Commit 03d17de8 authored by Ondrej Sury's avatar Ondrej Sury

Imported Upstream version 5.6.22+dfsg

parent 0dbf7aec
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
26 May 2016, PHP 5.6.22
- Core:
. Fixed bug #72172 (zend_hex_strtod should not use strlen).
(bwitz at hotmail dot com )
. Fixed bug #72114 (Integer underflow / arbitrary null write in
fread/gzread). (Stas)
. Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
- Intl
. Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
. Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas)
- Postgres:
. Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
28 Apr 2016, PHP 5.6.21
- Core:
......@@ -23,7 +42,7 @@ PHP NEWS
- GD:
. Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas)
. Fixed bug #71912 (libgd: signedness vulnerability). (Stas)
. Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074) (Stas)
- Intl:
. Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
......@@ -78,17 +97,17 @@ PHP NEWS
- Fileinfo:
. Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic
file). (Anatol)
file). (CVE-2015-8865) (Anatol)
- Mbstring:
. Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
mbfl_strcut). (Stas)
mbfl_strcut). (CVE-2016-4073) (Stas)
- ODBC:
. Fixed bug #47803, #69526 (Executing prepared statements is succesfull only
for the first two statements). (einavitamar at gmail dot com, Anatol)
. Fixed bug #71860 (Invalid memory write in phar on filename with \0 in
name). (Stas)
name). (CVE-2016-4072) (Stas)
- PDO_DBlib:
. Fixed bug #54648 (PDO::MSSQL forces format of datetime fields).
......@@ -101,11 +120,11 @@ PHP NEWS
- SNMP:
. Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
(andrew at jmpesp dot org)
(CVE-2016-4071) (andrew at jmpesp dot org)
- Standard:
. Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen at icloud dot com, Stas)
(CVE-2016-4070) (taoguangchen at icloud dot com, Stas)
03 Mar 2016, PHP 5.6.19
......@@ -180,13 +199,19 @@ PHP NEWS
on the same server). (Anatol)
- PCRE:
. Upgraded bundled PCRE library to 8.38.
. Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386,
CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393,
CVE-2015-8394)
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)
(Stas)
. Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()).
(CVE-2016-4343) (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives).
(CVE-2016-2554) (Stas)
- Session:
. Fixed bug #69111 (Crash in SessionHandler::read()). (Anatol)
......@@ -219,7 +244,7 @@ PHP NEWS
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com)
Out of Bounds). (CVE-2016-1903) (emmanuel dot law at gmail dot com)
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
......@@ -332,9 +357,10 @@ PHP NEWS
. Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).
(CVE-2015-7803) (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
entry filename is "/"). (CVE-2015-7804) (Stas)
- Phpdbg:
. Fix phpdbg_break_next() sometimes not breaking. (Bob)
......@@ -356,9 +382,10 @@ PHP NEWS
. Fixed bug #69487 (SAPI may truncate POST data). (cmb)
. Fixed bug #70198 (Checking liveness does not work as expected).
(Shafreeck Sea, Anatol Belski)
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
(CVE-2015-6834) (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
(taoguangchen at icloud dot com)
(CVE-2015-6835) (taoguangchen at icloud dot com)
- CLI server:
. Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
......@@ -398,16 +425,16 @@ PHP NEWS
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
(CVE-2015-6836) (Stas)
- SPL:
. Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
SplObjectStorage). (CVE-2015-6834) (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
SplDoublyLinkedList). (CVE-2015-6834) (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
......@@ -416,11 +443,12 @@ PHP NEWS
INI_SCANNER_TYPED). (Tjerk)
- XSLT:
. Fixed bug #69782 (NULL pointer dereference). (Stas)
. Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
(Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
creating directories). (CVE-2014-9767) (neal at fb dot com)
06 Aug 2015, PHP 5.6.12
......@@ -460,12 +488,12 @@ PHP NEWS
. Fixed bug #69882 (OpenSSL error "key values mismatch" after
openssl_pkcs12_read with extra cert). (Tomasz Sawicki)
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
secure). (CVE-2015-8867) (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
destination directory). (CVE-2015-6833) (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
......@@ -473,13 +501,13 @@ PHP NEWS
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
items). (CVE-2015-6832) (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
SPLArrayObject). (CVE-2015-6831) (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
SplObjectStorage). (CVE-2015-6831) (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
SplDoublyLinkedList). (CVE-2015-6831) (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)
......@@ -566,7 +594,8 @@ PHP NEWS
on Windows. (Jorge Oliveira, Anatol)
. Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
(CVE-2015-4642) (Anatol Belski)
. Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas)
. Fixed bug #69719 (Incorrect handling of paths with NULs). (CVE-2015-4598)
(Stas)
- FTP
. Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in
......
......@@ -3637,6 +3637,7 @@ static zend_bool do_inherit_property_access_check(HashTable *target_ht, zend_pro
{
zend_property_info *child_info;
zend_class_entry *parent_ce = ce->parent;
TSRMLS_FETCH();
if (parent_info->flags & (ZEND_ACC_PRIVATE|ZEND_ACC_SHADOW)) {
if (zend_hash_quick_find(&ce->properties_info, hash_key->arKey, hash_key->nKeyLength, hash_key->h, (void **) &child_info)==SUCCESS) {
......@@ -3669,7 +3670,8 @@ static zend_bool do_inherit_property_access_check(HashTable *target_ht, zend_pro
if ((child_info->flags & ZEND_ACC_PPP_MASK) > (parent_info->flags & ZEND_ACC_PPP_MASK)) {
zend_error_noreturn(E_COMPILE_ERROR, "Access level to %s::$%s must be %s (as in class %s)%s", ce->name, hash_key->arKey, zend_visibility_string(parent_info->flags), parent_ce->name, (parent_info->flags&ZEND_ACC_PUBLIC) ? "" : " or weaker");
} else if ((child_info->flags & ZEND_ACC_STATIC) == 0) {
zval_ptr_dtor(&(ce->default_properties_table[parent_info->offset]));
/* Don't keep default properties in GC (thry may be freed by opcache) */
i_zval_ptr_dtor_nogc(ce->default_properties_table[parent_info->offset] ZEND_FILE_LINE_CC TSRMLS_CC);
ce->default_properties_table[parent_info->offset] = ce->default_properties_table[child_info->offset];
ce->default_properties_table[child_info->offset] = NULL;
child_info->offset = parent_info->offset;
......
......@@ -1397,7 +1397,13 @@ ZEND_API int shift_right_function(zval *result, zval *op1, zval *op2 TSRMLS_DC)
ZEND_API int add_char_to_string(zval *result, const zval *op1, const zval *op2) /* {{{ */
{
int length = Z_STRLEN_P(op1) + 1;
char *buf = str_erealloc(Z_STRVAL_P(op1), length + 1);
char *buf;
if (UNEXPECTED(length < 0)) {
zend_error(E_ERROR, "String size overflow");
}
buf = str_erealloc(Z_STRVAL_P(op1), length + 1);
buf[length - 1] = (char) Z_LVAL_P(op2);
buf[length] = 0;
......@@ -1410,7 +1416,13 @@ ZEND_API int add_char_to_string(zval *result, const zval *op1, const zval *op2)
ZEND_API int add_string_to_string(zval *result, const zval *op1, const zval *op2) /* {{{ */
{
int length = Z_STRLEN_P(op1) + Z_STRLEN_P(op2);
char *buf = str_erealloc(Z_STRVAL_P(op1), length + 1);
char *buf;
if (UNEXPECTED(length < 0)) {
zend_error(E_ERROR, "String size overflow");
}
buf = str_erealloc(Z_STRVAL_P(op1), length + 1);
memcpy(buf + Z_STRLEN_P(op1), Z_STRVAL_P(op2), Z_STRLEN_P(op2));
buf[length] = 0;
......
......@@ -2590,7 +2590,7 @@ ZEND_API double zend_hex_strtod(const char *str, const char **endptr)
int any = 0;
double value = 0;
if (strlen(str) < 2) {
if (s[0] == '\0' || s[1] == '\0') {
*endptr = str;
return 0.0;
}
......
......@@ -919,6 +919,7 @@ static int tsrm_realpath_r(char *path, int start, int len, int *ll, time_t *t, i
pbuffer = (REPARSE_DATA_BUFFER *)do_alloca(MAXIMUM_REPARSE_DATA_BUFFER_SIZE, use_heap_large);
if (pbuffer == NULL) {
CloseHandle(hLink);
return -1;
}
if(!DeviceIoControl(hLink, FSCTL_GET_REPARSE_POINT, NULL, 0, pbuffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, &retlength, NULL)) {
......
......@@ -3672,7 +3672,7 @@ ac_config_headers="$ac_config_headers main/php_config.h"
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=6
PHP_RELEASE_VERSION=21
PHP_RELEASE_VERSION=22
PHP_EXTRA_VERSION=""
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr $PHP_MAJOR_VERSION \* 10000 + $PHP_MINOR_VERSION \* 100 + $PHP_RELEASE_VERSION`
......@@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=6
PHP_RELEASE_VERSION=21
PHP_RELEASE_VERSION=22
PHP_EXTRA_VERSION=""
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
......
......@@ -41,8 +41,8 @@
downscaling using the fixed point implementations are usually much faster
than the existing gdImageCopyResampled while having a similar or better
quality.
For image rotations, the optimized versions have a lazy antialiasing for
For image rotations, the optimized versions have a lazy antialiasing for
the edges of the images. For a much better antialiased result, the affine
function is recommended.
*/
......@@ -635,7 +635,7 @@ static inline int _color_blend (const int dst, const int src)
}
}
static inline int _setEdgePixel(const gdImagePtr src, unsigned int x, unsigned int y, gdFixed coverage, const int bgColor)
static inline int _setEdgePixel(const gdImagePtr src, unsigned int x, unsigned int y, gdFixed coverage, const int bgColor)
{
const gdFixed f_127 = gd_itofx(127);
register int c = src->tpixels[y][x];
......@@ -932,9 +932,6 @@ static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsi
double dTotalWeight = 0.0;
int iSrc;
res->ContribRow[u].Left = iLeft;
res->ContribRow[u].Right = iRight;
/* Cut edge points to fit in filter window in case of spill-off */
if (iRight - iLeft + 1 > windows_size) {
if (iLeft < ((int)src_size - 1 / 2)) {
......@@ -944,6 +941,9 @@ static inline LineContribType *_gdContributionsCalc(unsigned int line_size, unsi
}
}
res->ContribRow[u].Left = iLeft;
res->ContribRow[u].Right = iRight;
for (iSrc = iLeft; iSrc <= iRight; iSrc++) {
dTotalWeight += (res->ContribRow[u].Weights[iSrc-iLeft] = scale_f_d * (*pFilter)(scale_f_d * (dCenter - (double)iSrc)));
}
......@@ -1096,7 +1096,7 @@ gdImagePtr Scale(const gdImagePtr src, const unsigned int src_width, const unsig
_gdScaleHoriz(src, src_width, src_height, tmp_im, new_width, src_height);
_gdScaleVert(tmp_im, new_width, src_height, dst, new_width, new_height);
gdFree(tmp_im);
gdImageDestroy(tmp_im);
return dst;
}
......@@ -2284,7 +2284,7 @@ int gdTransformAffineGetImage(gdImagePtr *dst,
if (!src->trueColor) {
gdImagePaletteToTrueColor(src);
}
/* Translate to dst origin (0,0) */
gdAffineTranslate(m, -bbox.x, -bbox.y);
gdAffineConcat(m, affine, m);
......@@ -2343,7 +2343,7 @@ int gdTransformAffineCopy(gdImagePtr dst,
if (src->interpolation_id == GD_BILINEAR_FIXED || src->interpolation_id == GD_BICUBIC_FIXED || src->interpolation_id == GD_NEAREST_NEIGHBOUR) {
interpolation_id_bak = src->interpolation_id;
interpolation_bak = src->interpolation;
gdImageSetInterpolationMethod(src, GD_BICUBIC);
}
......
--TEST--
Bug #72227: imagescale out-of-bounds read
--SKIPIF--
<?php
if (!extension_loaded('gd')) die("skip gd extension not available\n");
?>
--FILE--
<?php
$img = imagecreatetruecolor ( 100, 100);
imagescale($img, 13, 1, IMG_BICUBIC);
?>
DONE
--EXPECT--
DONE
\ No newline at end of file
This diff is collapsed.
--TEST--
Bug #72241: get_icu_value_internal out-of-bounds read
--SKIPIF--
<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
--FILE--
<?php
$var1=str_repeat("A", 1000);
$out = locale_get_primary_language($var1);
echo strlen($out) . PHP_EOL;
echo unpack('H*', $out)[1] . PHP_EOL;
--EXPECT--
1000
61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161
......@@ -1295,13 +1295,9 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags
zend_fcall_info fci;
zend_fcall_info_cache fcc;
zval *retval_ptr;
zend_bool props_merged = 0;
object_and_properties_init(return_value, ce, NULL);
if (!ce->__set) {
props_merged = 1;
zend_merge_properties(return_value, Z_ARRVAL(dataset), 1 TSRMLS_CC);
}
zend_merge_properties(return_value, Z_ARRVAL(dataset), 1 TSRMLS_CC);
if (ce->constructor) {
fci.size = sizeof(fci);
......@@ -1335,10 +1331,6 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags
if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "Could not execute %s::%s()", ce->name, ce->constructor->common.function_name);
if (fci.params) {
efree(fci.params);
}
return;
} else {
if (retval_ptr) {
zval_ptr_dtor(&retval_ptr);
......@@ -1349,11 +1341,6 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags
}
} else if (ctor_params) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "Class %s does not have a constructor hence you cannot use ctor_params", ce->name);
return;
}
if (!props_merged) {
zend_merge_properties(return_value, Z_ARRVAL(dataset), 1 TSRMLS_CC);
}
}
}
......
--TEST--
Bug #71820 __set has to be called after constructor, mysqli part
--SKIPIF--
<?php
require_once('skipif.inc');
require_once('skipifconnectfailure.inc');
require_once("connect.inc");
?>
--FILE--
<?php
include "connect.inc";
$tableName = 'test_mysqli_fetch_object';
class TestRow
{
private $set_from_constructor;
private $data;
private $hello = "world";
public function __construct($set_from_constructor)
{
$this->set_from_constructor = $set_from_constructor;
}
public function __set($name, $value)
{
if (!isset($this->data[$name])) {
/* $this->set_from_constructor has an expected value */
$this->data[$name] = 42 == $this->set_from_constructor ? $value : -1;
return;
}
throw new \Exception('Duplicity column name.');
}
}
if (!($connection = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket))) {
printf("[001] Cannot connect to the server");
}
$rc = mysqli_query($connection, "DROP TABLE IF EXISTS $tableName");
if (!$rc)
printf("[002] [%d] %s\n", mysqli_errno($connection), mysqli_error($connection));
$table = <<<SQL
CREATE TABLE $tableName (
id int NOT NULL auto_increment primary key,
name varchar(255) NOT NULL
);
SQL;
$rc = mysqli_query($connection, $table);
if (!$rc)
printf("[003] [%d] %s\n", mysqli_errno($connection), mysqli_error($connection));
$rc = mysqli_query($connection, "INSERT INTO " . $tableName . " (name) VALUES ('Doe'), ('Joe')");
if (!$rc)
printf("[004] [%d] %s\n", mysqli_errno($connection), mysqli_error($connection));
$result = mysqli_query($connection, 'SELECT * FROM ' . $tableName . ' LIMIT 10');
if (!$result)
printf("[005] [%d] %s\n", mysqli_errno($result), mysqli_error($result));
while ($row = mysqli_fetch_object($result, 'TestRow', [42])) {
var_dump($row);
}
mysqli_close($connection);
?>
==DONE==
--EXPECTF--
object(TestRow)#%d (3) {
["set_from_constructor":"TestRow":private]=>
int(42)
["data":"TestRow":private]=>
array(2) {
["id"]=>
string(1) "1"
["name"]=>
string(3) "Doe"
}
["hello":"TestRow":private]=>
string(5) "world"
}
object(TestRow)#%d (3) {
["set_from_constructor":"TestRow":private]=>
int(42)
["data":"TestRow":private]=>
array(2) {
["id"]=>
string(1) "2"
["name"]=>
string(3) "Joe"
}
["hello":"TestRow":private]=>
string(5) "world"
}
==DONE==
......@@ -482,7 +482,11 @@ static inline void accel_restart_enter(TSRMLS_D)
#ifdef ZEND_WIN32
INCREMENT(restart_in);
#else
# ifdef _AIX
static FLOCK_STRUCTURE(restart_in_progress, F_WRLCK, SEEK_SET, 2, 1);
# else
static const FLOCK_STRUCTURE(restart_in_progress, F_WRLCK, SEEK_SET, 2, 1);
#endif
if (fcntl(lock_file, F_SETLK, &restart_in_progress) == -1) {
zend_accel_error(ACCEL_LOG_DEBUG, "RestartC(+1): %s (%d)", strerror(errno), errno);
......@@ -497,7 +501,11 @@ static inline void accel_restart_leave(TSRMLS_D)
ZCSG(restart_in_progress) = 0;
DECREMENT(restart_in);
#else
# ifdef _AIX
static FLOCK_STRUCTURE(restart_finished, F_UNLCK, SEEK_SET, 2, 1);
# else
static const FLOCK_STRUCTURE(restart_finished, F_UNLCK, SEEK_SET, 2, 1);
# endif
ZCSG(restart_in_progress) = 0;
if (fcntl(lock_file, F_SETLK, &restart_finished) == -1) {
......@@ -535,7 +543,11 @@ static inline void accel_activate_add(TSRMLS_D)
#ifdef ZEND_WIN32
INCREMENT(mem_usage);
#else
# ifdef _AIX
static FLOCK_STRUCTURE(mem_usage_lock, F_RDLCK, SEEK_SET, 1, 1);
# else
static const FLOCK_STRUCTURE(mem_usage_lock, F_RDLCK, SEEK_SET, 1, 1);
# endif
if (fcntl(lock_file, F_SETLK, &mem_usage_lock) == -1) {
zend_accel_error(ACCEL_LOG_DEBUG, "UpdateC(+1): %s (%d)", strerror(errno), errno);
......@@ -552,7 +564,11 @@ static inline void accel_deactivate_sub(TSRMLS_D)
ZCG(counted) = 0;
}
#else
# ifdef _AIX
static FLOCK_STRUCTURE(mem_usage_unlock, F_UNLCK, SEEK_SET, 1, 1);
# else
static const FLOCK_STRUCTURE(mem_usage_unlock, F_UNLCK, SEEK_SET, 1, 1);
# endif
if (fcntl(lock_file, F_SETLK, &mem_usage_unlock) == -1) {
zend_accel_error(ACCEL_LOG_DEBUG, "UpdateC(-1): %s (%d)", strerror(errno), errno);
......@@ -565,7 +581,11 @@ static inline void accel_unlock_all(TSRMLS_D)
#ifdef ZEND_WIN32
accel_deactivate_sub(TSRMLS_C);
#else
# ifdef _AIX
static FLOCK_STRUCTURE(mem_usage_unlock_all, F_UNLCK, SEEK_SET, 0, 0);
# else
static const FLOCK_STRUCTURE(mem_usage_unlock_all, F_UNLCK, SEEK_SET, 0, 0);
# endif
if (fcntl(lock_file, F_SETLK, &mem_usage_unlock_all) == -1) {
zend_accel_error(ACCEL_LOG_DEBUG, "UnlockAll: %s (%d)", strerror(errno), errno);
......
......@@ -2784,13 +2784,9 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type,
zend_fcall_info fci;
zend_fcall_info_cache fcc;
zval *retval_ptr;
zend_bool props_merged = 0;
object_and_properties_init(return_value, ce, NULL);
if (!ce->__set) {
props_merged = 1;
zend_merge_properties(return_value, Z_ARRVAL(dataset), 1 TSRMLS_CC);
}
zend_merge_properties(return_value, Z_ARRVAL(dataset), 1 TSRMLS_CC);
if (ce->constructor) {
fci.size = sizeof(fci);
......@@ -2824,10 +2820,6 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type,
if (zend_call_function(&fci, &fcc TSRMLS_CC) == FAILURE) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "Could not execute %s::%s()", ce->name, ce->constructor->common.function_name);
if (fci.params) {
efree(fci.params);
}
return;
} else {
if (retval_ptr) {
zval_ptr_dtor(&retval_ptr);
......@@ -2838,11 +2830,6 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type,
}
} else if (ctor_params) {
zend_throw_exception_ex(zend_exception_get_default(TSRMLS_C), 0 TSRMLS_CC, "Class %s does not have a constructor hence you cannot use ctor_params", ce->name);
return;
}
if (!props_merged) {
zend_merge_properties(return_value, Z_ARRVAL(dataset), 1 TSRMLS_CC);
}
}
}
......
--TEST--
Bug #71820 pg_fetch_object bind parameters before call constructor
--SKIPIF--
<?php
require_once('skipif.inc');
?>
--FILE--
<?php
require_once('config.inc');
$tableName = 'test_pg_fetch_object';
class TestRow
{
private $set_from_constructor;
private $data;
private $hello = 42;
public function __construct($set_from_constructor)
{
$this->set_from_constructor = $set_from_constructor;
}
public function __set($name, $value)
{
if (!isset($this->data[$name])) {
/* $this->set_from_constructor has an expected value */
$this->data[$name] = 42 == $this->set_from_constructor ? $value : -1;
return;
}
throw new \Exception('Duplicity column name.');
}
}
$connection = pg_connect($conn_str);
if (!$connection) {
die('Connection faild.');
}
$table = <<<SQL
CREATE TABLE IF NOT EXISTS $tableName (
id serial NOT NULL,
name character varying NOT NULL
);
SQL;
pg_query($connection, $table);
pg_query_params('INSERT INTO ' . $tableName . ' (name) VALUES ($1), ($2);', ['$1' => 'Doe', '$2' => 'Joe']);
$result = pg_query('SELECT * FROM ' . $tableName . ' LIMIT 10;');
while ($row = pg_fetch_object($result, NULL, 'TestRow', [42])) {
var_dump($row);
}
pg_query($connection, "DROP TABLE $tableName");
pg_close($connection);
?>
==DONE==
--EXPECTF--
object(TestRow)#%d (3) {
["set_from_constructor":"TestRow":private]=>
int(42)
["data":"TestRow":private]=>
array(2) {
["id"]=>
string(1) "1"
["name"]=>
string(3) "Doe"
}
["hello":"TestRow":private]=>
int(42)
}
object(TestRow)#%d (3) {
["set_from_constructor":"TestRow":private]=>
int(42)
["data":"TestRow":private]=>
array(2) {
["id"]=>
string(1) "2"
["name"]=>
string(3) "Joe"
}
["hello":"TestRow":private]=>
int(42)
}
==DONE==
......@@ -1762,6 +1762,12 @@ PHPAPI PHP_FUNCTION(fread)
RETURN_FALSE;
}
if (len > INT_MAX) {
/* string length is int in 5.x so we can not read more than int */
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
RETURN_FALSE;
}
Z_STRVAL_P(return_value) = emalloc(len + 1);
Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len);
......
......@@ -175,7 +175,7 @@ static inline unsigned int get_next_char(
else
MB_FAILURE(pos, 4);
}
this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f);
if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */
MB_FAILURE(pos, 4);
......@@ -449,7 +449,7 @@ det_charset:
if (charset_hint) {
int found = 0;
/* now walk the charset map and look for the codeset */
for (i = 0; charset_map[i].codeset; i++) {
if (len == strlen(charset_map[i].codeset) && strncasecmp(charset_hint, charset_map[i].codeset, len) == 0) {
......@@ -557,7 +557,7 @@ static inline unsigned char unimap_bsearch(const uni_to_enc *table, unsigned cod
return 0;
code_key = (unsigned short) code_key_a;