From 319822b050b7e782607b1fb348ba2605c8272b96 Mon Sep 17 00:00:00 2001 From: "Edgar R. Sandi" Date: Sat, 15 Oct 2016 23:58:35 -0300 Subject: [PATCH 1/8] fixes bug #73135 --- ext/xml/compat.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ext/xml/compat.c b/ext/xml/compat.c index 3fc203ee23b..23db0ca4009 100644 --- a/ext/xml/compat.c +++ b/ext/xml/compat.c @@ -593,13 +593,13 @@ has been defined and none can be detected */ } #endif + if (parser->parser->lastError.level >= XML_ERR_WARNING) { + return 0; + } + error = xmlParseChunk(parser->parser, (char *) data, data_len, is_final); if (!error) { return 1; - } else if (parser->parser->lastError.level > XML_ERR_WARNING ){ - return 0; - } else { - return 1; } } From 1631c61feb088f4ea31dbec42896624a50c578f6 Mon Sep 17 00:00:00 2001 From: "Edgar R. Sandi" Date: Sun, 16 Oct 2016 01:06:23 -0200 Subject: [PATCH 2/8] phpt file to bug #73135 --- ext/xml/tests/bug73135.phpt | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 ext/xml/tests/bug73135.phpt diff --git a/ext/xml/tests/bug73135.phpt b/ext/xml/tests/bug73135.phpt new file mode 100644 index 00000000000..5fb43e91dbf --- /dev/null +++ b/ext/xml/tests/bug73135.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #73135 (xml_parse() segmentation fault) +--CREDITS-- +edgarsandi - +--FILE-- + + + +HERE; + + $parser = xml_parser_create_ns(); + xml_set_element_handler($parser, 'start_elem', 'ahihi'); + xml_parse($parser, $xml); +?> +--EXPECTF-- +Warning: xml_parse(): Unable to call handler ahihi() in %s%ebug73135.php on line %d + +Warning: xml_parse(): Unable to call handler ahihi() in %s%ebug73135.php on line %d \ No newline at end of file From 72be8de39f81e492c7854793cce7f90d1d5900e2 Mon Sep 17 00:00:00 2001 From: "Edgar R. Sandi" Date: Sun, 16 Oct 2016 04:15:47 -0200 Subject: [PATCH 3/8] fixed bug generated by fixes bug #73135 --- ext/xml/compat.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/xml/compat.c b/ext/xml/compat.c index 23db0ca4009..d39afacc0bc 100644 --- a/ext/xml/compat.c +++ b/ext/xml/compat.c @@ -598,7 +598,9 @@ has been defined and none can be detected */ } error = xmlParseChunk(parser->parser, (char *) data, data_len, is_final); - if (!error) { + if (error) { + return 0; + } else { return 1; } } From beed682572de725ddbdcde7e98c02e968ab04e05 Mon Sep 17 00:00:00 2001 From: Joe Watkins Date: Sat, 12 Nov 2016 17:45:16 +0000 Subject: [PATCH 4/8] news entry for #2166 --- NEWS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 22e1bfa4d44..4aae266ef77 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,9 @@ PHP NEWS - SPL: . Fixed bug #73423 (Reproducible crash with GDB backtrace). (Laruence) +- XML: + . Fixed bug #72135 (malformed XML causes fault) (edgarsandi) + 10 Nov 2016 PHP 7.0.13 - Core: From 23f9e482732b99f381e37afa77e04c2c480f372d Mon Sep 17 00:00:00 2001 From: jhdxr Date: Wed, 20 Apr 2016 23:37:26 +0800 Subject: [PATCH 5/8] fix bug #69587 DateInterval properties and isset --- ext/date/php_date.c | 48 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/ext/date/php_date.c b/ext/date/php_date.c index d4c695c6b72..4fead4a84d9 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -1970,6 +1970,53 @@ static int implement_date_interface_handler(zend_class_entry *interface, zend_cl return SUCCESS; } /* }}} */ +static int date_interval_has_property(zval *object, zval *member, int type, void **cache_slot) /* {{{ */ +{ + php_interval_obj *obj; + zval tmp_member, *prop; + int retval = 0; + + if (Z_TYPE_P(member) != IS_STRING) { + ZVAL_COPY(&tmp_member, member); + convert_to_string(&tmp_member); + member = &tmp_member; + cache_slot = NULL; + } + + obj = Z_PHPINTERVAL_P(object); + + if (!obj->initialized) { + retval = (zend_get_std_object_handlers())->has_property(object, member, type, cache_slot); + if (member == &tmp_member) { + zval_dtor(member); + } + return retval; + } + + zval rv; + prop = date_interval_read_property(object, member, type, cache_slot, &rv); + + if (prop != NULL) { + if (type == 2) { + retval = 1; + } else if (type == 1) { + retval = zend_is_true(prop); + } else if (type == 0) { + retval = (Z_TYPE(*prop) != IS_NULL); + } + } else { + retval = (zend_get_std_object_handlers())->has_property(object, member, type, cache_slot); + } + + if (member == &tmp_member) { + zval_dtor(member); + } + + return retval; + +} +/* }}} */ + static void date_register_classes(void) /* {{{ */ { zend_class_entry ce_date, ce_immutable, ce_timezone, ce_interval, ce_period, ce_interface; @@ -2051,6 +2098,7 @@ static void date_register_classes(void) /* {{{ */ date_object_handlers_interval.offset = XtOffsetOf(php_interval_obj, std); date_object_handlers_interval.free_obj = date_object_free_storage_interval; date_object_handlers_interval.clone_obj = date_object_clone_interval; + date_object_handlers_interval.has_property = date_interval_has_property; date_object_handlers_interval.read_property = date_interval_read_property; date_object_handlers_interval.write_property = date_interval_write_property; date_object_handlers_interval.get_properties = date_object_get_properties_interval; From 9ad2083773ee5a0334f7d1c6ee10177b60ef3452 Mon Sep 17 00:00:00 2001 From: jhdxr Date: Wed, 20 Apr 2016 23:40:14 +0800 Subject: [PATCH 6/8] add test for #69587 --- ext/date/tests/bug69587.phpt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 ext/date/tests/bug69587.phpt diff --git a/ext/date/tests/bug69587.phpt b/ext/date/tests/bug69587.phpt new file mode 100644 index 00000000000..fd8b2364dae --- /dev/null +++ b/ext/date/tests/bug69587.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #69587 (DateInterval properties and isset) +--FILE-- +diff($datetime2); + +var_dump(property_exists($interval, 'm'), isset($interval->m), empty($interval->m), empty($interval->d)); +?> +--EXPECT-- +bool(true) +bool(true) +bool(true) +bool(false) From 0bd63959c954cff6561739cf8a3d05a73d954835 Mon Sep 17 00:00:00 2001 From: jhdxr Date: Mon, 11 Jul 2016 21:12:23 +0800 Subject: [PATCH 7/8] move declaration of vars to top --- ext/date/php_date.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ext/date/php_date.c b/ext/date/php_date.c index 4fead4a84d9..558d6f8ba39 100644 --- a/ext/date/php_date.c +++ b/ext/date/php_date.c @@ -1973,7 +1973,9 @@ static int implement_date_interface_handler(zend_class_entry *interface, zend_cl static int date_interval_has_property(zval *object, zval *member, int type, void **cache_slot) /* {{{ */ { php_interval_obj *obj; - zval tmp_member, *prop; + zval tmp_member; + zval rv; + zval *prop; int retval = 0; if (Z_TYPE_P(member) != IS_STRING) { @@ -1993,7 +1995,6 @@ static int date_interval_has_property(zval *object, zval *member, int type, void return retval; } - zval rv; prop = date_interval_read_property(object, member, type, cache_slot, &rv); if (prop != NULL) { From 84e2904def531c733bd4b3289184bb10a39479d3 Mon Sep 17 00:00:00 2001 From: Joe Watkins Date: Sun, 13 Nov 2016 05:33:59 +0000 Subject: [PATCH 8/8] news entry for #1787 --- NEWS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 4aae266ef77..a5b4271b06b 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ PHP NEWS . Fixded bug #72736 (Slow performance when fetching large dataset with mysqli / PDO). (Dmitry) +- Date: + . Fixed bug #69587 (DateInterval properties and isset). (jhdxr) + - ODBC: . Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes). (Anatol)