--- /dev/null
+--TEST--
+Bug #69788: Malformed script causes Uncaught EngineException in php-cgi, valgrind SIGILL
+--FILE--
+<?php [t.[]]; ?>
+--EXPECTF--
+Notice: Array to string conversion in %s on line %d
+
+Notice: Use of undefined constant t - assumed 't' in %s on line %d
if (Z_REFCOUNTED_P(value)) {
if (Z_ISREF_P(value)) {
/* if we assign referenced variable, we should separate it */
- ZVAL_DUP(&tmp, Z_REFVAL_P(value));
+ ZVAL_COPY(&tmp, Z_REFVAL_P(value));
value = &tmp;
} else {
Z_ADDREF_P(value);
(op) = &(holder); \
break; \
case IS_OBJECT: \
- ZVAL_DUP(&(holder), op); \
+ ZVAL_COPY(&(holder), op); \
convert_to_long_base(&(holder), 10); \
if (Z_TYPE(holder) == IS_LONG) { \
(op) = &(holder); \
break;
case IS_ARRAY:
tmp = (zend_hash_num_elements(Z_ARRVAL_P(op))?1:0);
- zval_dtor(op);
+ zval_ptr_dtor(op);
ZVAL_LONG(op, tmp);
break;
case IS_OBJECT:
break;
case IS_ARRAY:
tmp = (zend_hash_num_elements(Z_ARRVAL_P(op))?1:0);
- zval_dtor(op);
+ zval_ptr_dtor(op);
ZVAL_DOUBLE(op, tmp);
break;
case IS_OBJECT:
}
}
- zval_dtor(op);
+ zval_ptr_dtor(op);
ZVAL_NULL(op);
}
/* }}} */
break;
case IS_ARRAY:
tmp = (zend_hash_num_elements(Z_ARRVAL_P(op))?1:0);
- zval_dtor(op);
+ zval_ptr_dtor(op);
ZVAL_BOOL(op, tmp);
break;
case IS_OBJECT:
}
case IS_ARRAY:
zend_error(E_NOTICE, "Array to string conversion");
- zval_dtor(op);
+ zval_ptr_dtor(op);
ZVAL_NEW_STR(op, zend_string_init("Array", sizeof("Array")-1, 0));
break;
case IS_OBJECT: {
switch (Z_TYPE_P(op)) {
case IS_ARRAY:
{
- HashTable *properties = emalloc(sizeof(HashTable));
- zend_array *arr = Z_ARR_P(op);
-
- memcpy(properties, Z_ARRVAL_P(op), sizeof(HashTable));
- object_and_properties_init(op, zend_standard_class_def, properties);
- if (--GC_REFCOUNT(arr) == 0) {
- efree_size(arr, sizeof(zend_array));
- }
+ zval tmp;
+ ZVAL_COPY_VALUE(&tmp, op);
+ SEPARATE_ARRAY(&tmp);
+ object_and_properties_init(op, zend_standard_class_def, Z_ARR(tmp));
break;
}
case IS_OBJECT:
#define convert_to_ex_master(pzv, lower_type, upper_type) \
if (Z_TYPE_P(pzv)!=upper_type) { \
- SEPARATE_ZVAL_IF_NOT_REF(pzv); \
convert_to_##lower_type(pzv); \
}
#define convert_to_explicit_type_ex(pzv, str_type) \
if (Z_TYPE_P(pzv) != str_type) { \
- SEPARATE_ZVAL_IF_NOT_REF(pzv); \
convert_to_explicit_type(pzv, str_type); \
}
#define convert_scalar_to_number_ex(pzv) \
if (Z_TYPE_P(pzv)!=IS_LONG && Z_TYPE_P(pzv)!=IS_DOUBLE) { \
- SEPARATE_ZVAL_IF_NOT_REF(pzv); \
convert_scalar_to_number(pzv); \
}
}
}
} else {
- ZVAL_COPY_VALUE(result, expr);
- zval_opt_copy_ctor(result);
+ ZVAL_COPY(result, expr);
convert_to_object(result);
}
}
}
}
} else {
- ZVAL_COPY_VALUE(result, expr);
- zval_opt_copy_ctor(result);
+ ZVAL_COPY(result, expr);
convert_to_object(result);
}
}
}
}
} else {
- ZVAL_COPY_VALUE(result, expr);
- zval_opt_copy_ctor(result);
+ ZVAL_COPY(result, expr);
convert_to_object(result);
}
}
}
}
} else {
- ZVAL_COPY_VALUE(result, expr);
- zval_opt_copy_ctor(result);
+ ZVAL_COPY(result, expr);
convert_to_object(result);
}
}
}
}
} else {
- ZVAL_COPY_VALUE(result, expr);
- zval_opt_copy_ctor(result);
+ ZVAL_COPY(result, expr);
convert_to_object(result);
}
}
{
zend_string *field_name = NULL;
zend_string *field_value = NULL;
+ zend_string *tmp_str = NULL;
zval *pref = NULL;
- zval tmp_zv, *tmp_zv_p = NULL;
smart_str retval = {0};
php_iconv_err_t err;
if ((pzval = zend_hash_str_find(Z_ARRVAL_P(pref), "line-break-chars", sizeof("line-break-chars") - 1)) != NULL) {
if (Z_TYPE_P(pzval) != IS_STRING) {
- ZVAL_DUP(&tmp_zv, pzval);
- convert_to_string(&tmp_zv);
-
- lfchars = Z_STRVAL(tmp_zv);
-
- tmp_zv_p = &tmp_zv;
+ tmp_str = zval_get_string(pzval);
+ lfchars = tmp_str->val;
} else {
lfchars = Z_STRVAL_P(pzval);
}
RETVAL_FALSE;
}
- if (tmp_zv_p != NULL) {
- zval_dtor(tmp_zv_p);
+ if (tmp_str) {
+ zend_string_release(tmp_str);
}
}
/* }}} */
obj = Z_MYSQLI_P(object);
if (Z_TYPE_P(member) != IS_STRING) {
- ZVAL_DUP(&tmp_member, member);
+ ZVAL_COPY(&tmp_member, member);
convert_to_string(&tmp_member);
member = &tmp_member;
}
mysqli_prop_handler *hnd = NULL;
if (Z_TYPE_P(member) != IS_STRING) {
- ZVAL_DUP(&tmp_member, member);
+ ZVAL_COPY(&tmp_member, member);
convert_to_string(&tmp_member);
member = &tmp_member;
}
if (Z_TYPE_P(zphrase) == IS_STRING) {
passphrase = Z_STRVAL_P(zphrase);
} else {
- ZVAL_DUP(&tmp, zphrase);
+ ZVAL_COPY(&tmp, zphrase);
convert_to_string(&tmp);
passphrase = Z_STRVAL(tmp);
}
#if HAVE_PQPUTCOPYDATA
ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(pg_rows), value) {
zval tmp;
- ZVAL_DUP(&tmp, value);
+ ZVAL_COPY(&tmp, value);
convert_to_string_ex(&tmp);
query = (char *)emalloc(Z_STRLEN(tmp) + 2);
strlcpy(query, Z_STRVAL(tmp), Z_STRLEN(tmp) + 2);
#else
ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(pg_rows), value) {
zval tmp;
- ZVAL_DUP(&tmp, value);
+ ZVAL_COPY(&tmp, value);
convert_to_string_ex(&tmp);
query = (char *)emalloc(Z_STRLEN(tmp) + 2);
strlcpy(query, Z_STRVAL(tmp), Z_STRLEN(tmp) + 2);
case IS_DOUBLE:
case IS_NULL:
if (Z_TYPE_P(value) != IS_STRING) {
- ZVAL_DUP(&zval_copy, value);
+ ZVAL_COPY(&zval_copy, value);
value = &zval_copy;
convert_to_string(value);
new_value = 1;
if (Z_TYPE_P(data) == IS_STRING) {
str = php_base64_encode((unsigned char*)Z_STRVAL_P(data), Z_STRLEN_P(data));
- text = xmlNewTextLen(BAD_CAST(str->val), str->len);
- xmlAddChild(ret, text);
- zend_string_release(str);
} else {
- zval tmp;
-
- ZVAL_DUP(&tmp, data);
- convert_to_string(&tmp);
- str = php_base64_encode((unsigned char*)Z_STRVAL(tmp), Z_STRLEN(tmp));
- text = xmlNewTextLen(BAD_CAST(str->val), str->len);
- xmlAddChild(ret, text);
- zend_string_release(str);
- zval_dtor(&tmp);
+ zend_string *tmp = zval_get_string(data);
+ str = php_base64_encode((unsigned char*) tmp->val, tmp->len);
+ zend_string_release(tmp);
}
+ text = xmlNewTextLen(BAD_CAST(str->val), str->len);
+ xmlAddChild(ret, text);
+ zend_string_release(str);
+
if (style == SOAP_ENCODED) {
set_ns_and_type(ret, type);
}
case REGIT_MODE_REPLACE:
replacement = zend_read_property(intern->std.ce, getThis(), "replacement", sizeof("replacement")-1, 1, &rv);
if (Z_TYPE_P(replacement) != IS_STRING) {
- tmp_replacement = *replacement;
- zval_copy_ctor(&tmp_replacement);
+ ZVAL_COPY(&tmp_replacement, replacement);
convert_to_string(&tmp_replacement);
replacement = &tmp_replacement;
}
return;
}
if (intern->u.caching.flags & CIT_TOSTRING_USE_KEY) {
- ZVAL_DUP(return_value, &intern->current.key);
+ ZVAL_COPY(return_value, &intern->current.key);
convert_to_string(return_value);
return;
} else if (intern->u.caching.flags & CIT_TOSTRING_USE_CURRENT) {
- ZVAL_DUP(return_value, &intern->current.data);
+ ZVAL_COPY(return_value, &intern->current.data);
convert_to_string(return_value);
return;
}
}
ZVAL_UNDEF(&tmp);
if (Z_TYPE_P(src_zval) == IS_OBJECT) {
- ZVAL_DUP(&tmp, src_zval);
+ ZVAL_COPY(&tmp, src_zval);
convert_to_array(&tmp);
src_zval = &tmp;
}
if (Z_TYPE_P(entry) == IS_ARRAY || Z_TYPE_P(entry) == IS_OBJECT) {
continue;
}
- ZVAL_DUP(&entry_n, entry);
+ ZVAL_COPY(&entry_n, entry);
convert_scalar_to_number(&entry_n);
fast_add_function(return_value, return_value, &entry_n);
} ZEND_HASH_FOREACH_END();
if (Z_TYPE_P(entry) == IS_ARRAY || Z_TYPE_P(entry) == IS_OBJECT) {
continue;
}
- ZVAL_DUP(&entry_n, entry);
+ ZVAL_COPY(&entry_n, entry);
convert_scalar_to_number(&entry_n);
if (Z_TYPE(entry_n) == IS_LONG && Z_TYPE_P(return_value) == IS_LONG) {
const char *prop_name;
size_t arg_sep_len, newprefix_len, prop_len;
zend_ulong idx;
- zval *zdata = NULL, copyzval;
+ zval *zdata = NULL;
if (!ht) {
return FAILURE;
default:
{
zend_string *ekey;
- /* fall back on convert to string */
- ZVAL_DUP(©zval, zdata);
- convert_to_string_ex(©zval);
+ zend_string *tmp = zval_get_string(zdata);
if (enc_type == PHP_QUERY_RFC3986) {
- ekey = php_raw_url_encode(Z_STRVAL(copyzval), Z_STRLEN(copyzval));
+ ekey = php_raw_url_encode(tmp->val, tmp->len);
} else {
- ekey = php_url_encode(Z_STRVAL(copyzval), Z_STRLEN(copyzval));
+ ekey = php_url_encode(tmp->val, tmp->len);
}
smart_str_append(formstr, ekey);
- zval_ptr_dtor(©zval);
+ zend_string_release(tmp);
zend_string_free(ekey);
}
}
break;
case IS_LONG:
case IS_DOUBLE:
- case IS_OBJECT: {
- zval cast_option_buffer;
-
- ZVAL_DUP(&cast_option_buffer, option_buffer);
- convert_to_string(&cast_option_buffer);
- if (Z_TYPE(cast_option_buffer) == IS_STRING) {
- buffer = estrndup(Z_STRVAL(cast_option_buffer), Z_STRLEN(cast_option_buffer));
- buffer_len = Z_STRLEN(cast_option_buffer);
- zval_dtor(&cast_option_buffer);
- break;
- }
- zval_dtor(&cast_option_buffer);
+ case IS_OBJECT:
+ {
+ zend_string *tmp = zval_get_string(option_buffer);
+ buffer = estrndup(tmp->val, tmp->len);
+ buffer_len = tmp->len;
+ zend_string_release(tmp);
+ break;
}
case IS_FALSE:
case IS_TRUE:
}
ZVAL_DEREF(var);
- SEPARATE_ZVAL_NOREF(var);
if (!strcasecmp(type, "integer")) {
convert_to_long(var);
} else if (!strcasecmp(type, "int")) {
zend_object_handlers *std_hnd;
if (Z_TYPE_P(member) != IS_STRING) {
- ZVAL_DUP(&tmp_member, member);
+ ZVAL_COPY(&tmp_member, member);
convert_to_string(&tmp_member);
member = &tmp_member;
cache_slot = NULL;
zend_object_handlers *std_hnd;
if (Z_TYPE_P(member) != IS_STRING) {
- ZVAL_DUP(&tmp_member, member);
+ ZVAL_COPY(&tmp_member, member);
convert_to_string(&tmp_member);
member = &tmp_member;
cache_slot = NULL;
int retval = 0;
if (Z_TYPE_P(member) != IS_STRING) {
- ZVAL_DUP(&tmp_member, member);
+ ZVAL_COPY(&tmp_member, member);
convert_to_string(&tmp_member);
member = &tmp_member;
cache_slot = NULL;
projects / php / commitdiff