Commit 260c6bf5 authored by Ondrej Sury's avatar Ondrej Sury

Imported Upstream version 5.6.26+dfsg

parent 0c365941
......@@ -205,7 +205,7 @@ STATUS: Working
SINCE: 5.1
-------------------------------------------------------------------------------
EXTENSION: pdo_oci
PRIMARY MAINTAINER: Unknown
PRIMARY MAINTAINER: Christopher Jones <sixd@php.net>
MAINTENANCE: Odd fixes
STATUS: Working
SINCE: 5.1
......
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
15 Sep 2016, PHP 5.6.26
- Core:
. Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer
(zend_gc.c:260)). (Laruence)
- Dba:
. Fixed bug #71514 (Bad dba_replace condition because of wrong API usage).
(cmb)
. Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
(cmb)
- EXIF:
. Fixed bug #72926 (Uninitialized Thumbail Data Leads To Memory Leakage in
exif_process_IFD_in_TIFF). (Stas)
- FTP:
. Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
require_ssl_reuse). (Benedict Singer)
- GD:
. Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
images). (cmb)
. Fixed bug #72913 (imagecopy() loses single-color transparency on palette
images). (cmb)
. Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
- Intl:
. Fixed bug #73007 (add locale length check). (Stas)
- JSON:
. Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka)
- mbstring:
. Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
. Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by
mb_ereg_match()). (Stas)
- MSSQL:
. Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)
- Mysqlnd:
. Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)
- Phar:
. Fixed bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile). (Stas)
. Fixed bug #73035 (Out of bound when verify signature of tar phar in
phar_parse_tarfile). (Stas)
- PDO:
. Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
returns false). (cmb)
- PDO_pgsql:
. Implemented FR #72633 (Postgres PDO lastInsertId() should work without
specifying a sequence). (Pablo Santiago Sánchez, Matteo)
. Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)
- SPL:
. Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)
- Standard:
. Fixed bug #72823 (strtr out-of-bound access). (cmb)
. Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
. Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
(cmb)
. Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
(cmb)
. Fixed bug #73011 (integer overflow in fgets cause heap corruption). (Stas)
. Fixed bug #73017 (memory corruption in wordwrap function). (Stas)
. Fixed bug #73045 (integer overflow in fgetcsv caused heap corruption). (Stas)
. Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)
(Stas)
- Streams:
. Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
- Wddx:
. Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
. Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)
- XML:
. Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
. Fixed bug #72927 (integer overflow in xml_utf8_encode). (Stas)
- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
18 Aug 2016, PHP 5.6.25
- Bz2:
......@@ -19,6 +108,8 @@ PHP NEWS
. Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization). (Stas)
. Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
. Fixed URL rewriter partially. It would not rewrite '//example.com/' URL
unconditionally. Only requested host(HTTP_HOST) is rewritten. (Yasuo)
- Calendar:
. Fixed bug #67976 (cal_days_month() fails for final month of the French
......@@ -79,6 +170,9 @@ PHP NEWS
. Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
(ju1ius)
- OCI8:
. Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
- PCRE:
. Fixed bug #72688 (preg_match missing group names in matches). (cmb)
......@@ -100,7 +194,6 @@ PHP NEWS
. Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas)
. Fixed bug #72849 (integer overflow in urlencode). (Stas)
. Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
. Fixed bug #72716 (initialize buffer before read). (Stas)
- Streams:
. Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
......
......@@ -616,6 +616,12 @@ TSRM_API int shmget(int key, int size, int flags)
}
} else {
if (flags & IPC_EXCL) {
if (shm_handle) {
CloseHandle(shm_handle);
}
if (info_handle) {
CloseHandle(info_handle);
}
return -1;
}
}
......@@ -654,17 +660,27 @@ TSRM_API int shmget(int key, int size, int flags)
TSRM_API void *shmat(int key, const void *shmaddr, int flags)
{
shm_pair *shm = shm_get(key, NULL);
int err;
if (!shm->segment) {
return (void*)-1;
}
shm->addr = MapViewOfFileEx(shm->segment, FILE_MAP_ALL_ACCESS, 0, 0, 0, NULL);
err = GetLastError();
if (err) {
/* Catch more errors */
if (ERROR_NOT_ENOUGH_MEMORY == err) {
_set_errno(ENOMEM);
}
return (void*)-1;
}
shm->descriptor->shm_atime = time(NULL);
shm->descriptor->shm_lpid = getpid();
shm->descriptor->shm_nattch++;
shm->addr = MapViewOfFileEx(shm->segment, FILE_MAP_ALL_ACCESS, 0, 0, 0, NULL);
return shm->addr;
}
......
--TEST--
Bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260))
--FILE--
<?php
$a = 0;
($a->a = &$E) + ($b = $a->b->i -= 0);
?>
--EXPECTF--
Warning: Attempt to modify property of non-object in %sbug72907.php on line %d
Warning: Attempt to modify property of non-object in %sbug72907.php on line %d
Warning: Creating default object from empty value in %sbug72907.php on line %d
Notice: Undefined property: stdClass::$i in %sbug72907.php on line %d
......@@ -1279,9 +1279,14 @@ ZEND_API int add_assoc_double_ex(zval *arg, const char *key, uint key_len, doubl
ZEND_API int add_assoc_string_ex(zval *arg, const char *key, uint key_len, char *str, int duplicate) /* {{{ */
{
zval *tmp;
size_t _len = strlen(str);
if (UNEXPECTED(_len > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRING(tmp, str, duplicate);
ZVAL_STRINGL(tmp, str, _len, duplicate);
return zend_symtable_update(Z_ARRVAL_P(arg), key, key_len, (void *) &tmp, sizeof(zval *), NULL);
}
......@@ -1291,6 +1296,10 @@ ZEND_API int add_assoc_stringl_ex(zval *arg, const char *key, uint key_len, char
{
zval *tmp;
if (UNEXPECTED(length > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRINGL(tmp, str, length, duplicate);
......@@ -1362,6 +1371,11 @@ ZEND_API int add_index_double(zval *arg, ulong index, double d) /* {{{ */
ZEND_API int add_index_string(zval *arg, ulong index, const char *str, int duplicate) /* {{{ */
{
zval *tmp;
size_t _len = strlen(str);
if (UNEXPECTED(_len > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRING(tmp, str, duplicate);
......@@ -1374,6 +1388,10 @@ ZEND_API int add_index_stringl(zval *arg, ulong index, const char *str, uint len
{
zval *tmp;
if (UNEXPECTED(length > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRINGL(tmp, str, length, duplicate);
......@@ -1457,6 +1475,9 @@ ZEND_API int add_next_index_stringl(zval *arg, const char *str, uint length, int
{
zval *tmp;
if (UNEXPECTED(length > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRINGL(tmp, str, length, duplicate);
......@@ -1473,9 +1494,14 @@ ZEND_API int add_next_index_zval(zval *arg, zval *value) /* {{{ */
ZEND_API int add_get_assoc_string_ex(zval *arg, const char *key, uint key_len, const char *str, void **dest, int duplicate) /* {{{ */
{
zval *tmp;
size_t _len = strlen(str);
if (UNEXPECTED(_len > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRING(tmp, str, duplicate);
ZVAL_STRINGL(tmp, str, _len, duplicate);
return zend_symtable_update(Z_ARRVAL_P(arg), key, key_len, (void *) &tmp, sizeof(zval *), dest);
}
......@@ -1485,6 +1511,10 @@ ZEND_API int add_get_assoc_stringl_ex(zval *arg, const char *key, uint key_len,
{
zval *tmp;
if (UNEXPECTED(length > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRINGL(tmp, str, length, duplicate);
......@@ -1664,9 +1694,14 @@ ZEND_API int add_property_string_ex(zval *arg, const char *key, uint key_len, co
{
zval *tmp;
zval *z_key;
size_t _len = strlen(str);
if (UNEXPECTED(_len > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRING(tmp, str, duplicate);
ZVAL_STRINGL(tmp, str, _len, duplicate);
MAKE_STD_ZVAL(z_key);
ZVAL_STRINGL(z_key, key, key_len-1, 1);
......@@ -1683,6 +1718,10 @@ ZEND_API int add_property_stringl_ex(zval *arg, const char *key, uint key_len, c
zval *tmp;
zval *z_key;
if (UNEXPECTED(length > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String overflow, max size is %d", INT_MAX);
}
MAKE_STD_ZVAL(tmp);
ZVAL_STRINGL(tmp, str, length, duplicate);
......
......@@ -654,6 +654,20 @@ END_EXTERN_C()
} while (0)
#define RETURN_ZVAL_FAST(z) { RETVAL_ZVAL_FAST(z); return; }
/* Check that returned string length fits int */
#define RETVAL_STRINGL_CHECK(s, len, dup) do { \
size_t __len = (len); \
if (UNEXPECTED(__len > INT_MAX)) { \
php_error_docref(NULL TSRMLS_CC, E_WARNING, "String too long, max is %d", INT_MAX); \
if(!(dup)) { \
efree((s)); \
} \
RETURN_FALSE; \
} \
RETVAL_STRINGL((s), __len, (dup)); \
} while (0)
#define SET_VAR_STRING(n, v) { \
{ \
zval *var; \
......
......@@ -2578,6 +2578,15 @@ static inline size_t safe_address(size_t nmemb, size_t size, size_t offset)
#endif
ZEND_API void *_safe_emalloc_string(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
{
size_t str_size = safe_address(nmemb, size, offset);
if (UNEXPECTED(str_size > INT_MAX)) {
zend_error_noreturn(E_ERROR, "String allocation overflow, max size is %d", INT_MAX);
}
return emalloc_rel(str_size);
}
ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
{
return emalloc_rel(safe_address(nmemb, size, offset));
......
......@@ -56,6 +56,7 @@ ZEND_API char *zend_strndup(const char *s, unsigned int length) ZEND_ATTRIBUTE_M
ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTRIBUTE_ALLOC_SIZE(1);
ZEND_API void *_safe_emalloc(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC;
ZEND_API void *_safe_emalloc_string(size_t nmemb, size_t size, size_t offset ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC;
ZEND_API void *_safe_malloc(size_t nmemb, size_t size, size_t offset) ZEND_ATTRIBUTE_MALLOC;
ZEND_API void _efree(void *ptr ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC);
ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_MALLOC ZEND_ATTRIBUTE_ALLOC_SIZE2(1,2);
......@@ -69,6 +70,7 @@ ZEND_API size_t _zend_mem_block_size(void *ptr TSRMLS_DC ZEND_FILE_LINE_DC ZEND_
/* Standard wrapper macros */
#define emalloc(size) _emalloc((size) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
#define safe_emalloc(nmemb, size, offset) _safe_emalloc((nmemb), (size), (offset) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
#define safe_emalloc_string(nmemb, size, offset) _safe_emalloc_string((nmemb), (size), (offset) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
#define efree(ptr) _efree((ptr) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
#define ecalloc(nmemb, size) _ecalloc((nmemb), (size) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
#define erealloc(ptr, size) _erealloc((ptr), (size), 0 ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
......
......@@ -522,9 +522,7 @@ static void zend_assign_to_variable_reference(zval **variable_ptr_ptr, zval **va
zval *variable_ptr = *variable_ptr_ptr;
zval *value_ptr = *value_ptr_ptr;
if (variable_ptr == &EG(error_zval) || value_ptr == &EG(error_zval)) {
variable_ptr_ptr = &EG(uninitialized_zval_ptr);
} else if (variable_ptr != value_ptr) {
if (variable_ptr != value_ptr) {
if (!PZVAL_IS_REF(value_ptr)) {
/* break it away */
Z_DELREF_P(value_ptr);
......
......@@ -307,7 +307,7 @@ ZEND_API void zend_object_store_ctor_failed(zval *zobject TSRMLS_DC)
zend_object_handle handle = Z_OBJ_HANDLE_P(zobject);
zend_object_store_bucket *obj_bucket = &EG(objects_store).object_buckets[handle];
obj_bucket->bucket.obj.handlers = Z_OBJ_HT_P(zobject);;
obj_bucket->bucket.obj.handlers = Z_OBJ_HT_P(zobject);
obj_bucket->destructor_called = 1;
}
......
......@@ -1817,12 +1817,15 @@ ZEND_VM_HANDLER(39, ZEND_ASSIGN_REF, VAR|CV, VAR|CV)
if ((OP2_TYPE == IS_VAR && UNEXPECTED(value_ptr_ptr == NULL)) ||
(OP1_TYPE == IS_VAR && UNEXPECTED(variable_ptr_ptr == NULL))) {
zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets nor overloaded objects");
}
} else if ((OP2_TYPE == IS_VAR && UNEXPECTED(*value_ptr_ptr == &EG(error_zval))) ||
(OP1_TYPE == IS_VAR && UNEXPECTED(*variable_ptr_ptr == &EG(error_zval)))) {
variable_ptr_ptr = &EG(uninitialized_zval_ptr);
} else {
zend_assign_to_variable_reference(variable_ptr_ptr, value_ptr_ptr TSRMLS_CC);
if (OP2_TYPE == IS_VAR && opline->extended_value == ZEND_RETURNS_NEW) {
Z_DELREF_PP(variable_ptr_ptr);
}
}
if (RETURN_VALUE_USED(opline)) {
PZVAL_LOCK(*variable_ptr_ptr);
......
......@@ -20408,12 +20408,15 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HANDL
if ((IS_VAR == IS_VAR && UNEXPECTED(value_ptr_ptr == NULL)) ||
(IS_VAR == IS_VAR && UNEXPECTED(variable_ptr_ptr == NULL))) {
zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets nor overloaded objects");
}
} else if ((IS_VAR == IS_VAR && UNEXPECTED(*value_ptr_ptr == &EG(error_zval))) ||
(IS_VAR == IS_VAR && UNEXPECTED(*variable_ptr_ptr == &EG(error_zval)))) {
variable_ptr_ptr = &EG(uninitialized_zval_ptr);
} else {
zend_assign_to_variable_reference(variable_ptr_ptr, value_ptr_ptr TSRMLS_CC);
if (IS_VAR == IS_VAR && opline->extended_value == ZEND_RETURNS_NEW) {
Z_DELREF_PP(variable_ptr_ptr);
}
}
if (RETURN_VALUE_USED(opline)) {
PZVAL_LOCK(*variable_ptr_ptr);
......@@ -23903,12 +23906,15 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDLE
if ((IS_CV == IS_VAR && UNEXPECTED(value_ptr_ptr == NULL)) ||
(IS_VAR == IS_VAR && UNEXPECTED(variable_ptr_ptr == NULL))) {
zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets nor overloaded objects");
}
} else if ((IS_CV == IS_VAR && UNEXPECTED(*value_ptr_ptr == &EG(error_zval))) ||
(IS_VAR == IS_VAR && UNEXPECTED(*variable_ptr_ptr == &EG(error_zval)))) {
variable_ptr_ptr = &EG(uninitialized_zval_ptr);
} else {
zend_assign_to_variable_reference(variable_ptr_ptr, value_ptr_ptr TSRMLS_CC);
if (IS_CV == IS_VAR && opline->extended_value == ZEND_RETURNS_NEW) {
Z_DELREF_PP(variable_ptr_ptr);
}
}
if (RETURN_VALUE_USED(opline)) {
PZVAL_LOCK(*variable_ptr_ptr);
......@@ -37721,12 +37727,15 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDLE
if ((IS_VAR == IS_VAR && UNEXPECTED(value_ptr_ptr == NULL)) ||
(IS_CV == IS_VAR && UNEXPECTED(variable_ptr_ptr == NULL))) {
zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets nor overloaded objects");
}
} else if ((IS_VAR == IS_VAR && UNEXPECTED(*value_ptr_ptr == &EG(error_zval))) ||
(IS_CV == IS_VAR && UNEXPECTED(*variable_ptr_ptr == &EG(error_zval)))) {
variable_ptr_ptr = &EG(uninitialized_zval_ptr);
} else {
zend_assign_to_variable_reference(variable_ptr_ptr, value_ptr_ptr TSRMLS_CC);
if (IS_VAR == IS_VAR && opline->extended_value == ZEND_RETURNS_NEW) {
Z_DELREF_PP(variable_ptr_ptr);
}
}
if (RETURN_VALUE_USED(opline)) {
PZVAL_LOCK(*variable_ptr_ptr);
......@@ -40929,12 +40938,15 @@ static int ZEND_FASTCALL ZEND_ASSIGN_REF_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLER
if ((IS_CV == IS_VAR && UNEXPECTED(value_ptr_ptr == NULL)) ||
(IS_CV == IS_VAR && UNEXPECTED(variable_ptr_ptr == NULL))) {
zend_error_noreturn(E_ERROR, "Cannot create references to/from string offsets nor overloaded objects");
}
} else if ((IS_CV == IS_VAR && UNEXPECTED(*value_ptr_ptr == &EG(error_zval))) ||
(IS_CV == IS_VAR && UNEXPECTED(*variable_ptr_ptr == &EG(error_zval)))) {
variable_ptr_ptr = &EG(uninitialized_zval_ptr);
} else {
zend_assign_to_variable_reference(variable_ptr_ptr, value_ptr_ptr TSRMLS_CC);
if (IS_CV == IS_VAR && opline->extended_value == ZEND_RETURNS_NEW) {
Z_DELREF_PP(variable_ptr_ptr);
}
}
if (RETURN_VALUE_USED(opline)) {
PZVAL_LOCK(*variable_ptr_ptr);
......@@ -3672,7 +3672,7 @@ ac_config_headers="$ac_config_headers main/php_config.h"
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=6
PHP_RELEASE_VERSION=25
PHP_RELEASE_VERSION=26
PHP_EXTRA_VERSION=""
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr $PHP_MAJOR_VERSION \* 10000 + $PHP_MINOR_VERSION \* 100 + $PHP_RELEASE_VERSION`
......@@ -103047,6 +103047,9 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
if test "$ac_cv_sizeof_off_t" = "0" ; then
as_fn_error $? "off_t undefined; check your library configuration" "$LINENO" 5
fi
# The cast to long int works around a bug in the HP C Compiler
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
......@@ -105733,7 +105736,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 105736 "configure"
#line 105739 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
......@@ -107645,7 +107648,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 107648 "configure"' > conftest.$ac_ext
echo '#line 107651 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
......@@ -109043,7 +109046,7 @@ else
LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
cat > conftest.$ac_ext <<EOF
#line 109046 "configure"
#line 109049 "configure"
#include "confdefs.h"
int main() {
; return 0; }
......@@ -109201,11 +109204,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"configure:109204: $lt_compile\"" >&5)
(eval echo "\"configure:109207: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "configure:109208: \$? = $ac_status" >&5
echo "configure:109211: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
......@@ -109499,11 +109502,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"configure:109502: $lt_compile\"" >&5)
(eval echo "\"configure:109505: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "configure:109506: \$? = $ac_status" >&5
echo "configure:109509: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
......@@ -109603,11 +109606,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"configure:109606: $lt_compile\"" >&5)
(eval echo "\"configure:109609: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "configure:109610: \$? = $ac_status" >&5
echo "configure:109613: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
......@@ -110067,7 +110070,7 @@ _LT_EOF
# Determine the default libpath from the value encoded in an empty executable.
cat > conftest.$ac_ext <<EOF
#line 110070 "configure"
#line 110073 "configure"
#include "confdefs.h"
int main() {
; return 0; }
......@@ -110109,7 +110112,7 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
# Determine the default libpath from the value encoded in an empty executable.
cat > conftest.$ac_ext <<EOF
#line 110112 "configure"
#line 110115 "configure"
#include "confdefs.h"
int main() {
; return 0; }
......@@ -111626,7 +111629,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 111629 "configure"
#line 111632 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
......@@ -111726,7 +111729,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 111729 "configure"
#line 111732 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
......@@ -112791,7 +112794,7 @@ case $host_os in
# Determine the default libpath from the value encoded in an empty executable.
cat > conftest.$ac_ext <<EOF
#line 112794 "configure"
#line 112797 "configure"
#include "confdefs.h"
int main() {
; return 0; }
......@@ -112834,7 +112837,7 @@ if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
# Determine the default libpath from the value encoded in an empty executable.
cat > conftest.$ac_ext <<EOF
#line 112837 "configure"
#line 112840 "configure"
#include "confdefs.h"
int main() {
; return 0; }
......@@ -114086,11 +114089,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"configure:114089: $lt_compile\"" >&5)
(eval echo "\"configure:114092: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "configure:114093: \$? = $ac_status" >&5
echo "configure:114096: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
......@@ -114190,11 +114193,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"configure:114193: $lt_compile\"" >&5)
(eval echo "\"configure:114196: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "configure:114197: \$? = $ac_status" >&5
echo "configure:114200: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
......@@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=6
PHP_RELEASE_VERSION=25
PHP_RELEASE_VERSION=26
PHP_EXTRA_VERSION=""
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
......
......@@ -1851,8 +1851,9 @@ static void create_certinfo(struct curl_certinfo *ci, zval *listcode TSRMLS_DC)
int len;
char s[64];
char *tmp;
strncpy(s, slist->data, 64);
tmp = memchr(s, ':', 64);
strncpy(s, slist->data, sizeof(s));
s[sizeof(s)-1] = '\0';
tmp = memchr(s, ':', sizeof(s));
if(tmp) {
*tmp = '\0';
len = strlen(s);
......
......@@ -250,6 +250,7 @@ val_type inifile_fetch(inifile *dba, const key_type *key, int skip TSRMLS_DC) {
if (skip == -1 && dba->next.key.group && dba->next.key.name && !inifile_key_cmp(&dba->next.key, key TSRMLS_CC)) {
/* we got position already from last fetch */
php_stream_seek(dba->fp, dba->next.pos, SEEK_SET);
ln.key.group = estrdup(dba->next.key.group);
} else {
/* specific instance or not same key -> restart search */
/* the slow way: restart and seacrch */
......@@ -402,7 +403,7 @@ static int inifile_copy_to(inifile *dba, size_t pos_start, size_t pos_end, inifi
return FAILURE;
}
php_stream_seek(dba->fp, pos_start, SEEK_SET);
if (!php_stream_copy_to_stream_ex(dba->fp, fp, pos_end - pos_start, NULL)) {
if (SUCCESS != php_stream_copy_to_stream_ex(dba->fp, fp, pos_end - pos_start, NULL)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not copy group [%zu - %zu] to temporary stream", pos_start, pos_end);
return FAILURE;
}
......@@ -427,7 +428,7 @@ static int inifile_filter(inifile *dba, inifile *from, const key_type *key TSRML
pos_curr = php_stream_tell(from->fp);
if (pos_start != pos_next) {
php_stream_seek(from->fp, pos_start, SEEK_SET);
if (!php_stream_copy_to_stream_ex(from->fp, dba->fp, pos_next - pos_start, NULL)) {
if (SUCCESS != php_stream_copy_to_stream_ex(from->fp, dba->fp, pos_next - pos_start, NULL)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not copy [%zu - %zu] from temporary stream", pos_next, pos_start);
ret = FAILURE;
}
......@@ -446,7 +447,7 @@ static int inifile_filter(inifile *dba, inifile *from, const key_type *key TSRML
}
if (pos_start != pos_next) {
php_stream_seek(from->fp, pos_start, SEEK_SET);
if (!php_stream_copy_to_stream_ex(from->fp, dba->fp, pos_next - pos_start, NULL)) {
if (SUCCESS != php_stream_copy_to_stream_ex(from->fp, dba->fp, pos_next - pos_start, NULL)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not copy [%zu - %zu] from temporary stream", pos_next, pos_start);
ret = FAILURE;
}
......@@ -497,7 +498,7 @@ static int inifile_delete_replace_append(inifile *dba, const key_type *key, cons
php_stream_seek(dba->fp, 0, SEEK_END);
if (pos_grp_next != (size_t)php_stream_tell(dba->fp)) {
php_stream_seek(dba->fp, pos_grp_next, SEEK_SET);
if (!php_stream_copy_to_stream_ex(dba->fp, fp_tmp, PHP_STREAM_COPY_ALL, NULL)) {
if (SUCCESS != php_stream_copy_to_stream_ex(dba->fp, fp_tmp, PHP_STREAM_COPY_ALL, NULL)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not copy remainder to temporary stream");
ret = FAILURE;
}
......@@ -538,7 +539,7 @@ static int inifile_delete_replace_append(inifile *dba, const key_type *key, cons
if (fp_tmp && php_stream_tell(fp_tmp)) {
php_stream_seek(fp_tmp, 0, SEEK_SET);
php_stream_seek(dba->fp, 0, SEEK_END);
if (!php_stream_copy_to_stream_ex(fp_tmp, dba->fp, PHP_STREAM_COPY_ALL, NULL)) {
if (SUCCESS != php_stream_copy_to_stream_ex(fp_tmp, dba->fp, PHP_STREAM_COPY_ALL, NULL)) {
php_error_docref(NULL TSRMLS_CC, E_RECOVERABLE_ERROR, "Could not copy from temporary stream - ini file truncated");
ret = FAILURE;
}
......