diff options
| author | Tjerk Meesters <datibbaw@php.net> | 2015-08-15 16:29:12 +0800 |
|---|---|---|
| committer | Tjerk Meesters <datibbaw@php.net> | 2015-08-15 16:49:30 +0800 |
| commit | 0bd7d7a3691cee4e916d1008500cf21b80e03056 (patch) | |
| tree | 3060ccc058447c56c4e42dfbefad42e2a4311552 | |
| parent | c63b50557318132723494d945ae284f517ab2e16 (diff) | |
| parent | b0c5439b5f1874070b1baae2dd4c70530b724da1 (diff) | |
| download | php-git-0bd7d7a3691cee4e916d1008500cf21b80e03056.tar.gz | |
Merge branch 'PHP-5.6'
* PHP-5.6:
Updated NEWS for #70157
Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED
| -rw-r--r-- | Zend/zend_ini_parser.y | 18 | ||||
| -rw-r--r-- | ext/standard/basic_functions.c | 8 | ||||
| -rw-r--r-- | ext/standard/tests/general_functions/bug70157.phpt | 29 |
3 files changed, 48 insertions, 7 deletions
diff --git a/Zend/zend_ini_parser.y b/Zend/zend_ini_parser.y index 565d83eef8..2bcebe8a03 100644 --- a/Zend/zend_ini_parser.y +++ b/Zend/zend_ini_parser.y @@ -102,8 +102,16 @@ static void zend_ini_init_string(zval *result) */ static void zend_ini_add_string(zval *result, zval *op1, zval *op2) { - int op1_len = (int)Z_STRLEN_P(op1); - int length = op1_len + (int)Z_STRLEN_P(op2); + int length, op1_len; + + if (Z_TYPE_P(op1) != IS_STRING) { + zend_string *str = zval_get_string(op1); + ZVAL_PSTRINGL(op1, str->val, str->len); + zend_string_release(str); + } + + op1_len = (int)Z_STRLEN_P(op1); + length = op1_len + (int)Z_STRLEN_P(op2); ZVAL_NEW_STR(result, zend_string_extend(Z_STR_P(op1), length, 1)); memcpy(Z_STRVAL_P(result)+op1_len, Z_STRVAL_P(op2), Z_STRLEN_P(op2)); @@ -300,7 +308,11 @@ statement: #endif ZEND_INI_PARSER_CB(&$1, &$5, &$2, ZEND_INI_PARSER_POP_ENTRY, ZEND_INI_PARSER_ARG); zend_string_release(Z_STR($1)); - zend_string_release(Z_STR($2)); + if (Z_TYPE($2) == IS_STRING) { + zend_string_release(Z_STR($2)); + } else { + zval_dtor(&$2); + } zval_ptr_dtor(&$5); } | TC_LABEL { ZEND_INI_PARSER_CB(&$1, NULL, NULL, ZEND_INI_PARSER_ENTRY, ZEND_INI_PARSER_ARG); zend_string_release(Z_STR($1)); } diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 3f03275aa5..8b83d558d3 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -5845,11 +5845,11 @@ static void php_simple_ini_parser_cb(zval *arg1, zval *arg2, zval *arg3, int cal } ZVAL_DUP(&element, arg2); - - if (arg3 && Z_STRLEN_P(arg3) > 0) { - zend_symtable_update(Z_ARRVAL_P(find_hash), Z_STR_P(arg3), &element); - } else { + if (!arg3 || (Z_TYPE_P(arg3) == IS_STRING && Z_STRLEN_P(arg3) == 0)) { add_next_index_zval(find_hash, &element); + } else { + array_set_zval_key(Z_ARRVAL_P(find_hash), arg3, &element); + zval_ptr_dtor(&element); } } break; diff --git a/ext/standard/tests/general_functions/bug70157.phpt b/ext/standard/tests/general_functions/bug70157.phpt new file mode 100644 index 0000000000..f593682051 --- /dev/null +++ b/ext/standard/tests/general_functions/bug70157.phpt @@ -0,0 +1,29 @@ +--TEST-- +parse_ini_string() crashes on values starting with number or unquoted strings +--FILE-- +<?php + +$contents = <<<EOS +[agatha.christie] +title = 10 little indians +foo[123] = E_ALL & ~E_DEPRECATED +foo[456] = 123 +EOS; + +var_dump(parse_ini_string($contents, false, INI_SCANNER_TYPED)); + +?> +Done +--EXPECTF-- +array(%d) { + ["title"]=> + string(%d) "10 little indians" + ["foo"]=> + array(%d) { + [123]=> + string(%d) "24575" + [456]=> + int(123) + } +} +Done |