Index: NEWS =================================================================== RCS file: /repository/php-src/NEWS,v retrieving revision 1.2027.2.568 retrieving revision 1.2027.2.571 diff -u -r1.2027.2.568 -r1.2027.2.571 --- NEWS 15 Aug 2006 13:14:47 -0000 1.2027.2.568 +++ NEWS 23 Aug 2006 13:17:36 -0000 1.2027.2.571 @@ -1,7 +1,11 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -17 Aug 2006, PHP 5.1.5 +24 Aug 2006, PHP 5.1.6 - Fixed memory_limit on 64bit systems. (Stefan E.) +- Fixed bug #38488 (Access to "php://stdin" and family crashes PHP on win32). + (Dmitry) + +17 Aug 2006, PHP 5.1.5 - Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) - Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E., Ilia) Index: configure.in =================================================================== RCS file: /repository/php-src/configure.in,v retrieving revision 1.579.2.54 retrieving revision 1.579.2.56 diff -u -r1.579.2.54 -r1.579.2.56 --- configure.in 15 Aug 2006 13:14:47 -0000 1.579.2.54 +++ configure.in 23 Aug 2006 13:17:36 -0000 1.579.2.56 @@ -1,4 +1,4 @@ - ## $Id: configure.in,v 1.579.2.54 2006/08/15 13:14:47 iliaa Exp $ -*- autoconf -*- + ## $Id: configure.in,v 1.579.2.56 2006/08/23 13:17:36 iliaa Exp $ -*- autoconf -*- dnl ## Process this file with autoconf to produce a configure script. divert(1) @@ -41,7 +41,7 @@ MAJOR_VERSION=5 MINOR_VERSION=1 -RELEASE_VERSION=5 +RELEASE_VERSION=6 EXTRA_VERSION="" VERSION="$MAJOR_VERSION.$MINOR_VERSION.$RELEASE_VERSION$EXTRA_VERSION" Index: run-tests.php =================================================================== RCS file: /repository/php-src/run-tests.php,v retrieving revision 1.226.2.37 retrieving revision 1.226.2.38 diff -u -r1.226.2.37 -r1.226.2.38 --- run-tests.php 3 May 2006 21:37:16 -0000 1.226.2.37 +++ run-tests.php 23 Aug 2006 12:43:53 -0000 1.226.2.38 @@ -23,7 +23,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: run-tests.php,v 1.226.2.37 2006/05/03 21:37:16 pajoye Exp $ */ +/* $Id: run-tests.php,v 1.226.2.38 2006/08/23 12:43:53 tony2001 Exp $ */ /* Sanity check to ensure that pcre extension needed by this script is available. * In the event it is not, print a nice error message indicating that this script will @@ -192,13 +192,13 @@ $info_params = array(); settings2array($ini_overwrites,$info_params); settings2params($info_params); - $php_info = `$php $pass_options $info_params $info_file`; + $php_info = `$php $pass_options $info_params "$info_file"`; @unlink($info_file); - define('TESTED_PHP_VERSION', `$php -r 'echo PHP_VERSION;'`); + define('TESTED_PHP_VERSION', `$php -r "echo PHP_VERSION;"`); // load list of enabled extensions save_text($info_file, '<?php echo join(",",get_loaded_extensions()); ?>'); - $exts_to_test = explode(',',`$php $pass_options $info_params $info_file`); + $exts_to_test = explode(',',`$php $pass_options $info_params "$info_file"`); // check for extensions that need special handling and regenerate $info_params_ex = array( 'session' => array('session.auto_start=0'), @@ -397,7 +397,7 @@ $html_output = is_resource($html_file); break; case '--version': - echo '$Revision: 1.226.2.37 $'."\n"; + echo '$Revision: 1.226.2.38 $'."\n"; exit(1); default: echo "Illegal switch '$switch' specified!\n"; Index: main/php_version.h =================================================================== RCS file: /repository/php-src/main/php_version.h,v retrieving revision 1.112.2.39 retrieving revision 1.112.2.41 diff -u -r1.112.2.39 -r1.112.2.41 --- main/php_version.h 15 Aug 2006 13:14:47 -0000 1.112.2.39 +++ main/php_version.h 23 Aug 2006 13:17:36 -0000 1.112.2.41 @@ -2,6 +2,6 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 1 -#define PHP_RELEASE_VERSION 5 +#define PHP_RELEASE_VERSION 6 #define PHP_EXTRA_VERSION "" -#define PHP_VERSION "5.1.5" +#define PHP_VERSION "5.1.6" Index: main/streams/plain_wrapper.c =================================================================== RCS file: /repository/php-src/main/streams/plain_wrapper.c,v retrieving revision 1.52.2.6 retrieving revision 1.52.2.7 diff -u -r1.52.2.6 -r1.52.2.7 --- main/streams/plain_wrapper.c 17 Jan 2006 02:32:09 -0000 1.52.2.6 +++ main/streams/plain_wrapper.c 22 Aug 2006 06:16:19 -0000 1.52.2.7 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: plain_wrapper.c,v 1.52.2.6 2006/01/17 02:32:09 iliaa Exp $ */ +/* $Id: plain_wrapper.c,v 1.52.2.7 2006/08/22 06:16:19 dmitry Exp $ */ #include "php.h" #include "php_globals.h" @@ -194,10 +194,9 @@ #elif defined(PHP_WIN32) { long handle = _get_osfhandle(self->fd); - DWORD in_buf_size, out_buf_size; if (handle != 0xFFFFFFFF) { - self->is_pipe = GetNamedPipeInfo((HANDLE)handle, NULL, &out_buf_size, &in_buf_size, NULL); + self->is_pipe = GetFileType((HANDLE)handle) == FILE_TYPE_PIPE; } } #endif Index: sapi/cgi/fastcgi.c =================================================================== RCS file: /repository/php-src/sapi/cgi/fastcgi.c,v retrieving revision 1.4.2.17 retrieving revision 1.4.2.18 diff -u -r1.4.2.17 -r1.4.2.18 --- sapi/cgi/fastcgi.c 7 Jun 2006 14:28:26 -0000 1.4.2.17 +++ sapi/cgi/fastcgi.c 20 Aug 2006 17:49:05 -0000 1.4.2.18 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fastcgi.c,v 1.4.2.17 2006/06/07 14:28:26 stas Exp $ */ +/* $Id: fastcgi.c,v 1.4.2.18 2006/08/20 17:49:05 sas Exp $ */ #include "fastcgi.h" #include "php.h" @@ -258,7 +258,7 @@ short port = 0; int listen_socket; sa_t sa; - socklen_t sa_len; + socklen_t sock_len; if ((s = strchr(path, ':'))) { port = atoi(s+1); @@ -274,7 +274,7 @@ memset(&sa.sa_inet, 0, sizeof(sa.sa_inet)); sa.sa_inet.sin_family = AF_INET; sa.sa_inet.sin_port = htons(port); - sa_len = sizeof(sa.sa_inet); + sock_len = sizeof(sa.sa_inet); if (!*host || !strncmp(host, "*", sizeof("*")-1)) { sa.sa_inet.sin_addr.s_addr = htonl(INADDR_ANY); @@ -305,16 +305,16 @@ memset(&sa.sa_unix, 0, sizeof(sa.sa_unix)); sa.sa_unix.sun_family = AF_UNIX; memcpy(sa.sa_unix.sun_path, path, path_len + 1); - sa_len = (size_t)(((struct sockaddr_un *)0)->sun_path) + path_len; + sock_len = (size_t)(((struct sockaddr_un *)0)->sun_path) + path_len; #ifdef HAVE_SOCKADDR_UN_SUN_LEN - sa.sa_unix.sun_len = sa_len; + sa.sa_unix.sun_len = sock_len; #endif unlink(path); } /* Create, bind socket and start listen on it */ if ((listen_socket = socket(sa.sa.sa_family, SOCK_STREAM, 0)) < 0 || - bind(listen_socket, (struct sockaddr *) &sa, sa_len) < 0 || + bind(listen_socket, (struct sockaddr *) &sa, sock_len) < 0 || listen(listen_socket, backlog) < 0) { fprintf(stderr, "Cannot bind/listen socket - [%d] %s.\n",errno, strerror(errno)); Index: acinclude.m4 =================================================================== RCS file: /repository/ZendEngine2/acinclude.m4,v retrieving revision 1.15.2.2 retrieving revision 1.15.2.4 diff -u -r1.15.2.2 -r1.15.2.4 --- acinclude.m4 1 Nov 2005 10:31:56 -0000 1.15.2.2 +++ acinclude.m4 4 Aug 2006 06:48:59 -0000 1.15.2.4 @@ -1,10 +1,10 @@ -dnl $Id: acinclude.m4,v 1.15.2.2 2005/11/01 10:31:56 sebastian Exp $ +dnl $Id: acinclude.m4,v 1.15.2.4 2006/08/04 06:48:59 derick Exp $ dnl dnl This file contains local autoconf functions. AC_DEFUN([LIBZEND_BISON_CHECK],[ # we only support certain bison versions - bison_version_list="1.28 1.35 1.75 1.875 2.0 2.1" + bison_version_list="1.28 1.35 1.75 1.875 2.0 2.1 2.2 2.3" # for standalone build of Zend Engine test -z "$SED" && SED=sed Index: zend_API.c =================================================================== RCS file: /repository/ZendEngine2/zend_API.c,v retrieving revision 1.296.2.26 retrieving revision 1.296.2.27 diff -u -r1.296.2.26 -r1.296.2.27 --- zend_API.c 23 Mar 2006 13:14:55 -0000 1.296.2.26 +++ zend_API.c 20 Apr 2006 07:30:38 -0000 1.296.2.27 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_API.c,v 1.296.2.26 2006/03/23 13:14:55 helly Exp $ */ +/* $Id: zend_API.c,v 1.296.2.27 2006/04/20 07:30:38 dmitry Exp $ */ #include "zend.h" #include "zend_execute.h" @@ -2039,18 +2039,16 @@ if ((colon = strstr(Z_STRVAL_P(callable), "::")) != NULL) { clen = colon - Z_STRVAL_P(callable); mlen = Z_STRLEN_P(callable) - clen - 2; - if (zend_lookup_class(Z_STRVAL_P(callable), clen, &pce TSRMLS_CC) == SUCCESS) { + lcname = zend_str_tolower_dup(Z_STRVAL_P(callable), clen); + /* caution: lcname is not '\0' terminated */ + if (clen == sizeof("self") - 1 && memcmp(lcname, "self", sizeof("self") - 1) == 0) { + *ce_ptr = EG(scope); + } else if (clen == sizeof("parent") - 1 && memcmp(lcname, "parent", sizeof("parent") - 1) == 0 && EG(active_op_array)->scope) { + *ce_ptr = EG(scope) ? EG(scope)->parent : NULL; + } else if (zend_lookup_class(Z_STRVAL_P(callable), clen, &pce TSRMLS_CC) == SUCCESS) { *ce_ptr = *pce; - } else { - lcname = zend_str_tolower_dup(Z_STRVAL_P(callable), clen); - /* caution: lcname is not '\0' terminated */ - if (clen == sizeof("self") - 1 && memcmp(lcname, "self", sizeof("self") - 1) == 0) { - *ce_ptr = EG(scope); - } else if (clen == sizeof("parent") - 1 && memcmp(lcname, "parent", sizeof("parent") - 1) == 0 && EG(active_op_array)->scope) { - *ce_ptr = EG(scope) ? EG(scope)->parent : NULL; - } - efree(lcname); } + efree(lcname); if (!*ce_ptr) { return 0; } @@ -2179,17 +2177,15 @@ return 1; } - if (zend_lookup_class(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), &pce TSRMLS_CC) == SUCCESS) { + lcname = zend_str_tolower_dup(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj)); + if (Z_STRLEN_PP(obj) == sizeof("self") - 1 && memcmp(lcname, "self", sizeof("self")) == 0) { + ce = EG(active_op_array)->scope; + } else if (Z_STRLEN_PP(obj) == sizeof("parent") - 1 && memcmp(lcname, "parent", sizeof("parent")) == 0 && EG(active_op_array)->scope) { + ce = EG(active_op_array)->scope->parent; + } else if (zend_lookup_class(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj), &pce TSRMLS_CC) == SUCCESS) { ce = *pce; - } else if (EG(active_op_array)) { - lcname = zend_str_tolower_dup(Z_STRVAL_PP(obj), Z_STRLEN_PP(obj)); - if (Z_STRLEN_PP(obj) == sizeof("self") - 1 && memcmp(lcname, "self", sizeof("self")) == 0) { - ce = EG(active_op_array)->scope; - } else if (Z_STRLEN_PP(obj) == sizeof("parent") - 1 && memcmp(lcname, "parent", sizeof("parent")) == 0 && EG(active_op_array)->scope) { - ce = EG(active_op_array)->scope->parent; - } - efree(lcname); } + efree(lcname); } else { ce = Z_OBJCE_PP(obj); /* TBFixed: what if it's overloaded? */ Index: zend_alloc.c =================================================================== RCS file: /repository/ZendEngine2/zend_alloc.c,v retrieving revision 1.144.2.3 retrieving revision 1.144.2.4 diff -u -r1.144.2.3 -r1.144.2.4 --- zend_alloc.c 4 Jan 2006 23:53:03 -0000 1.144.2.3 +++ zend_alloc.c 10 Aug 2006 17:16:24 -0000 1.144.2.4 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_alloc.c,v 1.144.2.3 2006/01/04 23:53:03 andi Exp $ */ +/* $Id: zend_alloc.c,v 1.144.2.4 2006/08/10 17:16:24 iliaa Exp $ */ #include "zend.h" #include "zend_alloc.h" @@ -72,7 +72,15 @@ #define CHECK_MEMORY_LIMIT(s, rs) _CHECK_MEMORY_LIMIT(s, rs, NULL, 0) # endif -#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { AG(allocated_memory) += rs;\ +#define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { if ((ssize_t)(rs) > (ssize_t)(INT_MAX - AG(allocated_memory))) { \ + if (file) { \ + fprintf(stderr, "Integer overflow in memory_limit check detected at %s:%d\n", file, lineno); \ + } else { \ + fprintf(stderr, "Integer overflow in memory_limit check detected\n"); \ + } \ + exit(1); \ + } \ + AG(allocated_memory) += rs;\ if (AG(memory_limit)<AG(allocated_memory)) {\ int php_mem_limit = AG(memory_limit); \ AG(allocated_memory) -= rs; \ @@ -127,7 +135,7 @@ #endif #define DECLARE_CACHE_VARS() \ - unsigned int real_size; \ + size_t real_size; \ unsigned int cache_index #define REAL_SIZE(size) ((size+7) & ~0x7) @@ -142,12 +150,16 @@ ZEND_API void *_emalloc(size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) { - zend_mem_header *p; + zend_mem_header *p = NULL; DECLARE_CACHE_VARS(); TSRMLS_FETCH(); CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size); + if (size > INT_MAX || SIZE < size) { + goto emalloc_error; + } + #if !ZEND_DISABLE_MEMORY_CACHE if ((CACHE_INDEX < MAX_CACHED_MEMORY) && (AG(cache_count)[CACHE_INDEX] > 0)) { p = AG(cache)[CACHE_INDEX][--AG(cache_count)[CACHE_INDEX]]; @@ -184,6 +196,8 @@ } #endif +emalloc_error: + HANDLE_BLOCK_INTERRUPTIONS(); if (!p) { @@ -357,6 +371,13 @@ CALCULATE_REAL_SIZE_AND_CACHE_INDEX(size); HANDLE_BLOCK_INTERRUPTIONS(); + + if (size > INT_MAX || SIZE < size) { + REMOVE_POINTER_FROM_LIST(p); + p = NULL; + goto erealloc_error; + } + #if MEMORY_LIMIT CHECK_MEMORY_LIMIT(size - p->size, SIZE - REAL_SIZE(p->size)); if (AG(allocated_memory) > AG(allocated_memory_peak)) { @@ -365,6 +386,7 @@ #endif REMOVE_POINTER_FROM_LIST(p); p = (zend_mem_header *) ZEND_DO_REALLOC(p, sizeof(zend_mem_header)+MEM_HEADER_PADDING+SIZE+END_MAGIC_SIZE); +erealloc_error: if (!p) { if (!allow_failure) { fprintf(stderr,"FATAL: erealloc(): Unable to allocate %ld bytes\n", (long) size); Index: zend_compile.c =================================================================== RCS file: /repository/ZendEngine2/zend_compile.c,v retrieving revision 1.647.2.25 retrieving revision 1.647.2.27 diff -u -r1.647.2.25 -r1.647.2.27 --- zend_compile.c 27 Mar 2006 08:09:18 -0000 1.647.2.25 +++ zend_compile.c 2 May 2006 15:49:26 -0000 1.647.2.27 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_compile.c,v 1.647.2.25 2006/03/27 08:09:18 dmitry Exp $ */ +/* $Id: zend_compile.c,v 1.647.2.27 2006/05/02 15:49:26 dmitry Exp $ */ #include <zend_language_parser.h> #include "zend.h" @@ -154,6 +154,7 @@ void init_compiler(TSRMLS_D) { + CG(active_op_array) = NULL; zend_init_compiler_data_structures(TSRMLS_C); zend_init_rsrc_list(TSRMLS_C); zend_hash_init(&CG(filenames_table), 5, NULL, (dtor_func_t) free_estring, 0); Index: zend_execute_API.c =================================================================== RCS file: /repository/ZendEngine2/zend_execute_API.c,v retrieving revision 1.331.2.19 retrieving revision 1.331.2.20 diff -u -r1.331.2.19 -r1.331.2.20 --- zend_execute_API.c 17 Mar 2006 08:47:41 -0000 1.331.2.19 +++ zend_execute_API.c 20 Apr 2006 22:49:20 -0000 1.331.2.20 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_execute_API.c,v 1.331.2.19 2006/03/17 08:47:41 dmitry Exp $ */ +/* $Id: zend_execute_API.c,v 1.331.2.20 2006/04/20 22:49:20 tony2001 Exp $ */ #include <stdio.h> #include <signal.h> @@ -819,7 +819,7 @@ if (EX(function_state).function->common.fn_flags & (ZEND_ACC_ABSTRACT|ZEND_ACC_DEPRECATED)) { if (EX(function_state).function->common.fn_flags & ZEND_ACC_ABSTRACT) { - zend_error_noreturn(E_ERROR, "Cannot call abstract method %v::%v()", EX(function_state).function->common.scope->name, EX(function_state).function->common.function_name); + zend_error_noreturn(E_ERROR, "Cannot call abstract method %s::%s()", EX(function_state).function->common.scope->name, EX(function_state).function->common.function_name); } if (EX(function_state).function->common.fn_flags & ZEND_ACC_DEPRECATED) { zend_error(E_STRICT, "Function %s%s%s() is deprecated", Index: zend_ini_parser.y =================================================================== RCS file: /repository/ZendEngine2/zend_ini_parser.y,v retrieving revision 1.41.2.1 retrieving revision 1.41.2.2 diff -u -r1.41.2.1 -r1.41.2.2 --- zend_ini_parser.y 4 Jan 2006 23:53:04 -0000 1.41.2.1 +++ zend_ini_parser.y 12 Apr 2006 09:51:54 -0000 1.41.2.2 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_ini_parser.y,v 1.41.2.1 2006/01/04 23:53:04 andi Exp $ */ +/* $Id: zend_ini_parser.y,v 1.41.2.2 2006/04/12 09:51:54 dmitry Exp $ */ #define DEBUG_CFG_PARSER 0 #include "zend.h" @@ -249,25 +249,26 @@ expr { $$ = $1; } | CFG_TRUE { $$ = $1; } | CFG_FALSE { $$ = $1; } - | var_string_list { $$ = $1; } | '\n' { zend_ini_init_string(&$$); } | /* empty */ { zend_ini_init_string(&$$); } ; var_string_list: - var_string_list cfg_var_ref { zend_ini_add_string(&$$, &$1, &$2); free($2.value.str.val); } + cfg_var_ref { $$ = $1; } + | TC_ENCAPSULATED_STRING { $$ = $1; } + | constant_string { $$ = $1; } + | var_string_list cfg_var_ref { zend_ini_add_string(&$$, &$1, &$2); free($2.value.str.val); } | var_string_list TC_ENCAPSULATED_STRING { zend_ini_add_string(&$$, &$1, &$2); free($2.value.str.val); } - | var_string_list constant_string { zend_ini_add_string(&$$, &$1, &$2); } - | /* empty */ { zend_ini_init_string(&$$); } + | var_string_list constant_string { zend_ini_add_string(&$$, &$1, &$2); free($2.value.str.val); } ; cfg_var_ref: - TC_DOLLAR_CURLY TC_STRING '}' { zend_ini_get_var(&$$, &$2); } + TC_DOLLAR_CURLY TC_STRING '}' { zend_ini_get_var(&$$, &$2); free($2.value.str.val); } ; expr: - constant_string { $$ = $1; } + var_string_list { $$ = $1; } | expr '|' expr { zend_ini_do_op('|', &$$, &$1, &$3); } | expr '&' expr { zend_ini_do_op('&', &$$, &$1, &$3); } | '~' expr { zend_ini_do_op('~', &$$, &$2, NULL); } Index: zend_interfaces.c =================================================================== RCS file: /repository/ZendEngine2/zend_interfaces.c,v retrieving revision 1.33.2.3 retrieving revision 1.33.2.4 diff -u -r1.33.2.3 -r1.33.2.4 --- zend_interfaces.c 26 Feb 2006 10:53:38 -0000 1.33.2.3 +++ zend_interfaces.c 10 Apr 2006 22:49:29 -0000 1.33.2.4 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_interfaces.c,v 1.33.2.3 2006/02/26 10:53:38 helly Exp $ */ +/* $Id: zend_interfaces.c,v 1.33.2.4 2006/04/10 22:49:29 helly Exp $ */ #include "zend.h" #include "zend_API.h" @@ -287,7 +287,7 @@ if (!ce || !ce_it || !ce_it->get_iterator || (ce_it->get_iterator == zend_user_it_get_new_iterator && iterator == object)) { if (!EG(exception)) { - zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Objects returned by %s::getIterator() must be traversable or implement interface Iterator", ce->name); + zend_throw_exception_ex(NULL, 0 TSRMLS_CC, "Objects returned by %s::getIterator() must be traversable or implement interface Iterator", ce ? ce->name : Z_OBJCE_P(object)->name); } if (iterator) { Index: zend_language_scanner.l =================================================================== RCS file: /repository/ZendEngine2/zend_language_scanner.l,v retrieving revision 1.131.2.10 retrieving revision 1.131.2.11 diff -u -r1.131.2.10 -r1.131.2.11 --- zend_language_scanner.l 17 Jan 2006 09:39:57 -0000 1.131.2.10 +++ zend_language_scanner.l 13 Apr 2006 13:48:28 -0000 1.131.2.11 @@ -19,7 +19,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_language_scanner.l,v 1.131.2.10 2006/01/17 09:39:57 dmitry Exp $ */ +/* $Id: zend_language_scanner.l,v 1.131.2.11 2006/04/13 13:48:28 dmitry Exp $ */ #define yyleng SCNG(yy_leng) #define yytext SCNG(yy_text) @@ -1461,7 +1461,7 @@ yymore(); } -<ST_ONE_LINE_COMMENT>[^\n\r?%>]+{ANY_CHAR} { +<ST_ONE_LINE_COMMENT>[^\n\r?%>]*{ANY_CHAR} { switch (yytext[yyleng-1]) { case '?': case '%': case '>': yyless(yyleng-1); @@ -1491,7 +1491,7 @@ <ST_ONE_LINE_COMMENT>"?>"|"%>" { if (CG(asp_tags) || yytext[yyleng-2] != '%') { /* asp comment? */ zendlval->value.str.val = yytext; /* no copying - intentional */ - zendlval->value.str.len = yyleng; + zendlval->value.str.len = yyleng-2; zendlval->type = IS_STRING; yyless(yyleng-2); BEGIN(ST_IN_SCRIPTING); Index: zend_opcode.c =================================================================== RCS file: /repository/ZendEngine2/zend_opcode.c,v retrieving revision 1.110.2.5 retrieving revision 1.110.2.6 diff -u -r1.110.2.5 -r1.110.2.6 --- zend_opcode.c 14 Mar 2006 11:24:45 -0000 1.110.2.5 +++ zend_opcode.c 10 Apr 2006 12:26:53 -0000 1.110.2.6 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_opcode.c,v 1.110.2.5 2006/03/14 11:24:45 dmitry Exp $ */ +/* $Id: zend_opcode.c,v 1.110.2.6 2006/04/10 12:26:53 dmitry Exp $ */ #include <stdio.h> @@ -367,8 +367,10 @@ zend_llist_apply_with_argument(&zend_extensions, (llist_apply_with_arg_func_t) zend_extension_op_array_handler, op_array TSRMLS_CC); } - op_array->opcodes = (zend_op *) erealloc(op_array->opcodes, sizeof(zend_op)*op_array->last); - op_array->size = op_array->last; + if (!CG(interactive) && op_array->size != op_array->last) { + op_array->opcodes = (zend_op *) erealloc(op_array->opcodes, sizeof(zend_op)*op_array->last); + op_array->size = op_array->last; + } opline = op_array->opcodes; end = opline + op_array->last; Index: zend_strtod.c =================================================================== RCS file: /repository/ZendEngine2/zend_strtod.c,v retrieving revision 1.17.2.1 retrieving revision 1.17.2.2 diff -u -r1.17.2.1 -r1.17.2.2 --- zend_strtod.c 14 Feb 2006 22:10:55 -0000 1.17.2.1 +++ zend_strtod.c 15 Apr 2006 12:54:14 -0000 1.17.2.2 @@ -130,6 +130,7 @@ * but the word order is big endian. */ #define IEEE_BIG_ENDIAN +#undef IEEE_LITTLE_ENDIAN #endif #ifdef __vax__ Index: zend_vm_def.h =================================================================== RCS file: /repository/ZendEngine2/zend_vm_def.h,v retrieving revision 1.59.2.27 retrieving revision 1.59.2.30 diff -u -r1.59.2.27 -r1.59.2.30 --- zend_vm_def.h 15 Mar 2006 11:12:45 -0000 1.59.2.27 +++ zend_vm_def.h 6 Jul 2006 15:39:23 -0000 1.59.2.30 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: zend_vm_def.h,v 1.59.2.27 2006/03/15 11:12:45 dmitry Exp $ */ +/* $Id: zend_vm_def.h,v 1.59.2.30 2006/07/06 15:39:23 pollita Exp $ */ /* If you change this file, please regenerate the zend_vm_execute.h and * zend_vm_opcodes.h files by running: @@ -1158,7 +1158,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -3017,7 +3019,20 @@ } else if (Z_TYPE_P(array_ptr) == IS_OBJECT) { ce = Z_OBJCE_P(array_ptr); } else { - array_ptr->refcount++; + if (OP1_TYPE == IS_VAR && + free_op1.var == NULL && + !array_ptr->is_ref && + array_ptr->refcount > 1) { + /* non-separated return value from function */ + zval *tmp; + + ALLOC_ZVAL(tmp); + INIT_PZVAL_COPY(tmp, array_ptr); + zval_copy_ctor(tmp); + array_ptr = tmp; + } else { + array_ptr->refcount++; + } } } @@ -3223,7 +3238,9 @@ key->value.lval = int_key; key->type = IS_LONG; break; - EMPTY_SWITCH_DEFAULT_CASE() + default: + ZVAL_NULL(key); + break; } } Index: zend_vm_execute.h =================================================================== RCS file: /repository/ZendEngine2/zend_vm_execute.h,v retrieving revision 1.62.2.28 retrieving revision 1.62.2.31 diff -u -r1.62.2.28 -r1.62.2.31 --- zend_vm_execute.h 15 Mar 2006 11:12:45 -0000 1.62.2.28 +++ zend_vm_execute.h 6 Jul 2006 15:39:23 -0000 1.62.2.31 @@ -2059,7 +2059,7 @@ static int ZEND_FE_RESET_SPEC_CONST_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { zend_op *opline = EX(opline); - + zend_free_op free_op1; zval *array_ptr, **array_ptr_ptr; HashTable *fe_ht; zend_object_iterator *iter = NULL; @@ -2100,7 +2100,20 @@ } else if (Z_TYPE_P(array_ptr) == IS_OBJECT) { ce = Z_OBJCE_P(array_ptr); } else { - array_ptr->refcount++; + if (IS_CONST == IS_VAR && + free_op1.var == NULL && + !array_ptr->is_ref && + array_ptr->refcount > 1) { + /* non-separated return value from function */ + zval *tmp; + + ALLOC_ZVAL(tmp); + INIT_PZVAL_COPY(tmp, array_ptr); + zval_copy_ctor(tmp); + array_ptr = tmp; + } else { + array_ptr->refcount++; + } } } @@ -4518,7 +4531,20 @@ } else if (Z_TYPE_P(array_ptr) == IS_OBJECT) { ce = Z_OBJCE_P(array_ptr); } else { - array_ptr->refcount++; + if (IS_TMP_VAR == IS_VAR && + free_op1.var == NULL && + !array_ptr->is_ref && + array_ptr->refcount > 1) { + /* non-separated return value from function */ + zval *tmp; + + ALLOC_ZVAL(tmp); + INIT_PZVAL_COPY(tmp, array_ptr); + zval_copy_ctor(tmp); + array_ptr = tmp; + } else { + array_ptr->refcount++; + } } } @@ -7518,7 +7544,20 @@ } else if (Z_TYPE_P(array_ptr) == IS_OBJECT) { ce = Z_OBJCE_P(array_ptr); } else { - array_ptr->refcount++; + if (IS_VAR == IS_VAR && + free_op1.var == NULL && + !array_ptr->is_ref && + array_ptr->refcount > 1) { + /* non-separated return value from function */ + zval *tmp; + + ALLOC_ZVAL(tmp); + INIT_PZVAL_COPY(tmp, array_ptr); + zval_copy_ctor(tmp); + array_ptr = tmp; + } else { + array_ptr->refcount++; + } } } @@ -7724,7 +7763,9 @@ key->value.lval = int_key; key->type = IS_LONG; break; - EMPTY_SWITCH_DEFAULT_CASE() + default: + ZVAL_NULL(key); + break; } } @@ -8633,7 +8674,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -10057,7 +10100,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -11484,7 +11529,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -13356,7 +13403,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -14551,7 +14600,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -15628,7 +15679,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -16666,7 +16719,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -18069,7 +18124,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -19574,7 +19631,7 @@ static int ZEND_FE_RESET_SPEC_CV_HANDLER(ZEND_OPCODE_HANDLER_ARGS) { zend_op *opline = EX(opline); - + zend_free_op free_op1; zval *array_ptr, **array_ptr_ptr; HashTable *fe_ht; zend_object_iterator *iter = NULL; @@ -19615,7 +19672,20 @@ } else if (Z_TYPE_P(array_ptr) == IS_OBJECT) { ce = Z_OBJCE_P(array_ptr); } else { - array_ptr->refcount++; + if (IS_CV == IS_VAR && + free_op1.var == NULL && + !array_ptr->is_ref && + array_ptr->refcount > 1) { + /* non-separated return value from function */ + zval *tmp; + + ALLOC_ZVAL(tmp); + INIT_PZVAL_COPY(tmp, array_ptr); + zval_copy_ctor(tmp); + array_ptr = tmp; + } else { + array_ptr->refcount++; + } } } @@ -20590,7 +20660,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -22006,7 +22078,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -23425,7 +23499,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); @@ -25287,7 +25363,9 @@ if (container->type != IS_OBJECT || !Z_OBJ_HT_P(container)->read_property) { - zend_error(E_NOTICE, "Trying to get property of non-object"); + if (type != BP_VAR_IS) { + zend_error(E_NOTICE, "Trying to get property of non-object"); + } *retval = EG(uninitialized_zval_ptr); SELECTIVE_PZVAL_LOCK(*retval, &opline->result); AI_USE_PTR(EX_T(opline->result.u.var).var); Index: tests/bug34873.phpt =================================================================== RCS file: /repository/ZendEngine2/tests/bug34873.phpt,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- tests/bug34873.phpt 14 Oct 2005 21:52:18 -0000 1.1.2.2 +++ tests/bug34873.phpt 14 Apr 2006 21:06:11 -0000 1.1.2.3 @@ -1,5 +1,5 @@ --TEST-- -bug #34873 (Segmentation Fault on foreach in object) +Bug #34873 (Segmentation Fault on foreach in object) --FILE-- <?php class pwa {