Commit 790af260 authored by Ondrej Sury's avatar Ondrej Sury

New upstream version 5.6.30+dfsg

parent a153011f
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017, PHP 5.6.30
- EXIF:
. Fixed bug #73737 (FPE when parsing a tag format). (Stas)
- GD:
. Fixed bug #73549 (Use after free when stream is passed to imagepng). (cmb)
. Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
. Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)
- Intl:
. Fixed bug #68447 (grapheme_extract take an extra trailing character).
(SATŌ Kentarō)
- Phar:
. Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
. Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
. Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)
- SQLite3:
. Reverted fix for bug #73530 (Unsetting result set may reset other result
set). (cmb)
- Standard:
. Fixed bug #70213 (Unserialize context shared on double class lookup).
(Taoguang Chen)
. Fixed bug #73825 (Heap out of bounds read on unserialize in
finish_nested_data()). (Stas)
08 Dec 2016, PHP 5.6.29
- Mbstring:
. Fixed bug #73505 (string length overflow in mbfl_memory_device_output
function). (Stas)
- Mysqlnd:
. Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb)
......@@ -24,11 +57,11 @@ PHP NEWS
. Fixed bug #73530 (Unsetting result set may reset other result set). (cmb)
- Standard:
. Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
(rowan dot collins at gmail dot com)
. Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
(rowan dot collins at gmail dot com)
- WDDX:
. Fixed bug #73631 (Memory leak due to invalid wddx stack processing).
. Fixed bug #73631 (Memory leak due to invalid wddx stack processing).
(bughunter at fosec dot vn).
10 Nov 2016, PHP 5.6.28
......
......@@ -1184,6 +1184,10 @@ ZEND_API zend_function *zend_std_get_static_method(zend_class_entry *ce, const c
ALLOCA_FLAG(use_heap)
if (EXPECTED(key != NULL)) {
#if (ZEND_GCC_VERSION == 4009) && !(defined(ZTS) && defined(NETWARE)) && !(defined(ZTS) && defined(HPUX)) && !defined(DARWIN)
/* This is a workaround for bug in GCC 4.9.2 */
use_heap = 0;
#endif
lc_function_name = Z_STRVAL(key->constant);
hash_value = key->hash_value;
} else {
......
......@@ -2263,7 +2263,7 @@ AC_DEFUN([PHP_SETUP_KERBEROS],[
fi
dnl If krb5-config is found try using it
if test "$PHP_KERBEROS" = "yes" && test -x "$KRB5_CONFIG"; then
if test "$PHP_KERBEROS" != "no" && test -x "$KRB5_CONFIG"; then
KERBEROS_LIBS=`$KRB5_CONFIG --libs gssapi`
KERBEROS_CFLAGS=`$KRB5_CONFIG --cflags gssapi`
......
......@@ -2263,7 +2263,7 @@ AC_DEFUN([PHP_SETUP_KERBEROS],[
fi
dnl If krb5-config is found try using it
if test "$PHP_KERBEROS" = "yes" && test -x "$KRB5_CONFIG"; then
if test "$PHP_KERBEROS" != "no" && test -x "$KRB5_CONFIG"; then
KERBEROS_LIBS=`$KRB5_CONFIG --libs gssapi`
KERBEROS_CFLAGS=`$KRB5_CONFIG --cflags gssapi`
......
......@@ -3672,7 +3672,7 @@ ac_config_headers="$ac_config_headers main/php_config.h"
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=6
PHP_RELEASE_VERSION=29
PHP_RELEASE_VERSION=30
PHP_EXTRA_VERSION=""
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr $PHP_MAJOR_VERSION \* 10000 + $PHP_MINOR_VERSION \* 100 + $PHP_RELEASE_VERSION`
......@@ -24086,7 +24086,7 @@ fi
fi
if test "$PHP_KERBEROS" = "yes" && test -x "$KRB5_CONFIG"; then
if test "$PHP_KERBEROS" != "no" && test -x "$KRB5_CONFIG"; then
KERBEROS_LIBS=`$KRB5_CONFIG --libs gssapi`
KERBEROS_CFLAGS=`$KRB5_CONFIG --cflags gssapi`
......@@ -49036,7 +49036,7 @@ fi
fi
if test "$PHP_KERBEROS" = "yes" && test -x "$KRB5_CONFIG"; then
if test "$PHP_KERBEROS" != "no" && test -x "$KRB5_CONFIG"; then
KERBEROS_LIBS=`$KRB5_CONFIG --libs gssapi`
KERBEROS_CFLAGS=`$KRB5_CONFIG --cflags gssapi`
......@@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
PHP_MAJOR_VERSION=5
PHP_MINOR_VERSION=6
PHP_RELEASE_VERSION=29
PHP_RELEASE_VERSION=30
PHP_EXTRA_VERSION=""
PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
......
......@@ -35,7 +35,7 @@ static void curlfile_ctor(INTERNAL_FUNCTION_PARAMETERS)
int fname_len, mime_len, postname_len;
zval *cf = return_value;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ss", &fname, &fname_len, &mime, &mime_len, &postname, &postname_len) == FAILURE) {
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|ss", &fname, &fname_len, &mime, &mime_len, &postname, &postname_len) == FAILURE) {
return;
}
......
This diff is collapsed.
......@@ -1303,7 +1303,7 @@ static size_t exif_convert_any_to_int(void *value, int format, int motorola_inte
if (s_den == 0) {
return 0;
} else {
return php_ifd_get32s(value, motorola_intel) / s_den;
return (size_t)((double)php_ifd_get32s(value, motorola_intel) / s_den);
}
case TAG_FMT_SSHORT: return php_ifd_get16u(value, motorola_intel);
......@@ -2855,7 +2855,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
}
if (components < 0) {
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components);
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%d)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components);
return FALSE;
}
......@@ -4210,7 +4210,7 @@ PHP_FUNCTION(exif_imagetype)
php_stream * stream;
int itype = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &imagefile, &imagefile_len) == FAILURE) {
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &imagefile, &imagefile_len) == FAILURE) {
return;
}
......
--TEST--
Bug #73737 (Crash when parsing a tag format)
--SKIPIF--
<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
--FILE--
<?php
$exif = exif_thumbnail(__DIR__ . '/bug73737.tiff');
var_dump($exif);
?>
--EXPECTF--
Warning: exif_thumbnail(bug73737.tiff): Error in TIFF: filesize(x0030) less than start of IFD dir(x10102) in %s line %d
bool(false)
......@@ -142,23 +142,23 @@ Warning: exif_imagetype(0.5): failed to open stream: No such file or directory i
bool(false)
-- Iteration 10 --
Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
NULL
-- Iteration 11 --
Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
NULL
-- Iteration 12 --
Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
NULL
-- Iteration 13 --
Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
NULL
-- Iteration 14 --
Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
NULL
-- Iteration 15 --
......@@ -198,7 +198,7 @@ Warning: exif_imagetype(obj'ct): failed to open stream: No such file or director
bool(false)
-- Iteration 24 --
Warning: exif_imagetype() expects parameter 1 to be string, resource given in %s on line %d
Warning: exif_imagetype() expects parameter 1 to be a valid path, resource given in %s on line %d
NULL
-- Iteration 25 --
......
......@@ -61,6 +61,16 @@ static int _php_image_stream_putbuf(struct gdIOCtx *ctx, const void* buf, int l)
}
static void _php_image_stream_ctxfree(struct gdIOCtx *ctx)
{
if(ctx->data) {
ctx->data = NULL;
}
if(ctx) {
efree(ctx);
}
} /* }}} */
static void _php_image_stream_ctxfreeandclose(struct gdIOCtx *ctx) /* {{{ */
{
TSRMLS_FETCH();
......@@ -87,6 +97,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
gdIOCtx *ctx = NULL;
zval *to_zval = NULL;
php_stream *stream;
int close_stream = 1;
/* The third (quality) parameter for Wbmp stands for the threshold when called from image2wbmp().
* The third (quality) parameter for Wbmp and Xbm stands for the foreground color index when called
......@@ -123,6 +134,7 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
if (stream == NULL) {
RETURN_FALSE;
}
close_stream = 0;
} else if (Z_TYPE_P(to_zval) == IS_STRING) {
if (CHECK_ZVAL_NULL_PATH(to_zval)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes");
......@@ -159,7 +171,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
ctx = emalloc(sizeof(gdIOCtx));
ctx->putC = _php_image_stream_putc;
ctx->putBuf = _php_image_stream_putbuf;
ctx->gd_free = _php_image_stream_ctxfree;
if (close_stream) {
ctx->gd_free = _php_image_stream_ctxfreeandclose;
} else {
ctx->gd_free = _php_image_stream_ctxfree;
}
ctx->data = (void *)stream;
}
......
......@@ -136,6 +136,10 @@ static int _gd2GetHeader(gdIOCtxPtr in, int *sx, int *sy, int *cs, int *vers, in
GD2_DBG(php_gd_error("%d Chunks vertically", *ncy));
if (gd2_compressed(*fmt)) {
if (*ncx <= 0 || *ncy <= 0 || *ncx > INT_MAX / *ncy) {
GD2_DBG(printf ("Illegal chunk counts: %d * %d\n", *ncx, *ncy));
goto fail1;
}
nc = (*ncx) * (*ncy);
GD2_DBG(php_gd_error("Reading %d chunk index entries", nc));
if (overflow2(sizeof(t_chunk_info), nc)) {
......@@ -340,12 +344,16 @@ gdImagePtr gdImageCreateFromGd2Ctx (gdIOCtxPtr in)
for (x = xlo; x < xhi; x++) {
if (im->trueColor) {
if (!gdGetInt(&im->tpixels[y][x], in)) {
im->tpixels[y][x] = 0;
php_gd_error("gd2: EOF while reading\n");
gdImageDestroy(im);
return NULL;
}
} else {
int ch;
if (!gdGetByte(&ch, in)) {
ch = 0;
php_gd_error("gd2: EOF while reading\n");
gdImageDestroy(im);
return NULL;
}
im->pixels[y][x] = ch;
}
......
--TEST--
Bug #73549 (Use after free when stream is passed to imagepng)
--SKIPIF--
<?php
if (!extension_loaded('gd')) die('skip gd extension not available');
?>
--FILE--
<?php
$stream = fopen(__DIR__ . DIRECTORY_SEPARATOR . 'bug73549.png', 'w');
$im = imagecreatetruecolor(8, 8);
var_dump(imagepng($im, $stream));
var_dump($stream);
?>
===DONE===
--EXPECTF--
bool(true)
resource(%d) of type (stream)
===DONE===
--CLEAN--
<?php
unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug73549.png');
?>
--TEST--
Bug 73868 (DOS vulnerability in gdImageCreateFromGd2Ctx())
--SKIPIF--
<?php
if (!extension_loaded('gd')) die('skip gd extension not available');
?>
--FILE--
<?php
var_dump(imagecreatefromgd2(__DIR__ . DIRECTORY_SEPARATOR . 'bug73868.gd2'));
?>
===DONE===
--EXPECTF--
Warning: imagecreatefromgd2(): gd2: EOF while reading
in %s on line %d
Warning: imagecreatefromgd2(): '%s' is not a valid GD2 file in %s on line %d
bool(false)
===DONE===
--TEST--
Bug #73869 (Signed Integer Overflow gd_io.c)
--SKIPIF--
<?php
if (!extension_loaded('gd')) die('skip gd extension not available');
?>
--FILE--
<?php
var_dump(imagecreatefromgd2(__DIR__ . DIRECTORY_SEPARATOR . 'bug73869a.gd2'));
var_dump(imagecreatefromgd2(__DIR__ . DIRECTORY_SEPARATOR . 'bug73869b.gd2'));
?>
===DONE===
--EXPECTF--
Warning: imagecreatefromgd2(): '%s' is not a valid GD2 file in %s on line %d
bool(false)
Warning: imagecreatefromgd2(): '%s' is not a valid GD2 file in %s on line %d
bool(false)
===DONE===
\ No newline at end of file
......@@ -4,6 +4,7 @@ Font charmap order is deterministic based on order in the font, use the selected
<?php
if(!extension_loaded('gd')){ die('skip gd extension not available'); }
if(!function_exists('imagettftext')) die('skip imagettftext() not available');
if(gd_info()['JIS-mapped Japanese Font Support']) die('skip JIS-mapped Japanese Font Support not supported');
?>
--FILE--
<?php
......
......@@ -16,7 +16,7 @@
*/
#ifndef COLLATOR_COLLATOR_H
#define CCOLLATOR_COLLATOR_H
#define COLLATOR_COLLATOR_H
#include <php.h>
......
......@@ -702,8 +702,10 @@ PHP_FUNCTION(grapheme_stristr)
static inline int32_t
grapheme_extract_charcount_iter(UBreakIterator *bi, int32_t csize, unsigned char *pstr, int32_t str_len)
{
int pos = 0, prev_pos = 0;
int ret_pos = 0, prev_ret_pos = 0;
int pos = 0;
int ret_pos = 0;
int break_pos, prev_break_pos;
int count = 0;
while ( 1 ) {
pos = ubrk_next(bi);
......@@ -712,23 +714,24 @@ grapheme_extract_charcount_iter(UBreakIterator *bi, int32_t csize, unsigned char
break;
}
/* if we are beyond our limit, then the loop is done */
if ( pos > csize ) {
break;
}
for ( break_pos = ret_pos; break_pos < pos; ) {
count++;
prev_break_pos = break_pos;
U8_FWD_1(pstr, break_pos, str_len);
/* update our pointer in the original UTF-8 buffer by as many characters
as ubrk_next iterated over */
prev_ret_pos = ret_pos;
U8_FWD_N(pstr, ret_pos, str_len, pos - prev_pos);
if ( prev_break_pos == break_pos ) {
/* something wrong - malformed utf8? */
csize = 0;
break;
}
}
if ( prev_ret_pos == ret_pos ) {
/* something wrong - malformed utf8? */
/* if we are beyond our limit, then the loop is done */
if ( count > csize ) {
break;
}
prev_pos = pos;
ret_pos = break_pos;
}
return ret_pos;
......@@ -739,8 +742,8 @@ grapheme_extract_charcount_iter(UBreakIterator *bi, int32_t csize, unsigned char
static inline int32_t
grapheme_extract_bytecount_iter(UBreakIterator *bi, int32_t bsize, unsigned char *pstr, int32_t str_len)
{
int pos = 0, prev_pos = 0;
int ret_pos = 0, prev_ret_pos = 0;
int pos = 0;
int ret_pos = 0;
while ( 1 ) {
pos = ubrk_next(bi);
......@@ -749,20 +752,11 @@ grapheme_extract_bytecount_iter(UBreakIterator *bi, int32_t bsize, unsigned char
break;
}
prev_ret_pos = ret_pos;
U8_FWD_N(pstr, ret_pos, str_len, pos - prev_pos);
if ( ret_pos > bsize ) {
ret_pos = prev_ret_pos;
break;
}
if ( prev_ret_pos == ret_pos ) {
/* something wrong - malformed utf8? */
if ( pos > bsize ) {
break;
}
prev_pos = pos;
ret_pos = pos;
}
return ret_pos;
......@@ -773,7 +767,7 @@ grapheme_extract_bytecount_iter(UBreakIterator *bi, int32_t bsize, unsigned char
static inline int32_t
grapheme_extract_count_iter(UBreakIterator *bi, int32_t size, unsigned char *pstr, int32_t str_len)
{
int pos = 0, next_pos = 0;
int next_pos = 0;
int ret_pos = 0;
while ( size ) {
......@@ -782,16 +776,10 @@ grapheme_extract_count_iter(UBreakIterator *bi, int32_t size, unsigned char *pst
if ( UBRK_DONE == next_pos ) {
break;
}
pos = next_pos;
ret_pos = next_pos;
size--;
}
/* pos is one past the last UChar - and represent the number of code units to
advance in the utf-8 buffer
*/
U8_FWD_N(pstr, ret_pos, str_len, pos);
return ret_pos;
}
/* }}} */
......@@ -810,9 +798,9 @@ static grapheme_extract_iter grapheme_extract_iters[] = {
Function to extract a sequence of default grapheme clusters */
PHP_FUNCTION(grapheme_extract)
{
unsigned char *str, *pstr;
UChar *ustr;
int str_len, ustr_len;
char *str, *pstr;
UText ut = UTEXT_INITIALIZER;
int str_len;
long size; /* maximum number of grapheme clusters, bytes, or characters (based on extract_type) to return */
long lstart = 0; /* starting position in str in bytes */
int32_t start = 0;
......@@ -900,21 +888,15 @@ PHP_FUNCTION(grapheme_extract)
RETURN_STRINGL(((char *)pstr), nsize, 1);
}
/* convert the strings to UTF-16. */
ustr = NULL;
ustr_len = 0;
status = U_ZERO_ERROR;
intl_convert_utf8_to_utf16(&ustr, &ustr_len, (char *)pstr, str_len, &status );
utext_openUTF8(&ut, pstr, str_len, &status);
if ( U_FAILURE( status ) ) {
/* Set global error code. */
intl_error_set_code( NULL, status TSRMLS_CC );
/* Set error messages. */
intl_error_set_custom_msg( NULL, "Error converting input string to UTF-16", 0 TSRMLS_CC );
if ( NULL != ustr )
efree( ustr );
intl_error_set_custom_msg( NULL, "Error opening UTF-8 text", 0 TSRMLS_CC );
RETURN_FALSE;
}
......@@ -923,8 +905,7 @@ PHP_FUNCTION(grapheme_extract)
status = U_ZERO_ERROR;
bi = grapheme_get_break_iterator(u_break_iterator_buffer, &status TSRMLS_CC );
ubrk_setText(bi, ustr, ustr_len, &status);
ubrk_setUText(bi, &ut, &status);
/* if the caller put us in the middle of a grapheme, we can't detect it in all cases since we
can't back up. So, we will not do anything. */
......@@ -932,9 +913,7 @@ PHP_FUNCTION(grapheme_extract)
ret_pos = (*grapheme_extract_iters[extract_type])(bi, size, pstr, str_len);
if (ustr) {
efree(ustr);
}
utext_close(&ut);
ubrk_close(bi);
if ( NULL != next ) {
......
--TEST--
Bug #68447: grapheme_extract take an extra trailing character
--SKIPIF--
<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?>
--FILE--
<?php
$katsushikaku = "葛󠄁飾区";
echo grapheme_extract($katsushikaku, 1) . "\n";
$haiyore = "這󠄀いよれ";
echo grapheme_extract($haiyore, 1, GRAPHEME_EXTR_COUNT) . "\n";
echo grapheme_extract($haiyore, 2, GRAPHEME_EXTR_COUNT) . "\n";
echo grapheme_extract($haiyore, 6, GRAPHEME_EXTR_MAXBYTES) . "\n";
echo grapheme_extract($haiyore, 9, GRAPHEME_EXTR_MAXBYTES) . "\n";
echo grapheme_extract($haiyore, 12, GRAPHEME_EXTR_MAXBYTES) . "\n";
echo grapheme_extract($haiyore, 1, GRAPHEME_EXTR_MAXCHARS) . "\n";
echo grapheme_extract($haiyore, 2, GRAPHEME_EXTR_MAXCHARS) . "\n";
echo grapheme_extract($haiyore, 3, GRAPHEME_EXTR_MAXCHARS) . "\n";
--EXPECT--
󠄁
󠄀
󠄀
󠄀
󠄀
󠄀
󠄀
......@@ -5,7 +5,7 @@
* LICENSE NOTICES
*
* This file is part of "streamable kanji code filter and converter",
* which is distributed under the terms of GNU Lesser General Public
* which is distributed under the terms of GNU Lesser General Public
* License (version 2) as published by the Free Software Foundation.
*
* This software is distributed in the hope that it will be useful,
......@@ -146,6 +146,10 @@ mbfl_memory_device_output(int c, void *data)
unsigned char *tmp;
newlen = device->length + device->allocsz;
if (newlen <= 0) {
/* overflow */
return -1;
}
tmp = (unsigned char *)mbfl_realloc((void *)device->buffer, newlen*sizeof(unsigned char));
if (tmp == NULL) {
return -1;
......@@ -169,6 +173,10 @@ mbfl_memory_device_output2(int c, void *data)
unsigned char *tmp;
newlen = device->length + device->allocsz;
if (newlen <= 0) {
/* overflow */
return -1;
}
tmp = (unsigned char *)mbfl_realloc((void *)device->buffer, newlen*sizeof(unsigned char));
if (tmp == NULL) {
return -1;
......@@ -194,6 +202,10 @@ mbfl_memory_device_output4(int c, void* data)
unsigned char *tmp;
newlen = device->length + device->allocsz;
if (newlen <= 0) {
/* overflow */
return -1;
}
tmp = (unsigned char *)mbfl_realloc((void *)device->buffer, newlen*sizeof(unsigned char));
if (tmp == NULL) {
return -1;
......@@ -227,7 +239,12 @@ mbfl_memory_device_strcat(mbfl_memory_device *device, const char *psrc)
if ((device->pos + len) >= device->length) {
/* reallocate buffer */
int newlen = device->length + (len + MBFL_MEMORY_DEVICE_ALLOC_SIZE)*sizeof(unsigned char);
unsigned char *tmp = (unsigned char *)mbfl_realloc((void *)device->buffer, newlen*sizeof(unsigned char));
unsigned char *tmp;
if (newlen <= 0) {
/* overflow */
return -1;
}
tmp = (unsigned char *)mbfl_realloc((void *)device->buffer, newlen*sizeof(unsigned char));
if (tmp == NULL) {
return -1;
}
......@@ -254,7 +271,12 @@ mbfl_memory_device_strncat(mbfl_memory_device *device, const char *psrc, int len
if ((device->pos + len) >= device->length) {
/* reallocate buffer */
int newlen = device->length + len + MBFL_MEMORY_DEVICE_ALLOC_SIZE;
unsigned char *tmp = (unsigned char *)mbfl_realloc((void *)device->buffer, newlen*sizeof(unsigned char));
unsigned char *tmp;
if (newlen <= 0) {
/* overflow */
return -1;
}
tmp = (unsigned char *)mbfl_realloc((void *)device->buffer, newlen*sizeof(unsigned char));
if (tmp == NULL) {
return -1;
}
......@@ -281,7 +303,12 @@ mbfl_memory_device_devcat(mbfl_memory_device *dest, mbfl_memory_device *src)
if ((dest->pos + src->pos) >= dest->length) {
/* reallocate buffer */
int newlen = dest->length + src->pos + MBFL_MEMORY_DEVICE_ALLOC_SIZE;
unsigned char *tmp = (unsigned char *)mbfl_realloc((void *)dest->buffer, newlen*sizeof(unsigned char));
unsigned char *tmp;
if (newlen <= 0) {
/* overflow */
return -1;
}
tmp = (unsigned char *)mbfl_realloc((void *)dest->buffer, newlen*sizeof(unsigned char));
if (tmp == NULL) {
return -1;
}
......@@ -336,6 +363,10 @@ mbfl_wchar_device_output(int c, void *data)
unsigned int *tmp;
newlen = device->length + device->allocsz;
if (newlen <= 0) {
/* overflow */
return -1;
}
tmp = (unsigned int *)mbfl_realloc((void *)device->buffer, newlen*sizeof(int));
if (tmp == NULL) {
return -1;
......
......@@ -86,8 +86,8 @@ $details = openssl_pkey_get_details($dh);
$dh_details = $details['dh'];
openssl_pkey_test_cmp($phex, $dh_details['p']);
var_dump($dh_details['g']);
var_dump(strlen($dh_details['pub_key']));
var_dump(strlen($dh_details['priv_key']));
var_dump(strlen($dh_details['pub_key']) > 0);
var_dump(strlen($dh_details['priv_key']) > 0);
?>
--EXPECT--
int(0)
......@@ -102,5 +102,5 @@ int(20)
int(128)
int(0)
string(1) "2"
int(128)
int(128)
bool(true)
bool(true)
......@@ -16,6 +16,17 @@ if (count($tmp) < 2)
if (($tmp[1] !== 'localhost') && ($tmp[1] !== '127.0.0.1'))
die("skip Test cannot be run against remote database server");
$stmt = $db->query("SHOW VARIABLES LIKE 'secure_file_priv'");
if (($row = $stmt->fetch(PDO::FETCH_ASSOC)) && ($row['value'] != '')) {
if (!is_writable($row['value']))
die("skip secure_file_priv directory not writable: {$row['value']}");
$filename = $row['value'] . DIRECTORY_SEPARATOR . "pdo_mysql_exec_load_data.csv";
if (file_exists($filename) && !is_writable($filename))
die("skip {$filename} not writable");
}
?>
--FILE--
<?php
......
......@@ -16,6 +16,17 @@ if (count($tmp) < 2)
if (($tmp[1] !== 'localhost') && ($tmp[1] !== '127.0.0.1'))
die("skip Test cannot be run against remote database server");
$stmt = $db->query("SHOW VARIABLES LIKE 'secure_file_priv'");
if (($row = $stmt->fetch(PDO::FETCH_ASSOC)) && ($row['value'] != '')) {
if (!is_writable($row['value']))
die("skip secure_file_priv directory not writable: {$row['value']}");
$filename = $row['value'] . DIRECTORY_SEPARATOR . "pdo_mysql_exec_load_data.csv";
if (file_exists($filename) && !is_writable($filename))
die("skip {$filename} not writable");
}
?>
--FILE--
<?php
......@@ -115,4 +126,4 @@ Warning: PDOStatement::execute(): SQLSTATE[HY000]: General error: %s in %s on li
1 => %d,
2 => %s,
)
done!
\ No newline at end of file