Merge branch 'master' of https://git.php.net/repository/php-src

* 'master' of https://git.php.net/repository/php-src:
  Make message and format arguments const char * to avoid build warning about invalid cast.
  Copy dba_*() keys before converting to string.

4 files changed, 65 insertions, 14 deletions

diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c
index 14ae75e38d..c7f157c4d5 100644
--- a/Zend/zend_exceptions.c
+++ b/Zend/zend_exceptions.c
@@ -560,7 +560,7 @@ ZEND_METHOD(exception, getPrevious)
 	RETURN_ZVAL(previous, 1, 0);
 }
 
-int zend_spprintf(char **message, int max_len, char *format, ...) /* {{{ */
+int zend_spprintf(char **message, int max_len, const char *format, ...) /* {{{ */
 {
 	va_list arg;
 	int len;
@@ -732,7 +732,7 @@ ZEND_API zend_class_entry *zend_get_error_exception(TSRMLS_D) /* {{{ */
 }
 /* }}} */
 
-ZEND_API zval * zend_throw_exception(zend_class_entry *exception_ce, char *message, long code TSRMLS_DC) /* {{{ */
+ZEND_API zval * zend_throw_exception(zend_class_entry *exception_ce, const char *message, long code TSRMLS_DC) /* {{{ */
 {
 	zval *ex;
 
@@ -760,7 +760,7 @@ ZEND_API zval * zend_throw_exception(zend_class_entry *exception_ce, char *messa
 }
 /* }}} */
 
-ZEND_API zval * zend_throw_exception_ex(zend_class_entry *exception_ce, long code TSRMLS_DC, char *format, ...) /* {{{ */
+ZEND_API zval * zend_throw_exception_ex(zend_class_entry *exception_ce, long code TSRMLS_DC, const char *format, ...) /* {{{ */
 {
 	va_list arg;
 	char *message;
@@ -775,7 +775,7 @@ ZEND_API zval * zend_throw_exception_ex(zend_class_entry *exception_ce, long cod
 }
 /* }}} */
 
-ZEND_API zval * zend_throw_error_exception(zend_class_entry *exception_ce, char *message, long code, int severity TSRMLS_DC) /* {{{ */
+ZEND_API zval * zend_throw_error_exception(zend_class_entry *exception_ce, const char *message, long code, int severity TSRMLS_DC) /* {{{ */
 {
 	zval *ex = zend_throw_exception(exception_ce, message, code TSRMLS_CC);
 	zend_update_property_long(default_exception_ce, ex, "severity", sizeof("severity")-1, severity TSRMLS_CC);
diff --git a/Zend/zend_exceptions.h b/Zend/zend_exceptions.h
index 82633530d6..81c8a1f213 100644
--- a/Zend/zend_exceptions.h
+++ b/Zend/zend_exceptions.h
@@ -40,12 +40,12 @@ ZEND_API void zend_register_default_classes(TSRMLS_D);
 
 /* exception_ce   NULL or zend_exception_get_default() or a derived class
  * message        NULL or the message of the exception */
-ZEND_API zval * zend_throw_exception(zend_class_entry *exception_ce, char *message, long code TSRMLS_DC);
-ZEND_API zval * zend_throw_exception_ex(zend_class_entry *exception_ce, long code TSRMLS_DC, char *format, ...);
+ZEND_API zval * zend_throw_exception(zend_class_entry *exception_ce, const char *message, long code TSRMLS_DC);
+ZEND_API zval * zend_throw_exception_ex(zend_class_entry *exception_ce, long code TSRMLS_DC, const char *format, ...);
 ZEND_API void zend_throw_exception_object(zval *exception TSRMLS_DC);
 ZEND_API void zend_clear_exception(TSRMLS_D);
 
-ZEND_API zval * zend_throw_error_exception(zend_class_entry *exception_ce, char *message, long code, int severity TSRMLS_DC);
+ZEND_API zval * zend_throw_error_exception(zend_class_entry *exception_ce, const char *message, long code, int severity TSRMLS_DC);
 
 extern ZEND_API void (*zend_throw_exception_hook)(zval *ex TSRMLS_DC);
 
@@ -53,7 +53,7 @@ extern ZEND_API void (*zend_throw_exception_hook)(zval *ex TSRMLS_DC);
 ZEND_API void zend_exception_error(zval *exception, int severity TSRMLS_DC);
 
 /* do not export, in php it's available thru spprintf directly */
-int zend_spprintf(char **message, int max_len, char *format, ...);
+int zend_spprintf(char **message, int max_len, const char *format, ...);
 
 END_EXTERN_C()
 
diff --git a/ext/dba/dba.c b/ext/dba/dba.c
index 8005101de3..50a94dd2ad 100644
--- a/ext/dba/dba.c
+++ b/ext/dba/dba.c
@@ -226,12 +226,17 @@ static size_t php_dba_make_key(zval *key, char **key_str, char **key_free TSRMLS
 		*key_free = *key_str;
 		return len;
 	} else {
-		*key_free = NULL;
+		zval tmp = *key;
+		int len;
 
-		convert_to_string(key);
-		*key_str = Z_STRVAL_P(key);
+		zval_copy_ctor(&tmp);
+		convert_to_string(&tmp);
 
-		return Z_STRLEN_P(key);
+		*key_free = *key_str = estrndup(Z_STRVAL(tmp), Z_STRLEN(tmp));
+		len = Z_STRLEN(tmp);
+
+		zval_dtor(&tmp);
+		return len;
 	}
 }
 /* }}} */
@@ -297,6 +302,14 @@ static size_t php_dba_make_key(zval *key, char **key_str, char **key_free TSRMLS
 		RETURN_FALSE; \
 	}
 
+/* the same check, but with a call to DBA_ID_DONE before returning */
+#define DBA_WRITE_CHECK_WITH_ID \
+	if(info->mode != DBA_WRITER && info->mode != DBA_TRUNC && info->mode != DBA_CREAT) { \
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "You cannot perform a modification to a database without proper access"); \
+		DBA_ID_DONE; \
+		RETURN_FALSE; \
+	}
+
 /* }}} */
 
 /* {{{ globals */
@@ -557,7 +570,7 @@ static void php_dba_update(INTERNAL_FUNCTION_PARAMETERS, int mode)
 
 	DBA_FETCH_RESOURCE(info, &id);
 
-	DBA_WRITE_CHECK;
+	DBA_WRITE_CHECK_WITH_ID;
 
 	if (info->hnd->update(info, key_str, key_len, val, val_len, mode TSRMLS_CC) == SUCCESS) {
 		DBA_ID_DONE;
@@ -1110,7 +1123,7 @@ PHP_FUNCTION(dba_delete)
 {
 	DBA_ID_GET2;
 	
-	DBA_WRITE_CHECK;
+	DBA_WRITE_CHECK_WITH_ID;
 	
 	if(info->hnd->delete(info, key_str, key_len TSRMLS_CC) == SUCCESS)
 	{
diff --git a/ext/dba/tests/bug65708.phpt b/ext/dba/tests/bug65708.phpt
new file mode 100644
index 0000000000..b77138f6ed
--- /dev/null
+++ b/ext/dba/tests/bug65708.phpt
@@ -0,0 +1,38 @@
+--TEST--
+Bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write)
+--SKIPIF--
+<?php 
+	require_once(dirname(__FILE__) .'/skipif.inc');
+?>
+--FILE--
+<?php
+
+error_reporting(E_ALL);
+
+require_once(dirname(__FILE__) .'/test.inc');
+
+$db = dba_popen($db_filename, 'c');
+
+$key = 1;
+$copy = $key;
+
+echo gettype($key)."\n";
+echo gettype($copy)."\n";
+
+dba_exists($key, $db);
+
+echo gettype($key)."\n";
+echo gettype($copy)."\n";
+
+dba_close($db);
+
+?>
+--CLEAN--
+<?php 
+	require(dirname(__FILE__) .'/clean.inc'); 
+?>
+--EXPECT--
+integer
+integer
+integer
+integer