Merge branch 'PHP-5.6.23' into PHP-7.0.8

author Stanislav Malyshev <stas@php.net>

Tue, 21 Jun 2016 07:24:32 +0000 (00:24 -0700)

committer Stanislav Malyshev <stas@php.net>

Tue, 21 Jun 2016 07:24:32 +0000 (00:24 -0700)
author Stanislav Malyshev <stas@php.net>
Tue, 21 Jun 2016 07:24:32 +0000 (00:24 -0700)
committer Stanislav Malyshev <stas@php.net>
Tue, 21 Jun 2016 07:24:32 +0000 (00:24 -0700)
diff --cc ext/gd/libgd/gd.c
Simple merge
diff --cc ext/mbstring/php_mbregex.c

index 73c94da5e9918dfe63b393b8ebc5d0a7135b89b2,67951a828e37fd011f69d71351286f391b3dd329..b59e0d9b0d815a9edc22a9988e7ac6025d822910
--- 1/ext/mbstring/php_mbregex.c
--- 2/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@@ -974,17 -971,15 +974,16 @@@ static void _php_mb_regex_ereg_replace_
   
                                 arg_replace_fci.param_count = 1;
                                 arg_replace_fci.params = args;
- -                              arg_replace_fci.retval_ptr_ptr = &retval_ptr;
- -                              if (zend_call_function(&arg_replace_fci, &arg_replace_fci_cache TSRMLS_CC) == SUCCESS && arg_replace_fci.retval_ptr_ptr && retval_ptr) {
- -                                      convert_to_string_ex(&retval_ptr);
- -                                      smart_str_appendl(&out_buf, Z_STRVAL_P(retval_ptr), Z_STRLEN_P(retval_ptr));
- -                                      eval_buf.len = 0;
- -                                      zval_ptr_dtor(&retval_ptr);
+ +                              arg_replace_fci.retval = &retval;
+ +                              if (zend_call_function(&arg_replace_fci, &arg_replace_fci_cache) == SUCCESS &&
+ +                                              !Z_ISUNDEF(retval)) {
+ +                                      convert_to_string_ex(&retval);
+ +                                      smart_str_appendl(&out_buf, Z_STRVAL(retval), Z_STRLEN(retval));
+ +                                      smart_str_free(&eval_buf);
+ +                                      zval_ptr_dtor(&retval);
                                 } else {
-                                       efree(description);
                                         if (!EG(exception)) {
- -                                              php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call custom replacement function");
+ +                                              php_error_docref(NULL, E_WARNING, "Unable to call custom replacement function");
                                         }
                                 }
                                 zval_ptr_dtor(&subpats);
diff --cc ext/mcrypt/mcrypt.c

index 073bfec7759a7921d3c51b55a8f5ac42855a47f9,7539d9e53fb16d2bb76de48be435839b9e271fe1..fb5c638c97fe9f49f883cfa5d87d52642ac43538
--- 1/ext/mcrypt/mcrypt.c
--- 2/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@@ -636,21 -660,26 +636,25 @@@ PHP_FUNCTION(mcrypt_generic
         /* Check blocksize */
         if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */
                 block_size = mcrypt_enc_get_block_size(pm->td);
- -              data_size = (((data_len - 1) / block_size) + 1) * block_size;
+ +              data_size = ((((int)data_len - 1) / block_size) + 1) * block_size;
+               if (data_size <= 0) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size");
+                       RETURN_FALSE;
+               }
- -              data_s = emalloc(data_size + 1);
- -              memset(data_s, 0, data_size);
- -              memcpy(data_s, data, data_len);
+ +              data_str = zend_string_alloc(data_size, 0);
+ +              memset(ZSTR_VAL(data_str), 0, data_size);
+ +              memcpy(ZSTR_VAL(data_str), data, data_len);
         } else { /* It's not a block algorithm */
- -              data_size = data_len;
- -              data_s = emalloc(data_size + 1);
- -              memset(data_s, 0, data_size);
- -              memcpy(data_s, data, data_len);
+ +              data_size = (int)data_len;
+ +              data_str = zend_string_alloc(data_size, 0);
+ +              memset(ZSTR_VAL(data_str), 0, data_size);
+ +              memcpy(ZSTR_VAL(data_str), data, data_len);
         }
   
- -      mcrypt_generic(pm->td, data_s, data_size);
- -      data_s[data_size] = '\0';
+ +      mcrypt_generic(pm->td, ZSTR_VAL(data_str), data_size);
+ +      ZSTR_VAL(data_str)[data_size] = '\0';
   
- -      RETVAL_STRINGL(data_s, data_size, 1);
- -      efree(data_s);
+ +      RETVAL_NEW_STR(data_str);
   }
   /* }}} */
   
@@@ -682,8 -709,12 +686,12 @@@ PHP_FUNCTION(mdecrypt_generic
         /* Check blocksize */
         if (mcrypt_enc_is_block_mode(pm->td) == 1) { /* It's a block algorithm */
                 block_size = mcrypt_enc_get_block_size(pm->td);
- -              data_size = (((data_len - 1) / block_size) + 1) * block_size;
+ +              data_size = ((((int)data_len - 1) / block_size) + 1) * block_size;
-               data_s = emalloc(data_size + 1);
+               if (data_size <= 0) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Integer overflow in data size");
+                       RETURN_FALSE;
+               }
- -              data_s = emalloc(data_size + 1);
++              data_s = emalloc((size_t)data_size + 1);
                 memset(data_s, 0, data_size);
                 memcpy(data_s, data, data_len);
         } else { /* It's not a block algorithm */
diff --cc ext/openssl/openssl.c
Simple merge
diff --cc ext/phar/phar_object.c
Simple merge
diff --cc ext/wddx/wddx.c

index 330cb49f08518656c17c7e4049b420a8c97aba58,2cbad93c3e01d7f1da7723e61563c0d4baa09dc8..34b8eeb87f13f29fcccbd71b5be8660415138e15
--- 1/ext/wddx/wddx.c
--- 2/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@@ -1019,8 -1105,9 +1019,9 @@@ static void php_wddx_process_data(void 
                                         zval_ptr_dtor(&ent->data);
                                         if (ent->varname) {
                                                 efree(ent->varname);
+                                               ent->varname = NULL;
                                         }
- -                                      ent->data = NULL;
+ +                                      ZVAL_UNDEF(&ent->data);
                                 }
                                 break;
   
diff --cc ext/zip/php_zip.c

index 88bb51844284d2621606c8dd8afa4dad692b17bb,47477ac256f8842fb6dd2b5ac182ded437ce82ca..bdcba78b210d28a6508189f83c4bf9ec8e79c7d5
--- 1/ext/zip/php_zip.c
--- 2/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@@ -958,15 -1042,28 +958,23 @@@ static int php_zip_has_property(zval *o
   }
   /* }}} */
   
- -static HashTable *php_zip_get_gc(zval *object, zval ***gc_data, int *gc_data_count TSRMLS_DC) /* {{{ */
++static HashTable *php_zip_get_gc(zval *object, zval **gc_data, int *gc_data_count) /* {{{ */
+ {
+       *gc_data = NULL;
+       *gc_data_count = 0;
- -      return zend_std_get_properties(object TSRMLS_CC);
++      return zend_std_get_properties(object);
+ }
+ /* }}} */
+ 
- -static HashTable *php_zip_get_properties(zval *object TSRMLS_DC)/* {{{ */
+ +static HashTable *php_zip_get_properties(zval *object)/* {{{ */
   {
         ze_zip_object *obj;
- -      zip_prop_handler *hnd;
         HashTable *props;
- -      zval *val;
- -      int ret;
- -      char *key;
- -      uint key_len;
- -      HashPosition pos;
- -      ulong num_key;
+ +      zip_prop_handler *hnd;
+ +      zend_string *key;
   
- -      obj = (ze_zip_object *)zend_objects_get_address(object TSRMLS_CC);
- -      props = zend_std_get_properties(object TSRMLS_CC);
+ +      obj = Z_ZIP_P(object);
+ +      props = zend_std_get_properties(object);
   
         if (obj->prop_handler == NULL) {
                 return NULL;
@@@ -3009,11 -3043,11 +3017,12 @@@ static PHP_MINIT_FUNCTION(zip
         zend_class_entry ce;
   
         memcpy(&zip_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
- -      zip_object_handlers.clone_obj           = NULL;
+ +      zip_object_handlers.offset = XtOffsetOf(ze_zip_object, zo);
+ +      zip_object_handlers.free_obj = php_zip_object_free_storage;
+ +      zip_object_handlers.clone_obj = NULL;
         zip_object_handlers.get_property_ptr_ptr = php_zip_get_property_ptr_ptr;
   
+       zip_object_handlers.get_gc          = php_zip_get_gc;
         zip_object_handlers.get_properties = php_zip_get_properties;
         zip_object_handlers.read_property       = php_zip_read_property;
         zip_object_handlers.has_property        = php_zip_has_property;
author	Stanislav Malyshev <stas@php.net>
	Tue, 21 Jun 2016 07:24:32 +0000 (00:24 -0700)
committer	Stanislav Malyshev <stas@php.net>
	Tue, 21 Jun 2016 07:24:32 +0000 (00:24 -0700)
		1	2
ext/gd/libgd/gd.c	patch \|	diff1 \|	diff2 \|	blob \| history
ext/mbstring/php_mbregex.c	patch \|	diff1 \|	diff2 \|	blob \| history
ext/mcrypt/mcrypt.c	patch \|	diff1 \|	diff2 \|	blob \| history
ext/openssl/openssl.c	patch \|	diff1 \|	diff2 \|	blob \| history
ext/phar/phar_object.c	patch \|	diff1 \|	diff2 \|	blob \| history
ext/wddx/wddx.c	patch \|	diff1 \|	diff2 \|	blob \| history
ext/zip/php_zip.c	patch \|	diff1 \|	diff2 \|	blob \| history