From f6ff3a28d60c24dea2a05344d9b7eb823f09b4e5 Mon Sep 17 00:00:00 2001 From: Michael Wallner Date: Fri, 4 Oct 2013 11:22:17 +0200 Subject: [PATCH 1/2] Fixed bug #64230 (XMLReader does not suppress errors) --- NEWS | 1 + ext/xmlreader/php_xmlreader.c | 2 -- ext/xmlreader/tests/bug64230.phpt | 50 +++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 ext/xmlreader/tests/bug64230.phpt diff --git a/NEWS b/NEWS index ffde3012f97..99637146796 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ PHP NEWS - XMLReader: . Fixed bug #51936 (Crash with clone XMLReader). (Mike) + . Fixed bug #64230 (XMLReader does not suppress errors). (Mike) ?? ??? 2013, PHP 5.4.21 diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c index 8b803200976..adf282120e0 100644 --- a/ext/xmlreader/php_xmlreader.c +++ b/ext/xmlreader/php_xmlreader.c @@ -805,7 +805,6 @@ PHP_METHOD(xmlreader, read) if (intern != NULL && intern->ptr != NULL) { retval = xmlTextReaderRead(intern->ptr); if (retval == -1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "An Error Occurred while reading"); RETURN_FALSE; } else { RETURN_BOOL(retval); @@ -847,7 +846,6 @@ PHP_METHOD(xmlreader, next) retval = xmlTextReaderNext(intern->ptr); } if (retval == -1) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "An Error Occurred while reading"); RETURN_FALSE; } else { RETURN_BOOL(retval); diff --git a/ext/xmlreader/tests/bug64230.phpt b/ext/xmlreader/tests/bug64230.phpt new file mode 100644 index 00000000000..0b070925f30 --- /dev/null +++ b/ext/xmlreader/tests/bug64230.phpt @@ -0,0 +1,50 @@ +--TEST-- +Bug #64230 (XMLReader does not suppress errors) +--SKIPIF-- + +--FILE-- +message); + } + libxml_clear_errors(); +} + +echo "Internal errors TRUE\n"; +libxml_use_internal_errors(true); + +$x = new XMLReader; +$x->xml(""); +$x->read(); + +show_internal_errors(); + +echo "Internal errors FALSE\n"; +libxml_use_internal_errors(false); + +$x = new XMLReader; +$x->xml(""); +$x->read(); + +show_internal_errors(); + +?> +Done +--EXPECTF-- +Test +Internal errors TRUE +Internal: Specification mandate value for attribute att + +Internal errors FALSE + +Warning: XMLReader::read(): %s: parser error : Specification mandate value for attribute att in %s on line %d + +Warning: XMLReader::read(): in %s on line %d + +Warning: XMLReader::read(): ^ in %s on line %d +Done From 536260f2c52af7057a657af96d991acf27c0cc86 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 4 Oct 2013 13:13:46 +0200 Subject: [PATCH 2/2] Fix bug #65821: By-ref foreach on property access of string offset segfaults This removes the now unnecessary ZEND_FETCH_ADD_LOCK on the container of a property fetch of a by-reference foreach. --- NEWS | 2 ++ Zend/zend_compile.c | 33 ++--------------------- Zend/zend_vm_def.h | 5 ---- Zend/zend_vm_execute.h | 60 ------------------------------------------ 4 files changed, 4 insertions(+), 96 deletions(-) diff --git a/NEWS b/NEWS index 1b1f9c4bdf5..796f82f2078 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,8 @@ PHP NEWS - Core: . Fixed bug #64979 (Wrong behavior of static variables in closure generators). (Nikita) + . Fixed bug #65821 (By-ref foreach on property access of string offset + segfaults). (Nikita) - CLI server: . Fixed bug #65633 (built-in server treat some http headers as diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index f250b2be208..9008f23369d 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -1749,7 +1749,6 @@ void zend_do_begin_function_declaration(znode *function_token, znode *function_n zend_op dummy_opline; dummy_opline.result_type = IS_UNUSED; - dummy_opline.op1_type = IS_UNUSED; zend_stack_push(&CG(foreach_copy_stack), (void *) &dummy_opline, sizeof(zend_op)); } @@ -2662,7 +2661,7 @@ static int generate_free_switch_expr(const zend_switch_entry *switch_entry TSRML opline->opcode = (switch_entry->cond.op_type == IS_TMP_VAR) ? ZEND_FREE : ZEND_SWITCH_FREE; SET_NODE(opline->op1, &switch_entry->cond); SET_UNUSED(opline->op2); - opline->extended_value = 0; + return 0; } /* }}} */ @@ -2672,7 +2671,7 @@ static int generate_free_foreach_copy(const zend_op *foreach_copy TSRMLS_DC) /* zend_op *opline; /* If we reach the separator then stop applying the stack */ - if (foreach_copy->result_type == IS_UNUSED && foreach_copy->op1_type == IS_UNUSED) { + if (foreach_copy->result_type == IS_UNUSED) { return 1; } @@ -2681,16 +2680,6 @@ static int generate_free_foreach_copy(const zend_op *foreach_copy TSRMLS_DC) /* opline->opcode = (foreach_copy->result_type == IS_TMP_VAR) ? ZEND_FREE : ZEND_SWITCH_FREE; COPY_NODE(opline->op1, foreach_copy->result); SET_UNUSED(opline->op2); - opline->extended_value = 1; - - if (foreach_copy->op1_type != IS_UNUSED) { - opline = get_next_op(CG(active_op_array) TSRMLS_CC); - - opline->opcode = (foreach_copy->op1_type == IS_TMP_VAR) ? ZEND_FREE : ZEND_SWITCH_FREE; - COPY_NODE(opline->op1, foreach_copy->op1); - SET_UNUSED(opline->op2); - opline->extended_value = 0; - } return 0; } @@ -6227,7 +6216,6 @@ void zend_do_foreach_begin(znode *foreach_token, znode *open_brackets_token, zno { zend_op *opline; zend_bool is_variable; - zend_bool push_container = 0; zend_op dummy_opline; if (variable) { @@ -6239,14 +6227,6 @@ void zend_do_foreach_begin(znode *foreach_token, znode *open_brackets_token, zno /* save the location of FETCH_W instruction(s) */ open_brackets_token->u.op.opline_num = get_next_op_number(CG(active_op_array)); zend_do_end_variable_parse(array, BP_VAR_W, 0 TSRMLS_CC); - if (CG(active_op_array)->last > 0 && - CG(active_op_array)->opcodes[CG(active_op_array)->last-1].opcode == ZEND_FETCH_OBJ_W) { - /* Only lock the container if we are fetching from a real container and not $this */ - if (CG(active_op_array)->opcodes[CG(active_op_array)->last-1].op1_type == IS_VAR) { - CG(active_op_array)->opcodes[CG(active_op_array)->last-1].extended_value |= ZEND_FETCH_ADD_LOCK; - push_container = 1; - } - } } else { is_variable = 0; open_brackets_token->u.op.opline_num = get_next_op_number(CG(active_op_array)); @@ -6266,11 +6246,6 @@ void zend_do_foreach_begin(znode *foreach_token, znode *open_brackets_token, zno opline->extended_value = is_variable ? ZEND_FE_RESET_VARIABLE : 0; COPY_NODE(dummy_opline.result, opline->result); - if (push_container) { - COPY_NODE(dummy_opline.op1, CG(active_op_array)->opcodes[CG(active_op_array)->last-2].op1); - } else { - dummy_opline.op1_type = IS_UNUSED; - } zend_stack_push(&CG(foreach_copy_stack), (void *) &dummy_opline, sizeof(zend_op)); /* save the location of FE_FETCH */ @@ -6327,7 +6302,6 @@ void zend_do_foreach_cont(znode *foreach_token, const znode *open_brackets_token opline->extended_value |= ZEND_FE_FETCH_BYREF; CG(active_op_array)->opcodes[foreach_token->u.op.opline_num].extended_value |= ZEND_FE_RESET_REFERENCE; } else { - zend_op *foreach_copy; zend_op *fetch = &CG(active_op_array)->opcodes[foreach_token->u.op.opline_num]; zend_op *end = &CG(active_op_array)->opcodes[open_brackets_token->u.op.opline_num]; @@ -6344,9 +6318,6 @@ void zend_do_foreach_cont(znode *foreach_token, const znode *open_brackets_token fetch->opcode -= 3; /* FETCH_W -> FETCH_R */ } } - /* prevent double SWITCH_FREE */ - zend_stack_top(&CG(foreach_copy_stack), (void **) &foreach_copy); - foreach_copy->op1_type = IS_UNUSED; } GET_NODE(&value_node, opline->result); diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index ada20ca3083..201ae49e05a 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1392,11 +1392,6 @@ ZEND_VM_HANDLER(85, ZEND_FETCH_OBJ_W, VAR|UNUSED|CV, CONST|TMP|VAR|CV) SAVE_OPLINE(); property = GET_OP2_ZVAL_PTR(BP_VAR_R); - if (OP1_TYPE == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (IS_OP2_TMP_FREE()) { MAKE_REAL_ZVAL_PTR(property); } diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 2ba6bfef1d9..74a8c12d400 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -14997,11 +14997,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_VAR_CONST_HANDLER(ZEND_OPCODE_HA SAVE_OPLINE(); property = opline->op2.zv; - if (IS_VAR == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -17353,11 +17348,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_VAR_TMP_HANDLER(ZEND_OPCODE_HAND SAVE_OPLINE(); property = _get_zval_ptr_tmp(opline->op2.var, execute_data, &free_op2 TSRMLS_CC); - if (IS_VAR == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (1) { MAKE_REAL_ZVAL_PTR(property); } @@ -19616,11 +19606,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_VAR_VAR_HANDLER(ZEND_OPCODE_HAND SAVE_OPLINE(); property = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2 TSRMLS_CC); - if (IS_VAR == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -23081,11 +23066,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_VAR_CV_HANDLER(ZEND_OPCODE_HANDL SAVE_OPLINE(); property = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_VAR == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -24867,11 +24847,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_UNUSED_CONST_HANDLER(ZEND_OPCODE SAVE_OPLINE(); property = opline->op2.zv; - if (IS_UNUSED == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -26285,11 +26260,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_UNUSED_TMP_HANDLER(ZEND_OPCODE_H SAVE_OPLINE(); property = _get_zval_ptr_tmp(opline->op2.var, execute_data, &free_op2 TSRMLS_CC); - if (IS_UNUSED == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (1) { MAKE_REAL_ZVAL_PTR(property); } @@ -27606,11 +27576,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_UNUSED_VAR_HANDLER(ZEND_OPCODE_H SAVE_OPLINE(); property = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2 TSRMLS_CC); - if (IS_UNUSED == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -29349,11 +29314,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_UNUSED_CV_HANDLER(ZEND_OPCODE_HA SAVE_OPLINE(); property = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_UNUSED == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -32493,11 +32453,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_CV_CONST_HANDLER(ZEND_OPCODE_HAN SAVE_OPLINE(); property = opline->op2.zv; - if (IS_CV == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -34614,11 +34569,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_CV_TMP_HANDLER(ZEND_OPCODE_HANDL SAVE_OPLINE(); property = _get_zval_ptr_tmp(opline->op2.var, execute_data, &free_op2 TSRMLS_CC); - if (IS_CV == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (1) { MAKE_REAL_ZVAL_PTR(property); } @@ -36739,11 +36689,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_CV_VAR_HANDLER(ZEND_OPCODE_HANDL SAVE_OPLINE(); property = _get_zval_ptr_var(opline->op2.var, execute_data, &free_op2 TSRMLS_CC); - if (IS_CV == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); } @@ -39917,11 +39862,6 @@ static int ZEND_FASTCALL ZEND_FETCH_OBJ_W_SPEC_CV_CV_HANDLER(ZEND_OPCODE_HANDLE SAVE_OPLINE(); property = _get_zval_ptr_cv_BP_VAR_R(execute_data, opline->op2.var TSRMLS_CC); - if (IS_CV == IS_VAR && (opline->extended_value & ZEND_FETCH_ADD_LOCK)) { - PZVAL_LOCK(*EX_T(opline->op1.var).var.ptr_ptr); - EX_T(opline->op1.var).var.ptr = *EX_T(opline->op1.var).var.ptr_ptr; - } - if (0) { MAKE_REAL_ZVAL_PTR(property); }