Merge branch 'PHP-5.4.40' into PHP-5.5.24

* PHP-5.4.40:
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  Fixed bug #68901 (use after free)
  Fixed bug #68740 (NULL Pointer Dereference)
  Fix bug #66550 (SQLite prepared statement use-after-free)
  Better fix for #68601 for perf https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
  Fix bug #68601 buffer read overflow in gd_gif_in.c
  Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
  Fixed bug #69293
  Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.

1 files changed, 5 insertions, 0 deletions

diff --git a/ext/fileinfo/fileinfo.c b/ext/fileinfo/fileinfo.c
index ead7585d6f..9f651afa7d 100644
--- a/ext/fileinfo/fileinfo.c
+++ b/ext/fileinfo/fileinfo.c
@@ -506,6 +506,11 @@ static void _php_finfo_get_type(INTERNAL_FUNCTION_PARAMETERS, int mode, int mime
 				RETVAL_FALSE;
 				goto clean;
 			}
+			if (CHECK_NULL_PATH(buffer, buffer_len)) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid path");
+				RETVAL_FALSE;
+				goto clean;
+			}
 
 			wrap = php_stream_locate_url_wrapper(buffer, &tmp2, 0 TSRMLS_CC);