Merge branch 'master' of git.php.net:php-src

* 'master' of git.php.net:php-src:
  add test for bug #70898
  Also protects this one
  Update NEWS
  Re-fixed #70895
  Revert "Fixed bug Bug #70895 null ptr deref and segfault"
  Revert "refix bug #70895"
  Revert "Fixed bug #70898 (SIGBUS/GPF zend_mm_alloc_small (zend_alloc.c:1291))"
  Fixed bug #70898 (SIGBUS/GPF zend_mm_alloc_small (zend_alloc.c:1291))
  Using default port in ldap_connect when NULL is passed (this was the behavior prior to 5.6.11)
  update NEWS
  refix bug #70895
  Fixed bug Bug #70895 null ptr deref and segfault

4 files changed, 42 insertions, 2 deletions

diff --git a/Zend/tests/bug70895.phpt b/Zend/tests/bug70895.phpt
new file mode 100644
index 0000000000..e6df09c9ac
--- /dev/null
+++ b/Zend/tests/bug70895.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #70895 null ptr deref and segfault with crafted calable
+--FILE--
+<?php
+
+array_map("%n", 0);
+array_map("%n %i", 0);
+array_map("%n %i aoeu %f aoeu %p", 0);
+?>
+--EXPECTREGEX--
+Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n' not found or invalid function name in .+
+
+Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n %i' not found or invalid function name in .+
+
+Warning: array_map\(\) expects parameter 1 to be a valid callback, function '%n %i aoeu %f aoeu %p' not found or invalid function name in .+bug70895.php on line \d+
diff --git a/Zend/tests/bug70898.phpt b/Zend/tests/bug70898.phpt
new file mode 100644
index 0000000000..6308ddc742
--- /dev/null
+++ b/Zend/tests/bug70898.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #70895 null ptr deref and segfault with crafted calable
+--FILE--
+<?php 
+	function m($f,$a){
+		return array_map($f,0);
+	}
+
+	echo implode(m("",m("",m("",m("",m("0000000000000000000000000000000000",("")))))));
+?>
+--EXPECTF--
+Warning: array_map() expects parameter 1 to be a valid callback, function '0000000000000000000000000000000000' not found or invalid function name in %sbug70898.php on line %d
+
+Warning: array_map() expects parameter 1 to be a valid callback, function '' not found or invalid function name in %sbug70898.php on line %d
+
+Warning: array_map() expects parameter 1 to be a valid callback, function '' not found or invalid function name in %sbug70898.php on line %d
+
+Warning: array_map() expects parameter 1 to be a valid callback, function '' not found or invalid function name in %sbug70898.php on line %d
+
+Warning: array_map() expects parameter 1 to be a valid callback, function '' not found or invalid function name in %sbug70898.php on line %d
+
+Warning: implode(): Argument must be an array in %sbug70898.php on line %d
diff --git a/Zend/zend.c b/Zend/zend.c
index 27e807067f..ec520b8b0b 100644
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -1316,7 +1316,7 @@ ZEND_API ZEND_COLD void zend_throw_error(zend_class_entry *exception_ce, const c
 	if (EG(current_execute_data) && !CG(in_compilation)) {
 		zend_throw_exception(exception_ce, message, 0);
 	} else {
-		zend_error(E_ERROR, message);
+		zend_error(E_ERROR, "%s", message);
 	}
 
 	efree(message);
@@ -1346,7 +1346,7 @@ ZEND_API ZEND_COLD void zend_internal_type_error(zend_bool throw_exception, cons
 	if (throw_exception) {
 		zend_throw_exception(zend_ce_type_error, message, 0);
 	} else {
-		zend_error(E_WARNING, message);
+		zend_error(E_WARNING, "%s", message);
 	}
 	efree(message);
 
diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
index e0faf24b16..f4dc087fac 100644
--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
@@ -345,6 +345,9 @@ PHP_FUNCTION(ldap_connect)
 		RETURN_FALSE;
 	}
 #endif
+	if (!port) {
+		port = LDAP_PORT;
+	}
 
 	if (LDAPG(max_links) != -1 && LDAPG(num_links) >= LDAPG(max_links)) {
 		php_error_docref(NULL, E_WARNING, "Too many open links (%pd)", LDAPG(num_links));