From 8e5048f9fb93846846e82c42c39f1759c97a73c2 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 24 Dec 2013 22:22:04 -0800 Subject: [PATCH 01/11] 5.4.25 next --- NEWS | 2 ++ configure.in | 2 +- main/php_version.h | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index e7c7639cbc3..d842e12606d 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,7 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +?? ??? 2013, PHP 5.4.25 + ?? ??? 2013, PHP 5.4.24 - Core: diff --git a/configure.in b/configure.in index a2cbe32efaa..c57c3435207 100644 --- a/configure.in +++ b/configure.in @@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 -PHP_RELEASE_VERSION=24 +PHP_RELEASE_VERSION=25 PHP_EXTRA_VERSION="-dev" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 89fb515acc4..213cd5386db 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 4 -#define PHP_RELEASE_VERSION 24 +#define PHP_RELEASE_VERSION 25 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.4.24-dev" -#define PHP_VERSION_ID 50424 +#define PHP_VERSION "5.4.25-dev" +#define PHP_VERSION_ID 50425 From 5b0620831c41687950f1f34a225bea060122b503 Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Wed, 25 Dec 2013 23:29:42 +0100 Subject: [PATCH 02/11] brought the ext/sybase_ct/config.w32 up to date --- ext/sybase_ct/config.w32 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ext/sybase_ct/config.w32 b/ext/sybase_ct/config.w32 index bf56bd14029..c773b623af2 100644 --- a/ext/sybase_ct/config.w32 +++ b/ext/sybase_ct/config.w32 @@ -7,8 +7,11 @@ ARG_WITH("sybase-ct", "SYBASE_CT support", "no"); if (PHP_SYBASE_CT != "no") { if (CHECK_HEADER_ADD_INCLUDE("ctpublic.h", "CFLAGS_SYBASE_CT", PHP_PHP_BUILD + "\\sybase\\include;" + PHP_SYBASE_CT) && - CHECK_LIB("libcs.lib", "sybase_ct", PHP_PHP_BUILD + "\\sybase\\lib;" + PHP_SYBASE_CT) && - CHECK_LIB("libct.lib", "sybase_ct", PHP_PHP_BUILD + "\\sybase\\lib;" + PHP_SYBASE_CT)) { + (!X64 && CHECK_LIB("libsybcs.lib", "sybase_ct", PHP_PHP_BUILD + "\\sybase\\lib;" + PHP_SYBASE_CT) && + CHECK_LIB("libsybct.lib", "sybase_ct", PHP_PHP_BUILD + "\\sybase\\lib;" + PHP_SYBASE_CT) || + X64 && CHECK_LIB("libsybcs64.lib", "sybase_ct", PHP_PHP_BUILD + "\\sybase\\lib;" + PHP_SYBASE_CT) && + CHECK_LIB("libsybct64.lib", "sybase_ct", PHP_PHP_BUILD + "\\sybase\\lib;" + PHP_SYBASE_CT)) + ) { EXTENSION('sybase_ct', 'php_sybase_ct.c'); AC_DEFINE('HAVE_SYBASE_CT', 1); } else { From 6414fe283e3931d87416a155f4cfbaaf5ffca1ad Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 26 Dec 2013 11:51:32 +0400 Subject: [PATCH 03/11] Fixed ZEND_MM_MEM_TYPE=mmap_zero --- NEWS | 1 + Zend/zend_alloc.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 38659e60767..eecd4e80028 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,7 @@ PHP NEWS . Disallowed JMP into a finally block. (Laruence) . Added validation of class names in the autoload process. (Dmitry) . Fixed invalid C code in zend_strtod.c. (Lior Kaplan) + . Fixed ZEND_MM_MEM_TYPE=mmap_zero. (Dmitry, Tony) . Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object). (Nikita) . Fixed bug #65764 (generators/throw_rethrow FAIL with diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index bf9d0004377..c3d322aa8f5 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -201,7 +201,7 @@ static int zend_mm_dev_zero_fd = -1; static zend_mm_storage* zend_mm_mem_mmap_zero_init(void *params) { - if (zend_mm_dev_zero_fd != -1) { + if (zend_mm_dev_zero_fd == -1) { zend_mm_dev_zero_fd = open("/dev/zero", O_RDWR, S_IRUSR | S_IWUSR); } if (zend_mm_dev_zero_fd >= 0) { From 2938329ce19cb8c4197dec146c3ec887c6f61d01 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Dec 2013 14:04:59 +0800 Subject: [PATCH 04/11] Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()) And also fixed the bug: arguments are altered after some calls --- NEWS | 1 + ext/gd/gd.c | 181 ++++++++++++++++++++++++++++++------- ext/gd/tests/bug66356.phpt | 22 +++++ main/php_version.h | 6 +- 4 files changed, 173 insertions(+), 37 deletions(-) create mode 100644 ext/gd/tests/bug66356.phpt diff --git a/NEWS b/NEWS index eecd4e80028..86eeb7cea9f 100644 --- a/NEWS +++ b/NEWS @@ -29,6 +29,7 @@ PHP NEWS . Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam) - GD: + . Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (Laruence) . Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). (Adam) diff --git a/ext/gd/gd.c b/ext/gd/gd.c index fb258214a15..49970c16883 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -1538,9 +1538,15 @@ PHP_FUNCTION(imagesetstyle) break; } - convert_to_long_ex(item); - - stylearr[index++] = Z_LVAL_PP(item); + if (Z_TYPE_PP(item) != IS_LONG) { + zval lval; + lval = **item; + zval_copy_ctor(&lval); + convert_to_long(&lval); + stylearr[index++] = Z_LVAL(lval); + } else { + stylearr[index++] = Z_LVAL_PP(item); + } } gdImageSetStyle(im, stylearr, index); @@ -3346,14 +3352,26 @@ static void php_imagepolygon(INTERNAL_FUNCTION_PARAMETERS, int filled) for (i = 0; i < npoints; i++) { if (zend_hash_index_find(Z_ARRVAL_P(POINTS), (i * 2), (void **) &var) == SUCCESS) { - SEPARATE_ZVAL((var)); - convert_to_long(*var); - points[i].x = Z_LVAL_PP(var); + if (Z_TYPE_PP(var) != IS_LONG) { + zval lval; + lval = **var; + zval_copy_ctor(&lval); + convert_to_long(&lval); + points[i].x = Z_LVAL(lval); + } else { + points[i].x = Z_LVAL_PP(var); + } } if (zend_hash_index_find(Z_ARRVAL_P(POINTS), (i * 2) + 1, (void **) &var) == SUCCESS) { - SEPARATE_ZVAL(var); - convert_to_long(*var); - points[i].y = Z_LVAL_PP(var); + if (Z_TYPE_PP(var) != IS_LONG) { + zval lval; + lval = **var; + zval_copy_ctor(&lval); + convert_to_long(&lval); + points[i].y = Z_LVAL(lval); + } else { + points[i].y = Z_LVAL_PP(var); + } } } @@ -4859,9 +4877,15 @@ PHP_FUNCTION(imageconvolution) for (j=0; j<3; j++) { if (zend_hash_index_find(Z_ARRVAL_PP(var), (j), (void **) &var2) == SUCCESS) { - SEPARATE_ZVAL(var2); - convert_to_double(*var2); - matrix[i][j] = (float)Z_DVAL_PP(var2); + if (Z_TYPE_PP(var2) != IS_DOUBLE) { + zval dval; + dval = **var; + zval_copy_ctor(&dval); + convert_to_double(&dval); + matrix[i][j] = (float)Z_DVAL(dval); + } else { + matrix[i][j] = (float)Z_DVAL_PP(var2); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "You must have a 3x3 matrix"); RETURN_FALSE; @@ -4954,28 +4978,60 @@ PHP_FUNCTION(imagecrop) ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd); if (zend_hash_find(HASH_OF(z_rect), "x", sizeof("x"), (void **)&tmp) != FAILURE) { - rect.x = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.x = Z_LVAL(lval); + } else { + rect.x = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing x position"); RETURN_FALSE; } if (zend_hash_find(HASH_OF(z_rect), "y", sizeof("x"), (void **)&tmp) != FAILURE) { - rect.y = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.y = Z_LVAL(lval); + } else { + rect.y = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing y position"); RETURN_FALSE; } if (zend_hash_find(HASH_OF(z_rect), "width", sizeof("width"), (void **)&tmp) != FAILURE) { - rect.width = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.width = Z_LVAL(lval); + } else { + rect.width = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing width"); RETURN_FALSE; } if (zend_hash_find(HASH_OF(z_rect), "height", sizeof("height"), (void **)&tmp) != FAILURE) { - rect.height = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.height = Z_LVAL(lval); + } else { + rect.height = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing height"); RETURN_FALSE; @@ -5124,8 +5180,13 @@ PHP_FUNCTION(imageaffine) affine[i] = Z_DVAL_PP(zval_affine_elem); break; case IS_STRING: - convert_to_double_ex(zval_affine_elem); - affine[i] = Z_DVAL_PP(zval_affine_elem); + { + zval dval; + dval = **zval_affine_elem; + zval_copy_ctor(&dval); + convert_to_double(&dval); + affine[i] = Z_DVAL(dval); + } break; default: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid type for element %i", i); @@ -5136,32 +5197,60 @@ PHP_FUNCTION(imageaffine) if (z_rect != NULL) { if (zend_hash_find(HASH_OF(z_rect), "x", sizeof("x"), (void **)&tmp) != FAILURE) { - convert_to_long_ex(tmp); - rect.x = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.x = Z_LVAL(lval); + } else { + rect.x = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing x position"); RETURN_FALSE; } if (zend_hash_find(HASH_OF(z_rect), "y", sizeof("x"), (void **)&tmp) != FAILURE) { - convert_to_long_ex(tmp); - rect.y = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.y = Z_LVAL(lval); + } else { + rect.y = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing y position"); RETURN_FALSE; } if (zend_hash_find(HASH_OF(z_rect), "width", sizeof("width"), (void **)&tmp) != FAILURE) { - convert_to_long_ex(tmp); - rect.width = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.width = Z_LVAL(lval); + } else { + rect.width = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing width"); RETURN_FALSE; } if (zend_hash_find(HASH_OF(z_rect), "height", sizeof("height"), (void **)&tmp) != FAILURE) { - convert_to_long_ex(tmp); - rect.height = Z_LVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_LONG) { + zval lval; + lval = **tmp; + zval_copy_ctor(&lval); + convert_to_long(&lval); + rect.height = Z_LVAL(lval); + } else { + rect.height = Z_LVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing height"); RETURN_FALSE; @@ -5211,16 +5300,30 @@ PHP_FUNCTION(imageaffinematrixget) php_error_docref(NULL TSRMLS_CC, E_WARNING, "Array expected as options"); } if (zend_hash_find(HASH_OF(options), "x", sizeof("x"), (void **)&tmp) != FAILURE) { - convert_to_double_ex(tmp); - x = Z_DVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_DOUBLE) { + zval dval; + dval = **tmp; + zval_copy_ctor(&dval); + convert_to_double(&dval); + x = Z_DVAL(dval); + } else { + x = Z_DVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing x position"); RETURN_FALSE; } if (zend_hash_find(HASH_OF(options), "y", sizeof("y"), (void **)&tmp) != FAILURE) { - convert_to_double_ex(tmp); - y = Z_DVAL_PP(tmp); + if (Z_TYPE_PP(tmp) != IS_DOUBLE) { + zval dval; + dval = **tmp; + zval_copy_ctor(&dval); + convert_to_double(&dval); + y = Z_DVAL(dval); + } else { + y = Z_DVAL_PP(tmp); + } } else { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Missing y position"); RETURN_FALSE; @@ -5300,8 +5403,13 @@ PHP_FUNCTION(imageaffinematrixconcat) m1[i] = Z_DVAL_PP(tmp); break; case IS_STRING: - convert_to_double_ex(tmp); - m1[i] = Z_DVAL_PP(tmp); + { + zval dval; + dval = **tmp; + zval_copy_ctor(&dval); + convert_to_double(&dval); + m1[i] = Z_DVAL(dval); + } break; default: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid type for element %i", i); @@ -5317,8 +5425,13 @@ PHP_FUNCTION(imageaffinematrixconcat) m2[i] = Z_DVAL_PP(tmp); break; case IS_STRING: - convert_to_double_ex(tmp); - m2[i] = Z_DVAL_PP(tmp); + { + zval dval; + dval = **tmp; + zval_copy_ctor(&dval); + convert_to_double(&dval); + m2[i] = Z_DVAL(dval); + } break; default: php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid type for element %i", i); diff --git a/ext/gd/tests/bug66356.phpt b/ext/gd/tests/bug66356.phpt new file mode 100644 index 00000000000..f8814947164 --- /dev/null +++ b/ext/gd/tests/bug66356.phpt @@ -0,0 +1,22 @@ +--TEST-- +Bug #66356 (Heap Overflow Vulnerability in imagecrop()) +--SKIPIF-- + +--FILE-- + "a", "y" => 0, "width" => 10, "height" => 10)); +$arr = array("x" => "a", "y" => "12b", "width" => 10, "height" => 10); +$img = imagecrop($img, $arr); +print_r($arr); +?> +--EXPECTF-- +Array +( + [x] => a + [y] => 12b + [width] => 10 + [height] => 10 +) diff --git a/main/php_version.h b/main/php_version.h index 8d30a367d36..d9ea4aab3cd 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 5 -#define PHP_RELEASE_VERSION 8 +#define PHP_RELEASE_VERSION 5 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.5.8-dev" -#define PHP_VERSION_ID 50508 +#define PHP_VERSION "5.5.5-dev" +#define PHP_VERSION_ID 50505 From aba76f09fa3adca5208b877ed75b2c2ef8f4498f Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 27 Dec 2013 14:10:55 +0800 Subject: [PATCH 05/11] Revert accidented committed php_version.h --- main/php_version.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main/php_version.h b/main/php_version.h index d9ea4aab3cd..8d30a367d36 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 5 -#define PHP_RELEASE_VERSION 5 +#define PHP_RELEASE_VERSION 8 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.5.5-dev" -#define PHP_VERSION_ID 50505 +#define PHP_VERSION "5.5.8-dev" +#define PHP_VERSION_ID 50508 From 8f4a5373bb71590352fd934028d6dde5bc18530b Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sat, 28 Dec 2013 14:22:13 +0100 Subject: [PATCH 06/11] Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()) Initial fix was PHP stuff This one is libgd fix. - filter invalid crop size - dont try to copy on invalid position - fix crop size when out of src image - fix possible NULL deref - fix possible integer overfloow --- NEWS | 3 ++- ext/gd/libgd/gd_crop.c | 52 +++++++++++++++++++++++--------------- ext/gd/tests/bug66356.phpt | 22 ++++++++++++++-- 3 files changed, 54 insertions(+), 23 deletions(-) diff --git a/NEWS b/NEWS index 86eeb7cea9f..aed16cce65f 100644 --- a/NEWS +++ b/NEWS @@ -29,7 +29,8 @@ PHP NEWS . Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam) - GD: - . Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (Laruence) + . Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). + (Laruence, Remi) . Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). (Adam) diff --git a/ext/gd/libgd/gd_crop.c b/ext/gd/libgd/gd_crop.c index f0b888a4f1c..90a99a650a8 100644 --- a/ext/gd/libgd/gd_crop.c +++ b/ext/gd/libgd/gd_crop.c @@ -44,6 +44,12 @@ gdImagePtr gdImageCrop(gdImagePtr src, const gdRectPtr crop) { gdImagePtr dst; + /* check size */ + if (crop->width<=0 || crop->height<=0) { + return NULL; + } + + /* allocate the requested size (could be only partially filled) */ if (src->trueColor) { dst = gdImageCreateTrueColor(crop->width, crop->height); gdImageSaveAlpha(dst, 1); @@ -51,37 +57,43 @@ gdImagePtr gdImageCrop(gdImagePtr src, const gdRectPtr crop) dst = gdImageCreate(crop->width, crop->height); gdImagePaletteCopy(dst, src); } + if (dst == NULL) { + return NULL; + } dst->transparent = src->transparent; - if (src->sx < (crop->x + crop->width -1)) { - crop->width = src->sx - crop->x + 1; + /* check position in the src image */ + if (crop->x < 0 || crop->x>=src->sx || crop->y<0 || crop->y>=src->sy) { + return dst; } - if (src->sy < (crop->y + crop->height -1)) { - crop->height = src->sy - crop->y + 1; + + /* reduce size if needed */ + if ((src->sx - crop->width) < crop->x) { + crop->width = src->sx - crop->x; } + if ((src->sy - crop->height) < crop->y) { + crop->height = src->sy - crop->y; + } + #if 0 printf("rect->x: %i\nrect->y: %i\nrect->width: %i\nrect->height: %i\n", crop->x, crop->y, crop->width, crop->height); #endif - if (dst == NULL) { - return NULL; + int y = crop->y; + if (src->trueColor) { + unsigned int dst_y = 0; + while (y < (crop->y + (crop->height - 1))) { + /* TODO: replace 4 w/byte per channel||pitch once available */ + memcpy(dst->tpixels[dst_y++], src->tpixels[y++] + crop->x, crop->width * 4); + } } else { - int y = crop->y; - if (src->trueColor) { - unsigned int dst_y = 0; - while (y < (crop->y + (crop->height - 1))) { - /* TODO: replace 4 w/byte per channel||pitch once available */ - memcpy(dst->tpixels[dst_y++], src->tpixels[y++] + crop->x, crop->width * 4); - } - } else { - int x; - for (y = crop->y; y < (crop->y + (crop->height - 1)); y++) { - for (x = crop->x; x < (crop->x + (crop->width - 1)); x++) { - dst->pixels[y - crop->y][x - crop->x] = src->pixels[y][x]; - } + int x; + for (y = crop->y; y < (crop->y + (crop->height - 1)); y++) { + for (x = crop->x; x < (crop->x + (crop->width - 1)); x++) { + dst->pixels[y - crop->y][x - crop->x] = src->pixels[y][x]; } } - return dst; } + return dst; } /** diff --git a/ext/gd/tests/bug66356.phpt b/ext/gd/tests/bug66356.phpt index f8814947164..2da91d61a9f 100644 --- a/ext/gd/tests/bug66356.phpt +++ b/ext/gd/tests/bug66356.phpt @@ -7,12 +7,27 @@ Bug #66356 (Heap Overflow Vulnerability in imagecrop()) --FILE-- "a", "y" => 0, "width" => 10, "height" => 10)); + +// POC #1 +var_dump(imagecrop($img, array("x" => "a", "y" => 0, "width" => 10, "height" => 10))); + $arr = array("x" => "a", "y" => "12b", "width" => 10, "height" => 10); -$img = imagecrop($img, $arr); +var_dump(imagecrop($img, $arr)); print_r($arr); + +// POC #2 +var_dump(imagecrop($img, array("x" => 0, "y" => 0, "width" => -1, "height" => 10))); + +// POC #3 +var_dump(imagecrop($img, array("x" => -20, "y" => -20, "width" => 10, "height" => 10))); + +// POC #4 +var_dump(imagecrop($img, array("x" => 0x7fffff00, "y" => 0, "width" => 10, "height" => 10))); + ?> --EXPECTF-- +resource(%d) of type (gd) +resource(%d) of type (gd) Array ( [x] => a @@ -20,3 +35,6 @@ Array [width] => 10 [height] => 10 ) +bool(false) +resource(%d) of type (gd) +resource(%d) of type (gd) \ No newline at end of file From 464c219ed4ebce6b9196cae308967ac7f7f58bde Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sat, 28 Dec 2013 14:29:14 +0100 Subject: [PATCH 07/11] minor fix on previous --- ext/gd/libgd/gd_crop.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/gd/libgd/gd_crop.c b/ext/gd/libgd/gd_crop.c index 90a99a650a8..bba425d0e3f 100644 --- a/ext/gd/libgd/gd_crop.c +++ b/ext/gd/libgd/gd_crop.c @@ -43,6 +43,7 @@ static int gdColorMatch(gdImagePtr im, int col1, int col2, float threshold); gdImagePtr gdImageCrop(gdImagePtr src, const gdRectPtr crop) { gdImagePtr dst; + int y; /* check size */ if (crop->width<=0 || crop->height<=0) { @@ -78,7 +79,7 @@ gdImagePtr gdImageCrop(gdImagePtr src, const gdRectPtr crop) #if 0 printf("rect->x: %i\nrect->y: %i\nrect->width: %i\nrect->height: %i\n", crop->x, crop->y, crop->width, crop->height); #endif - int y = crop->y; + y = crop->y; if (src->trueColor) { unsigned int dst_y = 0; while (y < (crop->y + (crop->height - 1))) { From 04c8ce259fb422c7bcdac3d72bacbf0ee910d772 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Mon, 30 Dec 2013 10:50:46 +0800 Subject: [PATCH 08/11] Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend) Use git blame -w to ingore the space changes --- NEWS | 2 + ext/opcache/Optimizer/zend_optimizer.c | 702 +++++++++--------- ext/opcache/Optimizer/zend_optimizer.h | 98 +-- .../Optimizer/zend_optimizer_internal.h | 172 ++--- 4 files changed, 488 insertions(+), 486 deletions(-) diff --git a/NEWS b/NEWS index aed16cce65f..615f539e665 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,8 @@ PHP NEWS . Fixed bug #65486 (mysqli_poll() is broken on win x64). (Anatol) - OPCache: + . Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style + ^M as lineend). (Laruence) . Fixed reavlidate_path=1 behavior to avoid caching of symlinks values. (Dmitry) . Fixed Issue #140: "opcache.enable_file_override" doesn't respect diff --git a/ext/opcache/Optimizer/zend_optimizer.c b/ext/opcache/Optimizer/zend_optimizer.c index c9325301282..2c96c3b0ce5 100644 --- a/ext/opcache/Optimizer/zend_optimizer.c +++ b/ext/opcache/Optimizer/zend_optimizer.c @@ -1,351 +1,351 @@ -/* - +----------------------------------------------------------------------+ - | Zend OPcache | - +----------------------------------------------------------------------+ - | Copyright (c) 1998-2013 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Authors: Andi Gutmans | - | Zeev Suraski | - | Stanislav Malyshev | - | Dmitry Stogov | - +----------------------------------------------------------------------+ -*/ - -#include "php.h" -#include "Optimizer/zend_optimizer.h" -#include "Optimizer/zend_optimizer_internal.h" -#include "zend_API.h" -#include "zend_constants.h" -#include "zend_execute.h" - -#define OPTIMIZATION_LEVEL \ - ZCG(accel_directives).optimization_level - -#if ZEND_EXTENSION_API_NO >= PHP_5_5_X_API_NO -static int zend_optimizer_lookup_cv(zend_op_array *op_array, char* name, int name_len) -{ - int i = 0; - ulong hash_value = zend_inline_hash_func(name, name_len+1); - - while (i < op_array->last_var) { - if (op_array->vars[i].name == name || - (op_array->vars[i].hash_value == hash_value && - op_array->vars[i].name_len == name_len && - memcmp(op_array->vars[i].name, name, name_len) == 0)) { - return i; - } - i++; - } - i = op_array->last_var; - op_array->last_var++; - op_array->vars = erealloc(op_array->vars, op_array->last_var * sizeof(zend_compiled_variable)); - if (IS_INTERNED(name)) { - op_array->vars[i].name = name; - } else { - op_array->vars[i].name = estrndup(name, name_len); - } - op_array->vars[i].name_len = name_len; - op_array->vars[i].hash_value = hash_value; - return i; -} -#endif - -#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO -int zend_optimizer_add_literal(zend_op_array *op_array, const zval *zv TSRMLS_DC) -{ - int i = op_array->last_literal; - op_array->last_literal++; - if (i >= CG(context).literals_size) { - CG(context).literals_size += 16; /* FIXME */ - op_array->literals = (zend_literal*)erealloc(op_array->literals, CG(context).literals_size * sizeof(zend_literal)); - } - op_array->literals[i].constant = *zv; - op_array->literals[i].hash_value = 0; - op_array->literals[i].cache_slot = -1; - Z_SET_REFCOUNT(op_array->literals[i].constant, 2); - Z_SET_ISREF(op_array->literals[i].constant); - return i; -} - -# define LITERAL_LONG(op, val) do { \ - zval _c; \ - ZVAL_LONG(&_c, val); \ - op.constant = zend_optimizer_add_literal(op_array, &_c TSRMLS_CC); \ - } while (0) - -# define LITERAL_BOOL(op, val) do { \ - zval _c; \ - ZVAL_BOOL(&_c, val); \ - op.constant = zend_optimizer_add_literal(op_array, &_c TSRMLS_CC); \ - } while (0) - -# define literal_dtor(zv) do { \ - zval_dtor(zv); \ - Z_TYPE_P(zv) = IS_NULL; \ - } while (0) - -#define COPY_NODE(target, src) do { \ - target ## _type = src ## _type; \ - target = src; \ - } while (0) - -#else - -# define LITERAL_LONG(op, val) ZVAL_LONG(&op.u.constant, val) - -# define LITERAL_BOOL(op, val) ZVAL_BOOL(&op.u.constant, val) - -# define literal_dtor(zv) zval_dtor(zv) - -#define COPY_NODE(target, src) do { \ - target = src; \ - } while (0) - -#endif - -static void update_op1_const(zend_op_array *op_array, - zend_op *opline, - zval *val TSRMLS_DC) -{ - if (opline->opcode == ZEND_FREE) { - MAKE_NOP(opline); - zval_dtor(val); - } else { - ZEND_OP1_TYPE(opline) = IS_CONST; -#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO - if (Z_TYPE_P(val) == IS_STRING) { - switch (opline->opcode) { - case ZEND_INIT_STATIC_METHOD_CALL: - case ZEND_CATCH: - case ZEND_FETCH_CONSTANT: - opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); - Z_HASH_P(&ZEND_OP1_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)) + 1); - op_array->literals[opline->op1.constant].cache_slot = op_array->last_cache_slot++; - zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); - zend_optimizer_add_literal(op_array, val TSRMLS_CC); - op_array->literals[opline->op1.constant+1].hash_value = zend_hash_func(Z_STRVAL(op_array->literals[opline->op1.constant+1].constant), Z_STRLEN(op_array->literals[opline->op1.constant+1].constant) + 1); - break; - case ZEND_DO_FCALL: - zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); - opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); - Z_HASH_P(&ZEND_OP1_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)) + 1); - op_array->literals[opline->op1.constant].cache_slot = op_array->last_cache_slot++; - break; - default: - opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); - Z_HASH_P(&ZEND_OP1_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)) + 1); - break; - } - } else { - opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); - } -#else - ZEND_OP1_LITERAL(opline) = *val; -#endif - } -} - -static void update_op2_const(zend_op_array *op_array, - zend_op *opline, - zval *val TSRMLS_DC) -{ - ZEND_OP2_TYPE(opline) = IS_CONST; -#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO - opline->op2.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); - if (Z_TYPE_P(val) == IS_STRING) { - Z_HASH_P(&ZEND_OP2_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP2_LITERAL(opline)), Z_STRLEN(ZEND_OP2_LITERAL(opline)) + 1); - switch (opline->opcode) { - case ZEND_FETCH_R: - case ZEND_FETCH_W: - case ZEND_FETCH_RW: - case ZEND_FETCH_IS: - case ZEND_FETCH_UNSET: - case ZEND_FETCH_FUNC_ARG: - case ZEND_FETCH_CLASS: - case ZEND_INIT_FCALL_BY_NAME: - /*case ZEND_INIT_NS_FCALL_BY_NAME:*/ - case ZEND_UNSET_VAR: - case ZEND_ISSET_ISEMPTY_VAR: - case ZEND_ADD_INTERFACE: - case ZEND_ADD_TRAIT: - op_array->literals[opline->op2.constant].cache_slot = op_array->last_cache_slot++; - zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); - zend_optimizer_add_literal(op_array, val TSRMLS_CC); - op_array->literals[opline->op2.constant+1].hash_value = zend_hash_func(Z_STRVAL(op_array->literals[opline->op2.constant+1].constant), Z_STRLEN(op_array->literals[opline->op2.constant+1].constant) + 1); - break; - case ZEND_INIT_METHOD_CALL: - case ZEND_INIT_STATIC_METHOD_CALL: - zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); - zend_optimizer_add_literal(op_array, val TSRMLS_CC); - op_array->literals[opline->op2.constant+1].hash_value = zend_hash_func(Z_STRVAL(op_array->literals[opline->op2.constant+1].constant), Z_STRLEN(op_array->literals[opline->op2.constant+1].constant) + 1); - /* break missing intentionally */ - /*case ZEND_FETCH_CONSTANT:*/ - case ZEND_ASSIGN_OBJ: - case ZEND_FETCH_OBJ_R: - case ZEND_FETCH_OBJ_W: - case ZEND_FETCH_OBJ_RW: - case ZEND_FETCH_OBJ_IS: - case ZEND_FETCH_OBJ_UNSET: - case ZEND_FETCH_OBJ_FUNC_ARG: - case ZEND_UNSET_OBJ: - case ZEND_PRE_INC_OBJ: - case ZEND_PRE_DEC_OBJ: - case ZEND_POST_INC_OBJ: - case ZEND_POST_DEC_OBJ: - case ZEND_ISSET_ISEMPTY_PROP_OBJ: - op_array->literals[opline->op2.constant].cache_slot = op_array->last_cache_slot; - op_array->last_cache_slot += 2; - break; - case ZEND_ASSIGN_ADD: - case ZEND_ASSIGN_SUB: - case ZEND_ASSIGN_MUL: - case ZEND_ASSIGN_DIV: - case ZEND_ASSIGN_MOD: - case ZEND_ASSIGN_SL: - case ZEND_ASSIGN_SR: - case ZEND_ASSIGN_CONCAT: - case ZEND_ASSIGN_BW_OR: - case ZEND_ASSIGN_BW_AND: - case ZEND_ASSIGN_BW_XOR: - if (opline->extended_value == ZEND_ASSIGN_OBJ) { - op_array->literals[opline->op2.constant].cache_slot = op_array->last_cache_slot; - op_array->last_cache_slot += 2; - } - break; -#if ZEND_EXTENSION_API_NO >= PHP_5_4_X_API_NO - case ZEND_OP_DATA: - if ((opline-1)->opcode == ZEND_ASSIGN_DIM || - ((opline-1)->extended_value == ZEND_ASSIGN_DIM && - ((opline-1)->opcode == ZEND_ASSIGN_ADD || - (opline-1)->opcode == ZEND_ASSIGN_SUB || - (opline-1)->opcode == ZEND_ASSIGN_MUL || - (opline-1)->opcode == ZEND_ASSIGN_DIV || - (opline-1)->opcode == ZEND_ASSIGN_MOD || - (opline-1)->opcode == ZEND_ASSIGN_SL || - (opline-1)->opcode == ZEND_ASSIGN_SR || - (opline-1)->opcode == ZEND_ASSIGN_CONCAT || - (opline-1)->opcode == ZEND_ASSIGN_BW_OR || - (opline-1)->opcode == ZEND_ASSIGN_BW_AND || - (opline-1)->opcode == ZEND_ASSIGN_BW_XOR))) { - goto check_numeric; - } - break; - case ZEND_ISSET_ISEMPTY_DIM_OBJ: - case ZEND_ADD_ARRAY_ELEMENT: - case ZEND_INIT_ARRAY: - case ZEND_UNSET_DIM: - case ZEND_FETCH_DIM_R: - case ZEND_FETCH_DIM_W: - case ZEND_FETCH_DIM_RW: - case ZEND_FETCH_DIM_IS: - case ZEND_FETCH_DIM_FUNC_ARG: - case ZEND_FETCH_DIM_UNSET: - case ZEND_FETCH_DIM_TMP_VAR: -check_numeric: - { - ulong index; - int numeric = 0; - - ZEND_HANDLE_NUMERIC_EX(Z_STRVAL_P(val), Z_STRLEN_P(val)+1, index, numeric = 1); - if (numeric) { - zval_dtor(val); - ZVAL_LONG(val, index); - op_array->literals[opline->op2.constant].constant = *val; - } - } - break; -#endif - default: - break; - } - } -#else - ZEND_OP2_LITERAL(opline) = *val; -#endif -} - -static void replace_tmp_by_const(zend_op_array *op_array, - zend_op *opline, - zend_uint var, - zval *val - TSRMLS_DC) -{ - zend_op *end = op_array->opcodes + op_array->last; - - while (opline < end) { - if (ZEND_OP1_TYPE(opline) == IS_TMP_VAR && - ZEND_OP1(opline).var == var) { - - update_op1_const(op_array, opline, val TSRMLS_CC); - /* TMP_VAR my be used only once */ - break; - } - - if (ZEND_OP2_TYPE(opline) == IS_TMP_VAR && - ZEND_OP2(opline).var == var) { - - update_op2_const(op_array, opline, val TSRMLS_CC); - /* TMP_VAR my be used only once */ - break; - } - opline++; - } -} - -#include "Optimizer/nop_removal.c" -#include "Optimizer/block_pass.c" -#include "Optimizer/optimize_temp_vars_5.c" - -void zend_optimizer(zend_op_array *op_array TSRMLS_DC) -{ - if (op_array->type == ZEND_EVAL_CODE || - (op_array->fn_flags & ZEND_ACC_INTERACTIVE)) { - return; - } - - /* pass 1 - * - substitute persistent constants (true, false, null, etc) - * - perform compile-time evaluation of constant binary and unary operations - * - optimize series of ADD_STRING and/or ADD_CHAR - * - convert CAST(IS_BOOL,x) into BOOL(x) - * - convert INTI_FCALL_BY_NAME + DO_FCALL_BY_NAME into DO_FCALL - */ -#include "Optimizer/pass1_5.c" - - /* pass 2: - * - convert non-numeric constants to numeric constants in numeric operators - * - optimize constant conditional JMPs - * - optimize static BRKs and CONTs - */ -#include "Optimizer/pass2.c" - - /* pass 3: - * - optimize $i = $i+expr to $i+=expr - * - optimize series of JMPs - * - change $i++ to ++$i where possible - */ -#include "Optimizer/pass3.c" - - /* pass 5: - * - CFG optimization - */ -#include "Optimizer/pass5.c" - - /* pass 9: - * - Optimize temp variables usage - */ -#include "Optimizer/pass9.c" - - /* pass 10: - * - remove NOPs - */ -#include "Optimizer/pass10.c" -} +/* + +----------------------------------------------------------------------+ + | Zend OPcache | + +----------------------------------------------------------------------+ + | Copyright (c) 1998-2013 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Authors: Andi Gutmans | + | Zeev Suraski | + | Stanislav Malyshev | + | Dmitry Stogov | + +----------------------------------------------------------------------+ +*/ + +#include "php.h" +#include "Optimizer/zend_optimizer.h" +#include "Optimizer/zend_optimizer_internal.h" +#include "zend_API.h" +#include "zend_constants.h" +#include "zend_execute.h" + +#define OPTIMIZATION_LEVEL \ + ZCG(accel_directives).optimization_level + +#if ZEND_EXTENSION_API_NO >= PHP_5_5_X_API_NO +static int zend_optimizer_lookup_cv(zend_op_array *op_array, char* name, int name_len) +{ + int i = 0; + ulong hash_value = zend_inline_hash_func(name, name_len+1); + + while (i < op_array->last_var) { + if (op_array->vars[i].name == name || + (op_array->vars[i].hash_value == hash_value && + op_array->vars[i].name_len == name_len && + memcmp(op_array->vars[i].name, name, name_len) == 0)) { + return i; + } + i++; + } + i = op_array->last_var; + op_array->last_var++; + op_array->vars = erealloc(op_array->vars, op_array->last_var * sizeof(zend_compiled_variable)); + if (IS_INTERNED(name)) { + op_array->vars[i].name = name; + } else { + op_array->vars[i].name = estrndup(name, name_len); + } + op_array->vars[i].name_len = name_len; + op_array->vars[i].hash_value = hash_value; + return i; +} +#endif + +#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO +int zend_optimizer_add_literal(zend_op_array *op_array, const zval *zv TSRMLS_DC) +{ + int i = op_array->last_literal; + op_array->last_literal++; + if (i >= CG(context).literals_size) { + CG(context).literals_size += 16; /* FIXME */ + op_array->literals = (zend_literal*)erealloc(op_array->literals, CG(context).literals_size * sizeof(zend_literal)); + } + op_array->literals[i].constant = *zv; + op_array->literals[i].hash_value = 0; + op_array->literals[i].cache_slot = -1; + Z_SET_REFCOUNT(op_array->literals[i].constant, 2); + Z_SET_ISREF(op_array->literals[i].constant); + return i; +} + +# define LITERAL_LONG(op, val) do { \ + zval _c; \ + ZVAL_LONG(&_c, val); \ + op.constant = zend_optimizer_add_literal(op_array, &_c TSRMLS_CC); \ + } while (0) + +# define LITERAL_BOOL(op, val) do { \ + zval _c; \ + ZVAL_BOOL(&_c, val); \ + op.constant = zend_optimizer_add_literal(op_array, &_c TSRMLS_CC); \ + } while (0) + +# define literal_dtor(zv) do { \ + zval_dtor(zv); \ + Z_TYPE_P(zv) = IS_NULL; \ + } while (0) + +#define COPY_NODE(target, src) do { \ + target ## _type = src ## _type; \ + target = src; \ + } while (0) + +#else + +# define LITERAL_LONG(op, val) ZVAL_LONG(&op.u.constant, val) + +# define LITERAL_BOOL(op, val) ZVAL_BOOL(&op.u.constant, val) + +# define literal_dtor(zv) zval_dtor(zv) + +#define COPY_NODE(target, src) do { \ + target = src; \ + } while (0) + +#endif + +static void update_op1_const(zend_op_array *op_array, + zend_op *opline, + zval *val TSRMLS_DC) +{ + if (opline->opcode == ZEND_FREE) { + MAKE_NOP(opline); + zval_dtor(val); + } else { + ZEND_OP1_TYPE(opline) = IS_CONST; +#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO + if (Z_TYPE_P(val) == IS_STRING) { + switch (opline->opcode) { + case ZEND_INIT_STATIC_METHOD_CALL: + case ZEND_CATCH: + case ZEND_FETCH_CONSTANT: + opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); + Z_HASH_P(&ZEND_OP1_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)) + 1); + op_array->literals[opline->op1.constant].cache_slot = op_array->last_cache_slot++; + zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); + zend_optimizer_add_literal(op_array, val TSRMLS_CC); + op_array->literals[opline->op1.constant+1].hash_value = zend_hash_func(Z_STRVAL(op_array->literals[opline->op1.constant+1].constant), Z_STRLEN(op_array->literals[opline->op1.constant+1].constant) + 1); + break; + case ZEND_DO_FCALL: + zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); + opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); + Z_HASH_P(&ZEND_OP1_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)) + 1); + op_array->literals[opline->op1.constant].cache_slot = op_array->last_cache_slot++; + break; + default: + opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); + Z_HASH_P(&ZEND_OP1_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP1_LITERAL(opline)), Z_STRLEN(ZEND_OP1_LITERAL(opline)) + 1); + break; + } + } else { + opline->op1.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); + } +#else + ZEND_OP1_LITERAL(opline) = *val; +#endif + } +} + +static void update_op2_const(zend_op_array *op_array, + zend_op *opline, + zval *val TSRMLS_DC) +{ + ZEND_OP2_TYPE(opline) = IS_CONST; +#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO + opline->op2.constant = zend_optimizer_add_literal(op_array, val TSRMLS_CC); + if (Z_TYPE_P(val) == IS_STRING) { + Z_HASH_P(&ZEND_OP2_LITERAL(opline)) = zend_hash_func(Z_STRVAL(ZEND_OP2_LITERAL(opline)), Z_STRLEN(ZEND_OP2_LITERAL(opline)) + 1); + switch (opline->opcode) { + case ZEND_FETCH_R: + case ZEND_FETCH_W: + case ZEND_FETCH_RW: + case ZEND_FETCH_IS: + case ZEND_FETCH_UNSET: + case ZEND_FETCH_FUNC_ARG: + case ZEND_FETCH_CLASS: + case ZEND_INIT_FCALL_BY_NAME: + /*case ZEND_INIT_NS_FCALL_BY_NAME:*/ + case ZEND_UNSET_VAR: + case ZEND_ISSET_ISEMPTY_VAR: + case ZEND_ADD_INTERFACE: + case ZEND_ADD_TRAIT: + op_array->literals[opline->op2.constant].cache_slot = op_array->last_cache_slot++; + zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); + zend_optimizer_add_literal(op_array, val TSRMLS_CC); + op_array->literals[opline->op2.constant+1].hash_value = zend_hash_func(Z_STRVAL(op_array->literals[opline->op2.constant+1].constant), Z_STRLEN(op_array->literals[opline->op2.constant+1].constant) + 1); + break; + case ZEND_INIT_METHOD_CALL: + case ZEND_INIT_STATIC_METHOD_CALL: + zend_str_tolower(Z_STRVAL_P(val), Z_STRLEN_P(val)); + zend_optimizer_add_literal(op_array, val TSRMLS_CC); + op_array->literals[opline->op2.constant+1].hash_value = zend_hash_func(Z_STRVAL(op_array->literals[opline->op2.constant+1].constant), Z_STRLEN(op_array->literals[opline->op2.constant+1].constant) + 1); + /* break missing intentionally */ + /*case ZEND_FETCH_CONSTANT:*/ + case ZEND_ASSIGN_OBJ: + case ZEND_FETCH_OBJ_R: + case ZEND_FETCH_OBJ_W: + case ZEND_FETCH_OBJ_RW: + case ZEND_FETCH_OBJ_IS: + case ZEND_FETCH_OBJ_UNSET: + case ZEND_FETCH_OBJ_FUNC_ARG: + case ZEND_UNSET_OBJ: + case ZEND_PRE_INC_OBJ: + case ZEND_PRE_DEC_OBJ: + case ZEND_POST_INC_OBJ: + case ZEND_POST_DEC_OBJ: + case ZEND_ISSET_ISEMPTY_PROP_OBJ: + op_array->literals[opline->op2.constant].cache_slot = op_array->last_cache_slot; + op_array->last_cache_slot += 2; + break; + case ZEND_ASSIGN_ADD: + case ZEND_ASSIGN_SUB: + case ZEND_ASSIGN_MUL: + case ZEND_ASSIGN_DIV: + case ZEND_ASSIGN_MOD: + case ZEND_ASSIGN_SL: + case ZEND_ASSIGN_SR: + case ZEND_ASSIGN_CONCAT: + case ZEND_ASSIGN_BW_OR: + case ZEND_ASSIGN_BW_AND: + case ZEND_ASSIGN_BW_XOR: + if (opline->extended_value == ZEND_ASSIGN_OBJ) { + op_array->literals[opline->op2.constant].cache_slot = op_array->last_cache_slot; + op_array->last_cache_slot += 2; + } + break; +#if ZEND_EXTENSION_API_NO >= PHP_5_4_X_API_NO + case ZEND_OP_DATA: + if ((opline-1)->opcode == ZEND_ASSIGN_DIM || + ((opline-1)->extended_value == ZEND_ASSIGN_DIM && + ((opline-1)->opcode == ZEND_ASSIGN_ADD || + (opline-1)->opcode == ZEND_ASSIGN_SUB || + (opline-1)->opcode == ZEND_ASSIGN_MUL || + (opline-1)->opcode == ZEND_ASSIGN_DIV || + (opline-1)->opcode == ZEND_ASSIGN_MOD || + (opline-1)->opcode == ZEND_ASSIGN_SL || + (opline-1)->opcode == ZEND_ASSIGN_SR || + (opline-1)->opcode == ZEND_ASSIGN_CONCAT || + (opline-1)->opcode == ZEND_ASSIGN_BW_OR || + (opline-1)->opcode == ZEND_ASSIGN_BW_AND || + (opline-1)->opcode == ZEND_ASSIGN_BW_XOR))) { + goto check_numeric; + } + break; + case ZEND_ISSET_ISEMPTY_DIM_OBJ: + case ZEND_ADD_ARRAY_ELEMENT: + case ZEND_INIT_ARRAY: + case ZEND_UNSET_DIM: + case ZEND_FETCH_DIM_R: + case ZEND_FETCH_DIM_W: + case ZEND_FETCH_DIM_RW: + case ZEND_FETCH_DIM_IS: + case ZEND_FETCH_DIM_FUNC_ARG: + case ZEND_FETCH_DIM_UNSET: + case ZEND_FETCH_DIM_TMP_VAR: +check_numeric: + { + ulong index; + int numeric = 0; + + ZEND_HANDLE_NUMERIC_EX(Z_STRVAL_P(val), Z_STRLEN_P(val)+1, index, numeric = 1); + if (numeric) { + zval_dtor(val); + ZVAL_LONG(val, index); + op_array->literals[opline->op2.constant].constant = *val; + } + } + break; +#endif + default: + break; + } + } +#else + ZEND_OP2_LITERAL(opline) = *val; +#endif +} + +static void replace_tmp_by_const(zend_op_array *op_array, + zend_op *opline, + zend_uint var, + zval *val + TSRMLS_DC) +{ + zend_op *end = op_array->opcodes + op_array->last; + + while (opline < end) { + if (ZEND_OP1_TYPE(opline) == IS_TMP_VAR && + ZEND_OP1(opline).var == var) { + + update_op1_const(op_array, opline, val TSRMLS_CC); + /* TMP_VAR my be used only once */ + break; + } + + if (ZEND_OP2_TYPE(opline) == IS_TMP_VAR && + ZEND_OP2(opline).var == var) { + + update_op2_const(op_array, opline, val TSRMLS_CC); + /* TMP_VAR my be used only once */ + break; + } + opline++; + } +} + +#include "Optimizer/nop_removal.c" +#include "Optimizer/block_pass.c" +#include "Optimizer/optimize_temp_vars_5.c" + +void zend_optimizer(zend_op_array *op_array TSRMLS_DC) +{ + if (op_array->type == ZEND_EVAL_CODE || + (op_array->fn_flags & ZEND_ACC_INTERACTIVE)) { + return; + } + + /* pass 1 + * - substitute persistent constants (true, false, null, etc) + * - perform compile-time evaluation of constant binary and unary operations + * - optimize series of ADD_STRING and/or ADD_CHAR + * - convert CAST(IS_BOOL,x) into BOOL(x) + * - convert INTI_FCALL_BY_NAME + DO_FCALL_BY_NAME into DO_FCALL + */ +#include "Optimizer/pass1_5.c" + + /* pass 2: + * - convert non-numeric constants to numeric constants in numeric operators + * - optimize constant conditional JMPs + * - optimize static BRKs and CONTs + */ +#include "Optimizer/pass2.c" + + /* pass 3: + * - optimize $i = $i+expr to $i+=expr + * - optimize series of JMPs + * - change $i++ to ++$i where possible + */ +#include "Optimizer/pass3.c" + + /* pass 5: + * - CFG optimization + */ +#include "Optimizer/pass5.c" + + /* pass 9: + * - Optimize temp variables usage + */ +#include "Optimizer/pass9.c" + + /* pass 10: + * - remove NOPs + */ +#include "Optimizer/pass10.c" +} diff --git a/ext/opcache/Optimizer/zend_optimizer.h b/ext/opcache/Optimizer/zend_optimizer.h index 98275a20aae..7f2b4f21fd8 100644 --- a/ext/opcache/Optimizer/zend_optimizer.h +++ b/ext/opcache/Optimizer/zend_optimizer.h @@ -1,49 +1,49 @@ -/* - +----------------------------------------------------------------------+ - | Zend OPcache | - +----------------------------------------------------------------------+ - | Copyright (c) 1998-2013 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Authors: Andi Gutmans | - | Zeev Suraski | - | Stanislav Malyshev | - | Dmitry Stogov | - +----------------------------------------------------------------------+ -*/ - -#ifndef ZEND_OPTIMIZER_H -#define ZEND_OPTIMIZER_H - -#include "zend.h" -#include "zend_compile.h" - -#define ZEND_OPTIMIZER_PASS_1 (1<<0) /* CSE, STRING construction */ -#define ZEND_OPTIMIZER_PASS_2 (1<<1) /* Constant conversion and jumps */ -#define ZEND_OPTIMIZER_PASS_3 (1<<2) /* ++, +=, series of jumps */ -#define ZEND_OPTIMIZER_PASS_4 (1<<3) -#define ZEND_OPTIMIZER_PASS_5 (1<<4) /* CFG based optimization */ -#define ZEND_OPTIMIZER_PASS_6 (1<<5) -#define ZEND_OPTIMIZER_PASS_7 (1<<6) -#define ZEND_OPTIMIZER_PASS_8 (1<<7) -#define ZEND_OPTIMIZER_PASS_9 (1<<8) /* TMP VAR usage */ -#define ZEND_OPTIMIZER_PASS_10 (1<<9) /* NOP removal */ -#define ZEND_OPTIMIZER_PASS_11 (1<<10) -#define ZEND_OPTIMIZER_PASS_12 (1<<11) -#define ZEND_OPTIMIZER_PASS_13 (1<<12) -#define ZEND_OPTIMIZER_PASS_14 (1<<13) - -#define ZEND_OPTIMIZER_ALL_PASSES 0xFFFFFFFF - -#define DEFAULT_OPTIMIZATION_LEVEL "0xFFFFFFFF" - -void zend_optimizer(zend_op_array *op_array TSRMLS_DC); - -#endif +/* + +----------------------------------------------------------------------+ + | Zend OPcache | + +----------------------------------------------------------------------+ + | Copyright (c) 1998-2013 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Authors: Andi Gutmans | + | Zeev Suraski | + | Stanislav Malyshev | + | Dmitry Stogov | + +----------------------------------------------------------------------+ +*/ + +#ifndef ZEND_OPTIMIZER_H +#define ZEND_OPTIMIZER_H + +#include "zend.h" +#include "zend_compile.h" + +#define ZEND_OPTIMIZER_PASS_1 (1<<0) /* CSE, STRING construction */ +#define ZEND_OPTIMIZER_PASS_2 (1<<1) /* Constant conversion and jumps */ +#define ZEND_OPTIMIZER_PASS_3 (1<<2) /* ++, +=, series of jumps */ +#define ZEND_OPTIMIZER_PASS_4 (1<<3) +#define ZEND_OPTIMIZER_PASS_5 (1<<4) /* CFG based optimization */ +#define ZEND_OPTIMIZER_PASS_6 (1<<5) +#define ZEND_OPTIMIZER_PASS_7 (1<<6) +#define ZEND_OPTIMIZER_PASS_8 (1<<7) +#define ZEND_OPTIMIZER_PASS_9 (1<<8) /* TMP VAR usage */ +#define ZEND_OPTIMIZER_PASS_10 (1<<9) /* NOP removal */ +#define ZEND_OPTIMIZER_PASS_11 (1<<10) +#define ZEND_OPTIMIZER_PASS_12 (1<<11) +#define ZEND_OPTIMIZER_PASS_13 (1<<12) +#define ZEND_OPTIMIZER_PASS_14 (1<<13) + +#define ZEND_OPTIMIZER_ALL_PASSES 0xFFFFFFFF + +#define DEFAULT_OPTIMIZATION_LEVEL "0xFFFFFFFF" + +void zend_optimizer(zend_op_array *op_array TSRMLS_DC); + +#endif diff --git a/ext/opcache/Optimizer/zend_optimizer_internal.h b/ext/opcache/Optimizer/zend_optimizer_internal.h index 616bdf74f6e..657b4803168 100644 --- a/ext/opcache/Optimizer/zend_optimizer_internal.h +++ b/ext/opcache/Optimizer/zend_optimizer_internal.h @@ -1,86 +1,86 @@ -/* - +----------------------------------------------------------------------+ - | Zend OPcache | - +----------------------------------------------------------------------+ - | Copyright (c) 1998-2013 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Authors: Andi Gutmans | - | Zeev Suraski | - | Stanislav Malyshev | - | Dmitry Stogov | - +----------------------------------------------------------------------+ -*/ - -#ifndef ZEND_OPTIMIZER_INTERNAL_H -#define ZEND_OPTIMIZER_INTERNAL_H - -#include "ZendAccelerator.h" - -#if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO -# define VAR_NUM(v) ((zend_uint)(EX_TMP_VAR_NUM(0, 0) - EX_TMP_VAR(0, v))) -# define NUM_VAR(v) ((zend_uint)(zend_uintptr_t)EX_TMP_VAR_NUM(0, v)) -#elif ZEND_EXTENSION_API_NO > PHP_5_2_X_API_NO -# define VAR_NUM(v) ((v)/ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable))) -# define NUM_VAR(v) ((v)*ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable))) -#else -# define VAR_NUM(v) ((v)/(sizeof(temp_variable))) -# define NUM_VAR(v) ((v)*(sizeof(temp_variable))) -#endif - -#define INV_COND(op) ((op) == ZEND_JMPZ ? ZEND_JMPNZ : ZEND_JMPZ) -#define INV_EX_COND(op) ((op) == ZEND_JMPZ_EX ? ZEND_JMPNZ : ZEND_JMPZ) -#define INV_COND_EX(op) ((op) == ZEND_JMPZ ? ZEND_JMPNZ_EX : ZEND_JMPZ_EX) -#define INV_EX_COND_EX(op) ((op) == ZEND_JMPZ_EX ? ZEND_JMPNZ_EX : ZEND_JMPZ_EX) - -#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO -# define MAKE_NOP(opline) { opline->opcode = ZEND_NOP; memset(&opline->result,0,sizeof(opline->result)); memset(&opline->op1,0,sizeof(opline->op1)); memset(&opline->op2,0,sizeof(opline->op2)); opline->result_type=opline->op1_type=opline->op2_type=IS_UNUSED; opline->handler = zend_opcode_handlers[ZEND_NOP]; } -# define RESULT_USED(op) (((op->result_type & IS_VAR) && !(op->result_type & EXT_TYPE_UNUSED)) || op->result_type == IS_TMP_VAR) -# define RESULT_UNUSED(op) ((op->result_type & EXT_TYPE_UNUSED) != 0) -# define SAME_VAR(op1, op2) ((((op1 ## _type & IS_VAR) && (op2 ## _type & IS_VAR)) || (op1 ## _type == IS_TMP_VAR && op2 ## _type == IS_TMP_VAR)) && op1.var == op2.var) -#else -# define MAKE_NOP(opline) { opline->opcode = ZEND_NOP; memset(&opline->result,0,sizeof(znode)); memset(&opline->op1,0,sizeof(znode)); memset(&opline->op2,0,sizeof(znode)); opline->result.op_type=opline->op1.op_type=opline->op2.op_type=IS_UNUSED; opline->handler = zend_opcode_handlers[ZEND_NOP]; } -# define RESULT_USED(op) ((op->result.op_type == IS_VAR && (op->result.u.EA.type & EXT_TYPE_UNUSED) == 0) || (op->result.op_type == IS_TMP_VAR)) -# define RESULT_UNUSED(op) ((op->result.op_type == IS_VAR) && (op->result.u.EA.type == EXT_TYPE_UNUSED)) -# define SAME_VAR(op1, op2) (((op1.op_type == IS_VAR && op2.op_type == IS_VAR) || (op1.op_type == IS_TMP_VAR && op2.op_type == IS_TMP_VAR)) && op1.u.var == op2.u.var) -#endif - -typedef struct _zend_code_block zend_code_block; -typedef struct _zend_block_source zend_block_source; - -struct _zend_code_block { - int access; - zend_op *start_opline; - int start_opline_no; - int len; - zend_code_block *op1_to; - zend_code_block *op2_to; - zend_code_block *ext_to; - zend_code_block *follow_to; - zend_code_block *next; - zend_block_source *sources; - zend_bool protected; /* don't merge this block with others */ -}; - -typedef struct _zend_cfg { - zend_code_block *blocks; - zend_code_block **try; - zend_code_block **catch; - zend_code_block **loop_start; - zend_code_block **loop_cont; - zend_code_block **loop_brk; -} zend_cfg; - -struct _zend_block_source { - zend_code_block *from; - zend_block_source *next; -}; - -#endif +/* + +----------------------------------------------------------------------+ + | Zend OPcache | + +----------------------------------------------------------------------+ + | Copyright (c) 1998-2013 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Authors: Andi Gutmans | + | Zeev Suraski | + | Stanislav Malyshev | + | Dmitry Stogov | + +----------------------------------------------------------------------+ +*/ + +#ifndef ZEND_OPTIMIZER_INTERNAL_H +#define ZEND_OPTIMIZER_INTERNAL_H + +#include "ZendAccelerator.h" + +#if ZEND_EXTENSION_API_NO > PHP_5_4_X_API_NO +# define VAR_NUM(v) ((zend_uint)(EX_TMP_VAR_NUM(0, 0) - EX_TMP_VAR(0, v))) +# define NUM_VAR(v) ((zend_uint)(zend_uintptr_t)EX_TMP_VAR_NUM(0, v)) +#elif ZEND_EXTENSION_API_NO > PHP_5_2_X_API_NO +# define VAR_NUM(v) ((v)/ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable))) +# define NUM_VAR(v) ((v)*ZEND_MM_ALIGNED_SIZE(sizeof(temp_variable))) +#else +# define VAR_NUM(v) ((v)/(sizeof(temp_variable))) +# define NUM_VAR(v) ((v)*(sizeof(temp_variable))) +#endif + +#define INV_COND(op) ((op) == ZEND_JMPZ ? ZEND_JMPNZ : ZEND_JMPZ) +#define INV_EX_COND(op) ((op) == ZEND_JMPZ_EX ? ZEND_JMPNZ : ZEND_JMPZ) +#define INV_COND_EX(op) ((op) == ZEND_JMPZ ? ZEND_JMPNZ_EX : ZEND_JMPZ_EX) +#define INV_EX_COND_EX(op) ((op) == ZEND_JMPZ_EX ? ZEND_JMPNZ_EX : ZEND_JMPZ_EX) + +#if ZEND_EXTENSION_API_NO > PHP_5_3_X_API_NO +# define MAKE_NOP(opline) { opline->opcode = ZEND_NOP; memset(&opline->result,0,sizeof(opline->result)); memset(&opline->op1,0,sizeof(opline->op1)); memset(&opline->op2,0,sizeof(opline->op2)); opline->result_type=opline->op1_type=opline->op2_type=IS_UNUSED; opline->handler = zend_opcode_handlers[ZEND_NOP]; } +# define RESULT_USED(op) (((op->result_type & IS_VAR) && !(op->result_type & EXT_TYPE_UNUSED)) || op->result_type == IS_TMP_VAR) +# define RESULT_UNUSED(op) ((op->result_type & EXT_TYPE_UNUSED) != 0) +# define SAME_VAR(op1, op2) ((((op1 ## _type & IS_VAR) && (op2 ## _type & IS_VAR)) || (op1 ## _type == IS_TMP_VAR && op2 ## _type == IS_TMP_VAR)) && op1.var == op2.var) +#else +# define MAKE_NOP(opline) { opline->opcode = ZEND_NOP; memset(&opline->result,0,sizeof(znode)); memset(&opline->op1,0,sizeof(znode)); memset(&opline->op2,0,sizeof(znode)); opline->result.op_type=opline->op1.op_type=opline->op2.op_type=IS_UNUSED; opline->handler = zend_opcode_handlers[ZEND_NOP]; } +# define RESULT_USED(op) ((op->result.op_type == IS_VAR && (op->result.u.EA.type & EXT_TYPE_UNUSED) == 0) || (op->result.op_type == IS_TMP_VAR)) +# define RESULT_UNUSED(op) ((op->result.op_type == IS_VAR) && (op->result.u.EA.type == EXT_TYPE_UNUSED)) +# define SAME_VAR(op1, op2) (((op1.op_type == IS_VAR && op2.op_type == IS_VAR) || (op1.op_type == IS_TMP_VAR && op2.op_type == IS_TMP_VAR)) && op1.u.var == op2.u.var) +#endif + +typedef struct _zend_code_block zend_code_block; +typedef struct _zend_block_source zend_block_source; + +struct _zend_code_block { + int access; + zend_op *start_opline; + int start_opline_no; + int len; + zend_code_block *op1_to; + zend_code_block *op2_to; + zend_code_block *ext_to; + zend_code_block *follow_to; + zend_code_block *next; + zend_block_source *sources; + zend_bool protected; /* don't merge this block with others */ +}; + +typedef struct _zend_cfg { + zend_code_block *blocks; + zend_code_block **try; + zend_code_block **catch; + zend_code_block **loop_start; + zend_code_block **loop_cont; + zend_code_block **loop_brk; +} zend_cfg; + +struct _zend_block_source { + zend_code_block *from; + zend_block_source *next; +}; + +#endif From 6699b1f8ead84c5ea96df4b4eae5f9b6ed96bc5d Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Mon, 30 Dec 2013 10:58:01 +0800 Subject: [PATCH 09/11] Fix dos style eol in phpts --- ext/opcache/tests/issue0115.phpt | 96 ++++++++++++++++---------------- ext/opcache/tests/issue0140.phpt | 86 ++++++++++++++-------------- ext/opcache/tests/issue0149.phpt | 70 +++++++++++------------ 3 files changed, 126 insertions(+), 126 deletions(-) diff --git a/ext/opcache/tests/issue0115.phpt b/ext/opcache/tests/issue0115.phpt index a1e469ff2fe..0dfdd9f0eb4 100644 --- a/ext/opcache/tests/issue0115.phpt +++ b/ext/opcache/tests/issue0115.phpt @@ -1,48 +1,48 @@ ---TEST-- -ISSUE #115 (path issue when using phar) ---INI-- -opcache.enable=1 -opcache.enable_cli=1 -phar.readonly=0 ---SKIPIF-- - - - ---FILE-- -'; -$p = new Phar(__DIR__ . '/issue0115_1.phar.php', 0, 'this'); -$p['index.php'] = 'setStub($stub); -unset($p); -$p = new Phar(__DIR__ . '/issue0115_2.phar.php', 0, 'this'); -$p['index.php'] = 'setStub($stub); -unset($p); - -include "php_cli_server.inc"; -php_cli_server_start('-d opcache.enable=1 -d opcache.enable_cli=1'); -echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0115_1.phar.php'); -echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0115_2.phar.php'); -?> ---CLEAN-- - ---EXPECT-- -Hello from Index 1. -Hello World 1! -Hello from Index 2. -Hello World 2! +--TEST-- +ISSUE #115 (path issue when using phar) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +phar.readonly=0 +--SKIPIF-- + + + +--FILE-- +'; +$p = new Phar(__DIR__ . '/issue0115_1.phar.php', 0, 'this'); +$p['index.php'] = 'setStub($stub); +unset($p); +$p = new Phar(__DIR__ . '/issue0115_2.phar.php', 0, 'this'); +$p['index.php'] = 'setStub($stub); +unset($p); + +include "php_cli_server.inc"; +php_cli_server_start('-d opcache.enable=1 -d opcache.enable_cli=1'); +echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0115_1.phar.php'); +echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0115_2.phar.php'); +?> +--CLEAN-- + +--EXPECT-- +Hello from Index 1. +Hello World 1! +Hello from Index 2. +Hello World 2! diff --git a/ext/opcache/tests/issue0140.phpt b/ext/opcache/tests/issue0140.phpt index 7c0d6b92b31..98e0e45cc25 100644 --- a/ext/opcache/tests/issue0140.phpt +++ b/ext/opcache/tests/issue0140.phpt @@ -1,43 +1,43 @@ ---TEST-- -Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq" ---INI-- -opcache.enable=1 -opcache.enable_cli=1 -opcache.revalidate_freq=0 -opcache.file_update_protection=0 ---SKIPIF-- - - ---FILE-- - ---EXPECTF-- -bool(true) -1 -int(%d) -bool(true) -2 -int(%d) -bool(false) -bool(false) -bool(false) +--TEST-- +Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq" +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +opcache.revalidate_freq=0 +opcache.file_update_protection=0 +--SKIPIF-- + + +--FILE-- + +--EXPECTF-- +bool(true) +1 +int(%d) +bool(true) +2 +int(%d) +bool(false) +bool(false) +bool(false) diff --git a/ext/opcache/tests/issue0149.phpt b/ext/opcache/tests/issue0149.phpt index 7044d393883..8c7f1bb7e08 100644 --- a/ext/opcache/tests/issue0149.phpt +++ b/ext/opcache/tests/issue0149.phpt @@ -1,35 +1,35 @@ ---TEST-- -ISSUE #149 (Phar mount points not working this OPcache enabled) ---INI-- -opcache.enable=1 -opcache.enable_cli=1 -phar.readonly=0 ---SKIPIF-- - - - ---FILE-- -"; -$p = new Phar(__DIR__ . '/issue0149.phar.php', 0, 'this'); -$p['index.php'] = ""; # A Phar must have at least one file, hence this dummy -$p->setStub($stub); -unset($p); - -include "php_cli_server.inc"; -php_cli_server_start('-d opcache.enable=1 -d opcache.enable_cli=1'); -echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0149.phar.php'); -echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0149.phar.php'); -echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0149.phar.php'); -?> ---CLEAN-- - ---EXPECT-- -OK -OK -OK +--TEST-- +ISSUE #149 (Phar mount points not working this OPcache enabled) +--INI-- +opcache.enable=1 +opcache.enable_cli=1 +phar.readonly=0 +--SKIPIF-- + + + +--FILE-- +"; +$p = new Phar(__DIR__ . '/issue0149.phar.php', 0, 'this'); +$p['index.php'] = ""; # A Phar must have at least one file, hence this dummy +$p->setStub($stub); +unset($p); + +include "php_cli_server.inc"; +php_cli_server_start('-d opcache.enable=1 -d opcache.enable_cli=1'); +echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0149.phar.php'); +echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0149.phar.php'); +echo file_get_contents('http://' . PHP_CLI_SERVER_ADDRESS . '/issue0149.phar.php'); +?> +--CLEAN-- + +--EXPECT-- +OK +OK +OK From ed5be4f7ad9255f13f0e1263e0b88181dc3c31d8 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Mon, 30 Dec 2013 11:07:25 +0800 Subject: [PATCH 10/11] Fix test fail --- ext/opcache/tests/blacklist.phpt | 1 + 1 file changed, 1 insertion(+) diff --git a/ext/opcache/tests/blacklist.phpt b/ext/opcache/tests/blacklist.phpt index 57e4c306dd7..18c205cacf3 100644 --- a/ext/opcache/tests/blacklist.phpt +++ b/ext/opcache/tests/blacklist.phpt @@ -4,6 +4,7 @@ Blacklist (with glob, quote and comments) opcache.enable=1 opcache.enable_cli=1 opcache.blacklist_filename={PWD}/opcache-*.blacklist +opcache.file_update_protection=0 --SKIPIF-- --FILE-- From 3b6afb1bd63ef92f9914867f04bedeea90e21789 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Mon, 30 Dec 2013 13:46:55 +0100 Subject: [PATCH 11/11] Fix leak caused by fix to bug #65667 ftp->stream is now closed in the ftp resource dtor. --- ext/ftp/ftp.c | 4 ++++ ext/ftp/php_ftp.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c index b82017e21f2..fce9ecf8419 100644 --- a/ext/ftp/ftp.c +++ b/ext/ftp/ftp.c @@ -178,6 +178,10 @@ ftp_close(ftpbuf_t *ftp) if (ftp->data) { data_close(ftp, ftp->data); } + if (ftp->stream && ftp->closestream) { + TSRMLS_FETCH(); + php_stream_close(ftp->stream); + } if (ftp->fd != -1) { #if HAVE_OPENSSL_EXT if (ftp->ssl_active) { diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c index 21e13ea4605..99f3808c38a 100644 --- a/ext/ftp/php_ftp.c +++ b/ext/ftp/php_ftp.c @@ -963,6 +963,7 @@ PHP_FUNCTION(ftp_nb_get) if ((ret = ftp_nb_get(ftp, outstream, remote, xtype, resumepos TSRMLS_CC)) == PHP_FTP_FAILED) { php_stream_close(outstream); + ftp->stream = NULL; VCWD_UNLINK(local); php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", ftp->inbuf); RETURN_LONG(PHP_FTP_FAILED); @@ -970,6 +971,7 @@ PHP_FUNCTION(ftp_nb_get) if (ret == PHP_FTP_FINISHED){ php_stream_close(outstream); + ftp->stream = NULL; } RETURN_LONG(ret); @@ -1003,6 +1005,7 @@ PHP_FUNCTION(ftp_nb_continue) if (ret != PHP_FTP_MOREDATA && ftp->closestream) { php_stream_close(ftp->stream); + ftp->stream = NULL; } if (ret == PHP_FTP_FAILED) { @@ -1214,6 +1217,7 @@ PHP_FUNCTION(ftp_nb_put) if (ret != PHP_FTP_MOREDATA) { php_stream_close(instream); + ftp->stream = NULL; } if (ret == PHP_FTP_FAILED) {