diff options
Diffstat (limited to 'ext')
22 files changed, 383 insertions, 60 deletions
diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch index bb9a0dafae..8b0b9a8911 100644 --- a/ext/fileinfo/libmagic.patch +++ b/ext/fileinfo/libmagic.patch @@ -822,7 +822,16 @@ diff -u libmagic.orig/ascmagic.c libmagic/ascmagic.c } diff -u libmagic.orig/cdf.c libmagic/cdf.c --- libmagic.orig/cdf.c Tue Feb 26 17:20:42 2013 -+++ libmagic/cdf.c Tue May 27 22:28:51 2014 ++++ libmagic/cdf.c Tue Jul 1 08:57:25 2014 +@@ -35,7 +35,7 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: cdf.c,v 1.53 2013/02/26 16:20:42 christos Exp $") ++FILE_RCSID("@(#)$File: cdf.c,v 1.55 2014/02/27 23:26:17 christos Exp $") + #endif + + #include <assert.h> @@ -43,7 +43,17 @@ #include <err.h> #endif @@ -841,7 +850,25 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c #include <string.h> #include <time.h> #include <ctype.h> -@@ -296,7 +306,10 @@ +@@ -267,13 +277,15 @@ + { + const char *b = (const char *)sst->sst_tab; + const char *e = ((const char *)p) + tail; ++ size_t ss = sst->sst_dirlen < h->h_min_size_standard_stream ? ++ CDF_SHORT_SEC_SIZE(h) : CDF_SEC_SIZE(h); + (void)&line; +- if (e >= b && (size_t)(e - b) <= CDF_SEC_SIZE(h) * sst->sst_len) ++ if (e >= b && (size_t)(e - b) <= ss * sst->sst_len) + return 0; + DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u" + " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" + SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), +- CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); ++ ss * sst->sst_len, ss, sst->sst_len)); + errno = EFTYPE; + return -1; + } +@@ -296,7 +308,10 @@ if (info->i_fd == -1) return -1; @@ -853,7 +880,77 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c return -1; return (ssize_t)len; -@@ -810,6 +823,10 @@ +@@ -352,10 +367,10 @@ + size_t ss = CDF_SHORT_SEC_SIZE(h); + size_t pos = CDF_SHORT_SEC_POS(h, id); + assert(ss == len); +- if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { ++ if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) { + DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" + SIZE_T_FORMAT "u\n", +- pos, CDF_SEC_SIZE(h) * sst->sst_len)); ++ pos + len, CDF_SEC_SIZE(h) * sst->sst_len)); + return -1; + } + (void)memcpy(((char *)buf) + offs, +@@ -455,7 +470,8 @@ + cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size) + { + size_t i, j; +- cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size); ++ cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size) ++ / sizeof(maxsector)); + + DPRINTF(("Chain:")); + for (j = i = 0; sid >= 0; i++, j++) { +@@ -465,8 +481,8 @@ + errno = EFTYPE; + return (size_t)-1; + } +- if (sid > maxsector) { +- DPRINTF(("Sector %d > %d\n", sid, maxsector)); ++ if (sid >= maxsector) { ++ DPRINTF(("Sector %d >= %d\n", sid, maxsector)); + errno = EFTYPE; + return (size_t)-1; + } +@@ -675,11 +691,13 @@ + + int + cdf_read_short_stream(const cdf_info_t *info, const cdf_header_t *h, +- const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn) ++ const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn, ++ const cdf_directory_t **root) + { + size_t i; + const cdf_directory_t *d; + ++ *root = NULL; + for (i = 0; i < dir->dir_len; i++) + if (dir->dir_tab[i].d_type == CDF_DIR_TYPE_ROOT_STORAGE) + break; +@@ -688,6 +706,7 @@ + if (i == dir->dir_len) + goto out; + d = &dir->dir_tab[i]; ++ *root = d; + + /* If the it is not there, just fake it; some docs don't have it */ + if (d->d_stream_first_sector < 0) +@@ -796,7 +815,11 @@ + if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) + goto out; + for (i = 0; i < sh.sh_properties; i++) { +- size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); ++ size_t ofs, tail = (i << 1) + 1; ++ if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t), ++ __LINE__) == -1) ++ goto out; ++ ofs = CDF_GETUINT32(p, tail); + q = (const uint8_t *)(const void *) + ((const char *)(const void *)p + ofs + - 2 * sizeof(uint32_t)); +@@ -810,6 +833,10 @@ i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { nelements = CDF_GETUINT32(q, 1); @@ -864,7 +961,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c o = 2; } else { nelements = 1; -@@ -884,7 +901,9 @@ +@@ -884,7 +911,9 @@ } DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", nelements)); @@ -875,7 +972,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; inp[i].pi_str.s_buf = (const char *) -@@ -929,7 +948,7 @@ +@@ -929,7 +958,7 @@ cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) { @@ -884,7 +981,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c const cdf_summary_info_header_t *si = CAST(const cdf_summary_info_header_t *, sst->sst_tab); const cdf_section_declaration_t *sd = -@@ -944,21 +963,13 @@ +@@ -944,21 +973,13 @@ ssi->si_os = CDF_TOLE2(si->si_os); ssi->si_class = si->si_class; cdf_swap_class(&ssi->si_class); @@ -909,7 +1006,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c return 0; } -@@ -1132,7 +1143,7 @@ +@@ -1132,7 +1153,7 @@ cdf_directory_t *d; char name[__arraycount(d->d_name)]; cdf_stream_t scn; @@ -918,7 +1015,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c static const char *types[] = { "empty", "user storage", "user stream", "lockbytes", "property", "root storage" }; -@@ -1185,7 +1196,7 @@ +@@ -1185,7 +1206,7 @@ cdf_dump_property_info(const cdf_property_info_t *info, size_t count) { cdf_timestamp_t tp; @@ -927,7 +1024,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c char buf[64]; size_t i, j; -@@ -1229,7 +1240,11 @@ +@@ -1229,7 +1250,11 @@ break; case CDF_FILETIME: tp = info[i].pi_tp; @@ -941,7 +1038,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c } else { diff -u libmagic.orig/cdf.h libmagic/cdf.h --- libmagic.orig/cdf.h Thu Jun 21 00:19:55 2012 -+++ libmagic/cdf.h Tue May 27 22:28:51 2014 ++++ libmagic/cdf.h Thu Jun 5 18:05:33 2014 @@ -35,10 +35,12 @@ #ifndef _H_CDF_ #define _H_CDF_ @@ -982,6 +1079,16 @@ diff -u libmagic.orig/cdf.h libmagic/cdf.h int cdf_read_header(const cdf_info_t *, cdf_header_t *); void cdf_swap_header(cdf_header_t *); void cdf_unpack_header(cdf_header_t *, char *); +@@ -294,7 +300,8 @@ + int cdf_read_ssat(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *, + cdf_sat_t *); + int cdf_read_short_stream(const cdf_info_t *, const cdf_header_t *, +- const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *); ++ const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *, ++ const cdf_directory_t **); + int cdf_read_property_info(const cdf_stream_t *, const cdf_header_t *, uint32_t, + cdf_property_info_t **, size_t *, size_t *); + int cdf_read_summary_info(const cdf_info_t *, const cdf_header_t *, diff -u libmagic.orig/cdf_time.c libmagic/cdf_time.c --- libmagic.orig/cdf_time.c Thu Jun 21 00:18:33 2012 +++ libmagic/cdf_time.c Fri Feb 21 00:21:27 2014 @@ -2599,8 +2706,13 @@ diff -u libmagic.orig/print.c libmagic/print.c } diff -u libmagic.orig/readcdf.c libmagic/readcdf.c --- libmagic.orig/readcdf.c Tue Jan 7 04:13:42 2014 -+++ libmagic/readcdf.c Tue May 27 22:28:51 2014 -@@ -30,7 +30,11 @@ ++++ libmagic/readcdf.c Thu Jun 5 18:05:33 2014 +@@ -26,11 +26,15 @@ + #include "file.h" + + #ifndef lint +-FILE_RCSID("@(#)$File: readcdf.c,v 1.37 2014/01/06 13:41:18 rrt Exp $") ++FILE_RCSID("@(#)$File: readcdf.c,v 1.40 2014/03/06 15:23:33 christos Exp $") #endif #include <stdlib.h> @@ -2612,7 +2724,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c #include <string.h> #include <time.h> #include <ctype.h> -@@ -69,6 +73,10 @@ +@@ -69,6 +73,44 @@ { NULL, NULL, }, }; @@ -2620,10 +2732,49 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c +# define strcasestr strstr +#endif + ++static const struct cv { ++ uint64_t clsid[2]; ++ const char *mime; ++} clsid2mime[] = { ++ { ++#ifdef PHP_WIN32 ++ { 0x00000000000c1084ui64, 0x46000000000000c0ui64 }, ++#else ++ { 0x00000000000c1084LLU, 0x46000000000000c0LLU }, ++#endif ++ "x-msi", ++ } ++}, clsid2desc[] = { ++ { ++#ifdef PHP_WIN32 ++ { 0x00000000000c1084ui64, 0x46000000000000c0ui64 }, ++#else ++ { 0x00000000000c1084LLU, 0x46000000000000c0LLU }, ++#endif ++ "MSI Installer", ++ }, ++}; ++ ++private const char * ++cdf_clsid_to_mime(const uint64_t clsid[2], const struct cv *cv) ++{ ++ size_t i; ++ for (i = 0; cv[i].mime != NULL; i++) { ++ if (clsid[0] == cv[i].clsid[0] && clsid[1] == cv[i].clsid[1]) ++ return cv[i].mime; ++ } ++ return NULL; ++} ++ private const char * cdf_app_to_mime(const char *vbuf, const struct nv *nv) { -@@ -91,12 +99,14 @@ +@@ -87,16 +129,21 @@ + + private int + cdf_file_property_info(struct magic_set *ms, const cdf_property_info_t *info, +- size_t count) ++ size_t count, const cdf_directory_t *root_storage) { size_t i; cdf_timestamp_t tp; @@ -2636,10 +2787,22 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c + memset(&ts, 0, sizeof(ts)); + ++ if (!NOTMIME(ms) && root_storage) ++ str = cdf_clsid_to_mime(root_storage->d_storage_uuid, clsid2mime); ++ for (i = 0; i < count; i++) { cdf_print_property_name(buf, sizeof(buf), info[i].pi_id); switch (info[i].pi_type) { -@@ -162,8 +172,12 @@ +@@ -153,7 +200,7 @@ + buf, vbuf) == -1) + return -1; + } +- } else if (info[i].pi_id == ++ } else if (str == NULL && info[i].pi_id == + CDF_PROPERTY_NAME_OF_APPLICATION) { + str = cdf_app_to_mime(vbuf, app2mime); + } +@@ -162,8 +209,12 @@ case CDF_FILETIME: tp = info[i].pi_tp; if (tp != 0) { @@ -2654,7 +2817,7 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c cdf_print_elapsed_time(tbuf, sizeof(tbuf), tp); if (NOTMIME(ms) && file_printf(ms, -@@ -171,8 +185,11 @@ +@@ -171,8 +222,11 @@ return -1; } else { char *c, *ec; @@ -2668,6 +2831,91 @@ diff -u libmagic.orig/readcdf.c libmagic/readcdf.c if (c != NULL && (ec = strchr(c, '\n')) != NULL) *ec = '\0'; +@@ -200,7 +254,7 @@ + + private int + cdf_file_summary_info(struct magic_set *ms, const cdf_header_t *h, +- const cdf_stream_t *sst) ++ const cdf_stream_t *sst, const cdf_directory_t *root_storage) + { + cdf_summary_info_header_t si; + cdf_property_info_t *info; +@@ -211,6 +265,8 @@ + return -1; + + if (NOTMIME(ms)) { ++ const char *str; ++ + if (file_printf(ms, "Composite Document File V2 Document") + == -1) + return -1; +@@ -238,9 +294,15 @@ + return -2; + break; + } +- } ++ if (root_storage) { ++ str = cdf_clsid_to_mime(root_storage->d_storage_uuid, clsid2desc); ++ if (str) ++ if (file_printf(ms, ", %s", str) == -1) ++ return -2; ++ } ++ } + +- m = cdf_file_property_info(ms, info, count); ++ m = cdf_file_property_info(ms, info, count, root_storage); + free(info); + + return m == -1 ? -2 : m; +@@ -258,6 +320,7 @@ + int i; + const char *expn = ""; + const char *corrupt = "corrupt: "; ++ const cdf_directory_t *root_storage; + + info.i_fd = fd; + info.i_buf = buf; +@@ -291,7 +354,8 @@ + goto out2; + } + +- if ((i = cdf_read_short_stream(&info, &h, &sat, &dir, &sst)) == -1) { ++ if ((i = cdf_read_short_stream(&info, &h, &sat, &dir, &sst, ++ &root_storage)) == -1) { + expn = "Cannot read short stream"; + goto out3; + } +@@ -312,23 +376,21 @@ + #ifdef CDF_DEBUG + cdf_dump_summary_info(&h, &scn); + #endif +- if ((i = cdf_file_summary_info(ms, &h, &scn)) < 0) +- expn = "Can't expand summary_info"; ++ if ((i = cdf_file_summary_info(ms, &h, &scn, root_storage)) < 0) ++ expn = "Can't expand summary_info"; ++ + if (i == 0) { + const char *str = NULL; + cdf_directory_t *d; + char name[__arraycount(d->d_name)]; + size_t j, k; +- for (j = 0; j < dir.dir_len; j++) { ++ ++ for (j = 0; str == NULL && j < dir.dir_len; j++) { + d = &dir.dir_tab[j]; + for (k = 0; k < sizeof(name); k++) + name[k] = (char)cdf_tole2(d->d_name[k]); +- if (NOTMIME(ms)) +- str = cdf_app_to_mime(name, name2desc); +- else +- str = cdf_app_to_mime(name, name2mime); +- if (str != NULL) +- break; ++ str = cdf_app_to_mime(name, ++ NOTMIME(ms) ? name2desc : name2mime); + } + if (NOTMIME(ms)) { + if (str != NULL) { diff -u libmagic.orig/readelf.c libmagic/readelf.c --- libmagic.orig/readelf.c Tue Nov 5 16:44:01 2013 +++ libmagic/readelf.c Fri Feb 21 00:21:27 2014 @@ -2915,7 +3163,7 @@ diff -u libmagic.orig/readelf.h libmagic/readelf.h typedef uint8_t Elf64_Char; diff -u libmagic.orig/softmagic.c libmagic/softmagic.c --- libmagic.orig/softmagic.c Thu Feb 13 00:20:53 2014 -+++ libmagic/softmagic.c Sun Mar 9 13:14:07 2014 ++++ libmagic/softmagic.c Tue Jul 1 08:57:25 2014 @@ -50,6 +50,11 @@ #include <locale.h> #endif @@ -3050,7 +3298,29 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c break; \ } \ -@@ -1178,9 +1162,6 @@ +@@ -931,10 +915,18 @@ + return 1; + } + case FILE_PSTRING: { +- char *ptr1 = p->s, *ptr2 = ptr1 + file_pstring_length_size(m); ++ size_t sz = file_pstring_length_size(m); ++ char *ptr1 = p->s, *ptr2 = ptr1 + sz; + size_t len = file_pstring_get_length(m, ptr1); +- if (len >= sizeof(p->s)) +- len = sizeof(p->s) - 1; ++ if (len >= sizeof(p->s)) { ++ /* ++ * The size of the pascal string length (sz) ++ * is 1, 2, or 4. We need at least 1 byte for NUL ++ * termination, but we've already truncated the ++ * string by p->s, so we need to deduct sz. ++ */ ++ len = sizeof(p->s) - sz; ++ } + while (len--) + *ptr1++ = *ptr2++; + *ptr1 = '\0'; +@@ -1178,9 +1170,6 @@ "nbytes=%zu, count=%u)\n", m->type, m->flag, offset, o, nbytes, count); mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); @@ -3060,7 +3330,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c } if (m->flag & INDIR) { -@@ -1679,9 +1660,6 @@ +@@ -1679,9 +1668,6 @@ if ((ms->flags & MAGIC_DEBUG) != 0) { mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE)); @@ -3070,7 +3340,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c } } -@@ -1755,11 +1733,21 @@ +@@ -1755,11 +1741,21 @@ ms->offset = soffset; if (rv == 1) { if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && @@ -3095,7 +3365,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c } return rv; -@@ -1875,6 +1863,42 @@ +@@ -1875,6 +1871,42 @@ return file_strncmp(a, b, len, flags); } @@ -3138,13 +3408,16 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c private int magiccheck(struct magic_set *ms, struct magic *m) { -@@ -2035,63 +2059,151 @@ +@@ -2035,63 +2067,151 @@ break; } case FILE_REGEX: { - int rc; - regex_t rx; - char errmsg[512]; +- +- if (ms->search.s == NULL) +- return 0; + zval *pattern; + int options = 0; + pcre_cache_entry *pce; @@ -3281,9 +3554,6 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c + } + } -- if (ms->search.s == NULL) -- return 0; - - l = 0; - rc = regcomp(&rx, m->value.s, - REG_EXTENDED|REG_NEWLINE| @@ -3318,7 +3588,7 @@ diff -u libmagic.orig/softmagic.c libmagic/softmagic.c - (size_t)(pmatch[0].rm_eo - pmatch[0].rm_so); - v = 0; - break; -- + - case REG_NOMATCH: + } else { v = 1; @@ -3354,4 +3624,3 @@ diff -u libmagic.orig/strcasestr.c libmagic/strcasestr.c #include <assert.h> #include <ctype.h> #include <string.h> - diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 21b5847f2d..f1e184914d 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -269,8 +269,7 @@ static char* get_icu_value_internal( const char* loc_name , char* tag_name, int* grOffset = findOffset( LOC_GRANDFATHERED , loc_name ); if( grOffset >= 0 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - tag_value = estrdup(loc_name); - return tag_value; + return estrdup(loc_name); } else { /* Since Grandfathered , no value , do nothing , retutn NULL */ return NULL; @@ -280,8 +279,8 @@ static char* get_icu_value_internal( const char* loc_name , char* tag_name, int* if( fromParseLocale==1 ){ /* Handle singletons */ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - if( strlen(loc_name)>1 && (isIDPrefix(loc_name) ==1 ) ){ - return (char *)loc_name; + if( strlen(loc_name)>1 && (isIDPrefix(loc_name) == 1) ){ + return estrdup(loc_name); } } @@ -498,6 +497,14 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME RETURN_FALSE; } + if(loc_name_len > ULOC_FULLNAME_CAPACITY) { + /* See bug 67397: overlong locale names cause trouble in uloc_getDisplayName */ + spprintf(&msg , 0, "locale_get_display_%s : name too long", tag_name ); + intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC ); + efree(msg); + RETURN_FALSE; + } + if(loc_name_len == 0) { loc_name = intl_locale_get_default(TSRMLS_C); } diff --git a/ext/intl/tests/bug62082.phpt b/ext/intl/tests/bug62082.phpt index e6ca73e300..dab1252afd 100644 --- a/ext/intl/tests/bug62082.phpt +++ b/ext/intl/tests/bug62082.phpt @@ -10,6 +10,7 @@ var_dump(locale_get_display_name(str_repeat("a", 300), null)); var_dump(locale_get_display_name(str_repeat("a", 512), null)); var_dump(locale_get_display_name(str_repeat("a", 600), null)); --EXPECT-- -string(300) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -string(512) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -string(600) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +bool(false) +bool(false) +bool(false) + diff --git a/ext/intl/tests/bug67397.phpt b/ext/intl/tests/bug67397.phpt new file mode 100644 index 0000000000..b2b2911f8a --- /dev/null +++ b/ext/intl/tests/bug67397.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) +--SKIPIF-- +<?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?> +--FILE-- +<?php + +function ut_main() +{ + $ret = var_export(ut_loc_get_display_name(str_repeat('*', 256), 'en_us'), true); + $ret .= "\n"; + $ret .= var_export(intl_get_error_message(), true); + return $ret; +} + +include_once( 'ut_common.inc' ); +ut_run(); +?> +--EXPECTF-- +false +'locale_get_display_name : name too long: U_ILLEGAL_ARGUMENT_ERROR' diff --git a/ext/intl/tests/dateformat_localtime.phpt b/ext/intl/tests/dateformat_localtime.phpt index 79f297db74..4d185c232d 100644 --- a/ext/intl/tests/dateformat_localtime.phpt +++ b/ext/intl/tests/dateformat_localtime.phpt @@ -3,6 +3,8 @@ datefmt_localtime_code() icu <= 4.2 --SKIPIF-- <?php if( !extension_loaded( 'intl' ) ) print 'skip'; ?> <?php if(version_compare(INTL_ICU_VERSION, '4.3', '<') != 1) print 'skip'; ?> +--INI-- +date.timezone=UTC --FILE-- <?php diff --git a/ext/intl/tests/locale_parse_locale2.phpt b/ext/intl/tests/locale_parse_locale2.phpt index 6012862a48..30cc8cc0ae 100644 --- a/ext/intl/tests/locale_parse_locale2.phpt +++ b/ext/intl/tests/locale_parse_locale2.phpt @@ -63,7 +63,8 @@ function ut_main() //Some Invalid Tags: 'de-419-DE', 'a-DE', - 'ar-a-aaa-b-bbb-a-ccc' + 'ar-a-aaa-b-bbb-a-ccc', + 'x-AAAAAA', ); @@ -201,3 +202,6 @@ No values found from Locale parsing. --------------------- ar-a-aaa-b-bbb-a-ccc: language : 'ar' , +--------------------- +x-AAAAAA: +private0 : 'AAAAAA' , diff --git a/ext/mysql/tests/mysql_trace_mode.phpt b/ext/mysql/tests/mysql_trace_mode.phpt index 7655975d70..73872de1db 100644 --- a/ext/mysql/tests/mysql_trace_mode.phpt +++ b/ext/mysql/tests/mysql_trace_mode.phpt @@ -31,7 +31,7 @@ require_once("clean_table.inc"); --EXPECTF-- Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in %s on line %d I don\'t mind character sets, do I?\n -Warning: mysql_query(): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'BOGUS_SQL' at line 1 in %s on line %d +Warning: mysql_query(): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'BOGUS_SQL' at line 1 in %s on line %d done! Warning: Unknown: 1 result set(s) not freed. Use mysql_free_result to free result sets which were requested using mysql_query() in %s on line %d diff --git a/ext/mysqli/tests/mysqli_driver.phpt b/ext/mysqli/tests/mysqli_driver.phpt index 023e4d2299..02223809ee 100644 --- a/ext/mysqli/tests/mysqli_driver.phpt +++ b/ext/mysqli/tests/mysqli_driver.phpt @@ -110,5 +110,5 @@ require_once('skipifconnectfailure.inc'); print "done!"; ?> --EXPECTF-- -Warning: mysqli_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'NO_SQL' at line 1 in %s on line %d +Warning: mysqli_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'NO_SQL' at line 1 in %s on line %d done!
\ No newline at end of file diff --git a/ext/mysqli/tests/mysqli_report.phpt b/ext/mysqli/tests/mysqli_report.phpt index 4d2d3553d1..3dcf4981b8 100644 --- a/ext/mysqli/tests/mysqli_report.phpt +++ b/ext/mysqli/tests/mysqli_report.phpt @@ -284,19 +284,19 @@ require_once('skipifconnectfailure.inc'); require_once("clean_table.inc"); ?> --EXPECTF-- -Warning: mysqli_multi_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'BAR; FOO' at line 1 in %s on line %d +Warning: mysqli_multi_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'BAR; FOO' at line 1 in %s on line %d -Warning: mysqli_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FOO' at line 1 in %s on line %d +Warning: mysqli_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'FOO' at line 1 in %s on line %d Warning: mysqli_kill(): processid should have positive value in %s on line %d -Warning: mysqli_prepare(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FOO' at line 1 in %s on line %d +Warning: mysqli_prepare(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'FOO' at line 1 in %s on line %d -Warning: mysqli_real_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FOO' at line 1 in %s on line %d +Warning: mysqli_real_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'FOO' at line 1 in %s on line %d Warning: mysqli_kill(): processid should have positive value in %s on line %d -Warning: mysqli_stmt_prepare(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FOO' at line 1 in %s on line %d +Warning: mysqli_stmt_prepare(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'FOO' at line 1 in %s on line %d [013] Access denied for user '%s'@'%s' (using password: YES) [016] Access denied for user '%s'@'%s' (using password: YES) done!
\ No newline at end of file diff --git a/ext/mysqli/tests/mysqli_report_wo_ps.phpt b/ext/mysqli/tests/mysqli_report_wo_ps.phpt index dae81b21cc..2665793407 100644 --- a/ext/mysqli/tests/mysqli_report_wo_ps.phpt +++ b/ext/mysqli/tests/mysqli_report_wo_ps.phpt @@ -104,15 +104,15 @@ if (mysqli_get_server_version($link) >= 50600) require_once("clean_table.inc"); ?> --EXPECTF-- -Warning: mysqli_multi_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'BAR; FOO' at line 1 in %s on line %d +Warning: mysqli_multi_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'BAR; FOO' at line 1 in %s on line %d -Warning: mysqli_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FOO' at line 1 in %s on line %d +Warning: mysqli_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'FOO' at line 1 in %s on line %d Warning: mysqli_change_user(): (%d/%d): Access denied for user '%s'@'%s' (using password: %s) in %s on line %d Warning: mysqli_kill(): processid should have positive value in %s on line %d -Warning: mysqli_real_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FOO' at line 1 in %s on line %d +Warning: mysqli_real_query(): (%d/%d): You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'FOO' at line 1 in %s on line %d Warning: mysqli_kill(): processid should have positive value in %s on line %d [011] Access denied for user '%s'@'%s' (using password: YES) diff --git a/ext/openssl/tests/bug65538_002.phpt b/ext/openssl/tests/bug65538_002.phpt index dfc6f94ff7..1066e01e54 100644 --- a/ext/openssl/tests/bug65538_002.phpt +++ b/ext/openssl/tests/bug65538_002.phpt @@ -3,6 +3,7 @@ Bug #65538: SSL context "cafile" disallows URL stream wrappers --SKIPIF-- <?php if (!extension_loaded('openssl')) die('skip, openssl required'); +if (getenv("SKIP_ONLINE_TESTS")) die("skip online test"); --FILE-- <?php $clientCtx = stream_context_create(['ssl' => [ diff --git a/ext/pdo_mysql/tests/bug54929.phpt b/ext/pdo_mysql/tests/bug54929.phpt index 29fb44182b..84b9e7d04f 100644 --- a/ext/pdo_mysql/tests/bug54929.phpt +++ b/ext/pdo_mysql/tests/bug54929.phpt @@ -47,14 +47,14 @@ array(1) { string(3) "foo" } -Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--'' at line 1 in %s on line %d +Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near '--'' at line 1 in %s on line %d array(3) { [0]=> string(5) "42000" [1]=> int(1064) [2]=> - string(149) "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--'' at line 1" + string(149) "You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near '--'' at line 1" } array(1) { ["f1"]=> diff --git a/ext/pdo_mysql/tests/bug66141.phpt b/ext/pdo_mysql/tests/bug66141.phpt index 3a28509314..5c382dfe0e 100644 --- a/ext/pdo_mysql/tests/bug66141.phpt +++ b/ext/pdo_mysql/tests/bug66141.phpt @@ -31,7 +31,7 @@ var_dump($quotedInput2); ?> done --EXPECTF-- -Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'something that throws an exception' at line %d in %s on line %d +Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'something that throws an exception' at line %d in %s on line %d string(50) "'Something\', 1 as one, 2 as two FROM dual; -- f'" string(50) "'Something'', 1 as one, 2 as two FROM dual; -- f'" string(50) "'Something'', 1 as one, 2 as two FROM dual; -- f'" diff --git a/ext/pdo_mysql/tests/pdo_mysql_attr_errmode.phpt b/ext/pdo_mysql/tests/pdo_mysql_attr_errmode.phpt index b03708900f..ce6a1ecd26 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_attr_errmode.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_attr_errmode.phpt @@ -161,6 +161,6 @@ error_reporting=E_ALL --EXPECTF-- [003] Maybe PDO could indicate that this is not a proper way of setting the ERRMODE...true -Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: %d You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s' at line %d in %s on line %d +Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: %d You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near '%s' at line %d in %s on line %d end of execution
\ No newline at end of file diff --git a/ext/pdo_mysql/tests/pdo_mysql_exec.phpt b/ext/pdo_mysql/tests/pdo_mysql_exec.phpt index 2a0f527180..acd90904f7 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_exec.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_exec.phpt @@ -179,7 +179,7 @@ $db = MySQLPDOTest::factory(); @$db->exec('DROP TABLE IF EXISTS test'); ?> --EXPECTF-- -Warning: PDO::exec(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'THIS IS NOT VALID SQL, I HOPE' at line 1 in %s on line %d -[016] [42000] 42000 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'THIS IS NOT VALID SQL, I HOPE' at line %d +Warning: PDO::exec(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'THIS IS NOT VALID SQL, I HOPE' at line 1 in %s on line %d +[016] [42000] 42000 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'THIS IS NOT VALID SQL, I HOPE' at line %d [035] With emulated PS it works but makes no sense given that exec() returns sort of affected rows... done! diff --git a/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt b/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt index 56c37c5f1a..52ecc912d4 100644 --- a/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt +++ b/ext/pdo_mysql/tests/pdo_mysql_stmt_multiquery.phpt @@ -97,6 +97,6 @@ array(1) { } Native Prepared Statements... -Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%SSELECT label FROM test ORDER BY id ASC LIMIT 1' at line %d in %s on line %d +Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near '%SSELECT label FROM test ORDER BY id ASC LIMIT 1' at line %d in %s on line %d Fatal error: Call to a member function errorInfo() on boolean in %s on line %d diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index d867f433b2..be351297d0 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -783,7 +783,7 @@ static int le_link, le_plink, le_result, le_lofp, le_string; #endif #if !HAVE_PQESCAPE_CONN -#define PQescapeStringConn(conn, to, form, len, error) PQescapeString(to, from, len) +#define PQescapeStringConn(conn, to, from, len, error) PQescapeString(to, from, len) #endif #if HAVE_PQESCAPELITERAL diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 4191b0db0e..32cdfe6fb4 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1804,7 +1804,7 @@ SPL_METHOD(Array, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index 57ddf492d1..f493154b20 100644 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -914,7 +914,7 @@ SPL_METHOD(SplObjectStorage, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt index a525317093..8f0676de3b 100644 --- a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt +++ b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt @@ -7,6 +7,7 @@ $badblobs = array( 'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', +'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"', ); foreach($badblobs as $blob) { try { @@ -17,6 +18,7 @@ try { echo $e->getMessage()."\n"; } } +echo "DONE\n"; --EXPECTF-- Error at offset 6 of 34 bytes Error at offset 46 of 89 bytes @@ -42,4 +44,5 @@ object(SplObjectStorage)#2 (1) { } } } - +Error at offset 79 of 78 bytes +DONE diff --git a/ext/standard/info.c b/ext/standard/info.c index 03ced35fb3..0626a7067b 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -866,16 +866,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) php_info_print_table_start(); php_info_print_table_header(2, "Variable", "Value"); - if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); } php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt new file mode 100644 index 0000000000..5b5951b0f8 --- /dev/null +++ b/ext/standard/tests/general_functions/bug67498.phpt @@ -0,0 +1,15 @@ +--TEST-- +phpinfo() Type Confusion Information Leak Vulnerability +--FILE-- +<?php +$PHP_SELF = 1; +phpinfo(INFO_VARIABLES); + +?> +==DONE== +--EXPECTF-- +phpinfo() + +PHP Variables +%A +==DONE== |