]> granicus.if.org Git - php/log
php
4 years agoFix #79491: Search for .user.ini extends up to root dir
Christoph M. Becker [Sun, 19 Apr 2020 12:22:24 +0000 (14:22 +0200)]
Fix #79491: Search for .user.ini extends up to root dir

The `start` parameter of `php_cgi_ini_activate_user_config` is supposed
to hold the byte offset of the doc root in the given `path`.  However,
the current expression which fixes a potential type incompatibility
will ever only evaluate to zero or one, because it uses the *logical*
and operator (`&&`).  Furthermore we notice that subtracting one from
`doc_root_len` is not necessary, so there is even no need for the
`start` parameter at all.

4 years agoApply doc root fix for FPM
Nikita Popov [Mon, 20 Apr 2020 08:46:20 +0000 (10:46 +0200)]
Apply doc root fix for FPM

This is the change from GH-5417 but for FPM. This was stripping the
last character from the doc_root. Given how it is used, this should
be harmless, but let's make it less confusing...

4 years agoFix #79497: Fix php_openssl_subtract_timeval()
Joe Cai [Sun, 19 Apr 2020 23:03:11 +0000 (09:03 +1000)]
Fix #79497: Fix php_openssl_subtract_timeval()

I stumbled upon this while debugging a strange issue with
stream_socket_client() where it randomly throws out errors when
the connection timeout is set to below 1s. The logic to calculate
time difference in php_openssl_subtract_timeval() is wrong when
a.tv_usec < b.tv_usec, causing connection errors before the timeout
is reached.

4 years agozend_timeout() may access EX(opline)
Dmitry Stogov [Fri, 17 Apr 2020 11:55:14 +0000 (14:55 +0300)]
zend_timeout() may access EX(opline)

4 years agoFix MySQL local infile / attr handling on big endian systems
guirish [Fri, 10 Apr 2020 09:45:40 +0000 (05:45 -0400)]
Fix MySQL local infile / attr handling on big endian systems

Make sure pointer types match what is used by libmysql everywhere.

Closes GH-5380.

4 years agoFixed bug #79477
Nikita Popov [Wed, 15 Apr 2020 09:20:33 +0000 (11:20 +0200)]
Fixed bug #79477

Make sure to deindirect properties when creating array.

4 years agoAdd missing CVE
Christoph M. Becker [Tue, 14 Apr 2020 16:18:18 +0000 (18:18 +0200)]
Add missing CVE

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Sara Golemon [Tue, 14 Apr 2020 14:31:35 +0000 (10:31 -0400)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Fixed bug #79468
  NEWS

4 years agoFixed bug #79468
dinosaur [Mon, 13 Apr 2020 23:46:34 +0000 (07:46 +0800)]
Fixed bug #79468

Close the stream filter resources when removing them from the stream.

4 years agoNEWS
Sara Golemon [Tue, 14 Apr 2020 14:25:37 +0000 (10:25 -0400)]
NEWS

4 years agoDon't leak peername if accept fails
Nikita Popov [Tue, 14 Apr 2020 14:05:57 +0000 (16:05 +0200)]
Don't leak peername if accept fails

Even if the accept fails, the peername may be populated.

4 years agoFix test cases
Christoph M. Becker [Tue, 14 Apr 2020 11:55:56 +0000 (13:55 +0200)]
Fix test cases

4 years agoFixed bug #79468
dinosaur [Mon, 13 Apr 2020 23:46:34 +0000 (07:46 +0800)]
Fixed bug #79468

Close the stream filter resources when removing them from the stream.

4 years agoAdd NEWS entries [ci skip]
Christoph M. Becker [Tue, 14 Apr 2020 06:53:35 +0000 (08:53 +0200)]
Add NEWS entries [ci skip]

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Stanislav Malyshev [Tue, 14 Apr 2020 04:09:08 +0000 (21:09 -0700)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Fix bug #79465 - use unsigneds as indexes.
  Fix bug #79330 - make all execution modes consistent in rejecting \0

4 years agoFix bug #79465 - use unsigneds as indexes.
Stanislav Malyshev [Tue, 14 Apr 2020 04:07:04 +0000 (21:07 -0700)]
Fix bug #79465 - use unsigneds as indexes.

4 years agoFix bug #79330 - make all execution modes consistent in rejecting \0
Stanislav Malyshev [Tue, 14 Apr 2020 04:00:44 +0000 (21:00 -0700)]
Fix bug #79330 - make all execution modes consistent in rejecting \0

4 years agoFix memory leak introduced by fixing bug #78221
Christoph M. Becker [Wed, 8 Apr 2020 08:35:54 +0000 (10:35 +0200)]
Fix memory leak introduced by fixing bug #78221

We have to free the retrieved text content; to keep the code readable,
we extract a helper function to check for empty nodes.  Unfortunately,
we cannot use xmlIsBlankNode(), because that also recognizes whitespace
only text content.

We also make sure to properly handle NULL returns from
xmlNodeGetContent().

4 years agoRevert "Went to fast and forgot to update tests"
George Peter Banyard [Tue, 7 Apr 2020 20:24:40 +0000 (22:24 +0200)]
Revert "Went to fast and forgot to update tests"

This reverts commit 656eac74fa6074aebc087bb73d2e4651f7dc8c9e.

4 years agoRevert "Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character...
George Peter Banyard [Tue, 7 Apr 2020 20:23:24 +0000 (22:23 +0200)]
Revert "Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails"

This commit brings some substantial changes in behaviour due to the weird implementation.
This will be fixed in master due to BC concerns.

This reverts commit 1333b46d6dc0c293c1fd626803f91bc69743eb79.

4 years agoFix #78221: DOMNode::normalize() doesn't remove empty text nodes
Christoph M. Becker [Wed, 11 Mar 2020 12:02:09 +0000 (13:02 +0100)]
Fix #78221: DOMNode::normalize() doesn't remove empty text nodes

If a text node is not followed by another text node, we remove it, if
its textContent is empty.

4 years agoWent to fast and forgot to update tests
George Peter Banyard [Fri, 3 Apr 2020 20:03:00 +0000 (22:03 +0200)]
Went to fast and forgot to update tests

However due to the really lax conversion to integer all strings pass as 0

4 years agoFix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails
George Peter Banyard [Fri, 3 Apr 2020 19:16:04 +0000 (21:16 +0200)]
Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails

4 years agoFix incorrect free for last_message
Qianqian Bu [Fri, 3 Apr 2020 07:44:41 +0000 (15:44 +0800)]
Fix incorrect free for last_message

In commit a7305eb539596e175bd6c3ae9a20953358c5d677 the last_message
field of the connection object was changed to be always non-persistent.
But there is a place on change_user path that still treats it
depending on conn->persistent flag. This will cause PHP crash after
com_change_user success when there is last_message set

4 years agoFixed bug #79434
Nikita Popov [Thu, 2 Apr 2020 14:32:57 +0000 (16:32 +0200)]
Fixed bug #79434

4 years agoFix literal compaction collision between string and double
Nikita Popov [Wed, 1 Apr 2020 12:20:59 +0000 (14:20 +0200)]
Fix literal compaction collision between string and double

For the sake of simplicity I'm using a separate hashtable, rather
than trying to do hash perturabation on the double strings.

4 years agoAdd NEWS entryc [ci skip]
Christoph M. Becker [Wed, 1 Apr 2020 07:26:20 +0000 (09:26 +0200)]
Add NEWS entryc [ci skip]

4 years agoFix bug 79441
George Peter Banyard [Wed, 1 Apr 2020 02:29:20 +0000 (04:29 +0200)]
Fix bug 79441

4 years agoNext is 7.3.18
Christoph M. Becker [Tue, 31 Mar 2020 08:22:55 +0000 (10:22 +0200)]
Next is 7.3.18

4 years agoFix #79413: session_create_id() fails for active sessions
Christoph M. Becker [Thu, 26 Mar 2020 18:01:33 +0000 (19:01 +0100)]
Fix #79413: session_create_id() fails for active sessions

The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.

We also fix the wrong condition in session_regenerate_id() as well.

4 years agoFix #79427: Integer Overflow in shmop_open()
Christoph M. Becker [Sun, 29 Mar 2020 14:56:57 +0000 (16:56 +0200)]
Fix #79427: Integer Overflow in shmop_open()

If `shm.shm_segsz > ZEND_LONG_MAX` the assignment to `shmop->size` a
few lines below would overflow, so we catch that early and bail out if
necessary.

4 years agoFix #79424 ext/zip: don't use gl_pathc after call to globfree
Max Rees [Fri, 27 Mar 2020 17:57:24 +0000 (12:57 -0500)]
Fix #79424 ext/zip: don't use gl_pathc after call to globfree

This breaks on Linux with the musl libc, since it zeroes out gl_pathc during
globfree.

4 years agoAdd missing 'skip' to bug79332.phpt skip message
Lukas Berger [Thu, 26 Mar 2020 17:39:39 +0000 (10:39 -0700)]
Add missing 'skip' to bug79332.phpt skip message

The skip message must start with the word 'skip', otherwise the test will not be skipped.

*Before:*
Running selected tests.
TEST 1/1 [ext/com_dotnet/tests/bug79332.phpt]
========DIFF========
001+ Fatal error: Uncaught Error: Class 'COMPersistHelper' not found in /srv/php/ext/com_dotnet/tests/bug79332.php:2
001- A com_exception has been thrown
002+ Stack trace:
003+ #0 {main}
004+   thrown in /srv/php/ext/com_dotnet/tests/bug79332.php on line 2
========DONE========
FAIL Bug #79332 (php_istreams are never freed) [ext/com_dotnet/tests/bug79332.phpt]

*After:*
Running selected tests.
SKIP Bug #79332 (php_istreams are never freed) [ext/com_dotnet/tests/bug79332.phpt] reason: com_dotnet extension not available

4 years agoFixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
Dmitry Stogov [Wed, 25 Mar 2020 14:31:06 +0000 (17:31 +0300)]
Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).

4 years agoFix bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without...
Christian Schneider [Tue, 24 Mar 2020 15:43:17 +0000 (16:43 +0100)]
Fix bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline)

Closes GH-5292.

4 years agoAdd test file
Nikita Popov [Mon, 23 Mar 2020 16:13:57 +0000 (17:13 +0100)]
Add test file

Forgot the git add again...

4 years agoHandle NULL caller_call_opline
Nikita Popov [Mon, 23 Mar 2020 16:10:54 +0000 (17:10 +0100)]
Handle NULL caller_call_opline

This can happen if there is an EXIT in the call arguments, in which
case the DO_CALL opcode may be eliminated as unreachable.

4 years agoFix test for Windows
Christoph M. Becker [Mon, 23 Mar 2020 15:19:25 +0000 (16:19 +0100)]
Fix test for Windows

Windows filenames may very well contain a colon, so we adjust the test
accordingly.

4 years agoFix #79200: Some iconv functions cut Windows-1258
Christoph M. Becker [Mon, 16 Mar 2020 12:09:16 +0000 (13:09 +0100)]
Fix #79200: Some iconv functions cut Windows-1258

To cater to potentially state-dependent encodings, we have to reset the
conversion descriptor into its initial shift state to properly finish
the conversion.  Furthermore, state-dependent encodings may not show
progress when comparing `in_left` before and after the conversion; we
rather have to see whether `out_left` has decreased.  Also we have to
cater to the fact that the final potentially state resetting call does
not signal failure, but we still have to break respective loops
afterwards.

4 years agoFix #79393: Null coalescing operator failing with SplFixedArray
Christoph M. Becker [Wed, 18 Mar 2020 16:39:27 +0000 (17:39 +0100)]
Fix #79393: Null coalescing operator failing with SplFixedArray

We favor the KISS principle over optimization[1] – SPL is already
special enough.

[1] <https://github.com/php/php-src/pull/2489/commits/352f3d4476a79bb86136b431719df7394e5a8d4e#r112498098>ff

4 years agoNEWS
Remi Collet [Fri, 20 Mar 2020 10:16:08 +0000 (11:16 +0100)]
NEWS

4 years agoFix Bug #79296 ZipArchive::open fails on empty file
Remi Collet [Thu, 19 Mar 2020 16:31:17 +0000 (17:31 +0100)]
Fix Bug #79296 ZipArchive::open fails on empty file

4 years agoFix #79396: DateTime hour incorrect during DST jump forward
Nate Brunette [Wed, 18 Mar 2020 20:04:46 +0000 (15:04 -0500)]
Fix #79396: DateTime hour incorrect during DST jump forward

When you attempt to set the time to a non-existent time occuring during
a DST jump forward, the hour does not move forward correctly.

4 years agoClarify session.cookie_samesite="None"
Nikita Popov [Wed, 18 Mar 2020 14:59:30 +0000 (15:59 +0100)]
Clarify session.cookie_samesite="None"

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Remi Collet [Tue, 17 Mar 2020 10:28:47 +0000 (11:28 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  bump verison to 7.2.30-dev

4 years agobump verison to 7.2.30-dev
Remi Collet [Tue, 17 Mar 2020 10:28:34 +0000 (11:28 +0100)]
bump verison to 7.2.30-dev

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Christoph M. Becker [Tue, 17 Mar 2020 10:08:45 +0000 (11:08 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Fix NEWS

4 years agoFix NEWS
Christoph M. Becker [Tue, 17 Mar 2020 10:04:24 +0000 (11:04 +0100)]
Fix NEWS

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Christoph M. Becker [Tue, 17 Mar 2020 09:56:47 +0000 (10:56 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  [ci skip] Update NEWS
  Fix test
  Fix bug #79329 - get_headers should not accept \0
  Fixed bug #79282

4 years ago[ci skip] Update NEWS
Stanislav Malyshev [Mon, 16 Mar 2020 02:35:35 +0000 (19:35 -0700)]
[ci skip] Update NEWS

4 years agoFix test
Stanislav Malyshev [Mon, 16 Mar 2020 00:55:28 +0000 (17:55 -0700)]
Fix test

4 years agoFix bug #79329 - get_headers should not accept \0
Stanislav Malyshev [Mon, 16 Mar 2020 00:30:44 +0000 (17:30 -0700)]
Fix bug #79329 - get_headers should not accept \0

4 years agoFixed bug #79282
Stanislav Malyshev [Mon, 16 Mar 2020 00:26:00 +0000 (17:26 -0700)]
Fixed bug #79282

4 years agoFix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow
Christoph M. Becker [Thu, 12 Mar 2020 12:04:04 +0000 (13:04 +0100)]
Fix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow

We make sure that negative values are properly compared.

4 years ago[ci skip] Update NEWS
Stanislav Malyshev [Mon, 16 Mar 2020 02:35:26 +0000 (19:35 -0700)]
[ci skip] Update NEWS

4 years agoFix test
Stanislav Malyshev [Mon, 16 Mar 2020 00:55:28 +0000 (17:55 -0700)]
Fix test

4 years agoFix bug #79329 - get_headers should not accept \0
Stanislav Malyshev [Mon, 16 Mar 2020 00:30:44 +0000 (17:30 -0700)]
Fix bug #79329 - get_headers should not accept \0

4 years agoFixed bug #79282
Stanislav Malyshev [Mon, 16 Mar 2020 00:26:00 +0000 (17:26 -0700)]
Fixed bug #79282

4 years agoFix typo in php.ini comment
Jacob Dreesen [Sun, 15 Mar 2020 13:11:40 +0000 (14:11 +0100)]
Fix typo in php.ini comment

4 years agoFix #79199: curl_copy_handle() memory leak
Christoph M. Becker [Wed, 11 Mar 2020 17:29:40 +0000 (18:29 +0100)]
Fix #79199: curl_copy_handle() memory leak

`curl_copy_handle()` already registers a new resource, so we must not
increase the refcount of the original resource.

4 years agoFix #61597: SXE properties may lack attributes and content
Christoph M. Becker [Sat, 7 Mar 2020 10:20:06 +0000 (11:20 +0100)]
Fix #61597: SXE properties may lack attributes and content

We must not treat a node as string if it has attributes, unless it is
an entity declaration which is always treated as string by simplexml.

4 years agoFix #78210: Invalid pointer address
Christoph M. Becker [Wed, 11 Mar 2020 09:16:04 +0000 (10:16 +0100)]
Fix #78210: Invalid pointer address

This is actually about three distinct issues:

* If an empty string is passed as $address to `stream_socket_sendto()`,
  the `sa` is not initialized, so we must not pass it as `addr` to
  `php_stream_xport_sendto()`.

* On POSIX, `recvfrom()` truncates messages which are too long to fit
  into the specified buffer (unless `MSG_PEEK` is given), discards the
  excessive bytes, and returns the buffer length.  On Windows, the same
  happens, but `recvfrom()` returns `SOCKET_ERROR` with the error code
  `WSAEMSGSIZE`.  We have to catch this for best POSIX compatibility.

* In `php_network_parse_network_address_with_port()`, we have to zero
  `in6` (not only its alias `sa`) to properly support IPv6.

Co-Authored-By: Nikita Popov <nikita.ppv@googlemail.com>
4 years agoFix #79364: When copy empty array, next key is unspecified
Christoph M. Becker [Tue, 10 Mar 2020 15:12:53 +0000 (16:12 +0100)]
Fix #79364: When copy empty array, next key is unspecified

We must not forget to keep the `nNextFreeElement` when duplicating
empty arrays.

4 years agoEnclose INI values containing {TMP} in quotes
Christoph M. Becker [Mon, 9 Mar 2020 16:58:36 +0000 (17:58 +0100)]
Enclose INI values containing {TMP} in quotes

At least on Windows, the temporary directory may contain tilde signs,
which would result in an INI parse error.

4 years agoSkip test on Windows if privileges are insufficient
Christoph M. Becker [Fri, 6 Mar 2020 15:38:18 +0000 (16:38 +0100)]
Skip test on Windows if privileges are insufficient

4 years agoFix #75673: SplStack::unserialize() behavior
Christoph M. Becker [Thu, 5 Mar 2020 13:57:27 +0000 (14:57 +0100)]
Fix #75673: SplStack::unserialize() behavior

Even though `SplStack::unserialize()` is not supposed to be called on
an already constructed instance, it is probably better if the method
clears the stack before actually unserializing.

4 years agoNext is 7.3.17
Christoph M. Becker [Tue, 3 Mar 2020 09:19:31 +0000 (10:19 +0100)]
Next is 7.3.17

4 years agoUpdate libmagic.patch
Christoph M. Becker [Wed, 26 Feb 2020 08:59:44 +0000 (09:59 +0100)]
Update libmagic.patch

Some commits missed to update the patch file, so we're catching up on
this.

To generally make this easier, we back-port generate_patch.sh from
PHP-7.4, where we now also generate magic.h from magic.h.in.

4 years agoFix #79333: com_print_typeinfo() leaks memory
Christoph M. Becker [Mon, 2 Mar 2020 10:36:30 +0000 (11:36 +0100)]
Fix #79333: com_print_typeinfo() leaks memory

We have to free the `ansiname`s, regardless of whether they have been
put into the hashtable or not.

Since bug79299.phpt already shows the leak when run with a leak
checker, there is no need for another regression test.

4 years agoFix #79332: php_istreams are never freed
Christoph M. Becker [Mon, 2 Mar 2020 09:45:37 +0000 (10:45 +0100)]
Fix #79332: php_istreams are never freed

Releasing the `com_dotnet_istream_wrapper` in `istream_destructor()` is
pointless, since `istream_destructor()` is only called when the
resource is going to be released.  This recursion is not a real issue,
though, since the resource is never exposed to userland, and has at
most refcount 1, so due to well defined unsigned integer underflow, it
never is released twice.  However, returning early in this case causes
a memory leak which needs to be fixed.

4 years agoFixed bug #79062
Nikita Popov [Fri, 28 Feb 2020 16:06:05 +0000 (17:06 +0100)]
Fixed bug #79062

Back up the doc comment when performing heredoc scanahead.

4 years agoFix #79311: enchant_dict_suggest() fails on big endian architecture
Christoph M. Becker [Fri, 28 Feb 2020 12:18:00 +0000 (13:18 +0100)]
Fix #79311: enchant_dict_suggest() fails on big endian architecture

For obvious reasons, we must not assign a `size_t` value to an `int`
variable using memcpy().  However, there is actually no need for the
intermediate `n_sugg_st` here, if we use the proper types in the first
place.

A regression test is not necessary, because dict_suggest.phpt already
exhibits the erroneous behavior on big endian architectures.

4 years agoFix #79315 ZipArchive::addFile doesn't honor start/length parameters
Remi Collet [Fri, 28 Feb 2020 09:21:19 +0000 (10:21 +0100)]
Fix #79315 ZipArchive::addFile doesn't honor start/length parameters

4 years agoFixed incorrect overflow detection
Dmitry Stogov [Thu, 27 Feb 2020 20:37:41 +0000 (23:37 +0300)]
Fixed incorrect overflow detection

4 years agoAdd upgrading node regarding fix for bug #79271
Christoph M. Becker [Thu, 27 Feb 2020 09:32:24 +0000 (10:32 +0100)]
Add upgrading node regarding fix for bug #79271

Cf. <https://github.com/php/php-src/pull/5180#issuecomment-590259750>ff.

4 years agoFixed incorrect behavior of internal memory debugger
Dmitry Stogov [Thu, 27 Feb 2020 09:27:22 +0000 (12:27 +0300)]
Fixed incorrect behavior of internal memory debugger

4 years agoFix #64032: mysqli reports different client_version
Christoph M. Becker [Wed, 26 Feb 2020 17:33:25 +0000 (18:33 +0100)]
Fix #64032: mysqli reports different client_version

While `mysqli_get_client_version()` calls `mysql_get_client_version()`
to retrieve the client version, `mysql::$client_version` is initialized
to `MYSQL_VERSION_ID`.  Both should match though, and since the former
is the more useful information, we fix `mysql::$client_version`.

We do not add a regression test, because it would usually succeed
anyway, and we already have several tests with respective `assert()`s.

4 years agoFix #63206: Fully support error/exception_handler stacking, even with null or inside...
Mark Plomer [Mon, 24 Feb 2020 20:32:02 +0000 (21:32 +0100)]
Fix #63206: Fully support error/exception_handler stacking, even with null or inside the handler

Always push the current user_error/exception_handler to the stack,
even when it is empty, so restore_error_handler() always works as
expected.

The user_error_handler is especially temporarily empty when we are inside
the error handler, which caused inconsistent behaviour before.

4 years agoDon't treat any WS as start of header
Nikita Popov [Mon, 24 Feb 2020 09:19:58 +0000 (10:19 +0100)]
Don't treat any WS as start of header

Check that the header occurs after \n, not other whitespace
characters.

4 years agoReduce code duplication in HTTP header checks
Nikita Popov [Mon, 24 Feb 2020 08:58:29 +0000 (09:58 +0100)]
Reduce code duplication in HTTP header checks

4 years agoFixes #79265: Improper injection of Host header when using fopen for http requests
Miguel Xavier Penha Neto [Mon, 24 Feb 2020 05:04:37 +0000 (02:04 -0300)]
Fixes #79265: Improper injection of Host header when using fopen for http requests

Check all occurrences of the string "host:" (and other headers),
not just the first one.

4 years agoFix #79299: com_print_typeinfo prints duplicate variables
Christoph M. Becker [Sun, 23 Feb 2020 22:23:12 +0000 (23:23 +0100)]
Fix #79299: com_print_typeinfo prints duplicate variables

`lastid` has to retain its value during the traversal, so we move it to
an outer scope.

Patch contributed by Litiano Moura.

4 years agoFix #79294: ::columnType() may fail after SQLite3Stmt::reset()
Christoph M. Becker [Fri, 21 Feb 2020 12:24:37 +0000 (13:24 +0100)]
Fix #79294: ::columnType() may fail after SQLite3Stmt::reset()

The fix for feature request #53466 did not properly handle resetting of
the corresponding statement; the problem with this is that the
statement does not know about its result sets.  But even if we could
fix this, the `complete` handling still appears to be brittle, since
the `sqlite3_column_type()`docs[1] state:

| If the SQL statement does not currently point to a valid row, or if
| the column index is out of range, the result is undefined.

Fortunately, we can use `sqlite3_data_count()` instead, since[2]:

| If prepared statement P does not have results ready to return (via
| calls to the sqlite3_column() family of interfaces) then
| sqlite3_data_count(P) returns 0.

Thus, we guard `SQLite3::columnType()` with `sqlite3_data_count()`, and
completely drop updating the `php_sqlite3_result_object.complete`
field, but keep it for ABI BC purposes.

[1] <https://www.sqlite.org/c3ref/column_blob.html>
[2] <https://www.sqlite.org/c3ref/data_count.html>

4 years agoAdd test for bug #78569
Christoph M. Becker [Fri, 21 Feb 2020 09:30:51 +0000 (10:30 +0100)]
Add test for bug #78569

4 years agoFix NEWS [ci skip]
Christoph M. Becker [Thu, 20 Feb 2020 09:55:17 +0000 (10:55 +0100)]
Fix NEWS [ci skip]

Cosmetics.

4 years agoRemove extra tab in NEWS [ci skip]
Christoph M. Becker [Tue, 18 Feb 2020 10:09:37 +0000 (11:09 +0100)]
Remove extra tab in NEWS [ci skip]

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Remi Collet [Tue, 18 Feb 2020 10:00:49 +0000 (11:00 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  bump version to 7.2.29

4 years agobump version to 7.2.29
Remi Collet [Tue, 18 Feb 2020 10:00:28 +0000 (11:00 +0100)]
bump version to 7.2.29

4 years agoFix #79038: PDOStatement::nextRowset() leaks column values
Christoph M. Becker [Fri, 27 Dec 2019 12:20:11 +0000 (13:20 +0100)]
Fix #79038: PDOStatement::nextRowset() leaks column values

Firstly, we must not rely on `stmt->column_count` when freeing the
driver specific column values, but rather store the column count in
the driver data.  Since the column count is a `short`, 16 bit are
sufficient, so we can store it in reserved bits of `pdo_odbc_stmt`.

Furthermore, we must not allocate new column value storage when the
statement is not executed, but rather when the column value storage has
not been allocated.

Finally, we have to introduce a driver specific `cursor_closer` to
avoid that `::closeCursor()` calls `odbc_stmt_next_rowset()` which then
frees the column value storage, because it may be still needed for
bound columns.

4 years agoFix NEWS [ci skip]
Christoph M. Becker [Mon, 17 Feb 2020 18:35:42 +0000 (19:35 +0100)]
Fix NEWS [ci skip]

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Christoph M. Becker [Mon, 17 Feb 2020 18:22:15 +0000 (19:22 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Update NEWS [ci skip]

4 years agoUpdate NEWS [ci skip]
Christoph M. Becker [Mon, 17 Feb 2020 18:21:51 +0000 (19:21 +0100)]
Update NEWS [ci skip]

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Christoph M. Becker [Mon, 17 Feb 2020 18:08:04 +0000 (19:08 +0100)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Mark bug76348.phpt as online test
  Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
  Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress

4 years agoFix # 79171: heap-buffer-overflow in phar_extract_file
Christoph M. Becker [Sun, 26 Jan 2020 15:03:35 +0000 (16:03 +0100)]
Fix # 79171: heap-buffer-overflow in phar_extract_file

We must not access memory outside of the allocated buffer.

4 years agoFix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access...
Stanislav Malyshev [Sun, 16 Feb 2020 06:17:14 +0000 (22:17 -0800)]
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions

4 years agoFix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
Stanislav Malyshev [Sun, 16 Feb 2020 04:52:19 +0000 (20:52 -0800)]
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress

4 years agoFix #79271: DOMDocumentType::$childNodes is NULL
Christoph M. Becker [Fri, 14 Feb 2020 09:55:17 +0000 (10:55 +0100)]
Fix #79271: DOMDocumentType::$childNodes is NULL

Dom level 2 core, DOM level 3 core and the DOM living standard agree
that `childNodes` always return a `NodeList`, and never `null`.

4 years agoMark bug76348.phpt as online test
Nikita Popov [Tue, 19 Mar 2019 14:47:25 +0000 (15:47 +0100)]
Mark bug76348.phpt as online test

4 years agoFix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access...
Stanislav Malyshev [Sun, 16 Feb 2020 06:17:14 +0000 (22:17 -0800)]
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions

4 years agoFix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
Stanislav Malyshev [Sun, 16 Feb 2020 04:52:19 +0000 (20:52 -0800)]
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress