[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/com .cvsignore COM.c CREDITS TODO VARIANT.ccom.h conversion.c conversion.h dispatch.c php_COM.h php_VARIANT.h variant.h
Sascha Schumann wrote: You removed those files from the PHP 5 branch which you claimed were supposed to be used in the PHP 5 branch. ext/com/ are the old files, ext/rpc/com are the new files -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] when PHP code causes crash due to bad input, is it a bug?
Am Freitag, 10.01.03 um 21:02 Uhr schrieb gk: I am trying to help with PHP. But this experience makes me feel like it is not worth it. Can anyone give me some clarification. Is there a common agreement on what constitutes a bug? I have worked as Sr. SQA engineer for many years and have always worked under the understanding that crashes are unacceptible - no matter what caused them: code should be able to handle bad data and not crash. See my bug report and analysis by Daniel Veillard of libxml2 at: http://bugs.php.net/bug.php?id=21477 Greg, don't make that big fuss about it. I fixed the code 15 minutes after bogusfying your report, so it throws an error, if the input is bad. Maybe setting it to bogus was a little bit too unfair, but my additional comments should have clarified it... chregu - Greg Date: Fri, 10 Jan 2003 11:50:35 -0800 To: [EMAIL PROTECTED] From: gk [EMAIL PROTECTED] Subject: Re: Bug #21477 [Opn-Bgs]: $node-dump_node($node) crashes with libxml2-2.4.30 At 06:54 PM 1/10/2003 +, you wrote: You're not in position to decide what is bogus and what is not. This is bogus. - Greg Keraunen -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/overload .cvsignore CREDITS READMEconfig.m4 overload.c overload.dsp php_overload.h
Marcus Börger wrote: yes - but this makes building HEAD + ZE1 + overload impossible Well, ZE1 should only be build with the PHP_4_3 branch now. Otherwise we won't get the momentum needed to push PHP 5 and ZendEngine 2 development. -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/com .cvsignore COM.cCREDITS TODO VARIANT.c com.h conversion.c conversion.h dispatch.c php_COM.h php_VARIANT.h variant.h
On Sat, 11 Jan 2003, Sebastian Bergmann wrote: Sascha Schumann wrote: You removed those files from the PHP 5 branch which you claimed were supposed to be used in the PHP 5 branch. ext/com/ are the old files, ext/rpc/com are the new files Yeah, somehow my brain told me those strings were the same. Weird. - Sascha -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] when PHP code causes crash due to bad input, is it abug?
Greg, don't make that big fuss about it. I fixed the code 15 minutes after bogusfying your report, so it throws an error, if the input is bad. Maybe setting it to bogus was a little bit too unfair, but my additional comments should have clarified it... Looks to me like it should have been set to 'closed' after fixing the crash bug. - Sascha -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] bcmath, calendar, ftp, wddx on Win32
Andi Gutmans wrote: Because building this stuff on Windows is harder and it's probably easiest for Windows users to have stuff in by default. This might have been true back when there were only small binary releases for Windows. Now (almost?) all extensions are available as binaries for Windows, so those aforementioned extensions could be built as DLLs and be put into the binary package as well. -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/overload .cvsignore CREDITS README config.m4 overload.c overload.dsp php_overload.h
At 10:45 11.01.2003, Sebastian Bergmann wrote: Marcus Börger wrote: yes - but this makes building HEAD + ZE1 + overload impossible Well, ZE1 should only be build with the PHP_4_3 branch now. Otherwise we won't get the momentum needed to push PHP 5 and ZendEngine 2 development. Then we should make HEAD builds against ZE1 impossible by configure. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/rpc rpc.c
Sebastian Bergmann wrote: sebastian Sat Jan 11 04:51:52 2003 EDT Modified files: /php4/ext/rpc rpc.c Log: Add missing ,. Hm, now it compiles, but PHP segfaults during shutdown (scripts seem to be executed correctly). The following stacktrace is from a simple phpinfo(): ntdll.dll!778853f0() php4ts_debug.dll!tsrm_mutex_free(_RTL_CRITICAL_SECTION * mutexp=0x00b9ffb8) Line 510 + 0xc C php4ts_debug.dll!zend_ts_hash_destroy(_zend_ts_hashtable * ht=0x00b9fe48) Line 72 + 0xc C php4ts_debug.dll!zm_shutdown_rpc(int type=1, int module_number=5, void * * * tsrm_ls=0x00b22980) Line 206 + 0xb C php4ts_debug.dll!module_destructor(_zend_module_entry * module=0x00ba5068) Line 1171 + 0x1cC php4ts_debug.dll!zend_hash_apply_deleter(_hashtable * ht=0x10330fe0, bucket * p=0x00ba5010) Line 596 + 0xf C php4ts_debug.dll!zend_hash_graceful_reverse_destroy(_hashtable * ht=0x10330fe0) Line 662 + 0xd C php4ts_debug.dll!zend_shutdown(void * * * tsrm_ls=0x00b22980) Line 630 + 0xa C php4ts_debug.dll!php_module_shutdown(void * * * tsrm_ls=0x00b22980) Line 1338 + 0x9 C php.exe!main(int argc=1, char * * argv=0x00b22580) Line 1513 + 0xd C php.exe!mainCRTStartup() Line 338 + 0x11 C kernel32.dll!77e8ca90() -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: http://www.php.net/extra/
On Sat, 11 Jan 2003, Gabor Hojtsy wrote: Hi! Do the files hosted at $subj have any use now, or is there any point in hosting files from as far as 1997 or 1998? bindlib_w32.zip and win32build.zip are definitely still needed. Derick -- - Derick Rethans http://derickrethans.nl/ JDI Media Solutions http://www.jdimedia.nl/ PHP Magazine - PHP Magazine for Professionals http://php-mag.net/ - -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: http://www.php.net/extra/
Hi! Do the files hosted at $subj have any use now, or is there any point in hosting files from as far as 1997 or 1998? bindlib_w32.zip and win32build.zip are definitely still needed. Hm, it's quite interesting to see that packages from two or four years ago still work on Windows ;) And what about the others? Anybody? Goba -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] PHP 4 Bug Summary Report
PHP 4 Bug Database summary - http://bugs.php.net Num Status Summary (1083 total including feature requests) ===[*Configuration Issues] 13561 Assigned --without-pear prevent install of php-config,phpize,... 19282 Won't fix Place php4ts.dll into \sapi 20490 Analyzed enable versioning not supported on OSX 20689 Won\'t fix php_admin_value disable_functions not working as it should 21161 Open ./configure doesn't work with xslt support 21195 Verified Configure warnings/errors 21216 Won\'t fix phpize passes --no-verify to ltconfig without specifying host 21249 Open ./configure fails when searching for ircg-config script 21284 Open don't configure on AIX 4.3.3 ===[*Database Functions]== 21549 Feedback problem with INGRES II permanent connexions ===[*Directory/Filesystem functions] 21310 Open no such file (paths) 21532 Open incorrect warning ===[*General Issues]== 20195 Open make install doesnt set permissions 20775 Open Silent install (/s) does not work 20896 Verified php -w hangs indefinitely at 100% CPU 20946 Suspended php_ingres.dll missing in the php 4 zip!!! 21254 Won\'t fix Suggestion for the site 21281 Feedback False Line output 21559 Feedback Fatal error: Nesting level too deep - recursive dependency? in Unknown on line 21575 Open 4.2x to 4.3 Compatibility issue ===[*Languages/Translation]=== 11975 Won't fix mix of hebrew english 13014 Won't fix hebrevc () 20166 Open Unicode (Slovenian) characters are not displayed correctly ===[*Math Functions]== 21534 Open GMP lib gmp_gcdext() gives incorrect results ===[*Network Functions]=== 15639 Suspended detecting end of UDP packets ===[*Programming Data Structures]= 21062 Won\'t fix Recursive calls may SEGV ===[Apache related]=== 14409 Open request for nonexistent file does not return 404 error 15529 Open ap_cleanup_for_exec not used when creating 17837 Won't fix PHP 'handles' permission problems rather than letting Apache do it 19113 Open HTTP status 200 returned on HTTP CONNECT when mod_proxy not in use 19292 Critical random error: open_basedir restriction in effect. File is in wrong directory 20190 Critical Random mem corruption: zend_get_executed_filename() mismatch 20551 Open Output compression causes segfaults (ob_gzhandler) 20665 Won\'t fix Memory leaks on SIGHUP 21056 Open PHP messes with virtual hosts 21568 Feedback The memory could not be read. ===[Apache2 related]== 17414 Open Segfaults on restart 17868 Verified Doesn't work two and more !--include-- directives of PHP code on different OS 18359 Open PHP module seem to make trouble with authentication under Apache 2 18648 Open Single entry form POST gives incorrect variable content 18957 Won't fix multiple definitions 19618 Suspended Cannot load libphp4.so - Win32 error 5 19787 Won\'t fix Can not load module 20910 Open Default for AcceptPathInfo changed 20929 Open Problem in handling big5 characters from HTML form 21040 Open max_execution_time ignored 21074 Open PHP doesn't work with 401 (Auth) ErrorDocument and Apache2 21084 Open Undefined symbol ___guard in libphp4.so 21283 Open Apache2 PHP4.3 leak memory when respond to requests 21323 Feedback Session not initialised or not destroyed 21452 Open Apache dumps core inside php code 21471 Feedback empty variables with apache 2 ===[Arrays related]=== 18829 Won\'t fix array_pop, array_shift, array_push... functions very slow with large arrays 20251 Won\'t fix Can't assign values to array in loop. 21444 Open Asort output not fully sorted in mixed type array with BOOLEANs ===[BC math related]== 13551 Assigned BC functions apply decimal places argument also on arguments ===[CCVS related]= 10447 Won\'t fix ccvs_*() functions segfault when given invalid session ID ===[Class/Object related]= 15675 Suspended get_class() returns only lower chars 17637 Analyzed constructors in classes (Back to PHP3) 20531 Open Object property association broken 20676 Verified Reinitialization of a reference 21380 Open Ability to assign to $this in constructor of class ===[COM
[PHP-DEV] Apache2Filter SAPI segfaults
This is with current HEAD of both Apache 2.1-dev and PHP 5 + ZE2: wopr-mobile:/usr/local/apache2/bin # gdb httpd GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i686-pc-linux-gnu... (gdb) r -DONE_PROCESS Starting program: /usr/local/apache2/bin/httpd -DONE_PROCESS [New Thread 1024 (LWP 1440)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 1440)] 0x401b8817 in memcpy () from /lib/libc.so.6 Running Apache 2.1-dev without LoadModule modules/ibphp4.so works. -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DEV] bcmath, calendar, ftp, wddx on Win32
At 12:25 PM 1/10/2003 +0100, Lukas Smith wrote: From: Andi Gutmans [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 12:14 PM At 06:36 PM 1/9/2003 +0100, Sebastian Bergmann wrote: For as long as I can remember, the bcmath, calendar, ftp and wddx extensions are enabled by default on Win32. But why? I mean, they are not enabled by default on *NIX, so why the inconsistency? Because building this stuff on Windows is harder and it's probably easiest for Windows users to have stuff in by default. So once the PEAR installer is able to handle binaries for windows in a reliable fashion this could be changed? The big difference between Windows and UNIX is that you can usually compile on UNIX systems. But if PEAR handles binaries this way, if and when that happens, then yes. Andi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PROPOSAL: default value handling
This has been discussed in the past and won't be done. PHP behaves like C where the result of the boolean or operation is true or false. Andi At 12:38 AM 1/11/2003 -0500, Nyk Cowham wrote: As a convert from Perl one of the 'features' I miss from Perl is the short-circuit behavior of the or operand (||) and how it can be used to set default values if a passed value is false (0 or ). Thus, in a passed parameter you can write: $result = $value || $default; In perl if the $value variable is false (0 or empty string) then $value will be set to the default value. In PHP the or operand does not short-circuit in this way. Instead I find myself having to write something like: $result = ($_REQUEST['value']) ? $_REQUEST['value'] : 'my default value'; This is not only ugly and difficult to read but has the redundancy of naming the $_REQUEST['value'] variable twice. Another nice feature of using Perl's short-circuit or operand is that defaults can be chained so: $result = $value || $alt_value || $default; Will return the default only if $value and $alt_value have both evaluated as false. In other words the first expression that evaluates as true (actually 'not false' would be more accurate) will be returned, all preceding and subsequent values will be ignored. I don't propose the || operant in PHP should be short-circuited like Perl, but rather either a new operand or new function be added that would have this specific behavior. As an operand it might look like: $result = $value ?: $alt_value ?: [ ...] ?: $default; // reusing the terniary operator in this context would be a reasonable mnemonic. Alternatively if implemented as a function it might look like: $result = choose($value, $alt_value, [ ... ], $default); I would be happy to volunteer to do the work to provide this feature if there is enough support for it's inclusion. Thoughts? Nyk Cowham -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Non threadsafe Windows build
At 07:13 AM 1/11/2003 +0100, Sebastian Bergmann wrote: The project file(s) for the non threadsafe Windows build are out of sync with the thread safe one(s). IIRC, there was already some discussion to ditch the non threadsafe version. That way we didn't have to maintain two sets of files, etc. What do you think? The non-threadsafe version is useful for Windows CGI and debugging. On the other hand, it's quite a drag to maintain. Unless someone steps up and takes responsibility to keep it in sync, or we make a new rule that people have to remember to update both projects, then I think nuking it is OK. What do others think? (I'm interested in hearing from Windows users) Andi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Non threadsafe Windows build
At 19:24 11/01/2003, Andi Gutmans wrote: At 07:13 AM 1/11/2003 +0100, Sebastian Bergmann wrote: The project file(s) for the non threadsafe Windows build are out of sync with the thread safe one(s). IIRC, there was already some discussion to ditch the non threadsafe version. That way we didn't have to maintain two sets of files, etc. What do you think? The non-threadsafe version is useful for Windows CGI and debugging. On the other hand, it's quite a drag to maintain. Unless someone steps up and takes responsibility to keep it in sync, or we make a new rule that people have to remember to update both projects, then I think nuking it is OK. What do others think? (I'm interested in hearing from Windows users) I'm against ditching it. I use it mostly for checking that the non-ZTS build builds fine when I'm under Windows. True, that doesn't happen too often, but I don't see any reason to remove it. Zeev -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Apache2Filter SAPI segfaults
Sebastian Bergmann wrote: This is with current HEAD of both Apache 2.1-dev and PHP 5 + ZE2: Somehow the backtrace got lost: wopr-mobile:/usr/local/apache2/bin # gdb httpd GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i686-pc-linux-gnu... (gdb) r -DONE_PROCESS Starting program: /usr/local/apache2/bin/httpd -DONE_PROCESS [New Thread 1024 (LWP 17607)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 17607)] 0x403d648c in ini_parse () at Zend/zend_ini_parser.c:1043 1043 goto yyoverflowlab; (gdb) bt #0 0x403d648c in ini_parse () at Zend/zend_ini_parser.c:1043 #1 0x403d6309 in zend_parse_ini_file (fh=0xb560, unbuffered_errors=1 '\001', ini_parser_cb=0x403b5862 php_config_ini_parser_cb, arg=0x4055e920) at /usr/src/php5/Zend/zend_ini_parser.y:164 #2 0x403b5fd5 in php_init_config () at /usr/src/php5/main/php_ini.c:382 #3 0x403b08eb in php_module_startup (sf=0x4049cdc0, additional_modules=0x4049cfc0, num_additional_modules=1) at /usr/src/php5/main/main.c:1213 #4 0x4041202a in php_apache2_startup (sapi_module=0x4049cdc0) at /usr/src/php5/sapi/apache2filter/sapi_apache2.c:295 #5 0x40412a3d in php_apache_server_startup (pconf=0x80be9d0, plog=0x80f6ab0, ptemp=0x80faac0, s=0x80c12e8) at /usr/src/php5/sapi/apache2filter/sapi_apache2.c:615 #6 0x0808128a in ap_run_post_config (pconf=0x80be9d0, plog=0x80f6ab0, ptemp=0x80faac0, s=0x80c12e8) at config.c:128 #7 0x08086938 in main (argc=2, argv=0xb784) at main.c:640 #8 0x4015a9ed in __libc_start_main () from /lib/libc.so.6 -- Sebastian Bergmann http://sebastian-bergmann.de/ http://phpOpenTracker.de/ Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
Sorry but just a thought, in that line: if (argc 1 (int)Z_STRLEN_P(return_value) len / 2) { you're comparating len / 2 to an int, but len / 2 can be a float too no? Ignore me if I'm wrong... -- Regards. M.CHAILLAN Nicolas [EMAIL PROTECTED] www.WorldAKT.com Hébergement de sites internets. Moriyoshi Koizumi [EMAIL PROTECTED] a écrit dans le message de news: [EMAIL PROTECTED] moriyoshi Sat Jan 11 17:17:37 2003 EDT Modified files: /php4/ext/standard file.c formatted_print.c Log: Reduced compiler warnings in ZE2 build Index: php4/ext/standard/file.c diff -u php4/ext/standard/file.c:1.290 php4/ext/standard/file.c:1.291 --- php4/ext/standard/file.c:1.290 Thu Jan 9 18:23:32 2003 +++ php4/ext/standard/file.c Sat Jan 11 17:17:37 2003 @@ -21,7 +21,7 @@ +--+ */ -/* $Id: file.c,v 1.290 2003/01/09 23:23:32 iliaa Exp $ */ +/* $Id: file.c,v 1.291 2003/01/11 22:17:37 moriyoshi Exp $ */ /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */ @@ -1376,7 +1376,7 @@ ZVAL_STRINGL(return_value, buf, line_len, 0); /* resize buffer if it's much larger than the result. * Only needed if the user requested a buffer size. */ - if (argc 1 Z_STRLEN_P(return_value) len / 2) { + if (argc 1 (int)Z_STRLEN_P(return_value) len / 2) { Z_STRVAL_P(return_value) = erealloc(buf, line_len + 1); } } @@ -1559,7 +1559,7 @@ } convert_to_string_ex(arg2); convert_to_long_ex(arg3); - num_bytes = MIN(Z_LVAL_PP(arg3), Z_STRLEN_PP(arg2)); + num_bytes = MIN(Z_LVAL_PP(arg3), (int)Z_STRLEN_PP(arg2)); break; default: WRONG_PARAM_COUNT; Index: php4/ext/standard/formatted_print.c diff -u php4/ext/standard/formatted_print.c:1.61 php4/ext/standard/formatted_print.c:1.62 --- php4/ext/standard/formatted_print.c:1.61 Thu Jan 9 12:29:31 2003 +++ php4/ext/standard/formatted_print.c Sat Jan 11 17:17:37 2003 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: formatted_print.c,v 1.61 2003/01/09 17:29:31 wez Exp $ */ +/* $Id: formatted_print.c,v 1.62 2003/01/11 22:17:37 moriyoshi Exp $ */ #include math.h /* modf() */ #include php.h @@ -504,7 +504,7 @@ currarg = 1; - while (inposZ_STRLEN_PP(args[format_offset])) { + while (inpos (int)Z_STRLEN_PP(args[format_offset])) { int expprec = 0; PRINTF_DEBUG((sprintf: format[%d]='%c'\n, inpos, format[inpos])); -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
On Sat, 11 Jan 2003, Ilia A. wrote: On January 11, 2003 06:03 pm, Moriyoshi Koizumi wrote: On Sat, Jan 11, 2003 at 11:38:20PM +0100, [EMAIL PROTECTED] wrote: Sorry but just a thought, in that line: if (argc 1 (int)Z_STRLEN_P(return_value) len / 2) { Does this mean we now always need to cast the result of the Z_STRLEN_P/Z_STRLEN_PP macros to int? That seems pretty annoying and not to producing ugly code. Certainly not. What kind of warnings was the compiler (which one?) issuing? - Sascha -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
On Sat, Jan 11, 2003 at 05:56:23PM -0500, Ilia A. wrote: On January 11, 2003 06:03 pm, Moriyoshi Koizumi wrote: On Sat, Jan 11, 2003 at 11:38:20PM +0100, [EMAIL PROTECTED] wrote: Sorry but just a thought, in that line: if (argc 1 (int)Z_STRLEN_P(return_value) len / 2) { Does this mean we now always need to cast the result of the Z_STRLEN_P/Z_STRLEN_PP macros to int? That seems pretty annoying and not to producing ugly code. That's all due to the change of len field in zvalue_value union. Do you mean this kind of warnings should be fixed not by adding ugly casts but by restoring the structure like ZE1? (ZE1) typedef union _zvalue_value { long lval; /* long value */ double dval;/* double value */ struct { char *val; int len; } str; HashTable *ht; /* hash table value */ zend_object obj; } zvalue_value; (ZE2) typedef union _zvalue_value { long lval; /* long value */ double dval;/* double value */ struct { char *val; zend_uint len; } str; HashTable *ht; /* hash table value */ /* struct { zend_class_entry *ce; HashTable *properties; } obj; */ zend_object_value obj; } zvalue_value; I think uint'ifying len field is a good idea though. Moriyoshi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
On Sat, Jan 11, 2003 at 11:59:49PM +0100, Sascha Schumann wrote: Does this mean we now always need to cast the result of the Z_STRLEN_P/Z_STRLEN_PP macros to int? That seems pretty annoying and not to producing ugly code. Certainly not. What kind of warnings was the compiler (which one?) issuing? Please look at the win32/ZE2 compile log in http://snaps.php.net/ Moriyoshi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
The cause for this is that phanto changed the type of the string length from a signed type to zend_uint without providing any kind of justification (zvalue_value). As many past security advisories have shown, signedness issues are the frequent cause for severe vulnerabilities in software (recent examples include MySQL, OpenBSD kernel). As all existing PHP extensions and other relevant code assumes that the length of strings is denotated by a signed integer type, I hereby propose to revert that commit and to reinstate the old type. Any objections? - Sascha -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
I imagine that strings greater then 2 billion characters are fairly rare, so I think it would be a good idea to revert the change as per Sascha's suggestion. This is a fairly old limitation and I think no one will miss this feature. Ilia -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
On Sun, Jan 12, 2003 at 12:12:39AM +0100, Sascha Schumann wrote: As many past security advisories have shown, signedness issues are the frequent cause for severe vulnerabilities in software (recent examples include MySQL, OpenBSD kernel). Actually codes like below produce vulnerble runtimes because the length of string is expected to be a positive integer value... int maxlen; ... if ((int)Z_STRLEN_P(length) maxlen) { RETURN_FALSE; } memcpy(allocated_buf, Z_STRVAL_P(length), Z_STRLEN_P(length)); Any objections? No objection from me. Moriyoshi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
On Sun, 12 Jan 2003, Moriyoshi Koizumi wrote: On Sun, Jan 12, 2003 at 12:12:39AM +0100, Sascha Schumann wrote: As many past security advisories have shown, signedness issues are the frequent cause for severe vulnerabilities in software (recent examples include MySQL, OpenBSD kernel). Actually codes like below produce vulnerble runtimes because the length of string is expected to be a positive integer value... Yes, unfortunately. Basically the same problem as in the OpenBSD kernel and its select syscall: http://www.phrack.org/phrack/60/p60-0x06.txt Quote: Whilst there is a check [1] on the 'nd' argument (nd represents the highest numbered descriptor plus one, in any of the fd_sets), which is checked against the p-p_fd-fd_nfiles (the number of open descriptors that the process is holding), this check is inadequate -- 'nd' is declared as signed [6], so it can be negative, and therefore will pass the greater-than check [1]. Then 'nd' is put through a macro [2], in order to calculate an unsigned integer, 'ni', which will eventually be used as the the length argument for the copyin operation. - Sascha -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] What Changed ?
Hi, After checking out PHP5 from cvs I'm having some strange problems. I'm building on Mandrake 9.0 and Win32 and everything builds fine. When running scripts through Apache 1.3.27 I get core dumps. Running the same script with the CLI version works fine. Other (simpler) scripts work fine in both cases. On Win32 I'm using some 'private' extension and they can load but as soon as I access functions in them php crashes. I'm just about to start the debugger, but wanted to know if there is anything I need to do in order for extensions to work with ZE2 (These used to work with PHP4 just before everything was changed to ZE2. - Frank -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: php4 /ext/standard file.c formatted_print.c
At 12:38 AM 1/12/2003 +0100, Sascha Schumann wrote: On Sun, 12 Jan 2003, Moriyoshi Koizumi wrote: On Sun, Jan 12, 2003 at 12:12:39AM +0100, Sascha Schumann wrote: As many past security advisories have shown, signedness issues are the frequent cause for severe vulnerabilities in software (recent examples include MySQL, OpenBSD kernel). Actually codes like below produce vulnerble runtimes because the length of string is expected to be a positive integer value... Yes, unfortunately. Basically the same problem as in the OpenBSD kernel and its select syscall: http://www.phrack.org/phrack/60/p60-0x06.txt Quote: Whilst there is a check [1] on the 'nd' argument (nd represents the highest numbered descriptor plus one, in any of the fd_sets), which is checked against the p-p_fd-fd_nfiles (the number of open descriptors that the process is holding), this check is inadequate -- 'nd' is declared as signed [6], so it can be negative, and therefore will pass the greater-than check [1]. Then 'nd' is put through a macro [2], in order to calculate an unsigned integer, 'ni', which will eventually be used as the the length argument for the copyin operation. I might be misunderstanding the problem and I didn't have time to read the phrack article, but doesn't this mean that leaving it unsigned is better? It wouldn't pass the length check and thus, memcpy() wouldn't convert a negative number to something huge. Andi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] register_prerequisite_file( $myFile ); //or cli option to generate dependency list
I use php a lot to process php files in a makefile driven build environment I have written: xmake.org I think it would be nice to have an option to sapi/cli to generate a list of dependencies, like gcc -M get_included_files() is useful, but not sufficient since it only reports included or required files - any other dependencies are not detected, such as files opened by other means such as file(), file_exists(), I use the following macro in my makefile to generate a rule for the input source file $(1). # Command to generate a list of dependencies from a source file (including the source file) # $(1) - source file define XMakeExt_php.cli_dependCmd $(shell /usr/local/bin/php -r 'ob_start(); include $(1);ob_end_clean() ; $$files = get_included_files(); foreach($$files as $$file) echo $$file ;') endef I'd like to know what others think might be a good solution. I see two options: 1. give sapi/cli an option to auto-detect dependencies 2. Add a simple a function you could call to register a prerequisite file such as: ?php register_prerequisite_file( $myFile ); // code follows which uses the file for something... $array=($myFile); ? I think PHP is a great tool for command line scripting but without dependency-detection, applications are limited. - Greg Keraunen http://www.xmake.org http://www.xmlmake.com -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] aggregation stability
Hi, How stable is aggregation considered to be for PHP 4.3.0 release? I've been getting crashes with apache 1.3.27/php 4.3.0/Win98SE in certain cases when calling a overriding method of an aggregated class. class A { function display() { } } class B extends A { function display() { } } class D { function test() { $this-display(); } } class C { function aggtest() { aggregate($this,'B'); aggregate($this,'D'); $this-test(); } } The code above works on my system, and demonstrates the general principle that I'm using. In some cases, just adding a flush();exit; causes an apache crash. In others, adding a call to a function crashes things. There is absolutely nothing consistent. I would like to attach a sample script that causes a crash, but I can't find anything smaller than the 25 files I have which will cause one. Has anyone else experienced this bizarre behavior? What can I do to find the bug or help others find it? I don't even know if it has anything to do with aggregation. The only consistency is that when I call an aggregated function from another class's aggregated function after deaggregating and then re-aggregating, it seems to get unstable. I can't find anything else that when I add it in causes a crash, and stops when I take it out. Thanks, Greg -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php