From 70ef87539d7723e22ec3659a3ac2bec0511d12f9 Mon Sep 17 00:00:00 2001 From: Sebastian Pop Date: Fri, 21 Jun 2019 07:15:35 +0000 Subject: Fix compilation errors when building against libmysql Closes GH-4316. --- ext/mysqli/mysqli_api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 93071c2d0c..bffb695795 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -970,7 +970,7 @@ void mysqli_stmt_fetch_libmysql(INTERNAL_FUNCTION_PARAMETERS) zval *result; /* it must be a reference, isn't it? */ if (Z_ISREF(stmt->result.vars[i])) { - result = stmt->result.vars[i]; + result = &stmt->result.vars[i]; } else { continue; // but be safe ... } @@ -1083,7 +1083,7 @@ void mysqli_stmt_fetch_libmysql(INTERNAL_FUNCTION_PARAMETERS) break; } } else { - ZEND_TRY_REF_ASSIGN_NULL(result); + ZEND_TRY_ASSIGN_REF_NULL(result); } } } else { -- cgit v1.2.1 From c0bf3bc50cfe1ef47a233d5fa3763d7581a57871 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 28 Jun 2019 14:36:10 +0200 Subject: Update error message in libmysql test --- ext/mysqli/tests/mysqli_connect_oo_warnings.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/mysqli/tests/mysqli_connect_oo_warnings.phpt b/ext/mysqli/tests/mysqli_connect_oo_warnings.phpt index e5a1b0fc99..8204d0f1da 100644 --- a/ext/mysqli/tests/mysqli_connect_oo_warnings.phpt +++ b/ext/mysqli/tests/mysqli_connect_oo_warnings.phpt @@ -44,7 +44,7 @@ new mysqli() --EXPECTF-- 1) bail -Warning: mysqli::mysqli(): (HY000/200%d): %s +Warning: mysqli::__construct(): (HY000/200%d): %s 2) be quiet %s(%d) "%s" int(200%d) -- cgit v1.2.1 From 50cce5eb4f7c2627622875d9360b66b6c3234afe Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 28 Jun 2019 12:32:54 +0200 Subject: Avoid reliance on arena details on phpdbg oplog Instead of guessing what the address of the first arena allocation is going to be, embed the sentinel in the oplog_list structure directly. --- sapi/phpdbg/phpdbg.c | 8 +++----- sapi/phpdbg/phpdbg_opcode.h | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/sapi/phpdbg/phpdbg.c b/sapi/phpdbg/phpdbg.c index 463749ea3a..67cefc75f2 100644 --- a/sapi/phpdbg/phpdbg.c +++ b/sapi/phpdbg/phpdbg.c @@ -449,14 +449,12 @@ static PHP_FUNCTION(phpdbg_start_oplog) if (!prev) { PHPDBG_G(oplog_arena) = zend_arena_create(64 * 1024); - - PHPDBG_G(oplog_cur) = ((phpdbg_oplog_entry *) zend_arena_alloc(&PHPDBG_G(oplog_arena), sizeof(phpdbg_oplog_entry))) + 1; - PHPDBG_G(oplog_cur)->next = NULL; } PHPDBG_G(oplog_list) = emalloc(sizeof(phpdbg_oplog_list)); PHPDBG_G(oplog_list)->prev = prev; - PHPDBG_G(oplog_list)->start = PHPDBG_G(oplog_cur); + PHPDBG_G(oplog_cur) = &PHPDBG_G(oplog_list)->start; + PHPDBG_G(oplog_cur)->next = NULL; } static zend_always_inline zend_bool phpdbg_is_ignored_opcode(zend_uchar opcode) { @@ -633,7 +631,7 @@ static PHP_FUNCTION(phpdbg_end_oplog) return; } - cur = PHPDBG_G(oplog_list)->start; + cur = PHPDBG_G(oplog_list)->start.next; prev = PHPDBG_G(oplog_list)->prev; efree(PHPDBG_G(oplog_list)); diff --git a/sapi/phpdbg/phpdbg_opcode.h b/sapi/phpdbg/phpdbg_opcode.h index f84862fbae..b9e2fa506c 100644 --- a/sapi/phpdbg/phpdbg_opcode.h +++ b/sapi/phpdbg/phpdbg_opcode.h @@ -40,7 +40,7 @@ struct _phpdbg_oplog_entry { typedef struct _phpdbg_oplog_list phpdbg_oplog_list; struct _phpdbg_oplog_list { phpdbg_oplog_list *prev; - phpdbg_oplog_entry *start; + phpdbg_oplog_entry start; /* Only "next" member used. */ }; #endif /* PHPDBG_OPCODE_H */ -- cgit v1.2.1 From ca6f41aa5a15a44f841e42c7255294d521c95d5d Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 28 Jun 2019 12:38:28 +0200 Subject: Fix out of bounds read in sccp --- ext/opcache/Optimizer/sccp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/opcache/Optimizer/sccp.c b/ext/opcache/Optimizer/sccp.c index ab202d2ead..0f5f1d18e1 100644 --- a/ext/opcache/Optimizer/sccp.c +++ b/ext/opcache/Optimizer/sccp.c @@ -2329,6 +2329,7 @@ static int try_remove_definition(sccp_ctx *ctx, int var_num, zend_ssa_var *var, if (opline->opcode == ZEND_DO_ICALL) { removed_ops = remove_call(ctx, opline, ssa_op); } else if (opline->opcode == ZEND_TYPE_CHECK + && ssa_op->op1_use >= 0 && !value_known(&ctx->values[ssa_op->op1_use])) { /* For TYPE_CHECK we may compute the result value without knowing the * operand, based on type inference information. Make sure the operand is -- cgit v1.2.1