From: Stanislav Malyshev Date: Tue, 14 Apr 2015 08:20:31 +0000 (-0700) Subject: Merge branch 'PHP-5.6' X-Git-Tag: PRE_PHP7_NSAPI_REMOVAL~320 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b3709bfc52fa60acef1376dbff9ec09f52ed8a5a;p=php Merge branch 'PHP-5.6' * PHP-5.6: (27 commits) fix non-standard C update NEWS 5.4.41 next fix CVE num update NEWS Fix bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode) fix test fix type in fix for #69085 fix memory leak & add test Fix tests fix CVE num Fix bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability) Fix test Additional fix for bug #69324 More fixes for bug #69152 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar) Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER) Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4) Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) ... Conflicts: Zend/zend_exceptions.c ext/curl/interface.c ext/dom/document.c ext/fileinfo/libmagic/softmagic.c ext/gd/gd.c ext/hash/hash.c ext/pgsql/pgsql.c ext/phar/phar.c ext/phar/phar_internal.h ext/standard/http_fopen_wrapper.c ext/standard/link.c ext/standard/streamsfuncs.c ext/xmlwriter/php_xmlwriter.c ext/zlib/zlib.c --- b3709bfc52fa60acef1376dbff9ec09f52ed8a5a diff --cc Zend/zend_exceptions.c index 6eccc89723,f163495906..cda0dd943c --- a/Zend/zend_exceptions.c +++ b/Zend/zend_exceptions.c @@@ -549,29 -581,28 +549,32 @@@ static void _build_trace_string(smart_s Obtain the backtrace for the exception as a string (instead of an array) */ ZEND_METHOD(exception, getTraceAsString) { - zval *trace; - char *res, **str, *s_tmp; - int res_len = 0, *len = &res_len, num = 0; + zval *trace, *frame, rv; + zend_ulong index; + smart_str str = {0}; + uint32_t num = 0; DEFAULT_0_PARAMS; - - res = estrdup(""); - str = &res; - trace = zend_read_property(default_exception_ce, getThis(), "trace", sizeof("trace")-1, 1 TSRMLS_CC); + trace = zend_read_property(base_exception_ce, getThis(), "trace", sizeof("trace")-1, 1, &rv); + if(Z_TYPE_P(trace) != IS_ARRAY) { + RETURN_FALSE; + } - zend_hash_apply_with_arguments(Z_ARRVAL_P(trace) TSRMLS_CC, (apply_func_args_t)_build_trace_string, 3, str, len, &num); + ZEND_HASH_FOREACH_NUM_KEY_VAL(Z_ARRVAL_P(trace), index, frame) { + if (Z_TYPE_P(frame) != IS_ARRAY) { + zend_error(E_WARNING, "Expected array for frame %pu", index); + continue; + } + + _build_trace_string(&str, Z_ARRVAL_P(frame), num++); + } ZEND_HASH_FOREACH_END(); - s_tmp = emalloc(1 + MAX_LENGTH_OF_LONG + 7 + 1); - sprintf(s_tmp, "#%d {main}", num); - TRACE_APPEND_STRL(s_tmp, strlen(s_tmp)); - efree(s_tmp); + smart_str_appendc(&str, '#'); + smart_str_append_long(&str, num); + smart_str_appends(&str, " {main}"); + smart_str_0(&str); - res[res_len] = '\0'; - RETURN_STRINGL(res, res_len, 0); + RETURN_NEW_STR(str.s); } /* }}} */ diff --cc ext/curl/interface.c index a51c03f47f,1ada79b850..bf8d2f00eb --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@@ -1339,20 -1340,22 +1339,21 @@@ static size_t curl_write(char *data, si fci.symbol_table = NULL; ch->in_callback = 1; - error = zend_call_function(&fci, &t->fci_cache TSRMLS_CC); + error = zend_call_function(&fci, &t->fci_cache); ch->in_callback = 0; if (error == FAILURE) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not call the CURLOPT_WRITEFUNCTION"); + php_error_docref(NULL, E_WARNING, "Could not call the CURLOPT_WRITEFUNCTION"); length = -1; - } else if (retval_ptr) { - _php_curl_verify_handlers(ch, 1 TSRMLS_CC); - if (Z_TYPE_P(retval_ptr) != IS_LONG) { - convert_to_long_ex(&retval_ptr); + } else if (!Z_ISUNDEF(retval)) { ++ _php_curl_verify_handlers(ch, 1); + if (Z_TYPE(retval) != IS_LONG) { + convert_to_long_ex(&retval); } - length = Z_LVAL_P(retval_ptr); - zval_ptr_dtor(&retval_ptr); + length = Z_LVAL(retval); } - zval_ptr_dtor(argv[0]); - zval_ptr_dtor(argv[1]); + zval_ptr_dtor(&argv[0]); + zval_ptr_dtor(&argv[1]); break; } } @@@ -1392,19 -1407,21 +1393,20 @@@ static int curl_fnmatch(void *ctx, cons fci.symbol_table = NULL; ch->in_callback = 1; - error = zend_call_function(&fci, &t->fci_cache TSRMLS_CC); + error = zend_call_function(&fci, &t->fci_cache); ch->in_callback = 0; if (error == FAILURE) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot call the CURLOPT_FNMATCH_FUNCTION"); - } else if (retval_ptr) { - _php_curl_verify_handlers(ch, 1 TSRMLS_CC); - if (Z_TYPE_P(retval_ptr) != IS_LONG) { - convert_to_long_ex(&retval_ptr); + php_error_docref(NULL, E_WARNING, "Cannot call the CURLOPT_FNMATCH_FUNCTION"); + } else if (!Z_ISUNDEF(retval)) { ++ _php_curl_verify_handlers(ch, 1); + if (Z_TYPE(retval) != IS_LONG) { + convert_to_long_ex(&retval); } - rval = Z_LVAL_P(retval_ptr); - zval_ptr_dtor(&retval_ptr); + rval = Z_LVAL(retval); } - zval_ptr_dtor(argv[0]); - zval_ptr_dtor(argv[1]); - zval_ptr_dtor(argv[2]); + zval_ptr_dtor(&argv[0]); + zval_ptr_dtor(&argv[1]); + zval_ptr_dtor(&argv[2]); break; } } @@@ -1451,23 -1486,25 +1453,24 @@@ static size_t curl_progress(void *clien fci.symbol_table = NULL; ch->in_callback = 1; - error = zend_call_function(&fci, &t->fci_cache TSRMLS_CC); + error = zend_call_function(&fci, &t->fci_cache); ch->in_callback = 0; if (error == FAILURE) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot call the CURLOPT_PROGRESSFUNCTION"); - } else if (retval_ptr) { - _php_curl_verify_handlers(ch, 1 TSRMLS_CC); - if (Z_TYPE_P(retval_ptr) != IS_LONG) { - convert_to_long_ex(&retval_ptr); + php_error_docref(NULL, E_WARNING, "Cannot call the CURLOPT_PROGRESSFUNCTION"); + } else if (!Z_ISUNDEF(retval)) { ++ _php_curl_verify_handlers(ch, 1); + if (Z_TYPE(retval) != IS_LONG) { + convert_to_long_ex(&retval); } - if (0 != Z_LVAL_P(retval_ptr)) { + if (0 != Z_LVAL(retval)) { rval = 1; } - zval_ptr_dtor(&retval_ptr); } - zval_ptr_dtor(argv[0]); - zval_ptr_dtor(argv[1]); - zval_ptr_dtor(argv[2]); - zval_ptr_dtor(argv[3]); - zval_ptr_dtor(argv[4]); + zval_ptr_dtor(&argv[0]); + zval_ptr_dtor(&argv[1]); + zval_ptr_dtor(&argv[2]); + zval_ptr_dtor(&argv[3]); + zval_ptr_dtor(&argv[4]); break; } } @@@ -1523,17 -1568,18 +1526,18 @@@ static size_t curl_read(char *data, siz #if LIBCURL_VERSION_NUM >= 0x070c01 /* 7.12.1 */ length = CURL_READFUNC_ABORT; #endif - } else if (retval_ptr) { - _php_curl_verify_handlers(ch, 1 TSRMLS_CC); - if (Z_TYPE_P(retval_ptr) == IS_STRING) { - length = MIN((int) (size * nmemb), Z_STRLEN_P(retval_ptr)); - memcpy(data, Z_STRVAL_P(retval_ptr), length); + } else if (!Z_ISUNDEF(retval)) { ++ _php_curl_verify_handlers(ch, 1); + if (Z_TYPE(retval) == IS_STRING) { + length = MIN((int) (size * nmemb), Z_STRLEN(retval)); + memcpy(data, Z_STRVAL(retval), length); } - zval_ptr_dtor(&retval_ptr); + zval_ptr_dtor(&retval); } - zval_ptr_dtor(argv[0]); - zval_ptr_dtor(argv[1]); - zval_ptr_dtor(argv[2]); + zval_ptr_dtor(&argv[0]); + zval_ptr_dtor(&argv[1]); + zval_ptr_dtor(&argv[2]); break; } } @@@ -1583,19 -1638,21 +1587,20 @@@ static size_t curl_write_header(char *d fci.no_separation = 0; ch->in_callback = 1; - error = zend_call_function(&fci, &t->fci_cache TSRMLS_CC); + error = zend_call_function(&fci, &t->fci_cache); ch->in_callback = 0; if (error == FAILURE) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not call the CURLOPT_HEADERFUNCTION"); + php_error_docref(NULL, E_WARNING, "Could not call the CURLOPT_HEADERFUNCTION"); length = -1; - } else if (retval_ptr) { - _php_curl_verify_handlers(ch, 1 TSRMLS_CC); - if (Z_TYPE_P(retval_ptr) != IS_LONG) { - convert_to_long_ex(&retval_ptr); + } else if (!Z_ISUNDEF(retval)) { ++ _php_curl_verify_handlers(ch, 1); + if (Z_TYPE(retval) != IS_LONG) { + convert_to_long_ex(&retval); } - length = Z_LVAL_P(retval_ptr); - zval_ptr_dtor(&retval_ptr); + length = Z_LVAL(retval); } - zval_ptr_dtor(argv[0]); - zval_ptr_dtor(argv[1]); + zval_ptr_dtor(&argv[0]); + zval_ptr_dtor(&argv[1]); break; } diff --cc ext/dom/document.c index 92d5fb5d33,c2c436513d..d435b1c281 --- a/ext/dom/document.c +++ b/ext/dom/document.c @@@ -1379,7 -1519,11 +1379,11 @@@ static xmlDocPtr dom_document_parser(zv xmlInitParser(); if (mode == DOM_LOAD_FILE) { - char *file_dest = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN ); + char *file_dest; + if (CHECK_NULL_PATH(source, source_len)) { + return NULL; + } - file_dest = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); ++ file_dest = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN); if (file_dest) { ctxt = xmlCreateFileParserCtxt(file_dest); } @@@ -1979,7 -2119,7 +1983,7 @@@ static void dom_load_html(INTERNAL_FUNC id = getThis(); - if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &source, &source_len, &options) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|l", &source, &source_len, &options) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|l", &source, &source_len, &options) == FAILURE) { return; } diff --cc ext/fileinfo/fileinfo.c index c4745f92fe,95a6e0e36c..40df99df47 --- a/ext/fileinfo/fileinfo.c +++ b/ext/fileinfo/fileinfo.c @@@ -531,8 -508,13 +531,13 @@@ static void _php_finfo_get_type(INTERNA RETVAL_FALSE; goto clean; } + if (CHECK_NULL_PATH(buffer, buffer_len)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid path"); + RETVAL_FALSE; + goto clean; + } - wrap = php_stream_locate_url_wrapper(buffer, &tmp2, 0 TSRMLS_CC); + wrap = php_stream_locate_url_wrapper(buffer, &tmp2, 0); if (wrap) { php_stream *stream; diff --cc ext/gd/gd.c index fec29d7519,0642d45ec2..9105fe6609 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@@ -2400,12 -2366,10 +2400,12 @@@ static void _php_image_create_from(INTE gdImagePtr im = NULL; php_stream *stream; FILE * fp = NULL; +#ifdef HAVE_GD_JPG long ignore_warning; +#endif if (image_type == PHP_GDIMG_TYPE_GD2PART) { - if (zend_parse_parameters(ZEND_NUM_ARGS(), "sllll", &file, &file_len, &srcx, &srcy, &width, &height) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "pllll", &file, &file_len, &srcx, &srcy, &width, &height) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "pllll", &file, &file_len, &srcx, &srcy, &width, &height) == FAILURE) { return; } if (width < 1 || height < 1) { @@@ -2413,7 -2377,7 +2413,7 @@@ RETURN_FALSE; } } else { - if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &file, &file_len) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &file, &file_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &file, &file_len) == FAILURE) { return; } } @@@ -4152,10 -4044,9 +4152,10 @@@ PHP_FUNCTION(imagepsencodefont { zval *fnt; char *enc, **enc_vector; - int enc_len, *f_ind; + size_t enc_len; + int *f_ind; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "rs", &fnt, &enc, &enc_len) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rp", &fnt, &enc, &enc_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "rp", &fnt, &enc, &enc_len) == FAILURE) { return; } diff --cc ext/hash/hash.c index 3a15fc6fcc,780b2e0122..0510d3749c --- a/ext/hash/hash.c +++ b/ext/hash/hash.c @@@ -462,9 -465,9 +467,9 @@@ PHP_FUNCTION(hash_update_file php_stream_context *context; php_stream *stream; char *filename, buf[1024]; - int filename_len, n; + size_t filename_len, n; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "rs|r", &zhash, &filename, &filename_len, &zcontext) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rp|r", &zhash, &filename, &filename_len, &zcontext) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "rp|r", &zhash, &filename, &filename_len, &zcontext) == FAILURE) { return; } diff --cc ext/pgsql/pgsql.c index 536c94157a,1a10cfd93d..6a86b8941b --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@@ -3124,9 -3112,9 +3124,9 @@@ PHP_FUNCTION(pg_trace PGconn *pgsql; FILE *fp = NULL; php_stream *stream; - id = PGG(default_link); + zend_resource *link; - if (zend_parse_parameters(argc, "s|sr", &z_filename, &z_filename_len, &mode, &mode_len, &pgsql_link) == FAILURE) { - if (zend_parse_parameters(argc TSRMLS_CC, "p|sr", &z_filename, &z_filename_len, &mode, &mode_len, &pgsql_link) == FAILURE) { ++ if (zend_parse_parameters(argc, "p|sr", &z_filename, &z_filename_len, &mode, &mode_len, &pgsql_link) == FAILURE) { return; } diff --cc ext/phar/phar.c index 8c2b596c3d,35dd8393f6..c4b6150026 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@@ -604,48 -601,38 +604,37 @@@ int phar_open_parsed_phar(char *fname, * * data is the serialized zval */ - int phar_parse_metadata(char **buffer, zval *metadata, int zip_metadata_len) /* {{{ */ -int phar_parse_metadata(char **buffer, zval **metadata, php_uint32 zip_metadata_len TSRMLS_DC) /* {{{ */ ++int phar_parse_metadata(char **buffer, zval *metadata, php_uint32 zip_metadata_len) /* {{{ */ { - const unsigned char *p; - php_uint32 buf_len; php_unserialize_data_t var_hash; - if (!zip_metadata_len) { - PHAR_GET_32(*buffer, buf_len); - } else { - buf_len = zip_metadata_len; - } - - if (buf_len) { + if (zip_metadata_len) { + const unsigned char *p, *p_buff = estrndup(*buffer, zip_metadata_len); + p = p_buff; - ALLOC_ZVAL(*metadata); - INIT_ZVAL(**metadata); + ZVAL_NULL(metadata); - p = (const unsigned char*) *buffer; PHP_VAR_UNSERIALIZE_INIT(var_hash); - if (!php_var_unserialize(metadata, &p, p + buf_len, &var_hash)) { - if (!php_var_unserialize(metadata, &p, p + zip_metadata_len, &var_hash TSRMLS_CC)) { ++ if (!php_var_unserialize(metadata, &p, p + zip_metadata_len, &var_hash)) { + efree(p_buff); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); zval_ptr_dtor(metadata); - *metadata = NULL; + ZVAL_UNDEF(metadata); return FAILURE; } - + efree(p_buff); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); if (PHAR_G(persist)) { /* lazy init metadata */ zval_ptr_dtor(metadata); - Z_PTR_P(metadata) = pemalloc(buf_len, 1); - memcpy(Z_PTR_P(metadata), *buffer, buf_len); - *buffer += buf_len; - *metadata = (zval *) pemalloc(zip_metadata_len, 1); - memcpy(*metadata, *buffer, zip_metadata_len); ++ Z_PTR_P(metadata) = pemalloc(zip_metadata_len, 1); ++ memcpy(Z_PTR_P(metadata), *buffer, zip_metadata_len); return SUCCESS; } } else { - *metadata = NULL; + ZVAL_UNDEF(metadata); } - if (!zip_metadata_len) { - *buffer += buf_len; - } - return SUCCESS; } /* }}}*/ @@@ -666,7 -653,8 +655,8 @@@ static int phar_parse_pharfile(php_stre phar_entry_info entry; php_uint32 manifest_len, manifest_count, manifest_flags, manifest_index, tmp_len, sig_flags; php_uint16 manifest_ver; + php_uint32 len; - long offset; + zend_long offset; int sig_len, register_alias = 0, temp_alias = 0; char *signature = NULL; @@@ -1031,16 -1019,21 +1021,21 @@@ mydata->is_persistent = PHAR_G(persist); /* check whether we have meta data, zero check works regardless of byte order */ + PHAR_GET_32(buffer, len); if (mydata->is_persistent) { - PHAR_GET_32(buffer, mydata->metadata_len); - if (phar_parse_metadata(&buffer, &mydata->metadata, mydata->metadata_len) == FAILURE) { - MAPPHAR_FAIL("unable to read phar metadata in .phar file \"%s\""); - } - } else { - if (phar_parse_metadata(&buffer, &mydata->metadata, 0) == FAILURE) { - MAPPHAR_FAIL("unable to read phar metadata in .phar file \"%s\""); + mydata->metadata_len = len; + if(!len) { + /* FIXME: not sure why this is needed but removing it breaks tests */ + PHAR_GET_32(buffer, len); } } + if(len > endbuffer - buffer) { + MAPPHAR_FAIL("internal corruption of phar \"%s\" (trying to read past buffer end)"); + } - if (phar_parse_metadata(&buffer, &mydata->metadata, len TSRMLS_CC) == FAILURE) { ++ if (phar_parse_metadata(&buffer, &mydata->metadata, len) == FAILURE) { + MAPPHAR_FAIL("unable to read phar metadata in .phar file \"%s\""); + } + buffer += len; /* set up our manifest */ zend_hash_init(&mydata->manifest, manifest_count, @@@ -1111,19 -1104,20 +1106,20 @@@ entry.flags |= PHAR_ENT_PERM_DEF_DIR; } + PHAR_GET_32(buffer, len); if (entry.is_persistent) { - PHAR_GET_32(buffer, entry.metadata_len); - if (!entry.metadata_len) buffer -= 4; - if (phar_parse_metadata(&buffer, &entry.metadata, entry.metadata_len) == FAILURE) { - pefree(entry.filename, entry.is_persistent); - MAPPHAR_FAIL("unable to read file metadata in .phar file \"%s\""); - } + entry.metadata_len = len; } else { - if (phar_parse_metadata(&buffer, &entry.metadata, 0) == FAILURE) { - pefree(entry.filename, entry.is_persistent); - MAPPHAR_FAIL("unable to read file metadata in .phar file \"%s\""); - } + entry.metadata_len = 0; + } + if (len > endbuffer - buffer) { + MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest entry)"); + } - if (phar_parse_metadata(&buffer, &entry.metadata, len TSRMLS_CC) == FAILURE) { ++ if (phar_parse_metadata(&buffer, &entry.metadata, len) == FAILURE) { + pefree(entry.filename, entry.is_persistent); + MAPPHAR_FAIL("unable to read file metadata in .phar file \"%s\""); } + buffer += len; entry.offset = entry.offset_abs = offset; offset += entry.compressed_filesize; diff --cc ext/phar/phar_internal.h index a2afd4d53b,b9a8019088..ef752817aa --- a/ext/phar/phar_internal.h +++ b/ext/phar/phar_internal.h @@@ -529,11 -536,14 +529,14 @@@ static inline void phar_set_inode(phar_ { char tmp[MAXPATHLEN]; int tmp_len; + size_t len; - tmp_len = entry->filename_len + entry->phar->fname_len; - memcpy(tmp, entry->phar->fname, entry->phar->fname_len); - memcpy(tmp + entry->phar->fname_len, entry->filename, entry->filename_len); + tmp_len = MIN(MAXPATHLEN, entry->filename_len + entry->phar->fname_len); + len = MIN(entry->phar->fname_len, tmp_len); + memcpy(tmp, entry->phar->fname, len); + len = MIN(tmp_len - len, entry->filename_len); + memcpy(tmp + entry->phar->fname_len, entry->filename, len); - entry->inode = (unsigned short)zend_get_hash_value(tmp, tmp_len); + entry->inode = (unsigned short)zend_hash_func(tmp, tmp_len); } /* }}} */ @@@ -559,23 -569,23 +562,23 @@@ char *phar_create_default_stub(const ch char *phar_decompress_filter(phar_entry_info * entry, int return_unknown); char *phar_compress_filter(phar_entry_info * entry, int return_unknown); -void phar_remove_virtual_dirs(phar_archive_data *phar, char *filename, int filename_len TSRMLS_DC); -void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename_len TSRMLS_DC); -int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len, char *path, int path_len TSRMLS_DC); -char *phar_find_in_include_path(char *file, int file_len, phar_archive_data **pphar TSRMLS_DC); -char *phar_fix_filepath(char *path, int *new_len, int use_cwd TSRMLS_DC); -phar_entry_info * phar_open_jit(phar_archive_data *phar, phar_entry_info *entry, char **error TSRMLS_DC); -int phar_parse_metadata(char **buffer, zval **metadata, php_uint32 zip_metadata_len TSRMLS_DC); -void destroy_phar_manifest_entry(void *pDest); -int phar_seek_efp(phar_entry_info *entry, off_t offset, int whence, off_t position, int follow_links TSRMLS_DC); -php_stream *phar_get_efp(phar_entry_info *entry, int follow_links TSRMLS_DC); -int phar_copy_entry_fp(phar_entry_info *source, phar_entry_info *dest, char **error TSRMLS_DC); -int phar_open_entry_fp(phar_entry_info *entry, char **error, int follow_links TSRMLS_DC); -phar_entry_info *phar_get_link_source(phar_entry_info *entry TSRMLS_DC); -int phar_create_writeable_entry(phar_archive_data *phar, phar_entry_info *entry, char **error TSRMLS_DC); -int phar_separate_entry_fp(phar_entry_info *entry, char **error TSRMLS_DC); -int phar_open_archive_fp(phar_archive_data *phar TSRMLS_DC); -int phar_copy_on_write(phar_archive_data **pphar TSRMLS_DC); +void phar_remove_virtual_dirs(phar_archive_data *phar, char *filename, int filename_len); +void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename_len); +int phar_mount_entry(phar_archive_data *phar, char *filename, int filename_len, char *path, int path_len); +zend_string *phar_find_in_include_path(char *file, int file_len, phar_archive_data **pphar); +char *phar_fix_filepath(char *path, int *new_len, int use_cwd); +phar_entry_info * phar_open_jit(phar_archive_data *phar, phar_entry_info *entry, char **error); - int phar_parse_metadata(char **buffer, zval *metadata, int zip_metadata_len); ++int phar_parse_metadata(char **buffer, zval *metadata, php_uint32 zip_metadata_len); +void destroy_phar_manifest_entry(zval *zv); +int phar_seek_efp(phar_entry_info *entry, zend_off_t offset, int whence, zend_off_t position, int follow_links); +php_stream *phar_get_efp(phar_entry_info *entry, int follow_links); +int phar_copy_entry_fp(phar_entry_info *source, phar_entry_info *dest, char **error); +int phar_open_entry_fp(phar_entry_info *entry, char **error, int follow_links); +phar_entry_info *phar_get_link_source(phar_entry_info *entry); +int phar_create_writeable_entry(phar_archive_data *phar, phar_entry_info *entry, char **error); +int phar_separate_entry_fp(phar_entry_info *entry, char **error); +int phar_open_archive_fp(phar_archive_data *phar); +int phar_copy_on_write(phar_archive_data **pphar); /* tar functions in tar.c */ int phar_is_tar(char *buf, char *fname); diff --cc ext/standard/http_fopen_wrapper.c index 457e806440,25c83a8e14..d5724fed30 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@@ -661,15 -659,26 +661,16 @@@ finish location[0] = '\0'; - if (!EG(active_symbol_table)) { - zend_rebuild_symbol_table(TSRMLS_C); - } + symbol_table = zend_rebuild_symbol_table(); if (header_init) { - zval *ztmp; - MAKE_STD_ZVAL(ztmp); - array_init(ztmp); - ZEND_SET_SYMBOL(EG(active_symbol_table), "http_response_header", ztmp); + zval ztmp; + array_init(&ztmp); + zend_set_local_var_str("http_response_header", sizeof("http_response_header")-1, &ztmp, 0); } - { - zval **rh; - if(zend_hash_find(EG(active_symbol_table), "http_response_header", sizeof("http_response_header"), (void **) &rh) != SUCCESS || Z_TYPE_PP(rh) != IS_ARRAY) { - php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP request failed, http_response_header overwritten"); - goto out; - } - response_header = *rh; - Z_ADDREF_P(response_header); - } + response_header = zend_hash_str_find_ind(symbol_table, "http_response_header", sizeof("http_response_header")-1); ++ Z_ADDREF_P(response_header); if (!php_stream_eof(stream)) { size_t tmp_line_len; @@@ -904,7 -920,11 +905,11 @@@ out if (stream) { if (header_init) { - stream->wrapperdata = response_header; + ZVAL_COPY(&stream->wrapperdata, response_header); + } else { + if(response_header) { + Z_DELREF_P(response_header); + } } php_stream_notify_progress_init(context, 0, file_size); @@@ -925,8 -945,13 +930,13 @@@ if (transfer_encoding) { php_stream_filter_append(&stream->readfilters, transfer_encoding); } - } else if (transfer_encoding) { - php_stream_filter_free(transfer_encoding); + } else { + if(response_header) { + Z_DELREF_P(response_header); + } + if (transfer_encoding) { - php_stream_filter_free(transfer_encoding TSRMLS_CC); ++ php_stream_filter_free(transfer_encoding); + } } return stream; diff --cc ext/standard/link.c index b7fe1ae495,4ed2c5e7ee..7001dd8807 --- a/ext/standard/link.c +++ b/ext/standard/link.c @@@ -59,7 -59,7 +59,7 @@@ PHP_FUNCTION(readlink char buff[MAXPATHLEN]; int ret; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &link, &link_len) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &link, &link_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &link, &link_len) == FAILURE) { return; } diff --cc ext/standard/streamsfuncs.c index a86aae25f0,9358ea8588..fa9758b06c --- a/ext/standard/streamsfuncs.c +++ b/ext/standard/streamsfuncs.c @@@ -1489,11 -1545,10 +1489,11 @@@ PHP_FUNCTION(stream_socket_enable_crypt Determine what file will be opened by calls to fopen() with a relative path */ PHP_FUNCTION(stream_resolve_include_path) { - char *filename, *resolved_path; - int filename_len; + char *filename; + size_t filename_len; + zend_string *resolved_path; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &filename, &filename_len) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &filename, &filename_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &filename, &filename_len) == FAILURE) { return; } diff --cc ext/xmlwriter/php_xmlwriter.c index 3cab7a1458,1042008a30..a7da0e7902 --- a/ext/xmlwriter/php_xmlwriter.c +++ b/ext/xmlwriter/php_xmlwriter.c @@@ -1681,21 -1747,31 +1681,21 @@@ static PHP_FUNCTION(xmlwriter_open_uri xmlTextWriterPtr ptr; char *source; char resolved_path[MAXPATHLEN + 1]; - int source_len; - -#ifdef ZEND_ENGINE_2 - zval *this = getThis(); + size_t source_len; + zval *self = getThis(); ze_xmlwriter_object *ze_obj = NULL; -#endif - if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &source, &source_len) == FAILURE) { -#ifndef ZEND_ENGINE_2 - xmlOutputBufferPtr out_buffer; - void *ioctx; -#endif - - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &source, &source_len) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &source, &source_len) == FAILURE) { return; } - -#ifdef ZEND_ENGINE_2 - if (this) { + + if (self) { /* We do not use XMLWRITER_FROM_OBJECT, xmlwriter init function here */ - ze_obj = (ze_xmlwriter_object*) zend_object_store_get_object(this TSRMLS_CC); + ze_obj = Z_XMLWRITER_P(self); } -#endif if (source_len == 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty string as source"); + php_error_docref(NULL, E_WARNING, "Empty string as source"); RETURN_FALSE; } diff --cc ext/zlib/zlib.c index 0cb94fe6e4,ec958e1257..f44f92b86d --- a/ext/zlib/zlib.c +++ b/ext/zlib/zlib.c @@@ -583,12 -588,12 +583,12 @@@ static PHP_FUNCTION(gzopen { char *filename; char *mode; - int filename_len, mode_len; + size_t filename_len, mode_len; int flags = REPORT_ERRORS; php_stream *stream; - long use_include_path = 0; + zend_long use_include_path = 0; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss|l", &filename, &filename_len, &mode, &mode_len, &use_include_path) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ps|l", &filename, &filename_len, &mode, &mode_len, &use_include_path) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "ps|l", &filename, &filename_len, &mode, &mode_len, &use_include_path) == FAILURE) { return; } @@@ -610,13 -615,13 +610,13 @@@ static PHP_FUNCTION(readgzfile) { char *filename; - int filename_len; + size_t filename_len; int flags = REPORT_ERRORS; php_stream *stream; - int size; - long use_include_path = 0; + size_t size; + zend_long use_include_path = 0; - if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &filename, &filename_len, &use_include_path) == FAILURE) { - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|l", &filename, &filename_len, &use_include_path) == FAILURE) { ++ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|l", &filename, &filename_len, &use_include_path) == FAILURE) { return; }