Fix #33502: Some nullary functions don't check the number of arguments

We add the missing zend_parse_parameters_none() checks for:

* output_reset_rewrite_vars()
* func_num_args()
* gc_status()
* gc_disable()
* gc_enable()
* gc_enabled()
* gc_collect_cycles()
* gc_mem_caches()
* zend_version()

diff --git a/NEWS b/NEWS
index 61534232366b5cd3f7ecccd285c20cbbde5837d0..928ddfb861d7b8b39cd9dcafe1190495467e6117 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? ????, PHP 7.3.0beta1
 
 - Core:
+  . Fixed bug #33502 (Some nullary functions don't check the number of
+    arguments). (cmb)
   . Fixed bug #76392 (Error relocating sapi/cli/php: unsupported relocation
     type 37). (Peter Kokot)
 

diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index 30e60949308f2698cad8d329b98a4dfd151f5e0c..57e5d7738000f0b1da99f8cb7e0cc7016bc386b8 100644 (file)
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -338,6 +338,10 @@ int zend_startup_builtin_functions(void) /* {{{ */
    Get the version of the Zend Engine */
 ZEND_FUNCTION(zend_version)
 {
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
        RETURN_STRINGL(ZEND_VERSION, sizeof(ZEND_VERSION)-1);
 }
 /* }}} */
@@ -347,6 +351,10 @@ ZEND_FUNCTION(zend_version)
    Returns number of freed bytes */
 ZEND_FUNCTION(gc_mem_caches)
 {
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
        RETURN_LONG(zend_mm_gc(zend_mm_get_heap()));
 }
 /* }}} */
@@ -356,6 +364,10 @@ ZEND_FUNCTION(gc_mem_caches)
    Returns number of freed zvals */
 ZEND_FUNCTION(gc_collect_cycles)
 {
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
        RETURN_LONG(gc_collect_cycles());
 }
 /* }}} */
@@ -364,6 +376,10 @@ ZEND_FUNCTION(gc_collect_cycles)
    Returns status of the circular reference collector */
 ZEND_FUNCTION(gc_enabled)
 {
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
        RETURN_BOOL(gc_enabled());
 }
 /* }}} */
@@ -372,7 +388,13 @@ ZEND_FUNCTION(gc_enabled)
    Activates the circular reference collector */
 ZEND_FUNCTION(gc_enable)
 {
-       zend_string *key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
+       zend_string *key;
+
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
+       key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
        zend_alter_ini_entry_chars(key, "1", sizeof("1")-1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
        zend_string_release_ex(key, 0);
 }
@@ -382,7 +404,13 @@ ZEND_FUNCTION(gc_enable)
    Deactivates the circular reference collector */
 ZEND_FUNCTION(gc_disable)
 {
-       zend_string *key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
+       zend_string *key;
+
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
+       key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
        zend_alter_ini_entry_chars(key, "0", sizeof("0")-1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
        zend_string_release_ex(key, 0);
 }
@@ -394,6 +422,10 @@ ZEND_FUNCTION(gc_status)
 {
        zend_gc_status status;
 
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
        zend_gc_get_status(&status);
 
        array_init_size(return_value, 3);
@@ -411,6 +443,10 @@ ZEND_FUNCTION(func_num_args)
 {
        zend_execute_data *ex = EX(prev_execute_data);
 
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
        if (ZEND_CALL_INFO(ex) & ZEND_CALL_CODE) {
                zend_error(E_WARNING, "func_num_args():  Called from the global scope - no function context");
                RETURN_LONG(-1);

diff --git a/main/output.c b/main/output.c
index 8518aa7c162830f78d2957d6f3c4b82892db97d5..5d9acb6210930c08f928b4b81991497691c00106 100644 (file)
--- a/main/output.c
+++ b/main/output.c
@@ -1543,6 +1543,10 @@ PHP_FUNCTION(ob_implicit_flush)
    Reset(clear) URL rewriter values */
 PHP_FUNCTION(output_reset_rewrite_vars)
 {
+       if (zend_parse_parameters_none() == FAILURE) {
+               return;
+       }
+
        if (php_url_scanner_reset_vars() == SUCCESS) {
                RETURN_TRUE;
        } else {