Merge branch 'PHP-5.3' of https://git.php.net/push/php-src into PHP-5.3

* 'PHP-5.3' of https://git.php.net/push/php-src: (39 commits) NEWS From code coverity scan, syscall return value must be check. fix more resource leaks From code coverity scan - fix some memory leak - fix some resources leak (fd) - create fpm_worker_pool_free (shared use) - possible null dref (wp->user and wp->home can be null) fixed size array cannot be null use limit_extensions as we use security_limit_extensions later (free) unused variable fix possible null deref (detected by code coverity scan) Also fixed bug #64726 in 5.3 Fix memory realted to #64726 Fix Test Bug #64714 PHP 5.3.26 this will be Fix NEWS Fix bug #64458 (dns_get_record result with string of length -1) Fixed incorrect check. SEND_REF may be executed before DO_FCALL when EX(function_state).function is not yet set to the calling function. Fixed stream_socket_pair() on Windows x64 and - Updated to version 2013.3 (2013c) lower the limit, should fit in a byte updated lib versions allow lcov 1.10 ...
jrbasso · May 3, 2013 · aa448ad · aa448ad
2 parents 62364e6 + 4a34d4a
commit aa448ad
Show file tree

Hide file tree

Showing 45 changed files with 1,051 additions and 693 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,10 +1,9 @@
 language: php
 
-php:
-    # We only specify one version so we only get one worker
-    - 5.4
+branches:
+    except:
+        - /^PHP-5\.3.*/
+        - /^PHP-5\.4.*/
 
 notifications:
     email: false
-
-script: exit 0
diff --git a/NEWS b/NEWS
@@ -1,10 +1,42 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2013, PHP 5.3.24
+?? ??? 2013, PHP 5.3.26
+
+- FPM:
+  . Fixed some possible memory or resource leaks and possible null dereference
+    detected by code coverity scan. (Remi)
+  . Log a warning when a syscall fails. (Remi)
+
+- MySQLi:
+  . Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
+    pointer has closed). (Laruence)
+
+?? ??? 2013, PHP 5.3.25
+
+### ADD ENTRIES ABOVE FOR 5.3.26. 5.3.25 NEWS WILL BE UPDATED BY RM ON MERGE ###
+
+- Core:
+  . Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: 
+    segfault). (Laruence)
+  . Fixed bug #64458 (dns_get_record result with string of length -1). (Stas)
+  . Fixed bugs #47675 and #64577 (fd leak on Solaris). (Rasmus)
+
+- Streams:
+  . Fixed Windows x64 version of stream_socket_pair() and improved error
+    handling. (Anatol Belski)
+
+- Zip:
+  . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
+    (Anatol)
+
+11 Apr 2013, PHP 5.3.24
 
 - Core
   . Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
     (Anatol)
+  . Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle
+    exceptions properly). (Jeff Welch)
+  . Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmitry)
 
 - PCRE:
   . Merged PCRE 8.32). (Anatol)
@@ -13,8 +45,14 @@ PHP                                                                        NEWS
   . Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
     for stmt->param_bind). (Andrey)
 
+- DateTime
+  . Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
+
+- Zip:
+  . Bug #64452 (Zip crash intermittently). (Anatol)
+
 
-28 Feb 2013, PHP 5.3.23RC1
+14 Mar 2013, PHP 5.3.23
 
 - Phar:
   . Fixed timestamp update on Phar contents modification. (Dmitry)

diff --git a/Zend/tests/bug62343.phpt b/Zend/tests/bug62343.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #62343 (Show class_alias In get_declared_classes())
+--FILE--
+<?php
+class a { }
+class_alias("a", "b");
+$c = get_declared_classes();
+var_dump(end($c));
+var_dump(prev($c));
+?>
+--EXPECT--
+string(1) "b"
+string(1) "a"
diff --git a/Zend/tests/bug64578.phpt b/Zend/tests/bug64578.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault)
+--FILE--
+<?php
+function x($s) { 
+	$resource = fopen("php://input", "r"); 
+	$s[$resource] = '2';
+}
+$y = "1";
+x($y);
+var_dump($y);
+?>
+--EXPECTF--
+Warning: Illegal offset type in %sbug64578.php on line %d
+string(1) "1"
diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
@@ -1541,6 +1541,13 @@ ZEND_FUNCTION(restore_exception_handler)
 }
 /* }}} */
 
+static int same_name(const char *key, const char *name, zend_uint name_len)
+{
+	char *lcname = zend_str_tolower_dup(name, name_len);
+	int ret = memcmp(lcname, key, name_len) == 0;
+	efree(lcname);
+	return ret;
+}
 
 static int copy_class_or_interface_name(zend_class_entry **pce TSRMLS_DC, int num_args, va_list args, zend_hash_key *hash_key)
 {
@@ -1552,7 +1559,13 @@ static int copy_class_or_interface_name(zend_class_entry **pce TSRMLS_DC, int nu
 
 	if ((hash_key->nKeyLength==0 || hash_key->arKey[0]!=0)
 		&& (comply_mask == (ce->ce_flags & mask))) {
-		add_next_index_stringl(array, ce->name, ce->name_length, 1);
+		if (ce->refcount > 1 && 
+		    (ce->name_length != hash_key->nKeyLength - 1 || 
+		     !same_name(hash_key->arKey, ce->name, ce->name_length))) {
+			add_next_index_stringl(array, hash_key->arKey, hash_key->nKeyLength - 1, 1);
+		} else {
+			add_next_index_stringl(array, ce->name, ce->name_length, 1);
+		}
 	}
 	return ZEND_HASH_APPLY_KEEP;
 }

diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
@@ -937,6 +937,10 @@ static void zend_fetch_dimension_address(temp_variable *result, zval **container
 					zend_error_noreturn(E_ERROR, "[] operator not supported for strings");
 				}
 
+				if (type != BP_VAR_UNSET) {
+					SEPARATE_ZVAL_IF_NOT_REF(container_ptr);
+				}
+
 				if (Z_TYPE_P(dim) != IS_LONG) {
 					switch(Z_TYPE_P(dim)) {
 						/* case IS_LONG: */
@@ -956,9 +960,6 @@ static void zend_fetch_dimension_address(temp_variable *result, zval **container
 					convert_to_long(&tmp);
 					dim = &tmp;
 				}
-				if (type != BP_VAR_UNSET) {
-					SEPARATE_ZVAL_IF_NOT_REF(container_ptr);
-				}
 				container = *container_ptr;
 				result->str_offset.str = container;
 				PZVAL_LOCK(container);

diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h
@@ -2301,10 +2301,6 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY)
 	EX(function_state).arguments = zend_vm_stack_push_args(opline->extended_value TSRMLS_CC);
 
 	if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION) {
-		ALLOC_INIT_ZVAL(EX_T(opline->result.u.var).var.ptr);
-		EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-		EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
-
 		if (EX(function_state).function->common.arg_info) {
 			zend_uint i=0;
 			zval **p = (zval**)EX(function_state).arguments;
@@ -2315,15 +2311,22 @@ ZEND_VM_HELPER(zend_do_fcall_common_helper, ANY, ANY)
 				arg_count--;
 			}
 		}
-		if (!zend_execute_internal) {
-			/* saves one function call if zend_execute_internal is not used */
-			((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC);
-		} else {
-			zend_execute_internal(EXECUTE_DATA, RETURN_VALUE_USED(opline) TSRMLS_CC);
-		}
 
-		if (!RETURN_VALUE_USED(opline)) {
-			zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
+		if (EXPECTED(EG(exception) == NULL)) {
+			ALLOC_INIT_ZVAL(EX_T(opline->result.u.var).var.ptr);
+			EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
+			EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
+
+			if (!zend_execute_internal) {
+				/* saves one function call if zend_execute_internal is not used */
+				((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC);
+			} else {
+				zend_execute_internal(EXECUTE_DATA, RETURN_VALUE_USED(opline) TSRMLS_CC);
+			}
+
+			if (!RETURN_VALUE_USED(opline)) {
+				zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
+			}
 		}
 	} else if (EX(function_state).function->type == ZEND_USER_FUNCTION) {
 		EX(original_return_value) = EG(return_value_ptr_ptr);
@@ -2707,7 +2710,9 @@ ZEND_VM_HANDLER(67, ZEND_SEND_REF, VAR|CV, ANY)
 		ZEND_VM_NEXT_OPCODE();
 	}
 
-	if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION && !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
+	if (opline->extended_value == ZEND_DO_FCALL_BY_NAME &&
+	    EX(function_state).function->type == ZEND_INTERNAL_FUNCTION &&
+	    !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
 		ZEND_VM_DISPATCH_TO_HELPER(zend_send_by_var_helper);
 	}
 

diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h
@@ -301,10 +301,6 @@ static int ZEND_FASTCALL zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_AR
 	EX(function_state).arguments = zend_vm_stack_push_args(opline->extended_value TSRMLS_CC);
 
 	if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION) {
-		ALLOC_INIT_ZVAL(EX_T(opline->result.u.var).var.ptr);
-		EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
-		EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
-
 		if (EX(function_state).function->common.arg_info) {
 			zend_uint i=0;
 			zval **p = (zval**)EX(function_state).arguments;
@@ -315,15 +311,22 @@ static int ZEND_FASTCALL zend_do_fcall_common_helper_SPEC(ZEND_OPCODE_HANDLER_AR
 				arg_count--;
 			}
 		}
-		if (!zend_execute_internal) {
-			/* saves one function call if zend_execute_internal is not used */
-			((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC);
-		} else {
-			zend_execute_internal(execute_data, RETURN_VALUE_USED(opline) TSRMLS_CC);
-		}
 
-		if (!RETURN_VALUE_USED(opline)) {
-			zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
+		if (EXPECTED(EG(exception) == NULL)) {
+			ALLOC_INIT_ZVAL(EX_T(opline->result.u.var).var.ptr);
+			EX_T(opline->result.u.var).var.ptr_ptr = &EX_T(opline->result.u.var).var.ptr;
+			EX_T(opline->result.u.var).var.fcall_returned_reference = EX(function_state).function->common.return_reference;
+
+			if (!zend_execute_internal) {
+				/* saves one function call if zend_execute_internal is not used */
+				((zend_internal_function *) EX(function_state).function)->handler(opline->extended_value, EX_T(opline->result.u.var).var.ptr, EX(function_state).function->common.return_reference?&EX_T(opline->result.u.var).var.ptr:NULL, EX(object), RETURN_VALUE_USED(opline) TSRMLS_CC);
+			} else {
+				zend_execute_internal(execute_data, RETURN_VALUE_USED(opline) TSRMLS_CC);
+			}
+
+			if (!RETURN_VALUE_USED(opline)) {
+				zval_ptr_dtor(&EX_T(opline->result.u.var).var.ptr);
+			}
 		}
 	} else if (EX(function_state).function->type == ZEND_USER_FUNCTION) {
 		EX(original_return_value) = EG(return_value_ptr_ptr);
@@ -8396,7 +8399,9 @@ static int ZEND_FASTCALL  ZEND_SEND_REF_SPEC_VAR_HANDLER(ZEND_OPCODE_HANDLER_ARG
 		ZEND_VM_NEXT_OPCODE();
 	}
 
-	if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION && !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
+	if (opline->extended_value == ZEND_DO_FCALL_BY_NAME &&
+	    EX(function_state).function->type == ZEND_INTERNAL_FUNCTION &&
+	    !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
 		return zend_send_by_var_helper_SPEC_VAR(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
 	}
 
@@ -22309,7 +22314,9 @@ static int ZEND_FASTCALL  ZEND_SEND_REF_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS
 		ZEND_VM_NEXT_OPCODE();
 	}
 
-	if (EX(function_state).function->type == ZEND_INTERNAL_FUNCTION && !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
+	if (opline->extended_value == ZEND_DO_FCALL_BY_NAME &&
+	    EX(function_state).function->type == ZEND_INTERNAL_FUNCTION &&
+	    !ARG_SHOULD_BE_SENT_BY_REF(EX(fbc), opline->op2.u.opline_num)) {
 		return zend_send_by_var_helper_SPEC_CV(ZEND_OPCODE_HANDLER_ARGS_PASSTHRU);
 	}
 

diff --git a/configure.in b/configure.in
@@ -41,7 +41,7 @@ AC_CONFIG_HEADER(main/php_config.h)
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=3
-PHP_RELEASE_VERSION=24
+PHP_RELEASE_VERSION=26
 PHP_EXTRA_VERSION="-dev"
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
@@ -712,7 +712,7 @@ if test "$PHP_GCOV" = "yes"; then
     AC_MSG_ERROR([ccache must be disabled when --enable-gcov option is used. You can disable ccache by setting environment variable CCACHE_DISABLE=1.])
   fi
 
-  ltp_version_list="1.5 1.6 1.7"
+  ltp_version_list="1.5 1.6 1.7 1.9 1.10"
 
   AC_CHECK_PROG(LTP, lcov, lcov)
   AC_CHECK_PROG(LTP_GENHTML, genhtml, genhtml)