX(object) == object)) {
CACHE_POLYMORPHIC_PTR(opline-op2.literal-cache_slot, EX(called_scope), EX(fbc));
@@ -2284,7 +2285,9 @@
if (UNEXPECTED(EX(fbc) == NULL)) {
zend_error_noreturn(E_ERROR, Call to undefined method %s::%s(), ce-name, function_name_strval);
}
- if (OP2_TYPE == IS_CONST EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
+ if (OP2_TYPE == IS_CONST
+ EXPECTED(EX(fbc)-type = ZEND_USER_FUNCTION)
+ EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
if (OP1_TYPE == IS_CONST) {
CACHE_PTR(opline-op2.literal-cache_slot, EX(fbc));
} else {
Modified: php/php-src/branches/PHP_5_4/Zend/zend_vm_execute.h
===
--- php/php-src/branches/PHP_5_4/Zend/zend_vm_execute.h 2012-01-30 10:08:11 UTC (rev 322927)
+++ php/php-src/branches/PHP_5_4/Zend/zend_vm_execute.h 2012-01-30 10:51:02 UTC (rev 322928)
@@ -3453,7 +3453,9 @@
if (UNEXPECTED(EX(fbc) == NULL)) {
zend_error_noreturn(E_ERROR, Call to undefined method %s::%s(), ce-name, function_name_strval);
}
- if (IS_CONST == IS_CONST EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
+ if (IS_CONST == IS_CONST
+ EXPECTED(EX(fbc)-type = ZEND_USER_FUNCTION)
+ EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
if (IS_CONST == IS_CONST) {
CACHE_PTR(opline-op2.literal-cache_slot, EX(fbc));
} else {
@@ -4237,7 +4239,9 @@
if (UNEXPECTED(EX(fbc) == NULL)) {
zend_error_noreturn(E_ERROR, Call to undefined method %s::%s(), ce-name, function_name_strval);
}
- if (IS_TMP_VAR == IS_CONST EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
+ if (IS_TMP_VAR == IS_CONST
+ EXPECTED(EX(fbc)-type = ZEND_USER_FUNCTION)
+ EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
if (IS_CONST == IS_CONST) {
CACHE_PTR(opline-op2.literal-cache_slot, EX(fbc));
} else {
@@ -4900,7 +4904,9 @@
if (UNEXPECTED(EX(fbc) == NULL)) {
zend_error_noreturn(E_ERROR, Call to undefined method %s::%s(), ce-name, function_name_strval);
}
- if (IS_VAR == IS_CONST EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
+ if (IS_VAR == IS_CONST
+ EXPECTED(EX(fbc)-type = ZEND_USER_FUNCTION)
+ EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
if (IS_CONST == IS_CONST) {
CACHE_PTR(opline-op2.literal-cache_slot, EX(fbc));
} else {
@@ -5434,7 +5440,9 @@
if (UNEXPECTED(EX(fbc) == NULL)) {
zend_error_noreturn(E_ERROR, Call to undefined method %s::%s(), ce-name, function_name_strval);
}
- if (IS_UNUSED == IS_CONST EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
+ if (IS_UNUSED == IS_CONST
+ EXPECTED(EX(fbc)-type = ZEND_USER_FUNCTION)
+ EXPECTED((EX(fbc)-common.fn_flags (ZEND_ACC_CALL_VIA_HANDLER|ZEND_ACC_NEVER_CACHE)) == 0)) {
if
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug60825.phpt branches/PHP_5_4/Zend/zend_vm_def.h branches/PHP_5_4/Zend/zend_vm_execute.h trunk/NEWS
laruence Thu, 26 Jan 2012 01:21:35 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322770
Log:
Fixed bug #60825 (Segfault when running symfony 2 tests)
Bug: https://bugs.php.net/60825 (Critical) Segfault when running symfony 2 tests
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug60825.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h
U php/php-src/branches/PHP_5_4/Zend/zend_vm_execute.h
U php/php-src/trunk/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-25 23:11:18 UTC (rev 322769)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-26 01:21:35 UTC (rev 322770)
@@ -9,6 +9,8 @@
$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
. Fixed bug #60809 (TRAITS - PHPDoc Comment Style Bug). (Dmitry)
. Fixed bug #60768 (Output buffer not discarded) (Mike)
+ . Fixed bug #60825 (Segfault when running symfony 2 tests).
+(Dmitry, Laruence)
- Hash
. Fixed bug #60221 (Tiger hash output byte order) (Mike)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60825.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60825.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60825.phpt 2012-01-26 01:21:35 UTC (rev 322770)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #60825 (Segfault when running symfony 2 tests)
+--DESCRIPTION--
+run this with valgrind
+--FILE--
+?php
+class test {
+ public static $x;
+ public function __toString() {
+ self::$x = $this;
+ return __FILE__;
+ }
+}
+$a = new test;
+require_once $a;
+debug_zval_dump(test::$x);
+?
+--EXPECTF--
+string(%d) %sbug60825.php refcount(2)
Modified: php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h
===
--- php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h 2012-01-25 23:11:18 UTC (rev 322769)
+++ php/php-src/branches/PHP_5_4/Zend/zend_vm_def.h 2012-01-26 01:21:35 UTC (rev 322770)
@@ -2391,7 +2391,7 @@
CHECK_EXCEPTION();
ZEND_VM_NEXT_OPCODE();
} else if (OP2_TYPE != IS_CONST
- EXPECTED(Z_TYPE_P(function_name) == IS_ARRAY)
+ EXPECTED(Z_TYPE_P(function_name) == IS_ARRAY)
zend_hash_num_elements(Z_ARRVAL_P(function_name)) == 2) {
zend_class_entry *ce;
zval **method = NULL;
@@ -2399,15 +2399,15 @@
zend_hash_index_find(Z_ARRVAL_P(function_name), 0, (void **) obj);
zend_hash_index_find(Z_ARRVAL_P(function_name), 1, (void **) method);
-
+
if (Z_TYPE_PP(obj) != IS_STRING Z_TYPE_PP(obj) != IS_OBJECT) {
zend_error_noreturn(E_ERROR, First array member is not a valid class name or object);
}
-
+
if (Z_TYPE_PP(method) != IS_STRING) {
zend_error_noreturn(E_ERROR, Second array member is not a valid method);
}
-
+
if (Z_TYPE_PP(obj) == IS_STRING) {
ce = zend_fetch_class_by_name(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), NULL, 0 TSRMLS_CC);
if (UNEXPECTED(ce == NULL)) {
@@ -2415,7 +2415,7 @@
}
EX(called_scope) = ce;
EX(object) = NULL;
-
+
if (ce-get_static_method) {
EX(fbc) = ce-get_static_method(ce, Z_STRVAL_PP(method), Z_STRLEN_PP(method) TSRMLS_CC);
} else {
@@ -2429,7 +2429,7 @@
if (UNEXPECTED(EX(fbc) == NULL)) {
zend_error_noreturn(E_ERROR, Call to undefined method %s::%s(), Z_OBJ_CLASS_NAME_P(EX(object)), Z_STRVAL_PP(method));
}
-
+
if ((EX(fbc)-common.fn_flags ZEND_ACC_STATIC) != 0) {
EX(object) = NULL;
} else {
@@ -3693,17 +3693,18 @@
zend_op_array *new_op_array=NULL;
zend_free_op free_op1;
zval *inc_filename;
- zval tmp_inc_filename;
+zval *tmp_inc_filename = NULL;
zend_bool failure_retval=0;
SAVE_OPLINE();
inc_filename = GET_OP1_ZVAL_PTR(BP_VAR_R);
if (inc_filename-type!=IS_STRING) {
- ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
- zval_copy_ctor(tmp_inc_filename);
- convert_to_string(tmp_inc_filename);
- inc_filename = tmp_inc_filename;
+ MAKE_STD_ZVAL(tmp_inc_filename);
+ ZVAL_COPY_VALUE(tmp_inc_filename, inc_filename);
+ zval_copy_ctor(tmp_inc_filename);
+ convert_to_string(tmp_inc_filename);
+ inc_filename = tmp_inc_filename;
}
if (opline-extended_value != ZEND_EVAL strlen(Z_STRVAL_P(inc_filename)) != Z_STRLEN_P(inc_filename)) {
@@ -3767,8 +3768,8 @@
EMPTY_SWITCH_DEFAULT_CASE()
}
}
- if (inc_filename==tmp_inc_filename) {
- zval_dtor(tmp_inc_filename);
+ if (tmp_inc_filename) {
+ zval_ptr_dtor(tmp_inc_filename);
}
FREE_OP1();
if (UNEXPECTED(EG(exception) != NULL)) {
@@ -4510,15 +4511,15 @@
if (Z_TYPE_P(offset) = IS_BOOL /* simple scalar types */
|| (Z_TYPE_P(offset) == IS_STRING /* or numeric string */
IS_LONG == is_numeric_string(Z_STRVAL_P(offset), Z_STRLEN_P(offset), NULL, NULL, 0))) {
-ZVAL_COPY_VALUE(tmp, offset);
-
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/ftp/ftp.c ext/openssl/xp_ssl.c
scottmac Thu, 26 Jan 2012 05:15:57 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322785
Log:
MFH r322485
Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
CVE-2011-3389
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/ftp/ftp.c
U php/php-src/branches/PHP_5_4/ext/openssl/xp_ssl.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-26 04:16:32 UTC (rev 322784)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-26 05:15:57 UTC (rev 322785)
@@ -1,6 +1,8 @@
PHPNEWS
|||
-?? Jan 2012, PHP 5.4.0
+?? Jan 2012, PHP 5.4.0 RC 7
+- Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0.
+ CVE-2011-3389. (Scott)
19 Jan 2012, PHP 5.4.0 RC6
Modified: php/php-src/branches/PHP_5_4/ext/ftp/ftp.c
===
--- php/php-src/branches/PHP_5_4/ext/ftp/ftp.c 2012-01-26 04:16:32 UTC (rev
322784)
+++ php/php-src/branches/PHP_5_4/ext/ftp/ftp.c 2012-01-26 05:15:57 UTC (rev
322785)
@@ -243,6 +243,7 @@
{
#if HAVE_OPENSSL_EXT
SSL_CTX *ctx = NULL;
+ long ssl_ctx_options = SSL_OP_ALL;
#endif
if (ftp == NULL) {
return 0;
@@ -279,7 +280,10 @@
return 0;
}
- SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER = 0x0090605fL
+ ssl_ctx_options = ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+ SSL_CTX_set_options(ctx, ssl_ctx_options);
ftp-ssl_handle = SSL_new(ctx);
if (ftp-ssl_handle == NULL) {
@@ -1495,6 +1499,7 @@
#if HAVE_OPENSSL_EXT
SSL_CTX *ctx;
+ long ssl_ctx_options = SSL_OP_ALL;
#endif
if (data-fd != -1) {
@@ -1521,7 +1526,10 @@
return 0;
}
- SSL_CTX_set_options(ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER = 0x0090605fL
+ ssl_ctx_options = ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+ SSL_CTX_set_options(ctx, ssl_ctx_options);
data-ssl_handle = SSL_new(ctx);
if (data-ssl_handle == NULL) {
Modified: php/php-src/branches/PHP_5_4/ext/openssl/xp_ssl.c
===
--- php/php-src/branches/PHP_5_4/ext/openssl/xp_ssl.c 2012-01-26 04:16:32 UTC
(rev 322784)
+++ php/php-src/branches/PHP_5_4/ext/openssl/xp_ssl.c 2012-01-26 05:15:57 UTC
(rev 322785)
@@ -310,6 +310,7 @@
TSRMLS_DC)
{
SSL_METHOD *method;
+ long ssl_ctx_options = SSL_OP_ALL;
if (sslsock-ssl_handle) {
if (sslsock-s.is_blocked) {
@@ -377,7 +378,10 @@
return -1;
}
- SSL_CTX_set_options(sslsock-ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER = 0x0090605fL
+ ssl_ctx_options = ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+#endif
+ SSL_CTX_set_options(sslsock-ctx, ssl_ctx_options);
#if OPENSSL_VERSION_NUMBER = 0x0090806fL
{
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/traits/bug60809.phpt branches/PHP_5_4/Zend/zend_compile.c trunk/Zend/tests/traits/bug60809.phpt trunk/Zend/zend_compile.c
dmitry Fri, 20 Jan 2012 12:30:57 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322495
Log:
Fixed Bug #60809 (TRAITS - PHPDoc Comment Style Bug)
Fixed some other traits related bugs (uninitialized variable, return =
continue)
Removed some trait related redundant code and variables
Bug: https://bugs.php.net/60809 (Critical) TRAITS - PHPDoc Comment Style Bug
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60809.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
A php/php-src/trunk/Zend/tests/traits/bug60809.phpt
U php/php-src/trunk/Zend/zend_compile.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-20 12:28:37 UTC (rev 322494)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-20 12:30:57 UTC (rev 322495)
@@ -7,6 +7,7 @@
- Core:
. Restoring $_SERVER['REQUEST_TIME'] as a long and introducing
$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
+ . Fixed bug #60809 (TRAITS - PHPDoc Comment Style Bug). (Dmitry)
. Fixed bug #60768 (Output buffer not discarded) (Mike)
- Hash
Added: php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60809.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60809.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/traits/bug60809.phpt 2012-01-20 12:30:57 UTC (rev 322495)
@@ -0,0 +1,36 @@
+--TEST--
+Bug #60809 (TRAITS - PHPDoc Comment Style Bug)
+--FILE--
+?php
+class ExampleParent {
+ private $hello_world = hello foo\n;
+ public function foo() {
+ echo $this-hello_world;
+ }
+}
+
+class Example extends ExampleParent {
+ use ExampleTrait;
+}
+
+trait ExampleTrait {
+ /**
+ *
+ */
+ private $hello_world = hello bar\n;
+ /**
+ *
+ */
+ public $prop = ops;
+ public function bar() {
+ echo $this-hello_world;
+ }
+}
+
+$x = new Example();
+$x-foo();
+$x-bar();
+?
+--EXPECT--
+hello foo
+hello bar
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2012-01-20 12:28:37 UTC (rev 322494)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2012-01-20 12:30:57 UTC (rev 322495)
@@ -3714,19 +3714,15 @@
static int zend_traits_merge_functions_to_class(zend_function *fn TSRMLS_DC, int num_args, va_list args, zend_hash_key *hash_key) /* {{{ */
{
zend_class_entry *ce = va_arg(args, zend_class_entry*);
- int add = 0;
zend_function* existing_fn = NULL;
zend_function fn_copy, *fn_copy_p;
zend_function* prototype = NULL; /* is used to determine the prototype according to the inheritance chain */
- if (zend_hash_quick_find(ce-function_table, hash_key-arKey, hash_key-nKeyLength, hash_key-h, (void**) existing_fn) == FAILURE) {
- add = 1; /* not found */
- } else if (existing_fn-common.scope != ce) {
- add = 1; /* or inherited from other class or interface */
- }
-
- if (add) {
+ if (zend_hash_quick_find(ce-function_table, hash_key-arKey, hash_key-nKeyLength, hash_key-h, (void**) existing_fn) == FAILURE ||
+ existing_fn-common.scope != ce) {
+ /* not found or inherited from other class or interface */
zend_function* parent_function;
+
if (ce-parent zend_hash_quick_find(ce-parent-function_table, hash_key-arKey, hash_key-nKeyLength, hash_key-h, (void**) parent_function) != FAILURE) {
prototype = parent_function; /* -common.fn_flags |= ZEND_ACC_ABSTRACT; */
@@ -3800,7 +3796,6 @@
static int zend_traits_copy_functions(zend_function *fn TSRMLS_DC, int num_args, va_list args, zend_hash_key *hash_key) /* {{{ */
{
HashTable* target;
- zend_class_entry *target_ce;
zend_trait_alias** aliases;
HashTable* exclude_table;
char* lcname;
@@ -3810,7 +3805,6 @@
size_t i = 0;
target= va_arg(args, HashTable*);
- target_ce = va_arg(args, zend_class_entry*);
aliases = va_arg(args, zend_trait_alias**);
exclude_table = va_arg(args, HashTable*);
@@ -3901,9 +3895,9 @@
/* }}} */
/* Copies function table entries to target function table with applied aliasing */
-static void zend_traits_copy_trait_function_table(HashTable *target, zend_class_entry *target_ce, HashTable *source, zend_trait_alias** aliases, HashTable* exclude_table TSRMLS_DC) /* {{{ */
+static void zend_traits_copy_trait_function_table(HashTable *target, HashTable *source, zend_trait_alias** aliases, HashTable* exclude_table TSRMLS_DC) /* {{{ */
{
- zend_hash_apply_with_arguments(source TSRMLS_CC, (apply_func_args_t)zend_traits_copy_functions, 4, target, target_ce, aliases, exclude_table);
+ zend_hash_apply_with_arguments(source TSRMLS_CC, (apply_func_args_t)zend_traits_copy_functions, 3, target, aliases, exclude_table);
}
/* }}} */
@@ -4035,10 +4029,10 @@
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/hash/config.m4 branches/PHP_5_4/ext/hash/config.w32 branches/PHP_5_4/ext/hash/hash.c branches/PHP_5_4/ext/hash/hash_salsa.c bran
mike Wed, 18 Jan 2012 09:15:34 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322437
Log:
merge ext/hash from trunk
Changed paths:
_U php/php-src/branches/PHP_5_4/
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/hash/config.m4
U php/php-src/branches/PHP_5_4/ext/hash/config.w32
U php/php-src/branches/PHP_5_4/ext/hash/hash.c
D php/php-src/branches/PHP_5_4/ext/hash/hash_salsa.c
U php/php-src/branches/PHP_5_4/ext/hash/hash_tiger.c
U php/php-src/branches/PHP_5_4/ext/hash/php_hash.h
D php/php-src/branches/PHP_5_4/ext/hash/php_hash_salsa.h
U php/php-src/branches/PHP_5_4/ext/hash/tests/hash_algos.phpt
U php/php-src/branches/PHP_5_4/ext/hash/tests/hash_copy_001.phpt
U php/php-src/branches/PHP_5_4/ext/hash/tests/hash_file_basic1.phpt
U php/php-src/branches/PHP_5_4/ext/hash/tests/hash_hmac_basic.phpt
U php/php-src/branches/PHP_5_4/ext/hash/tests/hash_hmac_file_basic.phpt
U php/php-src/branches/PHP_5_4/ext/hash/tests/tiger.phpt
U php/php-src/trunk/NEWS
Property changes on: php/php-src/branches/PHP_5_4
___
Modified: svn:mergeinfo
- /php/php-src/trunk:284726
+ /php/php-src/trunk:284726,322419,322421,322423
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-18 07:57:40 UTC (rev 322436)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-18 09:15:34 UTC (rev 322437)
@@ -7,6 +7,10 @@
$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
. Fixed bug #60768 (Output buffer not discarded) (Mike)
+- Hash
+ . Fixed bug #60221 (Tiger hash output byte order) (Mike)
+ . Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
+
- Pdo Firebird:
. Fixed bug #47415 (segfaults when passing lowercased column name to
bindColumn). (Mariuz)
Modified: php/php-src/branches/PHP_5_4/ext/hash/config.m4
===
--- php/php-src/branches/PHP_5_4/ext/hash/config.m4 2012-01-18 07:57:40 UTC (rev 322436)
+++ php/php-src/branches/PHP_5_4/ext/hash/config.m4 2012-01-18 09:15:34 UTC (rev 322437)
@@ -27,10 +27,10 @@
EXT_HASH_SOURCES=hash.c hash_md.c hash_sha.c hash_ripemd.c hash_haval.c \
hash_tiger.c hash_gost.c hash_snefru.c hash_whirlpool.c hash_adler32.c \
-hash_crc32.c hash_salsa.c hash_fnv.c hash_joaat.c
+hash_crc32.c hash_fnv.c hash_joaat.c
EXT_HASH_HEADERS=php_hash.h php_hash_md.h php_hash_sha.h php_hash_ripemd.h \
php_hash_haval.h php_hash_tiger.h php_hash_gost.h php_hash_snefru.h \
-php_hash_whirlpool.h php_hash_adler32.h php_hash_crc32.h php_hash_salsa.h \
+php_hash_whirlpool.h php_hash_adler32.h php_hash_crc32.h \
php_hash_fnv.h php_hash_joaat.h php_hash_types.h
PHP_NEW_EXTENSION(hash, $EXT_HASH_SOURCES, $ext_shared)
Modified: php/php-src/branches/PHP_5_4/ext/hash/config.w32
===
--- php/php-src/branches/PHP_5_4/ext/hash/config.w32 2012-01-18 07:57:40 UTC (rev 322436)
+++ php/php-src/branches/PHP_5_4/ext/hash/config.w32 2012-01-18 09:15:34 UTC (rev 322437)
@@ -15,11 +15,11 @@
AC_DEFINE('HAVE_HASH_EXT', 1);
EXTENSION(hash, hash.c hash_md.c hash_sha.c hash_ripemd.c hash_haval.c
+ hash_tiger.c hash_gost.c hash_snefru.c hash_whirlpool.c
- + hash_adler32.c hash_crc32.c hash_salsa.c hash_joaat.c hash_fnv.c);
+ + hash_adler32.c hash_crc32.c hash_joaat.c hash_fnv.c);
PHP_INSTALL_HEADERS(ext/hash/, php_hash.h php_hash_md.h php_hash_sha.h php_hash_ripemd.h +
php_hash_haval.h php_hash_tiger.h php_hash_gost.h php_hash_snefru.h +
- php_hash_whirlpool.h php_hash_adler32.h php_hash_crc32.h php_hash_salsa.h +
+ php_hash_whirlpool.h php_hash_adler32.h php_hash_crc32.h +
php_hash_types.h);
}
Modified: php/php-src/branches/PHP_5_4/ext/hash/hash.c
===
--- php/php-src/branches/PHP_5_4/ext/hash/hash.c 2012-01-18 07:57:40 UTC (rev 322436)
+++ php/php-src/branches/PHP_5_4/ext/hash/hash.c 2012-01-18 09:15:34 UTC (rev 322437)
@@ -851,8 +851,6 @@
php_hash_register_algo(adler32, php_hash_adler32_ops);
php_hash_register_algo(crc32, php_hash_crc32_ops);
php_hash_register_algo(crc32b, php_hash_crc32b_ops);
- php_hash_register_algo(salsa10, php_hash_salsa10_ops);
- php_hash_register_algo(salsa20, php_hash_salsa20_ops);
php_hash_register_algo(fnv132, php_hash_fnv132_ops);
php_hash_register_algo(fnv164, php_hash_fnv164_ops);
php_hash_register_algo(joaat, php_hash_joaat_ops);
Deleted: php/php-src/branches/PHP_5_4/ext/hash/hash_salsa.c
===
--- php/php-src/branches/PHP_5_4/ext/hash/hash_salsa.c 2012-01-18 07:57:40 UTC (rev 322436)
+++
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 19 Jan 2012 06:27:56 + Revision: http://svn.php.net/viewvc?view=revisionrevision=322461 Log: 5.4.0RC6 Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-19 00:20:04 UTC (rev 322460) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-19 06:27:56 UTC (rev 322461) @@ -1,7 +1,9 @@ PHPNEWS ||| -?? Jan 2012, PHP 5.4.0 RC6 +?? Jan 2012, PHP 5.4.0 +19 Jan 2012, PHP 5.4.0 RC6 + - Core: . Restoring $_SERVER['REQUEST_TIME'] as a long and introducing $_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick) Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2012-01-19 00:20:04 UTC (rev 322460) +++ php/php-src/branches/PHP_5_4/configure.in 2012-01-19 06:27:56 UTC (rev 322461) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC6-dev +PHP_EXTRA_VERSION=RC6 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2012-01-19 00:20:04 UTC (rev 322460) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-01-19 06:27:56 UTC (rev 322461) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC6-dev -#define PHP_VERSION 5.4.0RC6-dev +#define PHP_EXTRA_VERSION RC6 +#define PHP_VERSION 5.4.0RC6 #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/output.c branches/PHP_5_4/tests/output/bug60768.phpt trunk/main/output.c trunk/tests/output/bug60768.phpt
mike Mon, 16 Jan 2012 17:51:35 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322374
Log:
Fix bug #60768 Output buffer not discarded
in php_output_handler_op():
* if appending to buffer succeeds, just return HANDLER_NO_DATA
and do nothing else
* if a zero sized string or true is returned from the handler
function, reset the context as well as the handler's buffer
Bug: https://bugs.php.net/60768 (error getting bug information)
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/output.c
A php/php-src/branches/PHP_5_4/tests/output/bug60768.phpt
U php/php-src/trunk/main/output.c
A php/php-src/trunk/tests/output/bug60768.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-16 16:10:50 UTC (rev 322373)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-16 17:51:35 UTC (rev 322374)
@@ -5,6 +5,7 @@
- Core:
. Restoring $_SERVER['REQUEST_TIME'] as a long and introducing
$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
+ . Fixed bug #60768 (Output buffer not discarded) (Mike)
- Pdo Firebird:
. Fixed bug #47415 (segfaults when passing lowercased column name to
Modified: php/php-src/branches/PHP_5_4/main/output.c
===
--- php/php-src/branches/PHP_5_4/main/output.c 2012-01-16 16:10:50 UTC (rev
322373)
+++ php/php-src/branches/PHP_5_4/main/output.c 2012-01-16 17:51:35 UTC (rev
322374)
@@ -885,7 +885,8 @@
/* storable? */
if (php_output_handler_append(handler, context-in TSRMLS_CC)
!context-op) {
- status = PHP_OUTPUT_HANDLER_NO_DATA;
+ context-op = original_op;
+ return PHP_OUTPUT_HANDLER_NO_DATA;
} else {
/* need to start? */
if (!(handler-flags PHP_OUTPUT_HANDLER_STARTED)) {
@@ -961,14 +962,14 @@
handler-buffer.used = 0;
handler-buffer.size = 0;
break;
+ case PHP_OUTPUT_HANDLER_NO_DATA:
+ /* handler ate all */
+ php_output_context_reset(context);
+ /* no break */
case PHP_OUTPUT_HANDLER_SUCCESS:
/* no more buffered data */
handler-buffer.used = 0;
break;
- case PHP_OUTPUT_HANDLER_NO_DATA:
- /* handler ate all */
- php_output_context_reset(context);
- break;
}
context-op = original_op;
Added: php/php-src/branches/PHP_5_4/tests/output/bug60768.phpt
===
--- php/php-src/branches/PHP_5_4/tests/output/bug60768.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/tests/output/bug60768.phpt 2012-01-16
17:51:35 UTC (rev 322374)
@@ -0,0 +1,25 @@
+--TEST--
+Bug #60768 Output buffer not discarded
+--FILE--
+?php
+
+global $storage;
+
+ob_start(function($buffer) use ($storage) { $storage .= $buffer; }, 20);
+
+echo str_repeat(0, 20); // fill in the buffer
+
+for($i = 0; $i 10; $i++) {
+echo str_pad($i, 9, ' ', STR_PAD_LEFT) . \n; // full buffer dumped every
time
+}
+
+ob_end_flush();
+
+printf(Output size: %d, expected %d\n, strlen($storage), 20 + 10 * 10);
+
+?
+DONE
+--EXPECT--
+Output size: 120, expected 120
+DONE
+
Modified: php/php-src/trunk/main/output.c
===
--- php/php-src/trunk/main/output.c 2012-01-16 16:10:50 UTC (rev 322373)
+++ php/php-src/trunk/main/output.c 2012-01-16 17:51:35 UTC (rev 322374)
@@ -885,7 +885,8 @@
/* storable? */
if (php_output_handler_append(handler, context-in TSRMLS_CC)
!context-op) {
- status = PHP_OUTPUT_HANDLER_NO_DATA;
+ context-op = original_op;
+ return PHP_OUTPUT_HANDLER_NO_DATA;
} else {
/* need to start? */
if (!(handler-flags PHP_OUTPUT_HANDLER_STARTED)) {
@@ -961,14 +962,14 @@
handler-buffer.used = 0;
handler-buffer.size = 0;
break;
+ case PHP_OUTPUT_HANDLER_NO_DATA:
+ /* handler ate all */
+ php_output_context_reset(context);
+ /* no break */
case PHP_OUTPUT_HANDLER_SUCCESS:
/* no more buffered data */
handler-buffer.used = 0;
break;
- case PHP_OUTPUT_HANDLER_NO_DATA:
- /* handler ate all */
- php_output_context_reset(context);
-
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS ext/snmp/snmp.c ext/snmp/tests/bug60749.phpt ext/snmp/tests/ipv6.phpt
lytboris Fri, 13 Jan 2012 18:46:56 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322214
Log:
merge from trunk:
Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support is
disabled
Fixed bug #60749 (SNMP module should not strip non-standard SNMP port from
hostname
Bugs: https://bugs.php.net/60585 (Assigned) php build fails with USE flag snmp
when IPv6 support is disabled
https://bugs.php.net/60749 (Assigned) SNMP module should not strip
non-standard SNMP port from hostname
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
_U php/php-src/branches/PHP_5_4/ext/snmp/
U php/php-src/branches/PHP_5_4/ext/snmp/snmp.c
_U php/php-src/branches/PHP_5_4/ext/snmp/tests/
A + php/php-src/branches/PHP_5_4/ext/snmp/tests/bug60749.phpt
(from php/php-src/trunk/ext/snmp/tests/bug60749.phpt:r322213)
U php/php-src/branches/PHP_5_4/ext/snmp/tests/ipv6.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-13 18:34:21 UTC (rev 322213)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-13 18:46:56 UTC (rev 322214)
@@ -12,6 +12,12 @@
. Fixed bug #53280 (segfaults if query column count less than param count).
(Mariuz)
+- SNMP:
+ . Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support
+is disabled). (Boris Lytochkin)
+ . Fixed bug #60749 (SNMP module should not strip non-standard SNMP port
+from hostname). (Boris Lytochkin)
+
07 Jan 2012, PHP 5.4.0 RC5
- Core:
. Fixed bug #60613 (Segmentation fault with $cls-{expr}() syntax). (Dmitry)
Property changes on: php/php-src/branches/PHP_5_4/ext/snmp
___
Modified: svn:mergeinfo
-
/php/php-src/trunk/ext/snmp:284726,311033-315236,315606,315608,315862,315924,316022,316029,316031
+
/php/php-src/trunk/ext/snmp:284726,311033-315236,315606,315608,315862,315924,316022,316029,316031,322213
Modified: php/php-src/branches/PHP_5_4/ext/snmp/snmp.c
===
--- php/php-src/branches/PHP_5_4/ext/snmp/snmp.c2012-01-13 18:34:21 UTC
(rev 322213)
+++ php/php-src/branches/PHP_5_4/ext/snmp/snmp.c2012-01-13 18:46:56 UTC
(rev 322214)
@@ -1171,11 +1171,11 @@
continue;
}
#else
- if (res-sa_family != AF_INET) {
+ if ((*res)-sa_family != AF_INET) {
res++;
continue;
}
- strcat(pptr, inet_ntoa(res));
+ strcat(pptr, inet_ntoa(((struct
sockaddr_in*)(*res))-sin_addr));
#endif
break;
}
@@ -1188,6 +1188,12 @@
There should be check for non-empty session-peername!
*/
+ /* put back non-standard SNMP port */
+ if (session-remote_port != SNMP_PORT) {
+ pptr = session-peername + strlen(session-peername);
+ sprintf(pptr, :%d, session-remote_port);
+ }
+
php_network_freeaddresses(psal);
if (version == SNMP_VERSION_3) {
Property changes on: php/php-src/branches/PHP_5_4/ext/snmp/tests
___
Modified: svn:mergeinfo
-
/php/php-src/trunk/ext/snmp/tests:284726,311033-315236,315386,315606,315608,315862,315916,315924,316022,316029,316031
+
/php/php-src/trunk/ext/snmp/tests:284726,311033-315236,315386,315606,315608,315862,315916,315924,316022,316029,316031,322213
Copied: php/php-src/branches/PHP_5_4/ext/snmp/tests/bug60749.phpt (from rev
322213, php/php-src/trunk/ext/snmp/tests/bug60749.phpt)
===
--- php/php-src/branches/PHP_5_4/ext/snmp/tests/bug60749.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/ext/snmp/tests/bug60749.phpt 2012-01-13
18:46:56 UTC (rev 322214)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #60749: SNMP module should not strip non-standard SNMP port from hostname
+--CREDITS--
+Boris Lytochkin
+--SKIPIF--
+?php
+require_once(dirname(__FILE__).'/skipif.inc');
+?
+--FILE--
+?php
+require_once(dirname(__FILE__).'/snmp_include.inc');
+
+$hostname = php.net;
+$ip = gethostbyname($hostname);
+if (ip2long($ip) === FALSE) {
+ echo Could not resolve $hostname properly!\n;
+ exit(1);
+}
+$port = 1161;
+$session = new SNMP(SNMP::VERSION_1, $hostname:$port, $community, $timeout,
$retries);
+$info = $session-info;
+if (strcmp($info[hostname], $ip:$port) !== 0) {
+ echo ' . $info[hostname] . ' != '$ip:$port'\n;
+}
+var_dump($session-close());
+?
+--EXPECTF--
+bool(true)
Modified: php/php-src/branches/PHP_5_4/ext/snmp/tests/ipv6.phpt
===
--- php/php-src/branches/PHP_5_4/ext/snmp/tests/ipv6.phpt 2012-01-13
18:34:21
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
mariuz Tue, 10 Jan 2012 13:42:14 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=322021
Log:
Added fixes Pdo Firebird bugs to the NEWS file
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-10 13:33:01 UTC (rev 322020)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-10 13:42:14 UTC (rev 322021)
@@ -6,6 +6,12 @@
. Restoring $_SERVER['REQUEST_TIME'] as a long and introducing
$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
+- Pdo Firebird:
+ . Fixed bug #47415 (segfaults when passing lowercased column name to
+bindColumn). (Mariuz)
+ . Fixed bug #53280 (segfaults if query column count less than param count).
+(Mariuz)
+
07 Jan 2012, PHP 5.4.0 RC5
- Core:
. Fixed bug #60613 (Segmentation fault with $cls-{expr}() syntax). (Dmitry)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS main/php_variables.c
patrickallaert Fri, 06 Jan 2012 13:38:06 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321828
Log:
Changed: restoring REQUEST_TIME as a long, introducing REQUEST_TIME_FLOAT
instead as discussed on the ML
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/php_variables.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-06 13:37:51 UTC (rev 321827)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-06 13:38:06 UTC (rev 321828)
@@ -2,6 +2,10 @@
|||
?? Jan 2012, PHP 5.4.0 RC6
+- Core:
+ . Restoring $_SERVER['REQUEST_TIME'] as a long and introducing
+$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
+
07 Jan 2012, PHP 5.4.0 RC5
- Core:
. Fixed bug #60613 (Segmentation fault with $cls-{expr}() syntax). (Dmitry)
Modified: php/php-src/branches/PHP_5_4/main/php_variables.c
===
--- php/php-src/branches/PHP_5_4/main/php_variables.c 2012-01-06 13:37:51 UTC
(rev 321827)
+++ php/php-src/branches/PHP_5_4/main/php_variables.c 2012-01-06 13:38:06 UTC
(rev 321828)
@@ -581,10 +581,13 @@
}
/* store request init time */
{
- zval new_entry;
- Z_TYPE(new_entry) = IS_DOUBLE;
- Z_DVAL(new_entry) = sapi_get_request_time(TSRMLS_C);
- php_register_variable_ex(REQUEST_TIME, new_entry, array_ptr
TSRMLS_CC);
+ zval request_time_float, request_time_long;
+ Z_TYPE(request_time_float) = IS_DOUBLE;
+ Z_DVAL(request_time_float) = sapi_get_request_time(TSRMLS_C);
+ php_register_variable_ex(REQUEST_TIME_FLOAT,
request_time_float, array_ptr TSRMLS_CC);
+ Z_TYPE(request_time_long) = IS_LONG;
+ Z_LVAL(request_time_long) =
zend_dval_to_lval(Z_DVAL(request_time_float));
+ php_register_variable_ex(REQUEST_TIME, request_time_long,
array_ptr TSRMLS_CC);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend.h branches/PHP_5_4/Zend/zend_signal.h trunk/Zend/zend.h trunk/Zend/zend_signal.h
laruence Wed, 04 Jan 2012 08:25:06 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321753
Log:
Fixed bug #60627 (httpd.worker segfault on startup with php_value)
Bug: https://bugs.php.net/60627 (Analyzed) httpd.worker segfault on startup
with php_value
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend.h
U php/php-src/branches/PHP_5_4/Zend/zend_signal.h
U php/php-src/trunk/Zend/zend.h
U php/php-src/trunk/Zend/zend_signal.h
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-04 08:13:58 UTC (rev 321752)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-04 08:25:06 UTC (rev 321753)
@@ -5,6 +5,8 @@
. Fixed bug #60613 (Segmentation fault with $cls-{expr}() syntax). (Dmitry)
. Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
. Fixed bug #55871 (Interruption in substr_replace()). (Stas)
+ . Fixed bug #60627 (httpd.worker segfault on startup with php_value).
+(Laruence)
- SAPI:
. Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
Modified: php/php-src/branches/PHP_5_4/Zend/zend.h
===
--- php/php-src/branches/PHP_5_4/Zend/zend.h2012-01-04 08:13:58 UTC (rev
321752)
+++ php/php-src/branches/PHP_5_4/Zend/zend.h2012-01-04 08:25:06 UTC (rev
321753)
@@ -709,8 +709,8 @@
#else
#include zend_signal.h
-#define HANDLE_BLOCK_INTERRUPTIONS() SIGG(depth)++;
-#define HANDLE_UNBLOCK_INTERRUPTIONS() if
(UNEXPECTED((--SIGG(depth))==SIGG(blocked))) {
zend_signal_handler_unblock(TSRMLS_C); }
+#define HANDLE_BLOCK_INTERRUPTIONS()
ZEND_SIGNAL_BLOCK_INTERRUPUTIONS()
+#define HANDLE_UNBLOCK_INTERRUPTIONS()
ZEND_SIGNAL_UNBLOCK_INTERRUPTIONS()
#endif
BEGIN_EXTERN_C()
Modified: php/php-src/branches/PHP_5_4/Zend/zend_signal.h
===
--- php/php-src/branches/PHP_5_4/Zend/zend_signal.h 2012-01-04 08:13:58 UTC
(rev 321752)
+++ php/php-src/branches/PHP_5_4/Zend/zend_signal.h 2012-01-04 08:25:06 UTC
(rev 321753)
@@ -69,9 +69,13 @@
BEGIN_EXTERN_C()
ZEND_API extern int zend_signal_globals_id;
END_EXTERN_C()
+# define ZEND_SIGNAL_BLOCK_INTERRUPUTIONS() if
(EXPECTED(zend_signal_globals_id)) { SIGG(depth)++; }
+# define ZEND_SIGNAL_UNBLOCK_INTERRUPTIONS() if
(EXPECTED(zend_signal_globals_id)
UNEXPECTED((--SIGG(depth))==SIGG(blocked))) {
zend_signal_handler_unblock(TSRMLS_C); }
#else /* ZTS */
# define SIGG(v) (zend_signal_globals.v)
extern ZEND_API zend_signal_globals_t zend_signal_globals;
+# define ZEND_SIGNAL_BLOCK_INTERRUPUTIONS() SIGG(depth)++;
+# define ZEND_SIGNAL_UNBLOCK_INTERRUPTIONS() if
(UNEXPECTED((--SIGG(depth))==SIGG(blocked))) {
zend_signal_handler_unblock(TSRMLS_C); }
#endif /* not ZTS */
# define SIGNAL_BEGIN_CRITICAL() sigset_t oldmask; \
Modified: php/php-src/trunk/Zend/zend.h
===
--- php/php-src/trunk/Zend/zend.h 2012-01-04 08:13:58 UTC (rev 321752)
+++ php/php-src/trunk/Zend/zend.h 2012-01-04 08:25:06 UTC (rev 321753)
@@ -709,8 +709,8 @@
#else
#include zend_signal.h
-#define HANDLE_BLOCK_INTERRUPTIONS() SIGG(depth)++;
-#define HANDLE_UNBLOCK_INTERRUPTIONS() if
(UNEXPECTED((--SIGG(depth))==SIGG(blocked))) {
zend_signal_handler_unblock(TSRMLS_C); }
+#define HANDLE_BLOCK_INTERRUPTIONS()
ZEND_SIGNAL_BLOCK_INTERRUPUTIONS()
+#define HANDLE_UNBLOCK_INTERRUPTIONS()
ZEND_SIGNAL_UNBLOCK_INTERRUPTIONS()
#endif
BEGIN_EXTERN_C()
Modified: php/php-src/trunk/Zend/zend_signal.h
===
--- php/php-src/trunk/Zend/zend_signal.h2012-01-04 08:13:58 UTC (rev
321752)
+++ php/php-src/trunk/Zend/zend_signal.h2012-01-04 08:25:06 UTC (rev
321753)
@@ -69,9 +69,13 @@
BEGIN_EXTERN_C()
ZEND_API extern int zend_signal_globals_id;
END_EXTERN_C()
+# define ZEND_SIGNAL_BLOCK_INTERRUPUTIONS() if
(EXPECTED(zend_signal_globals_id)) { SIGG(depth)++; }
+# define ZEND_SIGNAL_UNBLOCK_INTERRUPTIONS() if
(EXPECTED(zend_signal_globals_id)
UNEXPECTED((--SIGG(depth))==SIGG(blocked))) {
zend_signal_handler_unblock(TSRMLS_C); }
#else /* ZTS */
# define SIGG(v) (zend_signal_globals.v)
extern ZEND_API zend_signal_globals_t zend_signal_globals;
+# define ZEND_SIGNAL_BLOCK_INTERRUPUTIONS() SIGG(depth)++;
+# define ZEND_SIGNAL_UNBLOCK_INTERRUPTIONS() if
(UNEXPECTED((--SIGG(depth))==SIGG(blocked))) {
zend_signal_handler_unblock(TSRMLS_C); }
#endif /* not ZTS */
# define SIGNAL_BEGIN_CRITICAL() sigset_t oldmask; \
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 05 Jan 2012 07:22:29 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321780
Log:
5.4.0rc5
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/configure.in
U php/php-src/branches/PHP_5_4/main/php_version.h
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-05 07:14:54 UTC (rev 321779)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-05 07:22:29 UTC (rev 321780)
@@ -1,6 +1,6 @@
PHPNEWS
|||
-?? Jan 2012, PHP 5.4.0 RC5
+07 Jan 2012, PHP 5.4.0 RC5
- Core:
. Fixed bug #60613 (Segmentation fault with $cls-{expr}() syntax). (Dmitry)
. Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
Modified: php/php-src/branches/PHP_5_4/configure.in
===
--- php/php-src/branches/PHP_5_4/configure.in 2012-01-05 07:14:54 UTC (rev
321779)
+++ php/php-src/branches/PHP_5_4/configure.in 2012-01-05 07:22:29 UTC (rev
321780)
@@ -120,7 +120,7 @@
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=4
PHP_RELEASE_VERSION=0
-PHP_EXTRA_VERSION=RC5-dev
+PHP_EXTRA_VERSION=RC5
PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \*
100 + [$]PHP_RELEASE_VERSION`
Modified: php/php-src/branches/PHP_5_4/main/php_version.h
===
--- php/php-src/branches/PHP_5_4/main/php_version.h 2012-01-05 07:14:54 UTC
(rev 321779)
+++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-01-05 07:22:29 UTC
(rev 321780)
@@ -3,6 +3,6 @@
#define PHP_MAJOR_VERSION 5
#define PHP_MINOR_VERSION 4
#define PHP_RELEASE_VERSION 0
-#define PHP_EXTRA_VERSION RC5-dev
-#define PHP_VERSION 5.4.0RC5-dev
+#define PHP_EXTRA_VERSION RC5
+#define PHP_VERSION 5.4.0RC5
#define PHP_VERSION_ID 50400
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 05 Jan 2012 07:24:26 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321781
Log:
back to dev
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/configure.in
U php/php-src/branches/PHP_5_4/main/php_version.h
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-05 07:22:29 UTC (rev 321780)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-05 07:24:26 UTC (rev 321781)
@@ -1,5 +1,7 @@
PHPNEWS
|||
+?? Jan 2012, PHP 5.4.0 RC6
+
07 Jan 2012, PHP 5.4.0 RC5
- Core:
. Fixed bug #60613 (Segmentation fault with $cls-{expr}() syntax). (Dmitry)
Modified: php/php-src/branches/PHP_5_4/configure.in
===
--- php/php-src/branches/PHP_5_4/configure.in 2012-01-05 07:22:29 UTC (rev
321780)
+++ php/php-src/branches/PHP_5_4/configure.in 2012-01-05 07:24:26 UTC (rev
321781)
@@ -120,7 +120,7 @@
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=4
PHP_RELEASE_VERSION=0
-PHP_EXTRA_VERSION=RC5
+PHP_EXTRA_VERSION=RC6-dev
PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \*
100 + [$]PHP_RELEASE_VERSION`
Modified: php/php-src/branches/PHP_5_4/main/php_version.h
===
--- php/php-src/branches/PHP_5_4/main/php_version.h 2012-01-05 07:22:29 UTC
(rev 321780)
+++ php/php-src/branches/PHP_5_4/main/php_version.h 2012-01-05 07:24:26 UTC
(rev 321781)
@@ -3,6 +3,6 @@
#define PHP_MAJOR_VERSION 5
#define PHP_MINOR_VERSION 4
#define PHP_RELEASE_VERSION 0
-#define PHP_EXTRA_VERSION RC5
-#define PHP_VERSION 5.4.0RC5
+#define PHP_EXTRA_VERSION RC6-dev
+#define PHP_VERSION 5.4.0RC6-dev
#define PHP_VERSION_ID 50400
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/session/mod_user_class.c trunk/ext/session/mod_user_class.c
arpadWed, 04 Jan 2012 01:31:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321741 Log: fix return values of inherited session handler to match user handlers - #60640 Bug: https://bugs.php.net/60640 (Assigned) Invalid return values Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/ext/session/mod_user_class.c U php/php-src/trunk/ext/session/mod_user_class.c Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-04 01:22:15 UTC (rev 321740) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-04 01:31:30 UTC (rev 321741) @@ -22,6 +22,8 @@ . Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat) +- Improved Session extension: + . Fixed bug #60640 (invalid return values). (Arpad) 22 Dec 2011, PHP 5.4.0 RC4 - Core: Modified: php/php-src/branches/PHP_5_4/ext/session/mod_user_class.c === --- php/php-src/branches/PHP_5_4/ext/session/mod_user_class.c 2012-01-04 01:22:15 UTC (rev 321740) +++ php/php-src/branches/PHP_5_4/ext/session/mod_user_class.c 2012-01-04 01:31:30 UTC (rev 321741) @@ -48,7 +48,7 @@ } PS(mod_user_is_open) = 1; - RETVAL_LONG(PS(default_mod)-s_open(PS(mod_data), save_path, session_name TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_open(PS(mod_data), save_path, session_name TSRMLS_CC)); } /* }}} */ @@ -63,7 +63,7 @@ zend_parse_parameters_none(); PS(mod_user_is_open) = 0; - RETVAL_LONG(PS(default_mod)-s_close(PS(mod_data) TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_close(PS(mod_data) TSRMLS_CC)); } /* }}} */ @@ -104,7 +104,7 @@ return; } - RETVAL_LONG(PS(default_mod)-s_write(PS(mod_data), key, val, val_len TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_write(PS(mod_data), key, val, val_len TSRMLS_CC)); } /* }}} */ @@ -122,7 +122,7 @@ } PS(mod_user_is_open) = 0; - RETVAL_LONG(PS(default_mod)-s_destroy(PS(mod_data), key TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_destroy(PS(mod_data), key TSRMLS_CC)); } /* }}} */ @@ -139,6 +139,6 @@ return; } - RETVAL_LONG(PS(default_mod)-s_gc(PS(mod_data), maxlifetime, nrdels TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_gc(PS(mod_data), maxlifetime, nrdels TSRMLS_CC)); } /* }}} */ Modified: php/php-src/trunk/ext/session/mod_user_class.c === --- php/php-src/trunk/ext/session/mod_user_class.c 2012-01-04 01:22:15 UTC (rev 321740) +++ php/php-src/trunk/ext/session/mod_user_class.c 2012-01-04 01:31:30 UTC (rev 321741) @@ -48,7 +48,7 @@ } PS(mod_user_is_open) = 1; - RETVAL_LONG(PS(default_mod)-s_open(PS(mod_data), save_path, session_name TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_open(PS(mod_data), save_path, session_name TSRMLS_CC)); } /* }}} */ @@ -63,7 +63,7 @@ zend_parse_parameters_none(); PS(mod_user_is_open) = 0; - RETVAL_LONG(PS(default_mod)-s_close(PS(mod_data) TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_close(PS(mod_data) TSRMLS_CC)); } /* }}} */ @@ -104,7 +104,7 @@ return; } - RETVAL_LONG(PS(default_mod)-s_write(PS(mod_data), key, val, val_len TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_write(PS(mod_data), key, val, val_len TSRMLS_CC)); } /* }}} */ @@ -122,7 +122,7 @@ } PS(mod_user_is_open) = 0; - RETVAL_LONG(PS(default_mod)-s_destroy(PS(mod_data), key TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_destroy(PS(mod_data), key TSRMLS_CC)); } /* }}} */ @@ -139,6 +139,6 @@ return; } - RETVAL_LONG(PS(default_mod)-s_gc(PS(mod_data), maxlifetime, nrdels TSRMLS_CC)); + RETVAL_BOOL(SUCCESS == PS(default_mod)-s_gc(PS(mod_data), maxlifetime, nrdels TSRMLS_CC)); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
arpadWed, 04 Jan 2012 01:34:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321742 Log: NEWS entry for r321738 Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-01-04 01:31:30 UTC (rev 321741) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-04 01:34:08 UTC (rev 321742) @@ -24,6 +24,8 @@ - Improved Session extension: . Fixed bug #60640 (invalid return values). (Arpad) + . Implement FR #60551 (session_set_save_handler should support a core's +session handler interface). (Arpad) 22 Dec 2011, PHP 5.4.0 RC4 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/rfc1867.c branches/PHP_5_4/tests/basic/bug55500.phpt trunk/main/rfc1867.c trunk/tests/basic/bug55500.phpt
stas Sun, 01 Jan 2012 23:54:25 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321664
Log:
fix bug #54374, bug #55500 - filter file names better, no dangling [s
Bugs: https://bugs.php.net/54374 (Open) Insufficient validating of upload name
leading to corrupted $_FILES indices
https://bugs.php.net/55500 (error getting bug information)
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/rfc1867.c
A php/php-src/branches/PHP_5_4/tests/basic/bug55500.phpt
U php/php-src/trunk/main/rfc1867.c
A php/php-src/trunk/tests/basic/bug55500.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-01-01 23:51:21 UTC (rev 321663)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-01-01 23:54:25 UTC (rev 321664)
@@ -5,6 +5,12 @@
. Fixed bug #60613 (Segmentation fault with $cls-{expr}() syntax). (Dmitry)
. Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
+- SAPI:
+ . Fixed bug #54374 (Insufficient validating of upload name leading to
+corrupted $_FILES indices). (Stas, lekensteyn at gmail dot com)
+ . Fixed bug #55500 (Corrupted $_FILES indices lead to security concern).
+(Stas)
+
- CLI SAPI:
. Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)
Modified: php/php-src/branches/PHP_5_4/main/rfc1867.c
===
--- php/php-src/branches/PHP_5_4/main/rfc1867.c 2012-01-01 23:51:21 UTC (rev
321663)
+++ php/php-src/branches/PHP_5_4/main/rfc1867.c 2012-01-01 23:54:25 UTC (rev
321664)
@@ -556,7 +556,7 @@
{
char *s = strrchr(path, '\\');
char *s2 = strrchr(path, '/');
-
+
if (s s2) {
if (s s2) {
++s;
@@ -942,6 +942,10 @@
}
tmp++;
}
+ /* Brackets should always be closed */
+ if(c != 0) {
+ skip_upload = 1;
+ }
}
total_bytes = cancel_upload = 0;
@@ -977,7 +981,7 @@
offset = 0;
end = 0;
-
+
if (!cancel_upload) {
/* only bother to open temp file if we have
data */
blen = multipart_buffer_read(mbuff, buff,
sizeof(buff), end TSRMLS_CC);
@@ -1275,7 +1279,7 @@
php_rfc1867_getword = getword;
php_rfc1867_getword_conf = getword_conf;
php_rfc1867_basename = basename;
-}
+}
/* }}} */
/*
Added: php/php-src/branches/PHP_5_4/tests/basic/bug55500.phpt
===
--- php/php-src/branches/PHP_5_4/tests/basic/bug55500.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/tests/basic/bug55500.phpt 2012-01-01
23:54:25 UTC (rev 321664)
@@ -0,0 +1,67 @@
+--TEST--
+Bug #55500 (Corrupted $_FILES indices lead to security concern)
+--INI--
+file_uploads=1
+error_reporting=E_ALL~E_NOTICE
+upload_max_filesize=1024
+--POST_RAW--
+Content-Type: multipart/form-data;
boundary=---20896060251896012921717172737
+-20896060251896012921717172737
+Content-Disposition: form-data; name=file[]; filename=file1.txt
+Content-Type: text/plain-file1
+
+1
+-20896060251896012921717172737
+Content-Disposition: form-data; name=file[[type]; filename=file2.txt
+Content-Type: text/plain-file2
+
+2
+-20896060251896012921717172737
+Content-Disposition: form-data; name=file[[name]; filename=file3.txt
+Content-Type: text/plain-file3
+
+3
+-20896060251896012921717172737
+Content-Disposition: form-data; name=file[name][; filename=file4.txt
+Content-Type: text/plain-file3
+
+4
+-20896060251896012921717172737--
+--FILE--
+?php
+var_dump($_FILES);
+var_dump($_POST);
+?
+--EXPECTF--
+array(1) {
+ [%u|b%file]=
+ array(5) {
+[%u|b%name]=
+array(1) {
+ [0]=
+ %unicode|string%(9) file1.txt
+}
+[%u|b%type]=
+array(1) {
+ [0]=
+ %unicode|string%(16) text/plain-file1
+}
+[%u|b%tmp_name]=
+array(1) {
+ [0]=
+ %unicode|string%(%d) %s
+}
+[%u|b%error]=
+array(1) {
+ [0]=
+ int(0)
+}
+[%u|b%size]=
+array(1) {
+ [0]=
+ int(1)
+}
+ }
+}
+array(0) {
+}
Modified: php/php-src/trunk/main/rfc1867.c
===
--- php/php-src/trunk/main/rfc1867.c2012-01-01 23:51:21 UTC (rev 321663)
+++ php/php-src/trunk/main/rfc1867.c2012-01-01
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/acinclude.m4 trunk/acinclude.m4
bjoriTue, 27 Dec 2011 13:53:11 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321435 Log: Looks like we need to explicity add libstdc++ on recent linux' too, like fedora 14 and ubuntu 11 This fixes build failures for ext/intl and several pecl exts Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/acinclude.m4 U php/php-src/trunk/acinclude.m4 Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-27 11:05:58 UTC (rev 321434) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-27 13:53:11 UTC (rev 321435) @@ -7,6 +7,10 @@ - CLI SAPI: . Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence) +- Intl: + . Fixed build on Fedora 15 / Ubuntu 11. (Hannes) + + 22 Dec 2011, PHP 5.4.0 RC4 - Core: . Added max_input_vars directive to prevent attacks based on hash collisions Modified: php/php-src/branches/PHP_5_4/acinclude.m4 === --- php/php-src/branches/PHP_5_4/acinclude.m4 2011-12-27 11:05:58 UTC (rev 321434) +++ php/php-src/branches/PHP_5_4/acinclude.m4 2011-12-27 13:53:11 UTC (rev 321435) @@ -762,11 +762,7 @@ if test -z $php_cxx_done; then AC_PROG_CXX AC_PROG_CXXCPP -case $host_alias in - *darwin*) -PHP_ADD_LIBRARY(stdc++) - ;; -esac +PHP_ADD_LIBRARY(stdc++) php_cxx_done=yes fi ]) Modified: php/php-src/trunk/acinclude.m4 === --- php/php-src/trunk/acinclude.m4 2011-12-27 11:05:58 UTC (rev 321434) +++ php/php-src/trunk/acinclude.m4 2011-12-27 13:53:11 UTC (rev 321435) @@ -762,11 +762,7 @@ if test -z $php_cxx_done; then AC_PROG_CXX AC_PROG_CXXCPP -case $host_alias in - *darwin*) -PHP_ADD_LIBRARY(stdc++) - ;; -esac +PHP_ADD_LIBRARY(stdc++) php_cxx_done=yes fi ]) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/acinclude.m4 trunk/acinclude.m4
Uhm, I don't think this change makes much sense (nor does the previous behaviour on Mac).. Extensions that use C++ should pull in the required libraries themselves. We shouldn't be linking PHP everytime with libstdc++ if that is not needed. Nuno - Original Message - bjoriTue, 27 Dec 2011 13:53:11 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321435 Log: Looks like we need to explicity add libstdc++ on recent linux' too, like fedora 14 and ubuntu 11 This fixes build failures for ext/intl and several pecl exts Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/acinclude.m4 U php/php-src/trunk/acinclude.m4 Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-27 11:05:58 UTC (rev 321434) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-27 13:53:11 UTC (rev 321435) @@ -7,6 +7,10 @@ - CLI SAPI: . Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence) +- Intl: + . Fixed build on Fedora 15 / Ubuntu 11. (Hannes) + + 22 Dec 2011, PHP 5.4.0 RC4 - Core: . Added max_input_vars directive to prevent attacks based on hash collisions Modified: php/php-src/branches/PHP_5_4/acinclude.m4 === --- php/php-src/branches/PHP_5_4/acinclude.m4 2011-12-27 11:05:58 UTC (rev 321434) +++ php/php-src/branches/PHP_5_4/acinclude.m4 2011-12-27 13:53:11 UTC (rev 321435) @@ -762,11 +762,7 @@ if test -z $php_cxx_done; then AC_PROG_CXX AC_PROG_CXXCPP -case $host_alias in - *darwin*) -PHP_ADD_LIBRARY(stdc++) - ;; -esac +PHP_ADD_LIBRARY(stdc++) php_cxx_done=yes fi ]) Modified: php/php-src/trunk/acinclude.m4 === --- php/php-src/trunk/acinclude.m4 2011-12-27 11:05:58 UTC (rev 321434) +++ php/php-src/trunk/acinclude.m4 2011-12-27 13:53:11 UTC (rev 321435) @@ -762,11 +762,7 @@ if test -z $php_cxx_done; then AC_PROG_CXX AC_PROG_CXXCPP -case $host_alias in - *darwin*) -PHP_ADD_LIBRARY(stdc++) - ;; -esac +PHP_ADD_LIBRARY(stdc++) php_cxx_done=yes fi ]) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug60611.phpt branches/PHP_5_4/Zend/zend_compile.c trunk/Zend/tests/bug60611.phpt trunk/Zend/zend_compile.c
laruence Tue, 27 Dec 2011 08:38:18 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321429
Log:
Fix bug #60611 (Segmentation fault with Cls::{expr}() syntax)
Bug: https://bugs.php.net/60611 (Open) Segmentation fault with Cls::{expr}()
syntax
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
A php/php-src/trunk/Zend/tests/bug60611.phpt
U php/php-src/trunk/Zend/zend_compile.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-27 06:24:33 UTC (rev 321428)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-27 08:38:18 UTC (rev 321429)
@@ -1,6 +1,9 @@
PHPNEWS
|||
?? Jan 2012, PHP 5.4.0 RC5
+- Core:
+ . Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax). (Laruence)
+
- CLI SAPI:
. Fixed bug #60591 (Memory leak when access a non-exists file). (Laruence)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60611.phpt 2011-12-27
08:38:18 UTC (rev 321429)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #60611 (Segmentation fault with Cls::{expr}() syntax)
+--FILE--
+?php
+class Cls {
+ function __call($name, $arg) {
+ }
+ static function __callStatic($name, $arg) {
+ }
+}
+
+Cls::{0}();
+Cls::{1.0}();
+Cls::{true}();
+Cls::{false}();
+Cls::{null}();
+
+$cls = new Cls;
+$cls-{0}();
+$cls-{1.0}();
+$cls-{true}();
+$cls-{false}();
+$cls-{null}();
+
+echo done;
+?
+--EXPECT--
+done
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c2011-12-27 06:24:33 UTC
(rev 321428)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c2011-12-27 08:38:18 UTC
(rev 321429)
@@ -1973,9 +1973,10 @@
if (last_op-opcode == ZEND_FETCH_OBJ_R) {
if (last_op-op2_type == IS_CONST) {
zval name;
-
name = CONSTANT(last_op-op2.constant);
- if (!IS_INTERNED(Z_STRVAL(name))) {
+ if (Z_TYPE(name) != IS_STRING) {
+ convert_to_string(name);
+ } else if (!IS_INTERNED(Z_STRVAL(name))) {
Z_STRVAL(name) = estrndup(Z_STRVAL(name),
Z_STRLEN(name));
}
FREE_POLYMORPHIC_CACHE_SLOT(last_op-op2.constant);
@@ -2367,7 +2368,11 @@
zend_op *opline;
if (method_name-op_type == IS_CONST) {
- char *lcname =
zend_str_tolower_dup(Z_STRVAL(method_name-u.constant),
Z_STRLEN(method_name-u.constant));
+ char *lcname;
+ if (Z_TYPE(method_name-u.constant) != IS_STRING) {
+ convert_to_string(method_name-u.constant);
+ }
+ lcname =
zend_str_tolower_dup(Z_STRVAL(method_name-u.constant),
Z_STRLEN(method_name-u.constant));
if ((sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) ==
Z_STRLEN(method_name-u.constant)
memcmp(lcname, ZEND_CONSTRUCTOR_FUNC_NAME,
sizeof(ZEND_CONSTRUCTOR_FUNC_NAME)-1) == 0) {
zval_dtor(method_name-u.constant);
Added: php/php-src/trunk/Zend/tests/bug60611.phpt
===
--- php/php-src/trunk/Zend/tests/bug60611.phpt (rev 0)
+++ php/php-src/trunk/Zend/tests/bug60611.phpt 2011-12-27 08:38:18 UTC (rev
321429)
@@ -0,0 +1,28 @@
+--TEST--
+Bug #60611 (Segmentation fault with Cls::{expr}() syntax)
+--FILE--
+?php
+class Cls {
+ function __call($name, $arg) {
+ }
+ static function __callStatic($name, $arg) {
+ }
+}
+
+Cls::{0}();
+Cls::{1.0}();
+Cls::{true}();
+Cls::{false}();
+Cls::{null}();
+
+$cls = new Cls;
+$cls-{0}();
+$cls-{1.0}();
+$cls-{true}();
+$cls-{false}();
+$cls-{null}();
+
+echo done;
+?
+--EXPECT--
+done
Modified: php/php-src/trunk/Zend/zend_compile.c
===
--- php/php-src/trunk/Zend/zend_compile.c 2011-12-27 06:24:33 UTC (rev
321428)
+++ php/php-src/trunk/Zend/zend_compile.c 2011-12-27 08:38:18 UTC (rev
321429)
@@ -1973,9 +1973,10 @@
if (last_op-opcode == ZEND_FETCH_OBJ_R) {
if (last_op-op2_type == IS_CONST) {
zval name;
-
name = CONSTANT(last_op-op2.constant);
-
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/acinclude.m4 trunk/acinclude.m4
On Tue, Dec 27, 2011 at 18:02, Nuno Lopes nlop...@php.net wrote: Uhm, I don't think this change makes much sense (nor does the previous behaviour on Mac).. Extensions that use C++ should pull in the required libraries themselves. We shouldn't be linking PHP everytime with libstdc++ if that is not needed. Then what is the idea behind PHP_REQUIRE_CXX? As I see it, it should pull in everything needed for the extension to use c++. -Hannes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/acinclude.m4 trunk/acinclude.m4
On Tue, Dec 27, 2011 at 18:02, Nuno Lopes nlop...@php.net wrote: Uhm, I don't think this change makes much sense (nor does the previous behaviour on Mac).. Extensions that use C++ should pull in the required libraries themselves. We shouldn't be linking PHP everytime with libstdc++ if that is not needed. Then what is the idea behind PHP_REQUIRE_CXX? As I see it, it should pull in everything needed for the extension to use c++. Ah, sorry, I was fooled by your commit message.. I didn't noticed your change was in PHP_REQUIRE_CXX. Anyway, pulling libstdc++ is a bit too gcc centric. If I use, say, clang, then I may want to use libc++ instead. The right fix, I believe, is to change the link command to use $CXX instead of $CC, since the c++ compiler knows which libraries it needs. For example, it seems that PHP_SHARED_MODULE is doing the right thing. Nuno -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 22 Dec 2011 03:25:28 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321314 Log: 5.4.0rc4 Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-22 03:22:42 UTC (rev 321313) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-22 03:25:28 UTC (rev 321314) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? Dec 2011, PHP 5.4.0 RC4 +22 Dec 2011, PHP 5.4.0 RC4 - Core: . Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry). Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2011-12-22 03:22:42 UTC (rev 321313) +++ php/php-src/branches/PHP_5_4/configure.in 2011-12-22 03:25:28 UTC (rev 321314) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC4-dev +PHP_EXTRA_VERSION=RC4 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2011-12-22 03:22:42 UTC (rev 321313) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2011-12-22 03:25:28 UTC (rev 321314) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC4-dev -#define PHP_VERSION 5.4.0RC4-dev +#define PHP_EXTRA_VERSION RC4 +#define PHP_VERSION 5.4.0RC4 #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_object_handlers.c trunk/Zend/zend_object_handlers.c
laruence Mon, 19 Dec 2011 09:58:29 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321158
Log:
Fixed bug #60558 (Invalid read and writes)
Bug: https://bugs.php.net/60558 (Open) Invalid read and writes
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c
U php/php-src/trunk/Zend/zend_object_handlers.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-19 09:57:38 UTC (rev 321157)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-19 09:58:29 UTC (rev 321158)
@@ -7,6 +7,7 @@
. Fixed bug #60536 (Traits Segfault). (Laruence)
. Fixed bug #60362 (non-existent sub-sub keys should not have values).
(Laruence, alan_k, Stas)
+ . Fixed bug #60558 (Invalid read and writes). (Laruence)
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
Modified: php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c2011-12-19
09:57:38 UTC (rev 321157)
+++ php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c2011-12-19
09:58:29 UTC (rev 321158)
@@ -85,6 +85,7 @@
prop_info-offset = 0
zobj-properties_table[prop_info-offset]) {
if
(UNEXPECTED(flags[prop_info-offset])) {
+ Z_ADDREF_P(*(zval
**)zobj-properties_table[prop_info-offset]);
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
} else {
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
Modified: php/php-src/trunk/Zend/zend_object_handlers.c
===
--- php/php-src/trunk/Zend/zend_object_handlers.c 2011-12-19 09:57:38 UTC
(rev 321157)
+++ php/php-src/trunk/Zend/zend_object_handlers.c 2011-12-19 09:58:29 UTC
(rev 321158)
@@ -85,6 +85,7 @@
prop_info-offset = 0
zobj-properties_table[prop_info-offset]) {
if
(UNEXPECTED(flags[prop_info-offset])) {
+ Z_ADDREF_P(*(zval
**)zobj-properties_table[prop_info-offset]);
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
} else {
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_object_handlers.c trunk/Zend/zend_object_handlers.c
laruence Mon, 19 Dec 2011 12:00:09 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321161
Log:
Revert previous bad fix, introduce memory leak
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c
U php/php-src/trunk/Zend/zend_object_handlers.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-19 10:50:15 UTC (rev 321160)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-19 12:00:09 UTC (rev 321161)
@@ -7,7 +7,6 @@
. Fixed bug #60536 (Traits Segfault). (Laruence)
. Fixed bug #60362 (non-existent sub-sub keys should not have values).
(Laruence, alan_k, Stas)
- . Fixed bug #60558 (Invalid read and writes). (Laruence)
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
Modified: php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c2011-12-19
10:50:15 UTC (rev 321160)
+++ php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c2011-12-19
12:00:09 UTC (rev 321161)
@@ -85,7 +85,6 @@
prop_info-offset = 0
zobj-properties_table[prop_info-offset]) {
if
(UNEXPECTED(flags[prop_info-offset])) {
- Z_ADDREF_P(*(zval
**)zobj-properties_table[prop_info-offset]);
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
} else {
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
Modified: php/php-src/trunk/Zend/zend_object_handlers.c
===
--- php/php-src/trunk/Zend/zend_object_handlers.c 2011-12-19 10:50:15 UTC
(rev 321160)
+++ php/php-src/trunk/Zend/zend_object_handlers.c 2011-12-19 12:00:09 UTC
(rev 321161)
@@ -85,7 +85,6 @@
prop_info-offset = 0
zobj-properties_table[prop_info-offset]) {
if
(UNEXPECTED(flags[prop_info-offset])) {
- Z_ADDREF_P(*(zval
**)zobj-properties_table[prop_info-offset]);
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
} else {
zend_hash_quick_add(zobj-properties, prop_info-name,
prop_info-name_length+1, prop_info-h,
(void**)zobj-properties_table[prop_info-offset], sizeof(zval*),
(void**)zobj-properties_table[prop_info-offset]);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_compile.c branches/PHP_5_4/Zend/zend_object_handlers.c trunk/Zend/zend_compile.c trunk/Zend/zend_object_handlers.c
laruence Mon, 19 Dec 2011 16:48:18 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321166
Log:
Fixed bug #60558 (Invalid read and writes)
Re-Fixed bug #60536 (Traits Segfault)
#Thanks to tony2001, I found the previous fix -r321089 is actually not a
correct one.
#The key problem there is because the traits didn't correct set the
property_info.offset
#for private properties. so here come the new fix.
Bugs: https://bugs.php.net/60558 (Re-Opened) Invalid read and writes
https://bugs.php.net/60536 (Closed) Traits Segfault
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend_compile.c
U php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c
U php/php-src/trunk/Zend/zend_compile.c
U php/php-src/trunk/Zend/zend_object_handlers.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-19 16:14:50 UTC (rev 321165)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-19 16:48:18 UTC (rev 321166)
@@ -7,6 +7,7 @@
. Fixed bug #60536 (Traits Segfault). (Laruence)
. Fixed bug #60362 (non-existent sub-sub keys should not have values).
(Laruence, alan_k, Stas)
+ . Fixed bug #60558 (Invalid read and writes). (Laruence)
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
Modified: php/php-src/branches/PHP_5_4/Zend/zend_compile.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2011-12-19 16:14:50 UTC (rev 321165)
+++ php/php-src/branches/PHP_5_4/Zend/zend_compile.c 2011-12-19 16:48:18 UTC (rev 321166)
@@ -4208,6 +4208,50 @@
}
/* }}} */
+static void zend_traits_register_private_property(zend_class_entry *ce, const char *name, int name_len, zend_property_info *old_info, zval *property TSRMLS_DC) /* {{{ */
+{
+ char *priv_name;
+ int priv_name_length;
+ const char *interned_name;
+ zend_property_info property_info;
+ ulong h = zend_get_hash_value(name, name_len+1);
+ property_info = *old_info;
+
+ if (old_info-flags ZEND_ACC_STATIC) {
+ property_info.offset = ce-default_static_members_count++;
+ ce-default_static_members_table = perealloc(ce-default_static_members_table, sizeof(zval*) * ce-default_static_members_count, ce-type == ZEND_INTERNAL_CLASS);
+ ce-default_static_members_table[property_info.offset] = property;
+ if (ce-type == ZEND_USER_CLASS) {
+ ce-static_members_table = ce-default_static_members_table;
+ }
+ } else {
+ property_info.offset = ce-default_properties_count++;
+ ce-default_properties_table = perealloc(ce-default_properties_table, sizeof(zval*) * ce-default_properties_count, ce-type == ZEND_INTERNAL_CLASS);
+ ce-default_properties_table[property_info.offset] = property;
+ }
+
+ zend_mangle_property_name(priv_name, priv_name_length, ce-name, ce-name_length, name, name_len, ce-type ZEND_INTERNAL_CLASS);
+ property_info.name = priv_name;
+ property_info.name_length = priv_name_length;
+
+ interned_name = zend_new_interned_string(property_info.name, property_info.name_length+1, 0 TSRMLS_CC);
+ if (interned_name != property_info.name) {
+ if (ce-type == ZEND_USER_CLASS) {
+ efree((char*)property_info.name);
+ } else {
+ free((char*)property_info.name);
+ }
+ property_info.name = interned_name;
+ }
+
+ property_info.h = zend_get_hash_value(property_info.name, property_info.name_length+1);
+
+ property_info.ce = ce;
+
+ zend_hash_quick_update(ce-properties_info, name, name_len+1, h, property_info, sizeof(zend_property_info), NULL);
+}
+/* }}} */
+
static void zend_do_traits_property_binding(zend_class_entry *ce TSRMLS_DC) /* {{{ */
{
size_t i;
@@ -4295,6 +4339,17 @@
prop_name,
ce-name);
}
+} else {
+ /* private property, make the property_info.offset indenpended */
+ if (property_info-flags ZEND_ACC_STATIC) {
+ prop_value = ce-traits[i]-default_static_members_table[property_info-offset];
+ } else {
+ prop_value = ce-traits[i]-default_properties_table[property_info-offset];
+ }
+ Z_ADDREF_P(prop_value);
+
+ zend_traits_register_private_property(ce, prop_name, prop_name_length, property_info, prop_value TSRMLS_CC);
+ return;
}
}
Modified: php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c 2011-12-19 16:14:50 UTC (rev 321165)
+++ php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c 2011-12-19 16:48:18 UTC (rev 321166)
@@ -62,7 +62,6 @@
ALLOC_HASHTABLE(zobj-properties);
zend_hash_init(zobj-properties, 0, NULL, ZVAL_PTR_DTOR, 0);
if (ce-default_properties_count) {
- char *flags = ecalloc(ce-default_properties_count, sizeof(char));
for (zend_hash_internal_pointer_reset_ex(ce-properties_info, pos);
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_compile.c branches/PHP_5_4/Zend/zend_object_handlers.c trunk/Zend/zend_compile.c trunk/Zend/zend_object_handlers.c
Hi: Thanks guys! I have only briefly rechecked the code, and dont remember at the moment how the default property table works, but for me it feels like these offsets are also incorrect for public or protected stuff that gets newly added to the class? Best regards Stefan On 19 Dec 2011, at 17:48, Xinchen Hui wrote: laruence Mon, 19 Dec 2011 16:48:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321166 Log: Fixed bug #60558 (Invalid read and writes) Re-Fixed bug #60536 (Traits Segfault) #Thanks to tony2001, I found the previous fix -r321089 is actually not a correct one. #The key problem there is because the traits didn't correct set the property_info.offset #for private properties. so here come the new fix. Bugs: https://bugs.php.net/60558 (Re-Opened) Invalid read and writes https://bugs.php.net/60536 (Closed) Traits Segfault Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/Zend/zend_compile.c U php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c U php/php-src/trunk/Zend/zend_compile.c U php/php-src/trunk/Zend/zend_object_handlers.c svn-diffs-321166.txt-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Stefan Marr Software Languages Lab Vrije Universiteit Brussel Pleinlaan 2 / B-1050 Brussels / Belgium http://soft.vub.ac.be/~smarr Phone: +32 2 629 2974 Fax: +32 2 629 3525 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_compile.c branches/PHP_5_4/Zend/zend_object_handlers.c trunk/Zend/zend_compile.c trunk/Zend/zend_object_handlers.c
Hi: For public and protected properties, you will have only one copy in the child class, so there is no such conflict. Thanks Sent from my iPhone 在 2011-12-20,1:12,Stefan Marr p...@stefan-marr.de 写道: Hi: Thanks guys! I have only briefly rechecked the code, and dont remember at the moment how the default property table works, but for me it feels like these offsets are also incorrect for public or protected stuff that gets newly added to the class? Best regards Stefan On 19 Dec 2011, at 17:48, Xinchen Hui wrote: laruence Mon, 19 Dec 2011 16:48:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321166 Log: Fixed bug #60558 (Invalid read and writes) Re-Fixed bug #60536 (Traits Segfault) #Thanks to tony2001, I found the previous fix -r321089 is actually not a correct one. #The key problem there is because the traits didn't correct set the property_info.offset #for private properties. so here come the new fix. Bugs: https://bugs.php.net/60558 (Re-Opened) Invalid read and writes https://bugs.php.net/60536 (Closed) Traits Segfault Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/Zend/zend_compile.c U php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c U php/php-src/trunk/Zend/zend_compile.c U php/php-src/trunk/Zend/zend_object_handlers.c svn-diffs-321166.txt-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Stefan Marr Software Languages Lab Vrije Universiteit Brussel Pleinlaan 2 / B-1050 Brussels / Belgium http://soft.vub.ac.be/~smarr Phone: +32 2 629 2974 Fax: +32 2 629 3525 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_compile.c branches/PHP_5_4/Zend/zend_object_handlers.c trunk/Zend/zend_compile.c trunk/Zend/zend_object_handlers.c
s/class/object/ Sent from my iPhone 在 2011-12-20,9:29,Xinchen Hui larue...@gmail.com 写道: Hi: For public and protected properties, you will have only one copy in the child class, so there is no such conflict. Thanks Sent from my iPhone 在 2011-12-20,1:12,Stefan Marr p...@stefan-marr.de 写道: Hi: Thanks guys! I have only briefly rechecked the code, and dont remember at the moment how the default property table works, but for me it feels like these offsets are also incorrect for public or protected stuff that gets newly added to the class? Best regards Stefan On 19 Dec 2011, at 17:48, Xinchen Hui wrote: laruence Mon, 19 Dec 2011 16:48:18 + Revision: http://svn.php.net/viewvc?view=revisionrevision=321166 Log: Fixed bug #60558 (Invalid read and writes) Re-Fixed bug #60536 (Traits Segfault) #Thanks to tony2001, I found the previous fix -r321089 is actually not a correct one. #The key problem there is because the traits didn't correct set the property_info.offset #for private properties. so here come the new fix. Bugs: https://bugs.php.net/60558 (Re-Opened) Invalid read and writes https://bugs.php.net/60536 (Closed) Traits Segfault Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/Zend/zend_compile.c U php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c U php/php-src/trunk/Zend/zend_compile.c U php/php-src/trunk/Zend/zend_object_handlers.c svn-diffs-321166.txt-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Stefan Marr Software Languages Lab Vrije Universiteit Brussel Pleinlaan 2 / B-1050 Brussels / Belgium http://soft.vub.ac.be/~smarr Phone: +32 2 629 2974 Fax: +32 2 629 3525 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/tests/bug60536_001.phpt branches/PHP_5_4/Zend/tests/bug60536_002.phpt branches/PHP_5_4/Zend/tests/bug60536_003.phpt branches/PH
laruence Fri, 16 Dec 2011 19:02:52 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321073
Log:
Fixed bug #60536 (Traits Segfault)
# this is a tough one, I think I should explain
# Zend use zend_object-properties_table both as zval ** and zval ***
# if a zend_object-properties is not initialized, the properties_table is zval
**
# while in rebuild_object_properties, zend will store the zval ** to
zend_object-properties
# then stash the zval ***(ie, zobj-properties_table[0] is zval ** now) to
zobj-properties_table[0]
# so when a zend_object inherit form multi parent and these parent have a same
property_info-offset
# properties, will result in a repeat zval **-zval ** transform, which will
lead to a segmentfault
# *may be* this fix is not the best fix, we should not use this tricky way, and
rewrite this mechanism.
Bug: https://bugs.php.net/60536 (Analyzed) Traits Segfault
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
A php/php-src/branches/PHP_5_4/Zend/tests/bug60536_001.phpt
A php/php-src/branches/PHP_5_4/Zend/tests/bug60536_002.phpt
A php/php-src/branches/PHP_5_4/Zend/tests/bug60536_003.phpt
A php/php-src/branches/PHP_5_4/Zend/tests/bug60536_004.phpt
A php/php-src/branches/PHP_5_4/Zend/tests/bug60536_005.phpt
U php/php-src/branches/PHP_5_4/Zend/zend_object_handlers.c
A php/php-src/trunk/Zend/tests/bug60536_001.phpt
A php/php-src/trunk/Zend/tests/bug60536_002.phpt
A php/php-src/trunk/Zend/tests/bug60536_003.phpt
A php/php-src/trunk/Zend/tests/bug60536_004.phpt
A php/php-src/trunk/Zend/tests/bug60536_005.phpt
U php/php-src/trunk/Zend/zend_object_handlers.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-16 18:48:28 UTC (rev 321072)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-16 19:02:52 UTC (rev 321073)
@@ -4,6 +4,7 @@
- Core:
. Added max_input_vars directive to prevent attacks based on hash collisions
(Dmitry).
+ . Fixed bug #60536 (Traits Segfault). (Laruence)
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
one 200 RQ and one 404). (Laruence)
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60536_001.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60536_001.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60536_001.phpt 2011-12-16 19:02:52 UTC (rev 321073)
@@ -0,0 +1,26 @@
+--TEST--
+Bug #60536 (Traits Segfault)
+--FILE--
+?php
+trait T { private $x = 0; }
+class X {
+ use T;
+}
+class Y extends X {
+ use T;
+ function x() {
+ return ++$this-x;
+ }
+}
+class Z extends Y {
+ function z() {
+ return ++$this-x;
+ }
+}
+$a = new Z();
+$a-x();
+echo DONE;
+?
+--EXPECTF--
+Strict Standards: X and T define the same property ($x) in the composition of Y. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %sbug60536_001.php on line %d
+DONE
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60536_002.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60536_002.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60536_002.phpt 2011-12-16 19:02:52 UTC (rev 321073)
@@ -0,0 +1,40 @@
+--TEST--
+The same rules are applied for properties that are defined in the class hierarchy. Thus, if the properties are compatible, a notice is issued, if not a fatal error occures. (relevant with #60536)
+--FILE--
+?php
+error_reporting(E_ALL | E_STRICT);
+
+class Base {
+ private $hello;
+}
+
+trait THello1 {
+ private $hello;
+}
+
+echo PRE-CLASS-GUARD\n;
+class Notice extends Base {
+use THello1;
+private $hello;
+}
+echo POST-CLASS-GUARD\n;
+
+// now we do the test for a fatal error
+
+class TraitsTest {
+ use THello1;
+public $hello;
+}
+
+echo POST-CLASS-GUARD2\n;
+
+$t = new TraitsTest;
+$t-hello = foo;
+?
+--EXPECTF--
+PRE-CLASS-GUARD
+
+Strict Standards: Notice and THello1 define the same property ($hello) in the composition of Notice. This might be incompatible, to improve maintainability consider using accessor methods in traits instead. Class was composed in %s on line %d
+POST-CLASS-GUARD
+
+Fatal error: TraitsTest and THello1 define the same property ($hello) in the composition of TraitsTest. However, the definition differs and is considered incompatible. Class was composed in %s on line %d
Added: php/php-src/branches/PHP_5_4/Zend/tests/bug60536_003.phpt
===
--- php/php-src/branches/PHP_5_4/Zend/tests/bug60536_003.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/Zend/tests/bug60536_003.phpt 2011-12-16
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/main.c branches/PHP_5_4/main/php_globals.h branches/PHP_5_4/main/php_variables.c trunk/main/main.c trunk/main/php_globals.h tru
dmitry Wed, 14 Dec 2011 08:56:35 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321003
Log:
Added max_input_vars directive to prevent attacks based on hash collisions
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/main.c
U php/php-src/branches/PHP_5_4/main/php_globals.h
U php/php-src/branches/PHP_5_4/main/php_variables.c
U php/php-src/trunk/main/main.c
U php/php-src/trunk/main/php_globals.h
U php/php-src/trunk/main/php_variables.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-14 04:02:56 UTC (rev 321002)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-14 08:56:35 UTC (rev 321003)
@@ -1,6 +1,9 @@
PHPNEWS
|||
?? Dec 2011, PHP 5.4.0 RC4
+- Core:
+ . Added max_input_vars directive to prevent attacks based on hash collisions
+(Dmitry).
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
one 200 RQ and one 404). (Laruence)
@@ -9,6 +12,8 @@
08 Dec 2011, PHP 5.4.0 RC3
- Core:
+ . Fixed bug #60444 (Segmentation fault with include class extending).
+(Laruence, Dmitry).
. Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
(php at mickweiss dot com)
. Fixed bug #60240 (invalid read/writes when unserializing specially crafted
Modified: php/php-src/branches/PHP_5_4/main/main.c
===
--- php/php-src/branches/PHP_5_4/main/main.c2011-12-14 04:02:56 UTC (rev
321002)
+++ php/php-src/branches/PHP_5_4/main/main.c2011-12-14 08:56:35 UTC (rev
321003)
@@ -531,6 +531,7 @@
STD_PHP_INI_ENTRY(post_max_size, 8M,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong,
post_max_size, sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY(upload_tmp_dir, NULL,
PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(max_input_nesting_level, 64,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero,
max_input_nesting_level,php_core_globals,
core_globals)
+ STD_PHP_INI_ENTRY(max_input_vars, 1000,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(user_dir, NULL,
PHP_INI_SYSTEM, OnUpdateString, user_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(variables_order,EGPCS,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty,
variables_order,php_core_globals, core_globals)
Modified: php/php-src/branches/PHP_5_4/main/php_globals.h
===
--- php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-14 04:02:56 UTC
(rev 321002)
+++ php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-14 08:56:35 UTC
(rev 321003)
@@ -146,6 +146,7 @@
zend_bool com_initialized;
#endif
long max_input_nesting_level;
+ long max_input_vars;
zend_bool in_user_include;
char *user_ini_filename;
Modified: php/php-src/branches/PHP_5_4/main/php_variables.c
===
--- php/php-src/branches/PHP_5_4/main/php_variables.c 2011-12-14 04:02:56 UTC
(rev 321002)
+++ php/php-src/branches/PHP_5_4/main/php_variables.c 2011-12-14 08:56:35 UTC
(rev 321003)
@@ -179,6 +179,9 @@
escaped_index = index;
if (zend_symtable_find(symtable1,
escaped_index, index_len + 1, (void **) gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) !=
IS_ARRAY) {
+ if (zend_hash_num_elements(symtable1)
= PG(max_input_vars)) {
+ php_error_docref(NULL
TSRMLS_CC, E_ERROR, Input variables exceeded %ld. To increase the limit change
max_input_vars in php.ini., PG(max_input_vars));
+ }
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
zend_symtable_update(symtable1,
escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **)
gpc_element_p);
@@ -220,6
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/main.c branches/PHP_5_4/main/php_globals.h branches/PHP_5_4/main/php_variables.c trunk/main/main.c trunk/main/php_globals.h
hi Dmitry,
Please add a note to the UPGRADING guide as well.
Thanks,
On Wed, Dec 14, 2011 at 9:56 AM, Dmitry Stogov dmi...@php.net wrote:
dmitry Wed, 14 Dec 2011 08:56:35 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321003
Log:
Added max_input_vars directive to prevent attacks based on hash collisions
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/main.c
U php/php-src/branches/PHP_5_4/main/php_globals.h
U php/php-src/branches/PHP_5_4/main/php_variables.c
U php/php-src/trunk/main/main.c
U php/php-src/trunk/main/php_globals.h
U php/php-src/trunk/main/php_variables.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-14 04:02:56 UTC (rev 321002)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-14 08:56:35 UTC (rev 321003)
@@ -1,6 +1,9 @@
PHP
NEWS
|||
?? Dec 2011, PHP 5.4.0 RC4
+- Core:
+ . Added max_input_vars directive to prevent attacks based on hash
collisions
+ (Dmitry).
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
one 200 RQ and one 404). (Laruence)
@@ -9,6 +12,8 @@
08 Dec 2011, PHP 5.4.0 RC3
- Core:
+ . Fixed bug #60444 (Segmentation fault with include class extending).
+ (Laruence, Dmitry).
. Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
(php at mickweiss dot com)
. Fixed bug #60240 (invalid read/writes when unserializing specially crafted
Modified: php/php-src/branches/PHP_5_4/main/main.c
===
--- php/php-src/branches/PHP_5_4/main/main.c 2011-12-14 04:02:56 UTC (rev
321002)
+++ php/php-src/branches/PHP_5_4/main/main.c 2011-12-14 08:56:35 UTC (rev
321003)
@@ -531,6 +531,7 @@
STD_PHP_INI_ENTRY(post_max_size, 8M,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong,
post_max_size, sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY(upload_tmp_dir, NULL,
PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(max_input_nesting_level, 64,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero,
max_input_nesting_level, php_core_globals,
core_globals)
+ STD_PHP_INI_ENTRY(max_input_vars, 1000,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero,
max_input_vars, php_core_globals,
core_globals)
STD_PHP_INI_ENTRY(user_dir, NULL,
PHP_INI_SYSTEM, OnUpdateString, user_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(variables_order, EGPCS,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty,
variables_order, php_core_globals, core_globals)
Modified: php/php-src/branches/PHP_5_4/main/php_globals.h
===
--- php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-14 04:02:56
UTC (rev 321002)
+++ php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-14 08:56:35
UTC (rev 321003)
@@ -146,6 +146,7 @@
zend_bool com_initialized;
#endif
long max_input_nesting_level;
+ long max_input_vars;
zend_bool in_user_include;
char *user_ini_filename;
Modified: php/php-src/branches/PHP_5_4/main/php_variables.c
===
--- php/php-src/branches/PHP_5_4/main/php_variables.c 2011-12-14 04:02:56
UTC (rev 321002)
+++ php/php-src/branches/PHP_5_4/main/php_variables.c 2011-12-14 08:56:35
UTC (rev 321003)
@@ -179,6 +179,9 @@
escaped_index = index;
if (zend_symtable_find(symtable1,
escaped_index, index_len + 1, (void **) gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) !=
IS_ARRAY) {
+ if (zend_hash_num_elements(symtable1)
= PG(max_input_vars)) {
+ php_error_docref(NULL
TSRMLS_CC, E_ERROR, Input variables exceeded %ld. To increase the limit
change max_input_vars in php.ini., PG(max_input_vars));
+ }
MAKE_STD_ZVAL(gpc_element);
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/main.c branches/PHP_5_4/main/php_globals.h branches/PHP_5_4/main/php_variables.c trunk/main/main.c trunk/main/php_globals.h
Dmitry,
Please update php.ini-*.
Thanks,
Chris
On 12/14/2011 12:56 AM, Dmitry Stogov wrote:
dmitry Wed, 14 Dec 2011 08:56:35 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=321003
Log:
Added max_input_vars directive to prevent attacks based on hash collisions
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/main.c
U php/php-src/branches/PHP_5_4/main/php_globals.h
U php/php-src/branches/PHP_5_4/main/php_variables.c
U php/php-src/trunk/main/main.c
U php/php-src/trunk/main/php_globals.h
U php/php-src/trunk/main/php_variables.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-14 04:02:56 UTC (rev 321002)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-14 08:56:35 UTC (rev 321003)
@@ -1,6 +1,9 @@
PHP
NEWS
|||
?? Dec 2011, PHP 5.4.0 RC4
+- Core:
+ . Added max_input_vars directive to prevent attacks based on hash collisions
+(Dmitry).
- CLI SAPI:
. Fixed bug #60477 (Segfault after two multipart/form-data POST requests,
one 200 RQ and one 404). (Laruence)
@@ -9,6 +12,8 @@
08 Dec 2011, PHP 5.4.0 RC3
- Core:
+ . Fixed bug #60444 (Segmentation fault with include class extending).
+(Laruence, Dmitry).
. Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
(php at mickweiss dot com)
. Fixed bug #60240 (invalid read/writes when unserializing specially crafted
Modified: php/php-src/branches/PHP_5_4/main/main.c
===
--- php/php-src/branches/PHP_5_4/main/main.c2011-12-14 04:02:56 UTC (rev
321002)
+++ php/php-src/branches/PHP_5_4/main/main.c2011-12-14 08:56:35 UTC (rev
321003)
@@ -531,6 +531,7 @@
STD_PHP_INI_ENTRY(post_max_size,8M,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size,
sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY(upload_tmp_dir, NULL,
PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(max_input_nesting_level, 64,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY(max_input_vars, 1000,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(user_dir, NULL,
PHP_INI_SYSTEM, OnUpdateString, user_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY(variables_order, EGPCS,
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order,
php_core_globals, core_globals)
Modified: php/php-src/branches/PHP_5_4/main/php_globals.h
===
--- php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-14 04:02:56 UTC
(rev 321002)
+++ php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-14 08:56:35 UTC
(rev 321003)
@@ -146,6 +146,7 @@
zend_bool com_initialized;
#endif
long max_input_nesting_level;
+ long max_input_vars;
zend_bool in_user_include;
char *user_ini_filename;
Modified: php/php-src/branches/PHP_5_4/main/php_variables.c
===
--- php/php-src/branches/PHP_5_4/main/php_variables.c 2011-12-14 04:02:56 UTC
(rev 321002)
+++ php/php-src/branches/PHP_5_4/main/php_variables.c 2011-12-14 08:56:35 UTC
(rev 321003)
@@ -179,6 +179,9 @@
escaped_index = index;
if (zend_symtable_find(symtable1, escaped_index,
index_len + 1, (void **)gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) !=
IS_ARRAY) {
+ if (zend_hash_num_elements(symtable1)=
PG(max_input_vars)) {
+ php_error_docref(NULL TSRMLS_CC, E_ERROR,
Input variables exceeded %ld. To increase the limit change max_input_vars in
php.ini., PG(max_input_vars));
+ }
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
mariuz Mon, 12 Dec 2011 06:33:43 + Revision: http://svn.php.net/viewvc?view=revisionrevision=320877 Log: bug fixed #48877 - bindValue and bindParam do not work for PDO Firebird Bug: https://bugs.php.net/48877 (Closed) bindValue and bindParam do not work for PDO Firebird Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-11 21:08:15 UTC (rev 320876) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-12 06:33:43 UTC (rev 320877) @@ -4,6 +4,8 @@ - CLI SAPI: . Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404). (Laruence) +- Pdo Firebird: + . Fixed bug #48877 (bindValue and bindParam do not work for PDO Firebird).(Mariuz) 08 Dec 2011, PHP 5.4.0 RC3 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/sapi/cli/php_cli_server.c branches/PHP_5_4/sapi/cli/tests/php_cli_server_014.phpt trunk/sapi/cli/php_cli_server.c trunk/sapi/cli/tes
laruence Fri, 09 Dec 2011 05:37:41 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=320716
Log:
Fixed bug #60477 (Segfault after two multipart/form-data POST requests)
Bug: https://bugs.php.net/60477 (Assigned) Segfault after two
multipart/form-data POST requestes, one 200 RQ and one 404
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c
A php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_014.phpt
U php/php-src/trunk/sapi/cli/php_cli_server.c
A php/php-src/trunk/sapi/cli/tests/php_cli_server_014.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-09 05:25:05 UTC (rev 320715)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-09 05:37:41 UTC (rev 320716)
@@ -1,6 +1,9 @@
PHPNEWS
|||
?? Dec 2011, PHP 5.4.0 RC4
+- CLI SAPI:
+ . Fixed bug #60477 (Segfault after two multipart/form-data POST requests).
+(Laruence)
08 Dec 2011, PHP 5.4.0 RC3
- Core:
Modified: php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c
===
--- php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c 2011-12-09
05:25:05 UTC (rev 320715)
+++ php/php-src/branches/PHP_5_4/sapi/cli/php_cli_server.c 2011-12-09
05:37:41 UTC (rev 320716)
@@ -1921,6 +1921,7 @@
php_cli_server_close_connection(server, client TSRMLS_CC);
destroy_request_info(SG(request_info));
SG(server_context) = NULL;
+ SG(rfc1867_uploaded_files) = NULL;
return SUCCESS;
}
/* }}} */
Added: php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_014.phpt
===
--- php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_014.phpt
(rev 0)
+++ php/php-src/branches/PHP_5_4/sapi/cli/tests/php_cli_server_014.phpt
2011-12-09 05:37:41 UTC (rev 320716)
@@ -0,0 +1,76 @@
+--TEST--
+Bug #60477: Segfault after two multipart/form-data POST requestes
+--SKIPIF--
+?php
+include skipif.inc;
+?
+--FILE--
+?php
+include php_cli_server.inc;
+php_cli_server_start('echo done, \n;', TRUE);
+
+list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS);
+$port = intval($port)?:80;
+$output = '';
+
+$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
+if (!$fp) {
+ die(connect failed);
+}
+
+if(fwrite($fp, HEADER
+POST /index.php HTTP/1.1
+Host: {$host}
+Content-Type: multipart/form-data; boundary=-123456789
+Content-Length: 70
+
+-123456789
+Content-Type: application/x-www-form-urlencoded
+a=b
+HEADER
+)) {
+ while (!feof($fp)) {
+ $output .= fgets($fp);
+ }
+}
+
+fclose($fp);
+
+$fp = fsockopen($host, $port, $errno, $errstr, 0.5);
+if(fwrite($fp, HEADER
+POST /main/no-exists.php HTTP/1.1
+Host: {$host}
+Content-Type: multipart/form-data; boundary=-123456789
+Content-Length: 70
+
+-123456789
+Content-Type: application/x-www-form-urlencoded
+a=b
+HEADER
+)) {
+ while (!feof($fp)) {
+ $output .= fgets($fp);
+ }
+}
+
+echo preg_replace(/style type=\text\/css\(.*?)\/style/s, style
type=\text/css\AAA/style, $output), \n;
+fclose($fp);
+
+?
+--EXPECTF--
+
+HTTP/1.1 200 OK
+Host: %s
+Connection: closed
+X-Powered-By: %s
+Content-type: %s
+
+done
+HTTP/1.1 404 Not Found
+Host: %s
+Connection: closed
+Content-Type: %s
+Content-Length: %d
+
+htmlheadtitle404 Not Found/titlestyle type=text/cssAAA/style
+/headbodyh1 class=hNot Found/h1pThe requested resource
/main/no-exists.php was not found on this server./p/body/html
Modified: php/php-src/trunk/sapi/cli/php_cli_server.c
===
--- php/php-src/trunk/sapi/cli/php_cli_server.c 2011-12-09 05:25:05 UTC (rev
320715)
+++ php/php-src/trunk/sapi/cli/php_cli_server.c 2011-12-09 05:37:41 UTC (rev
320716)
@@ -1921,6 +1921,7 @@
php_cli_server_close_connection(server, client TSRMLS_CC);
destroy_request_info(SG(request_info));
SG(server_context) = NULL;
+ SG(rfc1867_uploaded_files) = NULL;
return SUCCESS;
}
/* }}} */
Added: php/php-src/trunk/sapi/cli/tests/php_cli_server_014.phpt
===
--- php/php-src/trunk/sapi/cli/tests/php_cli_server_014.phpt
(rev 0)
+++ php/php-src/trunk/sapi/cli/tests/php_cli_server_014.phpt2011-12-09
05:37:41 UTC (rev 320716)
@@ -0,0 +1,76 @@
+--TEST--
+Bug #60477: Segfault after two multipart/form-data POST requestes
+--SKIPIF--
+?php
+include skipif.inc;
+?
+--FILE--
+?php
+include php_cli_server.inc;
+php_cli_server_start('echo done, \n;', TRUE);
+
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS
laruence Fri, 09 Dec 2011 05:55:31 + Revision: http://svn.php.net/viewvc?view=revisionrevision=320718 Log: typo, sorry Changed paths: U php/php-src/branches/PHP_5_4/NEWS Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-09 05:46:40 UTC (rev 320717) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-09 05:55:31 UTC (rev 320718) @@ -2,8 +2,8 @@ ||| ?? Dec 2011, PHP 5.4.0 RC4 - CLI SAPI: - . Fixed bug #60477 (Segfault after two multipart/form-data POST requests). -(Laruence) + . Fixed bug #60477 (Segfault after two multipart/form-data POST requests, +one 200 RQ and one 404). (Laruence) 08 Dec 2011, PHP 5.4.0 RC3 - Core: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/main.c branches/PHP_5_4/main/php_globals.h branches/PHP_5_4/main/php_ini.c branches/PHP_5_4/tests/basic/bug54514.phpt trunk/mai
laruence Wed, 07 Dec 2011 10:33:13 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=320567
Log:
Implemented FR #54514 (Get php binary path during script execution).
Bug: https://bugs.php.net/54514 (Open) Get php binary path during script
execution
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/main.c
U php/php-src/branches/PHP_5_4/main/php_globals.h
U php/php-src/branches/PHP_5_4/main/php_ini.c
A php/php-src/branches/PHP_5_4/tests/basic/bug54514.phpt
U php/php-src/trunk/main/main.c
U php/php-src/trunk/main/php_globals.h
U php/php-src/trunk/main/php_ini.c
A php/php-src/trunk/tests/basic/bug54514.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-07 10:28:56 UTC (rev 320566)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-07 10:33:13 UTC (rev 320567)
@@ -6,6 +6,8 @@
(php at mickweiss dot com)
. Fixed bug #60240 (invalid read/writes when unserializing specially crafted
strings). (Mike)
+ . Implement FR #54514 (Get php binary path during script execution).
+(Laruence)
- CLI SAPI:
. Implement FR #60390 (Missing $_SERVER['SERVER_PORT']). (Pierre)
Modified: php/php-src/branches/PHP_5_4/main/main.c
===
--- php/php-src/branches/PHP_5_4/main/main.c 2011-12-07 10:28:56 UTC (rev 320566)
+++ php/php-src/branches/PHP_5_4/main/main.c 2011-12-07 10:33:13 UTC (rev 320567)
@@ -255,6 +255,57 @@
}
/* }}} */
+/* {{{ php_binary_init
+ */
+static void php_binary_init(TSRMLS_D)
+{
+ char *binary_location;
+#ifdef PHP_WIN32
+ binary_location = (char *)malloc(MAXPATHLEN);
+ if (GetModuleFileName(0, binary_location, MAXPATHLEN) == 0) {
+ free(binary_location);
+ PG(php_binary) = NULL;
+ }
+#else
+ if (sapi_module.executable_location) {
+ binary_location = (char *)malloc(MAXPATHLEN);
+ if (!strchr(sapi_module.executable_location, '/')) {
+ char *envpath, *path;
+ int found = 0;
+
+ if ((envpath = getenv(PATH)) != NULL) {
+char *search_dir, search_path[MAXPATHLEN];
+char *last = NULL;
+
+path = estrdup(envpath);
+search_dir = php_strtok_r(path, :, last);
+
+while (search_dir) {
+ snprintf(search_path, MAXPATHLEN, %s/%s, search_dir, sapi_module.executable_location);
+ if (VCWD_REALPATH(search_path, binary_location) !VCWD_ACCESS(binary_location, X_OK)) {
+ found = 1;
+ break;
+ }
+ search_dir = php_strtok_r(NULL, :, last);
+}
+efree(path);
+ }
+ if (!found) {
+free(binary_location);
+binary_location = NULL;
+ }
+ } else if (!VCWD_REALPATH(sapi_module.executable_location, binary_location) || VCWD_ACCESS(binary_location, X_OK)) {
+ free(binary_location);
+ binary_location = NULL;
+ }
+ } else {
+ binary_location = NULL;
+ }
+#endif
+ PG(php_binary) = binary_location;
+}
+/* }}} */
+
/* {{{ PHP_INI_MH
*/
static PHP_INI_MH(OnUpdateTimeout)
@@ -1819,6 +1870,9 @@
if (core_globals-disable_classes) {
free(core_globals-disable_classes);
}
+ if (core_globals-php_binary) {
+ free(core_globals-php_binary);
+ }
php_shutdown_ticks(TSRMLS_C);
}
@@ -2069,6 +2123,13 @@
REGISTER_MAIN_LONG_CONSTANT(PHP_WINDOWS_NT_WORKSTATION, VER_NT_WORKSTATION, CONST_PERSISTENT | CONST_CS);
#endif
+ php_binary_init(TSRMLS_C);
+ if (PG(php_binary)) {
+ REGISTER_MAIN_STRINGL_CONSTANT(PHP_BINARY, PG(php_binary), strlen(PG(php_binary)), CONST_PERSISTENT | CONST_CS);
+ } else {
+ REGISTER_MAIN_STRINGL_CONSTANT(PHP_BINARY, , 0, CONST_PERSISTENT | CONST_CS);
+ }
+
php_output_register_constants(TSRMLS_C);
php_rfc1867_register_constants(TSRMLS_C);
Modified: php/php-src/branches/PHP_5_4/main/php_globals.h
===
--- php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-07 10:28:56 UTC (rev 320566)
+++ php/php-src/branches/PHP_5_4/main/php_globals.h 2011-12-07 10:33:13 UTC (rev 320567)
@@ -84,6 +84,7 @@
char *include_path;
char *open_basedir;
char *extension_dir;
+ char *php_binary;
char *upload_tmp_dir;
long upload_max_filesize;
Modified: php/php-src/branches/PHP_5_4/main/php_ini.c
===
--- php/php-src/branches/PHP_5_4/main/php_ini.c 2011-12-07 10:28:56 UTC (rev 320566)
+++ php/php-src/branches/PHP_5_4/main/php_ini.c 2011-12-07 10:33:13 UTC (rev 320567)
@@ -393,7 +393,6 @@
int search_path_size;
char *default_location;
char *env_location;
- char *binary_location;
static const char paths_separator[] = { ZEND_PATHS_SEPARATOR, 0 };
#ifdef PHP_WIN32
char *reg_location;
@@ -472,52 +471,12 @@
strlcat(php_ini_search_path, ., search_path_size);
}
- /* Add binary directory */
-#ifdef PHP_WIN32
- binary_location = (char *) emalloc(MAXPATHLEN);
- if
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/main.c branches/PHP_5_4/main/php_globals.h branches/PHP_5_4/main/php_ini.c branches/PHP_5_4/tests/basic/bug54514.phpt trunk
this patch is not correct, php crashes on startup when a request is initialized. ==7872==at 0x816204B: php_auto_globals_create_request (php_variables.c:804) ==7872==by 0x818E564: zend_auto_global_init (zend_compile.c:6694) ==7872==by 0x81BB0CE: zend_hash_apply (zend_hash.c:716) ==7872==by 0x818FFEA: zend_activate_auto_globals (zend_compile.c:6704) ==7872==by 0x81629BE: php_hash_environment (php_variables.c:629) ==7872==by 0x8154D1C: php_request_startup (main.c:1567) ==7872==by 0x82507CD: do_cli (php_cli.c:954) ==7872==by 0x8251403: main (php_cli.c:1356) or on windows: php_auto_globals_create_request(const char * name=0x10663298, unsigned int name_len=8, void * * * tsrm_ls=0x026a4f60) Line 804 + 0x16 bytes C zend_auto_global_init(_zend_auto_global * auto_global=0x029a3620, void * * * tsrm_ls=0x026a4f60) Line 6694 + 0x1b bytes C zend_hash_apply(_hashtable * ht=0x029ebd40, int (void *, void * * *)* apply_func=0x1026b880, void * * * tsrm_ls=0x026a4f60) Line 716 + 0x10 bytes C zend_activate_auto_globals(void * * * tsrm_ls=0x026a4f60) Line 6704 + 0x23 bytes C php_hash_environment(void * * * tsrm_ls=0x026a4f60) Line 629 + 0x9 bytes C php_request_startup(void * * * tsrm_ls=0x026a4f60) Line 1567 + 0x9 bytes C do_cli(int argc=6, char * * argv=0x026a4e28, void * * * tsrm_ls=0x026a4f60) Line 954 + 0xc bytes C main(int argc=6, char * * argv=0x026a4e28) Line 1356 + 0x11 bytes C __tmainCRTStartup() Line 586 + 0x19 bytes C mainCRTStartup() Line 403 C On Wed, Dec 7, 2011 at 11:33 AM, Xinchen Hui larue...@php.net wrote: laruence Wed, 07 Dec 2011 10:33:13 + Revision: http://svn.php.net/viewvc?view=revisionrevision=320567 Log: Implemented FR #54514 (Get php binary path during script execution). Bug: https://bugs.php.net/54514 (Open) Get php binary path during script execution Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/main/main.c U php/php-src/branches/PHP_5_4/main/php_globals.h U php/php-src/branches/PHP_5_4/main/php_ini.c A php/php-src/branches/PHP_5_4/tests/basic/bug54514.phpt U php/php-src/trunk/main/main.c U php/php-src/trunk/main/php_globals.h U php/php-src/trunk/main/php_ini.c A php/php-src/trunk/tests/basic/bug54514.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/main/main.c branches/PHP_5_4/main/php_globals.h branches/PHP_5_4/main/php_ini.c branches/PHP_5_4/tests/basic/bug54514.phpt trunk
seems to be due to partially generated global table, clean build and I cannot reproduce the crash anymore. Sorry for the noise :) On Wed, Dec 7, 2011 at 12:20 PM, Pierre Joye pierre@gmail.com wrote: this patch is not correct, php crashes on startup when a request is initialized. -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/openssl/openssl.c trunk/ext/openssl/openssl.c
scottmac Wed, 07 Dec 2011 20:50:33 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=320612
Log:
Make sure that we set the strong crypto result to false as well as returning
false.
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
U php/php-src/trunk/ext/openssl/openssl.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-07 20:36:39 UTC (rev 320611)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-07 20:50:33 UTC (rev 320612)
@@ -18,6 +18,10 @@
- Intl:
. Added support for UTS #46. (Gustavo)
+
+- OpenSSL:
+ . On error in openssl_random_pseudo_bytes() make sure we set strong result
+to false. (Scott)
- Reflection:
. Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)
Modified: php/php-src/branches/PHP_5_4/ext/openssl/openssl.c
===
--- php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-07 20:36:39 UTC
(rev 320611)
+++ php/php-src/branches/PHP_5_4/ext/openssl/openssl.c 2011-12-07 20:50:33 UTC
(rev 320612)
@@ -4941,13 +4941,19 @@
#ifdef PHP_WIN32
strong_result = 1;
/* random/urandom equivalent on Windows */
- if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) ==
FAILURE){
+ if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) ==
FAILURE) {
efree(buffer);
+ if (zstrong_result_returned) {
+ ZVAL_BOOL(zstrong_result_returned, 0);
+ }
RETURN_FALSE;
}
#else
if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) 0) {
efree(buffer);
+ if (zstrong_result_returned) {
+ ZVAL_BOOL(zstrong_result_returned, 0);
+ }
RETURN_FALSE;
}
#endif
Modified: php/php-src/trunk/ext/openssl/openssl.c
===
--- php/php-src/trunk/ext/openssl/openssl.c 2011-12-07 20:36:39 UTC (rev
320611)
+++ php/php-src/trunk/ext/openssl/openssl.c 2011-12-07 20:50:33 UTC (rev
320612)
@@ -4939,11 +4939,17 @@
/* random/urandom equivalent on Windows */
if (php_win32_get_random_bytes(buffer, (size_t) buffer_length) ==
FAILURE){
efree(buffer);
+ if (zstrong_result_returned) {
+ ZVAL_BOOL(zstrong_result_returned, 0);
+ }
RETURN_FALSE;
}
#else
if ((strong_result = RAND_pseudo_bytes(buffer, buffer_length)) 0) {
efree(buffer);
+ if (zstrong_result_returned) {
+ ZVAL_BOOL(zstrong_result_returned, 0);
+ }
RETURN_FALSE;
}
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 08 Dec 2011 07:15:44 + Revision: http://svn.php.net/viewvc?view=revisionrevision=320631 Log: 5.4.0rc3 Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-08 06:57:34 UTC (rev 320630) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-08 07:15:44 UTC (rev 320631) @@ -1,6 +1,6 @@ PHPNEWS ||| -?? ??? 2011, PHP 5.4.0 RC3 +08 Dec 2011, PHP 5.4.0 RC3 - Core: . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e). (php at mickweiss dot com) Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2011-12-08 06:57:34 UTC (rev 320630) +++ php/php-src/branches/PHP_5_4/configure.in 2011-12-08 07:15:44 UTC (rev 320631) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC3-dev +PHP_EXTRA_VERSION=RC3 PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2011-12-08 06:57:34 UTC (rev 320630) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2011-12-08 07:15:44 UTC (rev 320631) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC3-dev -#define PHP_VERSION 5.4.0RC3-dev +#define PHP_EXTRA_VERSION RC3 +#define PHP_VERSION 5.4.0RC3 #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_4/ NEWS configure.in main/php_version.h
stas Thu, 08 Dec 2011 07:17:27 + Revision: http://svn.php.net/viewvc?view=revisionrevision=320632 Log: back to dev Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/configure.in U php/php-src/branches/PHP_5_4/main/php_version.h Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2011-12-08 07:15:44 UTC (rev 320631) +++ php/php-src/branches/PHP_5_4/NEWS 2011-12-08 07:17:27 UTC (rev 320632) @@ -1,5 +1,7 @@ PHPNEWS ||| +?? Dec 2011, PHP 5.4.0 RC4 + 08 Dec 2011, PHP 5.4.0 RC3 - Core: . Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e). Modified: php/php-src/branches/PHP_5_4/configure.in === --- php/php-src/branches/PHP_5_4/configure.in 2011-12-08 07:15:44 UTC (rev 320631) +++ php/php-src/branches/PHP_5_4/configure.in 2011-12-08 07:17:27 UTC (rev 320632) @@ -120,7 +120,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=0 -PHP_EXTRA_VERSION=RC3 +PHP_EXTRA_VERSION=RC4-dev PHP_VERSION=$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` Modified: php/php-src/branches/PHP_5_4/main/php_version.h === --- php/php-src/branches/PHP_5_4/main/php_version.h 2011-12-08 07:15:44 UTC (rev 320631) +++ php/php-src/branches/PHP_5_4/main/php_version.h 2011-12-08 07:17:27 UTC (rev 320632) @@ -3,6 +3,6 @@ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 0 -#define PHP_EXTRA_VERSION RC3 -#define PHP_VERSION 5.4.0RC3 +#define PHP_EXTRA_VERSION RC4-dev +#define PHP_VERSION 5.4.0RC4-dev #define PHP_VERSION_ID 50400 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/ext/spl/spl_observer.c branches/PHP_5_4/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt trunk/ext/spl/spl_observer.c trunk/ext/s
mike Fri, 02 Dec 2011 11:50:22 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=320279
Log:
Fixed bug #60240 (invalid read/writes when unserializing specially crafted
strings)
Bug: https://bugs.php.net/60240 (Assigned) invalid read/writes when
unserializing specially crafted strings
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/ext/spl/spl_observer.c
U
php/php-src/branches/PHP_5_4/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
U php/php-src/trunk/ext/spl/spl_observer.c
U php/php-src/trunk/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2011-12-02 10:46:53 UTC (rev 320278)
+++ php/php-src/branches/PHP_5_4/NEWS 2011-12-02 11:50:22 UTC (rev 320279)
@@ -4,6 +4,8 @@
- Core:
. Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e).
(php at mickweiss dot com)
+ . Fixed bug #60240 (invalid read/writes when unserializing specially crafted
+strings). (Mike)
- CLI SAPI:
. Implement FR #60390 (Missing $_SERVER['SERVER_PORT']). (Pierre)
Modified: php/php-src/branches/PHP_5_4/ext/spl/spl_observer.c
===
--- php/php-src/branches/PHP_5_4/ext/spl/spl_observer.c 2011-12-02 10:46:53 UTC
(rev 320278)
+++ php/php-src/branches/PHP_5_4/ext/spl/spl_observer.c 2011-12-02 11:50:22 UTC
(rev 320279)
@@ -836,13 +836,11 @@
ALLOC_INIT_ZVAL(pcount);
if (!php_var_unserialize(pcount, p, s + buf_len, var_hash TSRMLS_CC)
|| Z_TYPE_P(pcount) != IS_LONG) {
- zval_ptr_dtor(pcount);
goto outexcept;
}
--p; /* for ';' */
count = Z_LVAL_P(pcount);
- zval_ptr_dtor(pcount);
while(count-- 0) {
spl_SplObjectStorageElement *pelement;
@@ -920,11 +918,16 @@
zval_ptr_dtor(pmembers);
/* done reading $serialized */
-
+ if (pcount) {
+ zval_ptr_dtor(pcount);
+ }
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
return;
outexcept:
+ if (pcount) {
+ zval_ptr_dtor(pcount);
+ }
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC,
Error at offset %ld of %d bytes, (long)((char*)p - buf), buf_len);
return;
Modified:
php/php-src/branches/PHP_5_4/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
===
---
php/php-src/branches/PHP_5_4/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
2011-12-02 10:46:53 UTC (rev 320278)
+++
php/php-src/branches/PHP_5_4/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
2011-12-02 11:50:22 UTC (rev 320279)
@@ -5,8 +5,8 @@
$badblobs = array(
'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}',
-'x:i:3;O:8:stdClass:0:{},O:8:stdClass:0:{};R:1;,i:1;;O:8:stdClass:0:{},r:2;;m:a:0:{}',
-'x:i:3;O:8:stdClass:0:{},O:8:stdClass:0:{};r:1;,i:1;;O:8:stdClass:0:{},r:2;;m:a:0:{}',
+'x:i:3;O:8:stdClass:0:{},O:8:stdClass:0:{};R:2;,i:1;;O:8:stdClass:0:{},r:2;;m:a:0:{}',
+'x:i:3;O:8:stdClass:0:{},O:8:stdClass:0:{};r:2;,i:1;;O:8:stdClass:0:{},r:2;;m:a:0:{}',
);
foreach($badblobs as $blob) {
try {
Modified: php/php-src/trunk/ext/spl/spl_observer.c
===
--- php/php-src/trunk/ext/spl/spl_observer.c2011-12-02 10:46:53 UTC (rev
320278)
+++ php/php-src/trunk/ext/spl/spl_observer.c2011-12-02 11:50:22 UTC (rev
320279)
@@ -836,13 +836,11 @@
ALLOC_INIT_ZVAL(pcount);
if (!php_var_unserialize(pcount, p, s + buf_len, var_hash TSRMLS_CC)
|| Z_TYPE_P(pcount) != IS_LONG) {
- zval_ptr_dtor(pcount);
goto outexcept;
}
--p; /* for ';' */
count = Z_LVAL_P(pcount);
- zval_ptr_dtor(pcount);
while(count-- 0) {
spl_SplObjectStorageElement *pelement;
@@ -920,11 +918,16 @@
zval_ptr_dtor(pmembers);
/* done reading $serialized */
-
+ if (pcount) {
+ zval_ptr_dtor(pcount);
+ }
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
return;
outexcept:
+ if (pcount) {
+ zval_ptr_dtor(pcount);
+ }
PHP_VAR_UNSERIALIZE_DESTROY(var_hash);
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC,
Error at offset %ld of %d bytes, (long)((char*)p - buf), buf_len);
return;
Modified: php/php-src/trunk/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
===
--- php/php-src/trunk/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
2011-12-02 10:46:53 UTC (rev 320278)
+++
