Merge branch 'PHP-5.6' into PHP-7.0

diff --cc NEWS
index 0119795e456a1f54a557cb8eb460a0a743fc9cf5,959d915eee277d0d099692710045cd9d1f20930d..27bd7b02759c3d41abfe7bcfeb5899787dcb599a
--- 1/NEWS
--- 2/NEWS
+++ b/NEWS
@@@ -1,25 -1,11 +1,27 @@@
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 -?? ??? 2016, PHP 5.6.25
 +?? ??? 2016 PHP 7.0.11
 +
++- GD:
++  . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
 +
 +
 +?? ??? 2016 PHP 7.0.10
  
  - Core:
 +  . Fixed bug #72629 (Caught exception assignment to variables ignores
 +    references). (Laruence)
 +  . Fixed bug #72594 (Calling an earlier instance of an included anonymous
 +    class fatals). (Laruence)
    . Fixed bug #72581 (previous property undefined in Exception after
      deserialization). (Laruence)
 +  . Fixed bug #72496 (Cannot declare public method with signature incompatible
 +    with parent private method). (Pedro Magalhães)
    . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
 +  . Fixed bug #71911 (Unable to set --enable-debug on building extensions by
 +    phpize on Windows). (Yuji Uchiyama)
 +  . Fixed bug causing ClosedGeneratorException being thrown into the calling
 +    code instead of the Generator yielding from. (Bob)
    . Implemented FR #72614 (Support "nmake test" on building extensions by
      phpize). (Yuji Uchiyama)
    . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).

diff --cc ext/gd/gd.c
index 9375aeee1e83c10cf62ae85cc61da70ea765eda9,052d568d76442271c34947e9e22009346004effa..c7c6fe3fae496bc2d8df4273fd7d47af9f066337
--- 1/ext/gd/gd.c
--- 2/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@@ -1440,25 -1550,47 +1440,32 @@@ PHP_FUNCTION(imageloadfont
     Set the line drawing styles for use with imageline and IMG_COLOR_STYLED. */
  PHP_FUNCTION(imagesetstyle)
  {
 -      zval *IM, *styles;
 +      zval *IM, *styles, *item;
        gdImagePtr im;
 -      int * stylearr;
 -      int index;
 -      HashPosition pos;
 -    int num_styles;
 +      int *stylearr;
 +      int index = 0;
++    uint32_t num_styles;
  
 -      if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ra", &IM, &styles) == FAILURE)  {
 +      if (zend_parse_parameters(ZEND_NUM_ARGS(), "ra", &IM, &styles) == FAILURE)  {
                return;
        }
  
 -      ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd);
 +      if ((im = (gdImagePtr)zend_fetch_resource(Z_RES_P(IM), "Image", le_gd)) == NULL) {
 +              RETURN_FALSE;
 +      }
  
 -    num_styles = zend_hash_num_elements(HASH_OF(styles));
++    num_styles = zend_hash_num_elements(Z_ARRVAL_P(styles));
+     if (num_styles == 0) {
+         php_error_docref(NULL, E_WARNING, "styles array must not be empty");
+         RETURN_FALSE;
+     }
+ 
        /* copy the style values in the stylearr */
-       stylearr = safe_emalloc(sizeof(int), zend_hash_num_elements(Z_ARRVAL_P(styles)), 0);
+       stylearr = safe_emalloc(sizeof(int), num_styles, 0);
  
 -      zend_hash_internal_pointer_reset_ex(HASH_OF(styles), &pos);
 -
 -      for (index = 0;; zend_hash_move_forward_ex(HASH_OF(styles), &pos))      {
 -              zval ** item;
 -
 -              if (zend_hash_get_current_data_ex(HASH_OF(styles), (void **) &item, &pos) == FAILURE) {
 -                      break;
 -              }
 -
 -              if (Z_TYPE_PP(item) != IS_LONG) {
 -                      zval lval;
 -                      lval = **item;
 -                      zval_copy_ctor(&lval);
 -                      convert_to_long(&lval);
 -                      stylearr[index++] = Z_LVAL(lval);
 -              } else {
 -                      stylearr[index++] = Z_LVAL_PP(item);
 -              }
 -      }
 +      ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(styles), item) {
 +              stylearr[index++] = zval_get_long(item);
 +      } ZEND_HASH_FOREACH_END();
  
        gdImageSetStyle(im, stylearr, index);