From 0235a8acdc9b99d4d3d4dd107b75d7eb6ca0ef97 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 10 Jun 2014 21:17:37 -0700 Subject: [PATCH 01/67] 5.4.30 rc1 --- NEWS | 2 +- configure.in | 2 +- main/php_version.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index e8465491038..853732f5dcb 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? 2014, PHP 5.4.30 +12 Jun 2014, PHP 5.4.30 RC1 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol) diff --git a/configure.in b/configure.in index 855bcbb2c8b..98e306dd704 100644 --- a/configure.in +++ b/configure.in @@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=30 -PHP_EXTRA_VERSION="-dev" +PHP_EXTRA_VERSION="RC1" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 59eb939959c..9cb16ca6850 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -4,6 +4,6 @@ #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 30 -#define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.4.30-dev" +#define PHP_EXTRA_VERSION "RC1" +#define PHP_VERSION "5.4.30RC1" #define PHP_VERSION_ID 50430 From 2b04d689724bdfd5db9351c017566e2f51d61568 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 10 Jun 2014 23:17:30 -0700 Subject: [PATCH 02/67] Fix bug #66127 (Segmentation fault with ArrayObject unset) --- NEWS | 1 + ext/spl/spl_array.c | 2 +- ext/spl/tests/bug66127.phpt | 25 +++++++++++++++++++++++++ ext/spl/tests/iterator_035.phpt | 2 ++ 4 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 ext/spl/tests/bug66127.phpt diff --git a/NEWS b/NEWS index 853732f5dcb..f0367a8cc97 100644 --- a/NEWS +++ b/NEWS @@ -41,6 +41,7 @@ PHP NEWS . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) - SPL: + . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 34f3a3818d8..758947a8cc7 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -402,7 +402,7 @@ static zval *spl_array_read_dimension_ex(int check_inherited, zval *object, zval /* When in a write context, * ZE has to be fooled into thinking this is in a reference set * by separating (if necessary) and returning as an is_ref=1 zval (even if refcount == 1) */ - if ((type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET) && !Z_ISREF_PP(ret)) { + if ((type == BP_VAR_W || type == BP_VAR_RW || type == BP_VAR_UNSET) && !Z_ISREF_PP(ret) && ret != &EG(uninitialized_zval_ptr)) { if (Z_REFCOUNT_PP(ret) > 1) { zval *newval; diff --git a/ext/spl/tests/bug66127.phpt b/ext/spl/tests/bug66127.phpt new file mode 100644 index 00000000000..b5d1dcac4b2 --- /dev/null +++ b/ext/spl/tests/bug66127.phpt @@ -0,0 +1,25 @@ +--TEST-- +Bug #66127 (Segmentation fault with ArrayObject unset) +--INI-- +error_reporting = E_ALL & ~E_NOTICE +--FILE-- + +--EXPECT-- +Worked! diff --git a/ext/spl/tests/iterator_035.phpt b/ext/spl/tests/iterator_035.phpt index 9ce098b69d7..fc0271e3811 100644 --- a/ext/spl/tests/iterator_035.phpt +++ b/ext/spl/tests/iterator_035.phpt @@ -12,4 +12,6 @@ $a[] = &$tmp; echo "Done\n"; ?> --EXPECTF-- +Notice: Indirect modification of overloaded element of ArrayIterator has no effect in %s on line %d + Fatal error: Cannot assign by reference to overloaded object in %s on line %d From db537b1f3f75d39505964a055418932ac3067f40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Z=C3=BClke?= Date: Thu, 12 Jun 2014 21:45:22 +0200 Subject: [PATCH 03/67] Fix SetHandler proxy:fcgi:// incompatibilities Apache 2.4.10+ will allow the following: ``` SetHandler proxy:fcgi://localhost:9000 ``` This is much easier than using `ProxyPassMatch` (which prevents rewriting and other stuff) and rewrites (which are a bag of hurt because when combined with user-land `.htaccess` rewrites, there's always rewrite loops, prefix breakage etc (I've tried, for weeks). It's basically the future of using Apache (via `mod_proxy_fcgi`) together with PHP-FPM. It's also available for older versions as a standalone module, very easy to install: https://gist.github.com/progandy/6ed4eeea60f6277c3e39 However, the two bits of code this commit deletes interfere with that. They both cover CGI-only mode and were copied from that SAPI into the FPM source. See e.g. https://bugs.php.net/bug.php?id=47042 The first deleted part mangled `SCRIPT_NAME` if something like ``` RewriteCond %{REQUEST_FILENAME} !-f RewriteRule (.*) index.php/$1 [L] ``` is used (i.e. rewriting to `PATH_INFO`. The second part drops `PATH_INFO` if there was a `REDIRECT_URL` (with CGI mode, `SCRIPT_FILENAME` in Apache is the path to the PHP binary, and `PATH_INFO` contains the name of the script to run). Clearly, neither applies in the case of FPM, so both are safe to delete. --- sapi/fpm/fpm/fpm_main.c | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c index e8793259b4c..510e434bcc0 100644 --- a/sapi/fpm/fpm/fpm_main.c +++ b/sapi/fpm/fpm/fpm_main.c @@ -1142,19 +1142,6 @@ static void init_request_info(TSRMLS_D) TRANSLATE_SLASHES(env_document_root); } - if (env_path_translated != NULL && env_redirect_url != NULL && - env_path_translated != script_path_translated && - strcmp(env_path_translated, script_path_translated) != 0) { - /* - * pretty much apache specific. If we have a redirect_url - * then our script_filename and script_name point to the - * php executable - */ - script_path_translated = env_path_translated; - /* we correct SCRIPT_NAME now in case we don't have PATH_INFO */ - env_script_name = env_redirect_url; - } - #ifdef __riscos__ /* Convert path to unix format*/ __riscosify_control |= __RISCOSIFY_DONT_CHECK_DIR; @@ -1323,7 +1310,7 @@ static void init_request_info(TSRMLS_D) efree(pt); } } else { - /* make sure path_info/translated are empty */ + /* make sure original values are remembered in ORIG_ copies if we've changed them */ if (!orig_script_filename || (script_path_translated != orig_script_filename && strcmp(script_path_translated, orig_script_filename) != 0)) { @@ -1332,16 +1319,6 @@ static void init_request_info(TSRMLS_D) } script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", script_path_translated TSRMLS_CC); } - if (env_redirect_url) { - if (orig_path_info) { - _sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC); - _sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC); - } - if (orig_path_translated) { - _sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC); - _sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC); - } - } if (env_script_name != orig_script_name) { if (orig_script_name) { _sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC); From 21525d041369484d49781b34a8333a78798806e4 Mon Sep 17 00:00:00 2001 From: Sara Golemon Date: Tue, 10 Jun 2014 11:18:02 -0700 Subject: [PATCH 04/67] Fix potential segfault in dns_get_record() If the remote sends us a packet with a malformed TXT record, we could end up trying to over-consume the packet and wander off into overruns. --- NEWS | 4 ++++ ext/standard/dns.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/NEWS b/NEWS index f0367a8cc97..a5eaabcd6bd 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,10 @@ PHP NEWS . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (Francisco Alonso, Jan Kaluza, Remi) +- Network: + . Fixed bug #67432 (Fix potential segfault in dns_get_record()). + (CVE-2014-4049). (Sara) + - OpenSSL: . Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler) diff --git a/ext/standard/dns.c b/ext/standard/dns.c index 6a894467ff4..214a7dc7e92 100644 --- a/ext/standard/dns.c +++ b/ext/standard/dns.c @@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int while (ll < dlen) { n = cp[ll]; + if ((ll + n) >= dlen) { + // Invalid chunk length, truncate + n = dlen - (ll + 1); + } memcpy(tp + ll , cp + ll + 1, n); add_next_index_stringl(entries, cp + ll + 1, n, 1); ll = ll + n + 1; From 300e0418a4b55cc745c262af8126d3aeb5f189e3 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 18:37:08 -0700 Subject: [PATCH 05/67] add CVEs --- NEWS | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index a5eaabcd6bd..ce9398e586b 100644 --- a/NEWS +++ b/NEWS @@ -21,15 +21,15 @@ PHP NEWS - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary - check). + check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal - string size). (Francisco Alonso, Jan Kaluza, Remi) + string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary - check). (Francisco Alonso, Jan Kaluza, Remi) + check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). - (Francisco Alonso, Jan Kaluza, Remi) + (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary - check). (Francisco Alonso, Jan Kaluza, Remi) + check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). From aef6432fbe9cd9b75e29acda226c34d57e434dec Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Wed, 4 Jun 2014 01:06:01 -0700 Subject: [PATCH 06/67] Fix bug #67349: Locale::parseLocale Double Free --- NEWS | 5 ++++- ext/intl/locale/locale_methods.c | 7 +++---- ext/intl/tests/locale_parse_locale2.phpt | 6 +++++- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index ce9398e586b..37dcc63eb09 100644 --- a/NEWS +++ b/NEWS @@ -11,7 +11,7 @@ PHP NEWS . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) - CLI server: - . Fixed Bug #67406i (built-in web-server segfaults on startup). (Remi) + . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). @@ -31,6 +31,9 @@ PHP NEWS . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) +- Intl: + . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) + - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 9c5b09a7bcc..f6b3142fc50 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -272,8 +272,7 @@ static char* get_icu_value_internal( char* loc_name , char* tag_name, int* resul grOffset = findOffset( LOC_GRANDFATHERED , loc_name ); if( grOffset >= 0 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - tag_value = estrdup(loc_name); - return tag_value; + return estrdup(loc_name); } else { /* Since Grandfathered , no value , do nothing , retutn NULL */ return NULL; @@ -283,8 +282,8 @@ static char* get_icu_value_internal( char* loc_name , char* tag_name, int* resul if( fromParseLocale==1 ){ /* Handle singletons */ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - if( strlen(loc_name)>1 && (isIDPrefix(loc_name) ==1 ) ){ - return loc_name; + if( strlen(loc_name)>1 && isIDPrefix(loc_name) ){ + return estrdup(loc_name); } } diff --git a/ext/intl/tests/locale_parse_locale2.phpt b/ext/intl/tests/locale_parse_locale2.phpt index 6012862a489..30cc8cc0ae5 100644 --- a/ext/intl/tests/locale_parse_locale2.phpt +++ b/ext/intl/tests/locale_parse_locale2.phpt @@ -63,7 +63,8 @@ function ut_main() //Some Invalid Tags: 'de-419-DE', 'a-DE', - 'ar-a-aaa-b-bbb-a-ccc' + 'ar-a-aaa-b-bbb-a-ccc', + 'x-AAAAAA', ); @@ -201,3 +202,6 @@ No values found from Locale parsing. --------------------- ar-a-aaa-b-bbb-a-ccc: language : 'ar' , +--------------------- +x-AAAAAA: +private0 : 'AAAAAA' , From 6027c56fd727d2c4b193b96fee19cdbb4a128447 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 8 Jun 2014 13:44:40 -0700 Subject: [PATCH 07/67] Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) --- NEWS | 2 ++ ext/intl/locale/locale_methods.c | 10 +++++++++- ext/intl/tests/bug67397.phpt | 21 +++++++++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 ext/intl/tests/bug67397.phpt diff --git a/NEWS b/NEWS index 37dcc63eb09..507b5452281 100644 --- a/NEWS +++ b/NEWS @@ -33,6 +33,8 @@ PHP NEWS - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) + . Fixed bug #67397 (Buffer overflow in locale_get_display_name and + uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index f6b3142fc50..3bb5648356c 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -500,8 +500,16 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME RETURN_FALSE; } + if(loc_name_len > ULOC_FULLNAME_CAPACITY) { + /* See bug 67397: overlong locale names cause trouble in uloc_getDisplayName */ + spprintf(&msg , 0, "locale_get_display_%s : name too long", tag_name ); + intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC ); + efree(msg); + RETURN_FALSE; + } + if(loc_name_len == 0) { - loc_name = INTL_G(default_locale); + loc_name = INTL_G(default_locale); } if( strcmp(tag_name, DISP_NAME) != 0 ){ diff --git a/ext/intl/tests/bug67397.phpt b/ext/intl/tests/bug67397.phpt new file mode 100644 index 00000000000..b2b2911f8a0 --- /dev/null +++ b/ext/intl/tests/bug67397.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +false +'locale_get_display_name : name too long: U_ILLEGAL_ARGUMENT_ERROR' From 88223c5245e9b470e1e6362bfd96829562ffe6ab Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 19:46:16 -0700 Subject: [PATCH 08/67] Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion --- NEWS | 2 ++ ext/spl/spl_array.c | 2 +- ext/spl/spl_observer.c | 2 +- ext/spl/tests/SplObjectStorage_unserialize_bad.phpt | 5 ++++- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 507b5452281..24ce9506955 100644 --- a/NEWS +++ b/NEWS @@ -53,6 +53,8 @@ PHP NEWS . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) + . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type + Confusion). (Stefan Esser) 29 May 2014, PHP 5.4.29 diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 758947a8cc7..bf034ab248a 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1808,7 +1808,7 @@ SPL_METHOD(Array, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index 1a706f76429..da9110bf145 100644 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -898,7 +898,7 @@ SPL_METHOD(SplObjectStorage, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt index a525317093b..8f0676de3b4 100644 --- a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt +++ b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt @@ -7,6 +7,7 @@ $badblobs = array( 'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', +'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"', ); foreach($badblobs as $blob) { try { @@ -17,6 +18,7 @@ try { echo $e->getMessage()."\n"; } } +echo "DONE\n"; --EXPECTF-- Error at offset 6 of 34 bytes Error at offset 46 of 89 bytes @@ -42,4 +44,5 @@ object(SplObjectStorage)#2 (1) { } } } - +Error at offset 79 of 78 bytes +DONE From c42d5cf5de53e8cfe641c4905aabb4cf85977d89 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 21:28:33 -0700 Subject: [PATCH 09/67] Better fix for bug #67072 with more BC provisions --- NEWS | 2 +- ext/standard/tests/serialize/bug67072_2.phpt | 84 ++++++++++++++++++++ ext/standard/var_unserializer.c | 67 ++++++++-------- ext/standard/var_unserializer.re | 3 +- 4 files changed, 121 insertions(+), 35 deletions(-) create mode 100644 ext/standard/tests/serialize/bug67072_2.phpt diff --git a/NEWS b/NEWS index 62830961192..b574af83ee9 100644 --- a/NEWS +++ b/NEWS @@ -18,7 +18,7 @@ PHP NEWS ?? ??? 2014, PHP 5.4.30 - Core: - . Fixed BC break introduced by patch for bug #67072. (Anatol) + . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). diff --git a/ext/standard/tests/serialize/bug67072_2.phpt b/ext/standard/tests/serialize/bug67072_2.phpt new file mode 100644 index 00000000000..09eadb9ee15 --- /dev/null +++ b/ext/standard/tests/serialize/bug67072_2.phpt @@ -0,0 +1,84 @@ +--TEST-- +Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes +--FILE-- + +===DONE== +--EXPECTF-- +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4 + +Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4 +object(stdClass)#%d (0) { +} +object(MyClass)#%d (0) { +} +object(MyClassSer)#%d (0) { +} +object(MyClassSer2)#%d (0) { +} + +Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9 +bool(false) + +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9 +bool(false) +object(SplObjectStorage)#%d (1) { + ["storage":"SplObjectStorage":private]=> + array(0) { + } +} +object(__PHP_Incomplete_Class)#%d (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(6) "FooBar" +} + +Warning: Erroneous data format for unserializing 'Closure' in %s on line 9 + +Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9 +bool(false) +object(ArrayObject)#%d (1) { + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(MyArrayObject)#1 (2) { + ["a"]=> + int(1) + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(Directory)#1 (0) { +} +===DONE== diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 8bec13330cf..657051f6f72 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.5 on Tue Jun 3 10:23:35 2014 */ +/* Generated by re2c 0.13.5 on Sat Jun 21 21:27:56 2014 */ #line 1 "ext/standard/var_unserializer.re" /* +----------------------------------------------------------------------+ @@ -23,6 +23,7 @@ #include "php.h" #include "ext/standard/php_var.h" #include "php_incomplete_class.h" +#include "Zend/zend_interfaces.h" /* {{{ reference-handling for unserializer: var_* */ #define VAR_ENTRIES_MAX 1024 @@ -226,7 +227,7 @@ static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen #define YYMARKER marker -#line 234 "ext/standard/var_unserializer.re" +#line 235 "ext/standard/var_unserializer.re" @@ -400,7 +401,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) Serializable interface have eventually an inconsistent behavior at this place when unserialized from a manipulated string. Additionaly the interal classes can possibly crash PHP so they're still disabled here. */ - if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) { + if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) { object_init_ex(*rval, ce); } else { /* If this class implements Serializable, it should not land here but in object_custom(). The passed string @@ -473,7 +474,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) -#line 477 "ext/standard/var_unserializer.c" +#line 478 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -533,9 +534,9 @@ yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: -#line 828 "ext/standard/var_unserializer.re" +#line 829 "ext/standard/var_unserializer.re" { return 0; } -#line 539 "ext/standard/var_unserializer.c" +#line 540 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; @@ -578,13 +579,13 @@ yy13: goto yy3; yy14: ++YYCURSOR; -#line 822 "ext/standard/var_unserializer.re" +#line 823 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 588 "ext/standard/var_unserializer.c" +#line 589 "ext/standard/var_unserializer.c" yy16: yych = *++YYCURSOR; goto yy3; @@ -614,7 +615,7 @@ yy20: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 676 "ext/standard/var_unserializer.re" +#line 677 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; long elements; @@ -760,7 +761,7 @@ yy20: return object_common2(UNSERIALIZE_PASSTHRU, elements); } -#line 764 "ext/standard/var_unserializer.c" +#line 765 "ext/standard/var_unserializer.c" yy25: yych = *++YYCURSOR; if (yych <= ',') { @@ -785,7 +786,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 668 "ext/standard/var_unserializer.re" +#line 669 "ext/standard/var_unserializer.re" { INIT_PZVAL(*rval); @@ -793,7 +794,7 @@ yy27: return object_common2(UNSERIALIZE_PASSTHRU, object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } -#line 797 "ext/standard/var_unserializer.c" +#line 798 "ext/standard/var_unserializer.c" yy32: yych = *++YYCURSOR; if (yych == '+') goto yy33; @@ -814,7 +815,7 @@ yy34: yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; -#line 648 "ext/standard/var_unserializer.re" +#line 649 "ext/standard/var_unserializer.re" { long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -834,7 +835,7 @@ yy34: return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 838 "ext/standard/var_unserializer.c" +#line 839 "ext/standard/var_unserializer.c" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; @@ -855,7 +856,7 @@ yy41: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 619 "ext/standard/var_unserializer.re" +#line 620 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -884,7 +885,7 @@ yy41: ZVAL_STRINGL(*rval, str, len, 0); return 1; } -#line 888 "ext/standard/var_unserializer.c" +#line 889 "ext/standard/var_unserializer.c" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; @@ -905,7 +906,7 @@ yy48: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 591 "ext/standard/var_unserializer.re" +#line 592 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -933,7 +934,7 @@ yy48: ZVAL_STRINGL(*rval, str, len, 1); return 1; } -#line 937 "ext/standard/var_unserializer.c" +#line 938 "ext/standard/var_unserializer.c" yy53: yych = *++YYCURSOR; if (yych <= '/') { @@ -1021,7 +1022,7 @@ yy61: } yy63: ++YYCURSOR; -#line 581 "ext/standard/var_unserializer.re" +#line 582 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 use_double: @@ -1031,7 +1032,7 @@ use_double: ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL)); return 1; } -#line 1035 "ext/standard/var_unserializer.c" +#line 1036 "ext/standard/var_unserializer.c" yy65: yych = *++YYCURSOR; if (yych <= ',') { @@ -1090,7 +1091,7 @@ yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 566 "ext/standard/var_unserializer.re" +#line 567 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -1105,7 +1106,7 @@ yy73: return 1; } -#line 1109 "ext/standard/var_unserializer.c" +#line 1110 "ext/standard/var_unserializer.c" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1132,7 +1133,7 @@ yy79: if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; -#line 539 "ext/standard/var_unserializer.re" +#line 540 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 int digits = YYCURSOR - start - 3; @@ -1159,7 +1160,7 @@ yy79: ZVAL_LONG(*rval, parse_iv(start + 2)); return 1; } -#line 1163 "ext/standard/var_unserializer.c" +#line 1164 "ext/standard/var_unserializer.c" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; @@ -1167,24 +1168,24 @@ yy83: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 532 "ext/standard/var_unserializer.re" +#line 533 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_BOOL(*rval, parse_iv(start + 2)); return 1; } -#line 1178 "ext/standard/var_unserializer.c" +#line 1179 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; -#line 525 "ext/standard/var_unserializer.re" +#line 526 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_NULL(*rval); return 1; } -#line 1188 "ext/standard/var_unserializer.c" +#line 1189 "ext/standard/var_unserializer.c" yy89: yych = *++YYCURSOR; if (yych <= ',') { @@ -1207,7 +1208,7 @@ yy91: if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; -#line 502 "ext/standard/var_unserializer.re" +#line 503 "ext/standard/var_unserializer.re" { long id; @@ -1230,7 +1231,7 @@ yy91: return 1; } -#line 1234 "ext/standard/var_unserializer.c" +#line 1235 "ext/standard/var_unserializer.c" yy95: yych = *++YYCURSOR; if (yych <= ',') { @@ -1253,7 +1254,7 @@ yy97: if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; -#line 481 "ext/standard/var_unserializer.re" +#line 482 "ext/standard/var_unserializer.re" { long id; @@ -1274,9 +1275,9 @@ yy97: return 1; } -#line 1278 "ext/standard/var_unserializer.c" +#line 1279 "ext/standard/var_unserializer.c" } -#line 830 "ext/standard/var_unserializer.re" +#line 831 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 0ca2e283096..130750805f4 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -21,6 +21,7 @@ #include "php.h" #include "ext/standard/php_var.h" #include "php_incomplete_class.h" +#include "Zend/zend_interfaces.h" /* {{{ reference-handling for unserializer: var_* */ #define VAR_ENTRIES_MAX 1024 @@ -404,7 +405,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) Serializable interface have eventually an inconsistent behavior at this place when unserialized from a manipulated string. Additionaly the interal classes can possibly crash PHP so they're still disabled here. */ - if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) { + if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) { object_init_ex(*rval, ce); } else { /* If this class implements Serializable, it should not land here but in object_custom(). The passed string From 342240fd7fb6ac0a287eb6f912c4d61d6274d68c Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 21:28:33 -0700 Subject: [PATCH 10/67] Better fix for bug #67072 with more BC provisions --- NEWS | 2 +- ext/standard/tests/serialize/bug67072_2.phpt | 84 ++++++++++++++++++++ ext/standard/var_unserializer.c | 67 ++++++++-------- ext/standard/var_unserializer.re | 3 +- 4 files changed, 121 insertions(+), 35 deletions(-) create mode 100644 ext/standard/tests/serialize/bug67072_2.phpt diff --git a/NEWS b/NEWS index 58de645ca97..fce2198a7ab 100644 --- a/NEWS +++ b/NEWS @@ -18,7 +18,7 @@ PHP NEWS ?? ??? 2014, PHP 5.5.14 - Core: - . Fixed BC break introduced by patch for bug #67072. (Anatol) + . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). diff --git a/ext/standard/tests/serialize/bug67072_2.phpt b/ext/standard/tests/serialize/bug67072_2.phpt new file mode 100644 index 00000000000..09eadb9ee15 --- /dev/null +++ b/ext/standard/tests/serialize/bug67072_2.phpt @@ -0,0 +1,84 @@ +--TEST-- +Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes +--FILE-- + +===DONE== +--EXPECTF-- +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4 + +Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4 +object(stdClass)#%d (0) { +} +object(MyClass)#%d (0) { +} +object(MyClassSer)#%d (0) { +} +object(MyClassSer2)#%d (0) { +} + +Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9 +bool(false) + +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9 +bool(false) +object(SplObjectStorage)#%d (1) { + ["storage":"SplObjectStorage":private]=> + array(0) { + } +} +object(__PHP_Incomplete_Class)#%d (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(6) "FooBar" +} + +Warning: Erroneous data format for unserializing 'Closure' in %s on line 9 + +Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9 +bool(false) +object(ArrayObject)#%d (1) { + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(MyArrayObject)#1 (2) { + ["a"]=> + int(1) + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(Directory)#1 (0) { +} +===DONE== diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 8bec13330cf..657051f6f72 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.5 on Tue Jun 3 10:23:35 2014 */ +/* Generated by re2c 0.13.5 on Sat Jun 21 21:27:56 2014 */ #line 1 "ext/standard/var_unserializer.re" /* +----------------------------------------------------------------------+ @@ -23,6 +23,7 @@ #include "php.h" #include "ext/standard/php_var.h" #include "php_incomplete_class.h" +#include "Zend/zend_interfaces.h" /* {{{ reference-handling for unserializer: var_* */ #define VAR_ENTRIES_MAX 1024 @@ -226,7 +227,7 @@ static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen #define YYMARKER marker -#line 234 "ext/standard/var_unserializer.re" +#line 235 "ext/standard/var_unserializer.re" @@ -400,7 +401,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) Serializable interface have eventually an inconsistent behavior at this place when unserialized from a manipulated string. Additionaly the interal classes can possibly crash PHP so they're still disabled here. */ - if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) { + if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) { object_init_ex(*rval, ce); } else { /* If this class implements Serializable, it should not land here but in object_custom(). The passed string @@ -473,7 +474,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) -#line 477 "ext/standard/var_unserializer.c" +#line 478 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -533,9 +534,9 @@ yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: -#line 828 "ext/standard/var_unserializer.re" +#line 829 "ext/standard/var_unserializer.re" { return 0; } -#line 539 "ext/standard/var_unserializer.c" +#line 540 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; @@ -578,13 +579,13 @@ yy13: goto yy3; yy14: ++YYCURSOR; -#line 822 "ext/standard/var_unserializer.re" +#line 823 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 588 "ext/standard/var_unserializer.c" +#line 589 "ext/standard/var_unserializer.c" yy16: yych = *++YYCURSOR; goto yy3; @@ -614,7 +615,7 @@ yy20: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 676 "ext/standard/var_unserializer.re" +#line 677 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; long elements; @@ -760,7 +761,7 @@ yy20: return object_common2(UNSERIALIZE_PASSTHRU, elements); } -#line 764 "ext/standard/var_unserializer.c" +#line 765 "ext/standard/var_unserializer.c" yy25: yych = *++YYCURSOR; if (yych <= ',') { @@ -785,7 +786,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 668 "ext/standard/var_unserializer.re" +#line 669 "ext/standard/var_unserializer.re" { INIT_PZVAL(*rval); @@ -793,7 +794,7 @@ yy27: return object_common2(UNSERIALIZE_PASSTHRU, object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } -#line 797 "ext/standard/var_unserializer.c" +#line 798 "ext/standard/var_unserializer.c" yy32: yych = *++YYCURSOR; if (yych == '+') goto yy33; @@ -814,7 +815,7 @@ yy34: yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; -#line 648 "ext/standard/var_unserializer.re" +#line 649 "ext/standard/var_unserializer.re" { long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -834,7 +835,7 @@ yy34: return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 838 "ext/standard/var_unserializer.c" +#line 839 "ext/standard/var_unserializer.c" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; @@ -855,7 +856,7 @@ yy41: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 619 "ext/standard/var_unserializer.re" +#line 620 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -884,7 +885,7 @@ yy41: ZVAL_STRINGL(*rval, str, len, 0); return 1; } -#line 888 "ext/standard/var_unserializer.c" +#line 889 "ext/standard/var_unserializer.c" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; @@ -905,7 +906,7 @@ yy48: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 591 "ext/standard/var_unserializer.re" +#line 592 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -933,7 +934,7 @@ yy48: ZVAL_STRINGL(*rval, str, len, 1); return 1; } -#line 937 "ext/standard/var_unserializer.c" +#line 938 "ext/standard/var_unserializer.c" yy53: yych = *++YYCURSOR; if (yych <= '/') { @@ -1021,7 +1022,7 @@ yy61: } yy63: ++YYCURSOR; -#line 581 "ext/standard/var_unserializer.re" +#line 582 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 use_double: @@ -1031,7 +1032,7 @@ use_double: ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL)); return 1; } -#line 1035 "ext/standard/var_unserializer.c" +#line 1036 "ext/standard/var_unserializer.c" yy65: yych = *++YYCURSOR; if (yych <= ',') { @@ -1090,7 +1091,7 @@ yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 566 "ext/standard/var_unserializer.re" +#line 567 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -1105,7 +1106,7 @@ yy73: return 1; } -#line 1109 "ext/standard/var_unserializer.c" +#line 1110 "ext/standard/var_unserializer.c" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1132,7 +1133,7 @@ yy79: if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; -#line 539 "ext/standard/var_unserializer.re" +#line 540 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 int digits = YYCURSOR - start - 3; @@ -1159,7 +1160,7 @@ yy79: ZVAL_LONG(*rval, parse_iv(start + 2)); return 1; } -#line 1163 "ext/standard/var_unserializer.c" +#line 1164 "ext/standard/var_unserializer.c" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; @@ -1167,24 +1168,24 @@ yy83: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 532 "ext/standard/var_unserializer.re" +#line 533 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_BOOL(*rval, parse_iv(start + 2)); return 1; } -#line 1178 "ext/standard/var_unserializer.c" +#line 1179 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; -#line 525 "ext/standard/var_unserializer.re" +#line 526 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_NULL(*rval); return 1; } -#line 1188 "ext/standard/var_unserializer.c" +#line 1189 "ext/standard/var_unserializer.c" yy89: yych = *++YYCURSOR; if (yych <= ',') { @@ -1207,7 +1208,7 @@ yy91: if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; -#line 502 "ext/standard/var_unserializer.re" +#line 503 "ext/standard/var_unserializer.re" { long id; @@ -1230,7 +1231,7 @@ yy91: return 1; } -#line 1234 "ext/standard/var_unserializer.c" +#line 1235 "ext/standard/var_unserializer.c" yy95: yych = *++YYCURSOR; if (yych <= ',') { @@ -1253,7 +1254,7 @@ yy97: if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; -#line 481 "ext/standard/var_unserializer.re" +#line 482 "ext/standard/var_unserializer.re" { long id; @@ -1274,9 +1275,9 @@ yy97: return 1; } -#line 1278 "ext/standard/var_unserializer.c" +#line 1279 "ext/standard/var_unserializer.c" } -#line 830 "ext/standard/var_unserializer.re" +#line 831 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index 0ca2e283096..130750805f4 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -21,6 +21,7 @@ #include "php.h" #include "ext/standard/php_var.h" #include "php_incomplete_class.h" +#include "Zend/zend_interfaces.h" /* {{{ reference-handling for unserializer: var_* */ #define VAR_ENTRIES_MAX 1024 @@ -404,7 +405,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) Serializable interface have eventually an inconsistent behavior at this place when unserialized from a manipulated string. Additionaly the interal classes can possibly crash PHP so they're still disabled here. */ - if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) { + if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) { object_init_ex(*rval, ce); } else { /* If this class implements Serializable, it should not land here but in object_custom(). The passed string From f3dd77714de06b927677bec61aa4d13ef1035786 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 23 Jun 2014 00:07:08 -0700 Subject: [PATCH 11/67] update CVE --- NEWS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 24ce9506955..dadcbe706ad 100644 --- a/NEWS +++ b/NEWS @@ -1,13 +1,13 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -12 Jun 2014, PHP 5.4.30 RC1 +12 Jun 2014, PHP 5.4.30 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). - (Remi) (CVE-2014-3981) + (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) - CLI server: @@ -54,7 +54,7 @@ PHP NEWS . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type - Confusion). (Stefan Esser) + Confusion) (CVE-2014-3515). (Stefan Esser) 29 May 2014, PHP 5.4.29 From fb0128af2a95ec0d1a0360be49776c5b056d1f33 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 23 Jun 2014 00:19:37 -0700 Subject: [PATCH 12/67] Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability --- NEWS | 2 ++ ext/standard/info.c | 8 ++++---- .../tests/general_functions/bug67498.phpt | 15 +++++++++++++++ 3 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 ext/standard/tests/general_functions/bug67498.phpt diff --git a/NEWS b/NEWS index dadcbe706ad..31a4a527935 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,8 @@ PHP NEWS . Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) + . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). + (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) diff --git a/ext/standard/info.c b/ext/standard/info.c index 70b2e2f6179..0f15bbefd65 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -875,16 +875,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) php_info_print_table_start(); php_info_print_table_header(2, "Variable", "Value"); - if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); } php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt new file mode 100644 index 00000000000..5b5951b0f8b --- /dev/null +++ b/ext/standard/tests/general_functions/bug67498.phpt @@ -0,0 +1,15 @@ +--TEST-- +phpinfo() Type Confusion Information Leak Vulnerability +--FILE-- + +==DONE== +--EXPECTF-- +phpinfo() + +PHP Variables +%A +==DONE== From c5e6c2a5f58be770603b490d23384b5fc66a38f6 Mon Sep 17 00:00:00 2001 From: Andreas Ferber Date: Thu, 19 Jun 2014 00:15:07 +0200 Subject: [PATCH 13/67] Fix Bug #67468 Segfault in highlight_file()/highlight_string() when pgsql.so module is loaded str_efree() must be used in zend_highlight() and zend_indent() to free string data assigned to a zval to account for interned strings. --- Zend/zend_highlight.c | 2 +- Zend/zend_indent.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Zend/zend_highlight.c b/Zend/zend_highlight.c index 68f2b7b72dc..31d99b7dfef 100644 --- a/Zend/zend_highlight.c +++ b/Zend/zend_highlight.c @@ -150,7 +150,7 @@ ZEND_API void zend_highlight(zend_syntax_highlighter_ini *syntax_highlighter_ini case T_DOC_COMMENT: break; default: - efree(token.value.str.val); + str_efree(token.value.str.val); break; } } diff --git a/Zend/zend_indent.c b/Zend/zend_indent.c index cacdf8df3b8..920d412816e 100644 --- a/Zend/zend_indent.c +++ b/Zend/zend_indent.c @@ -139,7 +139,7 @@ dflt_printout: case T_WHITESPACE: break; default: - efree(token.value.str.val); + str_efree(token.value.str.val); break; } } From 86bafec836b81070547399b890c5b01897250a31 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 23 Jun 2014 10:04:40 +0200 Subject: [PATCH 14/67] Fix https://github.com/krakjoe/phpdbg/issues/91 Enable edit feature when build with libedit. Notice: coloured prompt only enable with READLINE --- sapi/phpdbg/config.m4 | 2 +- sapi/phpdbg/phpdbg.h | 2 +- sapi/phpdbg/phpdbg_cmd.c | 6 +++--- sapi/phpdbg/phpdbg_prompt.c | 5 +++++ sapi/phpdbg/phpdbg_utils.c | 6 +++++- 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/sapi/phpdbg/config.m4 b/sapi/phpdbg/config.m4 index 1a6640eaca2..d78a439af02 100644 --- a/sapi/phpdbg/config.m4 +++ b/sapi/phpdbg/config.m4 @@ -21,7 +21,7 @@ if test "$PHP_PHPDBG" != "no"; then PHP_PHPDBG_CFLAGS="-D_GNU_SOURCE" PHP_PHPDBG_FILES="phpdbg.c phpdbg_parser.c phpdbg_lexer.c phpdbg_prompt.c phpdbg_help.c phpdbg_break.c phpdbg_print.c phpdbg_bp.c phpdbg_opcode.c phpdbg_list.c phpdbg_utils.c phpdbg_info.c phpdbg_cmd.c phpdbg_set.c phpdbg_frame.c phpdbg_watch.c phpdbg_btree.c" - if test "$PHP_READLINE" != "no"; then + if test "$PHP_READLINE" != "no" -o "$PHP_LIBEDIT" != "no"; then PHPDBG_EXTRA_LIBS="$PHP_READLINE_LIBS" fi diff --git a/sapi/phpdbg/phpdbg.h b/sapi/phpdbg/phpdbg.h index 12350d5425d..b2e7a03c213 100644 --- a/sapi/phpdbg/phpdbg.h +++ b/sapi/phpdbg/phpdbg.h @@ -64,7 +64,7 @@ # include "TSRM.h" #endif -#ifdef HAVE_LIBREADLINE +#if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDIT) # include # include #endif diff --git a/sapi/phpdbg/phpdbg_cmd.c b/sapi/phpdbg/phpdbg_cmd.c index d4ce8ebc55f..a45513bee6b 100644 --- a/sapi/phpdbg/phpdbg_cmd.c +++ b/sapi/phpdbg/phpdbg_cmd.c @@ -792,7 +792,7 @@ PHPDBG_API int phpdbg_stack_execute(phpdbg_param_t *stack, char **why TSRMLS_DC) PHPDBG_API char* phpdbg_read_input(char *buffered TSRMLS_DC) /* {{{ */ { char *cmd = NULL; -#ifndef HAVE_LIBREADLINE +#if !defined(HAVE_LIBREADLINE) && !defined(HAVE_LIBEDIT) char buf[PHPDBG_MAX_CMD]; #endif char *buffer = NULL; @@ -811,7 +811,7 @@ disconnect: return NULL; } -#ifndef HAVE_LIBREADLINE +#if !defined(HAVE_LIBREADLINE) && !defined(HAVE_LIBEDIT) if (!(PHPDBG_G(flags) & PHPDBG_IS_REMOTE)) { if (!phpdbg_write("%s", phpdbg_get_prompt(TSRMLS_C))) { goto disconnect; @@ -850,7 +850,7 @@ readline: buffer = estrdup(cmd); -#ifdef HAVE_LIBREADLINE +#if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDIT) if (!buffered && cmd && !(PHPDBG_G(flags) & PHPDBG_IS_REMOTE)) { free(cmd); diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 5379e775867..d91ef3f3f5c 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -732,6 +732,11 @@ PHPDBG_COMMAND(print) /* {{{ */ #else phpdbg_writeln("Readline\tno"); #endif +#ifdef HAVE_LIBEDIT + phpdbg_writeln("Libedit\t\tyes"); +#else + phpdbg_writeln("Libedit\t\tno"); +#endif phpdbg_writeln("Exec\t\t%s", PHPDBG_G(exec) ? PHPDBG_G(exec) : "none"); phpdbg_writeln("Compiled\t%s", PHPDBG_G(ops) ? "yes" : "no"); diff --git a/sapi/phpdbg/phpdbg_utils.c b/sapi/phpdbg/phpdbg_utils.c index 98748b202a1..3b4eac73279 100644 --- a/sapi/phpdbg/phpdbg_utils.c +++ b/sapi/phpdbg/phpdbg_utils.c @@ -400,12 +400,16 @@ PHPDBG_API const char *phpdbg_get_prompt(TSRMLS_D) /* {{{ */ } /* create cached prompt */ +#ifdef HAVE_LIBREADLINE + /* TODO: libedit doesn't seems to support coloured prompt */ if ((PHPDBG_G(flags) & PHPDBG_IS_COLOURED)) { asprintf( &PHPDBG_G(prompt)[1], "\033[%sm%s\033[0m ", PHPDBG_G(colors)[PHPDBG_COLOR_PROMPT]->code, PHPDBG_G(prompt)[0]); - } else { + } else +#endif + { asprintf( &PHPDBG_G(prompt)[1], "%s ", PHPDBG_G(prompt)[0]); From 3058b877834ca01aa9f1c3634f4721176c7f1610 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Sat, 21 Jun 2014 00:06:51 +0200 Subject: [PATCH 15/67] mention 67468 fix in NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 2861dde75f4..87b4dafc697 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2014, PHP 5.6.0 Release Candidate 2 +- Core: + . Fixed bug #67468 (Segfault in highlight_file()/highlight_string()). + (Andreas Ferber) + 19 Jun 2014, PHP 5.6.0 Release Candidate 1 - Core: From 53158f2c32c71bddbfaa390c0c4758bc98540946 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 23 Jun 2014 10:10:17 +0200 Subject: [PATCH 16/67] testcase for 67468 (only for debug build, as I could not create a stable segfault without loading other exts like pgsql) --- Zend/tests/67468.phpt | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 Zend/tests/67468.phpt diff --git a/Zend/tests/67468.phpt b/Zend/tests/67468.phpt new file mode 100644 index 00000000000..767217644ab --- /dev/null +++ b/Zend/tests/67468.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #67468 (Segfault in highlight_file()/highlight_string()) +--SKIPIF-- + +--FILE-- + +--EXPECT-- +done From 98d41dfc9db53e2ecf5a244acf00be617ce49002 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 23 Jun 2014 10:17:43 +0200 Subject: [PATCH 17/67] Better fix for phpdbg + libedit - fix include - disable coloured prompt only with libedit --- sapi/phpdbg/phpdbg.h | 5 ++++- sapi/phpdbg/phpdbg_utils.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/sapi/phpdbg/phpdbg.h b/sapi/phpdbg/phpdbg.h index b2e7a03c213..eb4faf1f942 100644 --- a/sapi/phpdbg/phpdbg.h +++ b/sapi/phpdbg/phpdbg.h @@ -64,10 +64,13 @@ # include "TSRM.h" #endif -#if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDIT) +#ifdef LIBREADLINE # include # include #endif +#ifdef HAVE_LIBEDIT +# include +#endif #include "phpdbg_lexer.h" #include "phpdbg_cmd.h" diff --git a/sapi/phpdbg/phpdbg_utils.c b/sapi/phpdbg/phpdbg_utils.c index 3b4eac73279..3ce2fade17d 100644 --- a/sapi/phpdbg/phpdbg_utils.c +++ b/sapi/phpdbg/phpdbg_utils.c @@ -400,7 +400,7 @@ PHPDBG_API const char *phpdbg_get_prompt(TSRMLS_D) /* {{{ */ } /* create cached prompt */ -#ifdef HAVE_LIBREADLINE +#ifndef HAVE_LIBEDIT /* TODO: libedit doesn't seems to support coloured prompt */ if ((PHPDBG_G(flags) & PHPDBG_IS_COLOURED)) { asprintf( From 0febafcfbe3e35f4a230430368ba931f19f8e957 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 23 Jun 2014 10:04:40 +0200 Subject: [PATCH 18/67] Fix https://github.com/krakjoe/phpdbg/issues/91 Enable edit feature when build with libedit. Notice: coloured prompt only enable with READLINE --- sapi/phpdbg/config.m4 | 2 +- sapi/phpdbg/phpdbg.h | 2 +- sapi/phpdbg/phpdbg_cmd.c | 6 +++--- sapi/phpdbg/phpdbg_prompt.c | 5 +++++ sapi/phpdbg/phpdbg_utils.c | 6 +++++- 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/sapi/phpdbg/config.m4 b/sapi/phpdbg/config.m4 index 1a6640eaca2..d78a439af02 100644 --- a/sapi/phpdbg/config.m4 +++ b/sapi/phpdbg/config.m4 @@ -21,7 +21,7 @@ if test "$PHP_PHPDBG" != "no"; then PHP_PHPDBG_CFLAGS="-D_GNU_SOURCE" PHP_PHPDBG_FILES="phpdbg.c phpdbg_parser.c phpdbg_lexer.c phpdbg_prompt.c phpdbg_help.c phpdbg_break.c phpdbg_print.c phpdbg_bp.c phpdbg_opcode.c phpdbg_list.c phpdbg_utils.c phpdbg_info.c phpdbg_cmd.c phpdbg_set.c phpdbg_frame.c phpdbg_watch.c phpdbg_btree.c" - if test "$PHP_READLINE" != "no"; then + if test "$PHP_READLINE" != "no" -o "$PHP_LIBEDIT" != "no"; then PHPDBG_EXTRA_LIBS="$PHP_READLINE_LIBS" fi diff --git a/sapi/phpdbg/phpdbg.h b/sapi/phpdbg/phpdbg.h index 12350d5425d..b2e7a03c213 100644 --- a/sapi/phpdbg/phpdbg.h +++ b/sapi/phpdbg/phpdbg.h @@ -64,7 +64,7 @@ # include "TSRM.h" #endif -#ifdef HAVE_LIBREADLINE +#if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDIT) # include # include #endif diff --git a/sapi/phpdbg/phpdbg_cmd.c b/sapi/phpdbg/phpdbg_cmd.c index d4ce8ebc55f..a45513bee6b 100644 --- a/sapi/phpdbg/phpdbg_cmd.c +++ b/sapi/phpdbg/phpdbg_cmd.c @@ -792,7 +792,7 @@ PHPDBG_API int phpdbg_stack_execute(phpdbg_param_t *stack, char **why TSRMLS_DC) PHPDBG_API char* phpdbg_read_input(char *buffered TSRMLS_DC) /* {{{ */ { char *cmd = NULL; -#ifndef HAVE_LIBREADLINE +#if !defined(HAVE_LIBREADLINE) && !defined(HAVE_LIBEDIT) char buf[PHPDBG_MAX_CMD]; #endif char *buffer = NULL; @@ -811,7 +811,7 @@ disconnect: return NULL; } -#ifndef HAVE_LIBREADLINE +#if !defined(HAVE_LIBREADLINE) && !defined(HAVE_LIBEDIT) if (!(PHPDBG_G(flags) & PHPDBG_IS_REMOTE)) { if (!phpdbg_write("%s", phpdbg_get_prompt(TSRMLS_C))) { goto disconnect; @@ -850,7 +850,7 @@ readline: buffer = estrdup(cmd); -#ifdef HAVE_LIBREADLINE +#if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDIT) if (!buffered && cmd && !(PHPDBG_G(flags) & PHPDBG_IS_REMOTE)) { free(cmd); diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 5379e775867..d91ef3f3f5c 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -732,6 +732,11 @@ PHPDBG_COMMAND(print) /* {{{ */ #else phpdbg_writeln("Readline\tno"); #endif +#ifdef HAVE_LIBEDIT + phpdbg_writeln("Libedit\t\tyes"); +#else + phpdbg_writeln("Libedit\t\tno"); +#endif phpdbg_writeln("Exec\t\t%s", PHPDBG_G(exec) ? PHPDBG_G(exec) : "none"); phpdbg_writeln("Compiled\t%s", PHPDBG_G(ops) ? "yes" : "no"); diff --git a/sapi/phpdbg/phpdbg_utils.c b/sapi/phpdbg/phpdbg_utils.c index 98748b202a1..3b4eac73279 100644 --- a/sapi/phpdbg/phpdbg_utils.c +++ b/sapi/phpdbg/phpdbg_utils.c @@ -400,12 +400,16 @@ PHPDBG_API const char *phpdbg_get_prompt(TSRMLS_D) /* {{{ */ } /* create cached prompt */ +#ifdef HAVE_LIBREADLINE + /* TODO: libedit doesn't seems to support coloured prompt */ if ((PHPDBG_G(flags) & PHPDBG_IS_COLOURED)) { asprintf( &PHPDBG_G(prompt)[1], "\033[%sm%s\033[0m ", PHPDBG_G(colors)[PHPDBG_COLOR_PROMPT]->code, PHPDBG_G(prompt)[0]); - } else { + } else +#endif + { asprintf( &PHPDBG_G(prompt)[1], "%s ", PHPDBG_G(prompt)[0]); From 0da5d94a6c840af835a5b5d8bc4284a588d727bf Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 23 Jun 2014 10:17:43 +0200 Subject: [PATCH 19/67] Better fix for phpdbg + libedit - fix include - disable coloured prompt only with libedit --- sapi/phpdbg/phpdbg.h | 5 ++++- sapi/phpdbg/phpdbg_utils.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/sapi/phpdbg/phpdbg.h b/sapi/phpdbg/phpdbg.h index b2e7a03c213..eb4faf1f942 100644 --- a/sapi/phpdbg/phpdbg.h +++ b/sapi/phpdbg/phpdbg.h @@ -64,10 +64,13 @@ # include "TSRM.h" #endif -#if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDIT) +#ifdef LIBREADLINE # include # include #endif +#ifdef HAVE_LIBEDIT +# include +#endif #include "phpdbg_lexer.h" #include "phpdbg_cmd.h" diff --git a/sapi/phpdbg/phpdbg_utils.c b/sapi/phpdbg/phpdbg_utils.c index 3b4eac73279..3ce2fade17d 100644 --- a/sapi/phpdbg/phpdbg_utils.c +++ b/sapi/phpdbg/phpdbg_utils.c @@ -400,7 +400,7 @@ PHPDBG_API const char *phpdbg_get_prompt(TSRMLS_D) /* {{{ */ } /* create cached prompt */ -#ifdef HAVE_LIBREADLINE +#ifndef HAVE_LIBEDIT /* TODO: libedit doesn't seems to support coloured prompt */ if ((PHPDBG_G(flags) & PHPDBG_IS_COLOURED)) { asprintf( From b3ef019b621bc2cfc9c636bcc900e52ed68aaef1 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 23 Jun 2014 10:39:06 +0200 Subject: [PATCH 20/67] NEWS --- NEWS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS b/NEWS index 87b4dafc697..693486b889c 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,9 @@ PHP NEWS . Fixed bug #67468 (Segfault in highlight_file()/highlight_string()). (Andreas Ferber) +- phpdbg: + . Fix Bug #67499 (readline feature not enabled when build with libedit). (Remi) + 19 Jun 2014, PHP 5.6.0 Release Candidate 1 - Core: From 62b6cdbbd783040f43eb4479357a85491214cedd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Mon, 23 Jun 2014 11:35:42 +0200 Subject: [PATCH 21/67] Add initial manual page for phpdbg.1 --- phpdbg.1 | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 phpdbg.1 diff --git a/phpdbg.1 b/phpdbg.1 new file mode 100644 index 00000000000..68568d03e13 --- /dev/null +++ b/phpdbg.1 @@ -0,0 +1,59 @@ +.TH PHPDBG 1 +.SH NAME +phpdbg \- The interactive PHP debugger +.SH SYNOPSIS +.B phpdbg +[OPTION] +[\fB\-e\fIFILE\fR] +.SH DESCRIPTION +.B phpdbg +a lightweight, powerful, easy to use debugging platform for PHP5. +.SH OPTIONS +The following switches are implemented (just like cli SAPI): +.TP +.BR \-n +No \fBphp.ini\fR file will be used +.TP +.BR \-c \fIpath\fB|\fIfile\fR +Look for \fBphp.ini\fR file in the directory \fIpath\fR or use the specified \fIfile\fR +.TP +.BR \-z \fIfile\fR +Load Zend extension \fIfile\fR +.TP +.BR \-d \fIfoo\fB[=\fIbar\fB]\fR +Define INI entry \fIfoo\fR with value \fIbar\fR +.PP The following switches change the default behaviour of phpdbg: +.TP +.BR \-v +Disables quietness +.TP +.BR \-s +Enabled stepping +.TP +.BR -e \fIfile\fR +Sets execution context +.TP +.BR \-b +Disables use of colour on the console +.TP +.BR \-I +Ignore .phpdbginit (default init file) +.TP +.BR \-i \fIpath\fB|\ffile\fR +Override .phpgdbinit location (implies -I) +.TP +.BR \-O \fIfile\fR +Set oplog output to \fIfile\fR +.TP +.BR \-q +Do not print banner on startup +.TP +.BR \-r +Jump straight to run +.TP +.BR \-E +Enable step through eval() +.SH NOTES +Passing -rr will cause phpdbg to quit after execution, rather than returning to the console +.SH AUTHOR +Written by Ondřej Surý for Debian project. From 6d97b4b2b322171d9d3e88ccd5f933bc5661edd6 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 21:28:33 -0700 Subject: [PATCH 22/67] Better fix for bug #67072 with more BC provisions --- NEWS | 2 +- ext/standard/tests/serialize/bug67072_2.phpt | 84 ++++++++++++++++++++ ext/standard/var_unserializer.c | 67 ++++++++-------- ext/standard/var_unserializer.re | 3 +- 4 files changed, 121 insertions(+), 35 deletions(-) create mode 100644 ext/standard/tests/serialize/bug67072_2.phpt diff --git a/NEWS b/NEWS index 31a4a527935..4ee00dbe471 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,7 @@ PHP NEWS 12 Jun 2014, PHP 5.4.30 - Core: - . Fixed BC break introduced by patch for bug #67072. (Anatol) + . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). diff --git a/ext/standard/tests/serialize/bug67072_2.phpt b/ext/standard/tests/serialize/bug67072_2.phpt new file mode 100644 index 00000000000..09eadb9ee15 --- /dev/null +++ b/ext/standard/tests/serialize/bug67072_2.phpt @@ -0,0 +1,84 @@ +--TEST-- +Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes +--FILE-- + +===DONE== +--EXPECTF-- +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4 + +Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4 +object(stdClass)#%d (0) { +} +object(MyClass)#%d (0) { +} +object(MyClassSer)#%d (0) { +} +object(MyClassSer2)#%d (0) { +} + +Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9 +bool(false) + +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9 +bool(false) +object(SplObjectStorage)#%d (1) { + ["storage":"SplObjectStorage":private]=> + array(0) { + } +} +object(__PHP_Incomplete_Class)#%d (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(6) "FooBar" +} + +Warning: Erroneous data format for unserializing 'Closure' in %s on line 9 + +Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9 +bool(false) +object(ArrayObject)#%d (1) { + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(MyArrayObject)#1 (2) { + ["a"]=> + int(1) + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(Directory)#1 (0) { +} +===DONE== diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c index 29d2e0f7eda..2dd10a72e1d 100644 --- a/ext/standard/var_unserializer.c +++ b/ext/standard/var_unserializer.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.5 on Tue Jun 3 10:23:35 2014 */ +/* Generated by re2c 0.13.5 on Sat Jun 21 21:27:56 2014 */ #line 1 "ext/standard/var_unserializer.re" /* +----------------------------------------------------------------------+ @@ -23,6 +23,7 @@ #include "php.h" #include "ext/standard/php_var.h" #include "php_incomplete_class.h" +#include "Zend/zend_interfaces.h" /* {{{ reference-handling for unserializer: var_* */ #define VAR_ENTRIES_MAX 1024 @@ -226,7 +227,7 @@ static char *unserialize_str(const unsigned char **p, size_t *len, size_t maxlen #define YYMARKER marker -#line 234 "ext/standard/var_unserializer.re" +#line 235 "ext/standard/var_unserializer.re" @@ -400,7 +401,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) Serializable interface have eventually an inconsistent behavior at this place when unserialized from a manipulated string. Additionaly the interal classes can possibly crash PHP so they're still disabled here. */ - if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) { + if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) { object_init_ex(*rval, ce); } else { /* If this class implements Serializable, it should not land here but in object_custom(). The passed string @@ -473,7 +474,7 @@ PHPAPI int php_var_unserialize(UNSERIALIZE_PARAMETER) -#line 477 "ext/standard/var_unserializer.c" +#line 478 "ext/standard/var_unserializer.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -533,9 +534,9 @@ yy2: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy95; yy3: -#line 828 "ext/standard/var_unserializer.re" +#line 829 "ext/standard/var_unserializer.re" { return 0; } -#line 539 "ext/standard/var_unserializer.c" +#line 540 "ext/standard/var_unserializer.c" yy4: yych = *(YYMARKER = ++YYCURSOR); if (yych == ':') goto yy89; @@ -578,13 +579,13 @@ yy13: goto yy3; yy14: ++YYCURSOR; -#line 822 "ext/standard/var_unserializer.re" +#line 823 "ext/standard/var_unserializer.re" { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } -#line 588 "ext/standard/var_unserializer.c" +#line 589 "ext/standard/var_unserializer.c" yy16: yych = *++YYCURSOR; goto yy3; @@ -614,7 +615,7 @@ yy20: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 676 "ext/standard/var_unserializer.re" +#line 677 "ext/standard/var_unserializer.re" { size_t len, len2, len3, maxlen; long elements; @@ -760,7 +761,7 @@ yy20: return object_common2(UNSERIALIZE_PASSTHRU, elements); } -#line 764 "ext/standard/var_unserializer.c" +#line 765 "ext/standard/var_unserializer.c" yy25: yych = *++YYCURSOR; if (yych <= ',') { @@ -785,7 +786,7 @@ yy27: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 668 "ext/standard/var_unserializer.re" +#line 669 "ext/standard/var_unserializer.re" { INIT_PZVAL(*rval); @@ -793,7 +794,7 @@ yy27: return object_common2(UNSERIALIZE_PASSTHRU, object_common1(UNSERIALIZE_PASSTHRU, ZEND_STANDARD_CLASS_DEF_PTR)); } -#line 797 "ext/standard/var_unserializer.c" +#line 798 "ext/standard/var_unserializer.c" yy32: yych = *++YYCURSOR; if (yych == '+') goto yy33; @@ -814,7 +815,7 @@ yy34: yych = *++YYCURSOR; if (yych != '{') goto yy18; ++YYCURSOR; -#line 648 "ext/standard/var_unserializer.re" +#line 649 "ext/standard/var_unserializer.re" { long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -834,7 +835,7 @@ yy34: return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 838 "ext/standard/var_unserializer.c" +#line 839 "ext/standard/var_unserializer.c" yy39: yych = *++YYCURSOR; if (yych == '+') goto yy40; @@ -855,7 +856,7 @@ yy41: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 619 "ext/standard/var_unserializer.re" +#line 620 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -884,7 +885,7 @@ yy41: ZVAL_STRINGL(*rval, str, len, 0); return 1; } -#line 888 "ext/standard/var_unserializer.c" +#line 889 "ext/standard/var_unserializer.c" yy46: yych = *++YYCURSOR; if (yych == '+') goto yy47; @@ -905,7 +906,7 @@ yy48: yych = *++YYCURSOR; if (yych != '"') goto yy18; ++YYCURSOR; -#line 591 "ext/standard/var_unserializer.re" +#line 592 "ext/standard/var_unserializer.re" { size_t len, maxlen; char *str; @@ -933,7 +934,7 @@ yy48: ZVAL_STRINGL(*rval, str, len, 1); return 1; } -#line 937 "ext/standard/var_unserializer.c" +#line 938 "ext/standard/var_unserializer.c" yy53: yych = *++YYCURSOR; if (yych <= '/') { @@ -1021,7 +1022,7 @@ yy61: } yy63: ++YYCURSOR; -#line 581 "ext/standard/var_unserializer.re" +#line 582 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 use_double: @@ -1031,7 +1032,7 @@ use_double: ZVAL_DOUBLE(*rval, zend_strtod((const char *)start + 2, NULL)); return 1; } -#line 1035 "ext/standard/var_unserializer.c" +#line 1036 "ext/standard/var_unserializer.c" yy65: yych = *++YYCURSOR; if (yych <= ',') { @@ -1090,7 +1091,7 @@ yy73: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 566 "ext/standard/var_unserializer.re" +#line 567 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -1105,7 +1106,7 @@ yy73: return 1; } -#line 1109 "ext/standard/var_unserializer.c" +#line 1110 "ext/standard/var_unserializer.c" yy76: yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1132,7 +1133,7 @@ yy79: if (yych <= '9') goto yy79; if (yych != ';') goto yy18; ++YYCURSOR; -#line 539 "ext/standard/var_unserializer.re" +#line 540 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 int digits = YYCURSOR - start - 3; @@ -1159,7 +1160,7 @@ yy79: ZVAL_LONG(*rval, parse_iv(start + 2)); return 1; } -#line 1163 "ext/standard/var_unserializer.c" +#line 1164 "ext/standard/var_unserializer.c" yy83: yych = *++YYCURSOR; if (yych <= '/') goto yy18; @@ -1167,24 +1168,24 @@ yy83: yych = *++YYCURSOR; if (yych != ';') goto yy18; ++YYCURSOR; -#line 532 "ext/standard/var_unserializer.re" +#line 533 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_BOOL(*rval, parse_iv(start + 2)); return 1; } -#line 1178 "ext/standard/var_unserializer.c" +#line 1179 "ext/standard/var_unserializer.c" yy87: ++YYCURSOR; -#line 525 "ext/standard/var_unserializer.re" +#line 526 "ext/standard/var_unserializer.re" { *p = YYCURSOR; INIT_PZVAL(*rval); ZVAL_NULL(*rval); return 1; } -#line 1188 "ext/standard/var_unserializer.c" +#line 1189 "ext/standard/var_unserializer.c" yy89: yych = *++YYCURSOR; if (yych <= ',') { @@ -1207,7 +1208,7 @@ yy91: if (yych <= '9') goto yy91; if (yych != ';') goto yy18; ++YYCURSOR; -#line 502 "ext/standard/var_unserializer.re" +#line 503 "ext/standard/var_unserializer.re" { long id; @@ -1230,7 +1231,7 @@ yy91: return 1; } -#line 1234 "ext/standard/var_unserializer.c" +#line 1235 "ext/standard/var_unserializer.c" yy95: yych = *++YYCURSOR; if (yych <= ',') { @@ -1253,7 +1254,7 @@ yy97: if (yych <= '9') goto yy97; if (yych != ';') goto yy18; ++YYCURSOR; -#line 481 "ext/standard/var_unserializer.re" +#line 482 "ext/standard/var_unserializer.re" { long id; @@ -1274,9 +1275,9 @@ yy97: return 1; } -#line 1278 "ext/standard/var_unserializer.c" +#line 1279 "ext/standard/var_unserializer.c" } -#line 830 "ext/standard/var_unserializer.re" +#line 831 "ext/standard/var_unserializer.re" return 0; diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re index cd4d53b5c17..9a9c6933379 100644 --- a/ext/standard/var_unserializer.re +++ b/ext/standard/var_unserializer.re @@ -21,6 +21,7 @@ #include "php.h" #include "ext/standard/php_var.h" #include "php_incomplete_class.h" +#include "Zend/zend_interfaces.h" /* {{{ reference-handling for unserializer: var_* */ #define VAR_ENTRIES_MAX 1024 @@ -404,7 +405,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce) Serializable interface have eventually an inconsistent behavior at this place when unserialized from a manipulated string. Additionaly the interal classes can possibly crash PHP so they're still disabled here. */ - if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) { + if (ce->serialize == NULL || ce->unserialize == zend_user_unserialize || (ZEND_INTERNAL_CLASS != ce->type && ce->create_object == NULL)) { object_init_ex(*rval, ce); } else { /* If this class implements Serializable, it should not land here but in object_custom(). The passed string From 9d49492fd66cce4d62ad57aa29ef3b6ae076e1ef Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Tue, 24 Jun 2014 13:53:05 +0800 Subject: [PATCH 23/67] Fixed bug #67368 (Memory leak with immediately dereferenced array in class constant) --- NEWS | 2 ++ Zend/tests/bug67368.phpt | 12 ++++++++++++ Zend/zend_ast.c | 3 +-- 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 Zend/tests/bug67368.phpt diff --git a/NEWS b/NEWS index 693486b889c..373f8108816 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP NEWS ?? ??? 2014, PHP 5.6.0 Release Candidate 2 - Core: + . Fixed bug #67368 (Memory leak with immediately dereferenced array in class + constant). (Laruence) . Fixed bug #67468 (Segfault in highlight_file()/highlight_string()). (Andreas Ferber) diff --git a/Zend/tests/bug67368.phpt b/Zend/tests/bug67368.phpt new file mode 100644 index 00000000000..c92e994b940 --- /dev/null +++ b/Zend/tests/bug67368.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #67368 (Memory leak with immediately dereferenced array in class constant) +--INI-- +report_memleaks=1 +--FILE-- + 3]["bar"]; +} +echo "okey"; +--EXPECTF-- +okey diff --git a/Zend/zend_ast.c b/Zend/zend_ast.c index 583a52321be..12f94055239 100644 --- a/Zend/zend_ast.c +++ b/Zend/zend_ast.c @@ -328,8 +328,7 @@ ZEND_API void zend_ast_evaluate(zval *result, zend_ast *ast, zend_class_entry *s { zval *tmp; zend_fetch_dimension_by_zval(&tmp, &op1, &op2 TSRMLS_CC); - *result = *tmp; - efree(tmp); + ZVAL_ZVAL(result, tmp, 1, 1); } zval_dtor(&op1); zval_dtor(&op2); From 79457d1964c8a55c55c13b40e6b2d877792a9dc6 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 24 Jun 2014 10:17:34 -0700 Subject: [PATCH 24/67] 5.4.30 --- configure.in | 2 +- main/php_version.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 98e306dd704..5c154fbb3f0 100644 --- a/configure.in +++ b/configure.in @@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=4 PHP_RELEASE_VERSION=30 -PHP_EXTRA_VERSION="RC1" +PHP_EXTRA_VERSION="" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 9cb16ca6850..a5ff7cb0a35 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -4,6 +4,6 @@ #define PHP_MINOR_VERSION 4 #define PHP_RELEASE_VERSION 30 -#define PHP_EXTRA_VERSION "RC1" -#define PHP_VERSION "5.4.30RC1" +#define PHP_EXTRA_VERSION "" +#define PHP_VERSION "5.4.30" #define PHP_VERSION_ID 50430 From 08e7252abfc81339ce647449cae9d5035cd8ad09 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 24 Jun 2014 10:20:33 -0700 Subject: [PATCH 25/67] update NEWS --- NEWS | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index b574af83ee9..8ed7f8067c7 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,8 @@ PHP NEWS . Fixed bug #67390 (insecure temporary file use in the configure script). (Remi) (CVE-2014-3981) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) + . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). + (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) @@ -36,15 +38,20 @@ PHP NEWS - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary - check). + check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal - string size). (Francisco Alonso, Jan Kaluza, Remi) + string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary - check). (Francisco Alonso, Jan Kaluza, Remi) + check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). - (Francisco Alonso, Jan Kaluza, Remi) + (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary - check). (Francisco Alonso, Jan Kaluza, Remi) + check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) + +- Intl: + . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) + . Fixed bug #67397 (Buffer overflow in locale_get_display_name and + uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). @@ -63,6 +70,8 @@ PHP NEWS . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) + . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type + Confusion) (CVE-2014-3515). (Stefan Esser) 29 May 2014, PHP 5.4.29 From 844a046945c6cf2e44f8cd612d48321c9f799bef Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Wed, 4 Jun 2014 01:06:01 -0700 Subject: [PATCH 26/67] Fix bug #67349: Locale::parseLocale Double Free --- ext/intl/locale/locale_methods.c | 7 +++---- ext/intl/tests/locale_parse_locale2.phpt | 6 +++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 21b5847f2d3..626019d4488 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -269,8 +269,7 @@ static char* get_icu_value_internal( const char* loc_name , char* tag_name, int* grOffset = findOffset( LOC_GRANDFATHERED , loc_name ); if( grOffset >= 0 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - tag_value = estrdup(loc_name); - return tag_value; + return estrdup(loc_name); } else { /* Since Grandfathered , no value , do nothing , retutn NULL */ return NULL; @@ -280,8 +279,8 @@ static char* get_icu_value_internal( const char* loc_name , char* tag_name, int* if( fromParseLocale==1 ){ /* Handle singletons */ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - if( strlen(loc_name)>1 && (isIDPrefix(loc_name) ==1 ) ){ - return (char *)loc_name; + if( strlen(loc_name)>1 && (isIDPrefix(loc_name) == 1) ){ + return estrdup(loc_name); } } diff --git a/ext/intl/tests/locale_parse_locale2.phpt b/ext/intl/tests/locale_parse_locale2.phpt index 6012862a489..30cc8cc0ae5 100644 --- a/ext/intl/tests/locale_parse_locale2.phpt +++ b/ext/intl/tests/locale_parse_locale2.phpt @@ -63,7 +63,8 @@ function ut_main() //Some Invalid Tags: 'de-419-DE', 'a-DE', - 'ar-a-aaa-b-bbb-a-ccc' + 'ar-a-aaa-b-bbb-a-ccc', + 'x-AAAAAA', ); @@ -201,3 +202,6 @@ No values found from Locale parsing. --------------------- ar-a-aaa-b-bbb-a-ccc: language : 'ar' , +--------------------- +x-AAAAAA: +private0 : 'AAAAAA' , From f48b8f33393742b2c4adc6ec91127c7f228618e4 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 8 Jun 2014 13:44:40 -0700 Subject: [PATCH 27/67] Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) --- ext/intl/locale/locale_methods.c | 8 ++++++++ ext/intl/tests/bug67397.phpt | 21 +++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 ext/intl/tests/bug67397.phpt diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 626019d4488..f1e184914d6 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -497,6 +497,14 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME RETURN_FALSE; } + if(loc_name_len > ULOC_FULLNAME_CAPACITY) { + /* See bug 67397: overlong locale names cause trouble in uloc_getDisplayName */ + spprintf(&msg , 0, "locale_get_display_%s : name too long", tag_name ); + intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC ); + efree(msg); + RETURN_FALSE; + } + if(loc_name_len == 0) { loc_name = intl_locale_get_default(TSRMLS_C); } diff --git a/ext/intl/tests/bug67397.phpt b/ext/intl/tests/bug67397.phpt new file mode 100644 index 00000000000..b2b2911f8a0 --- /dev/null +++ b/ext/intl/tests/bug67397.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +false +'locale_get_display_name : name too long: U_ILLEGAL_ARGUMENT_ERROR' From b03993dde90b59a6b80ede62a6a268c5b4d390f6 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 19:46:16 -0700 Subject: [PATCH 28/67] Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion --- ext/spl/spl_array.c | 2 +- ext/spl/spl_observer.c | 2 +- ext/spl/tests/SplObjectStorage_unserialize_bad.phpt | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index 4191b0db0e0..32cdfe6fb40 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1804,7 +1804,7 @@ SPL_METHOD(Array, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index 57ddf492d1c..f493154b20f 100644 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -914,7 +914,7 @@ SPL_METHOD(SplObjectStorage, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt index a525317093b..8f0676de3b4 100644 --- a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt +++ b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt @@ -7,6 +7,7 @@ $badblobs = array( 'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', +'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"', ); foreach($badblobs as $blob) { try { @@ -17,6 +18,7 @@ try { echo $e->getMessage()."\n"; } } +echo "DONE\n"; --EXPECTF-- Error at offset 6 of 34 bytes Error at offset 46 of 89 bytes @@ -42,4 +44,5 @@ object(SplObjectStorage)#2 (1) { } } } - +Error at offset 79 of 78 bytes +DONE From 84f9fe0fdcc660d7f2b479b4cd5dd4216e3bc5ff Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 23 Jun 2014 00:19:37 -0700 Subject: [PATCH 29/67] Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability --- ext/standard/info.c | 8 ++++---- .../tests/general_functions/bug67498.phpt | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 ext/standard/tests/general_functions/bug67498.phpt diff --git a/ext/standard/info.c b/ext/standard/info.c index 03ced35fb3d..0626a7067bb 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -866,16 +866,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) php_info_print_table_start(); php_info_print_table_header(2, "Variable", "Value"); - if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); } php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt new file mode 100644 index 00000000000..5b5951b0f8b --- /dev/null +++ b/ext/standard/tests/general_functions/bug67498.phpt @@ -0,0 +1,15 @@ +--TEST-- +phpinfo() Type Confusion Information Leak Vulnerability +--FILE-- + +==DONE== +--EXPECTF-- +phpinfo() + +PHP Variables +%A +==DONE== From cfe06eb2b172ff54723a041001a47cf9a9f66153 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 21:28:33 -0700 Subject: [PATCH 30/67] Better fix for bug #67072 with more BC provisions --- ext/standard/tests/serialize/bug67072_2.phpt | 84 ++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 ext/standard/tests/serialize/bug67072_2.phpt diff --git a/ext/standard/tests/serialize/bug67072_2.phpt b/ext/standard/tests/serialize/bug67072_2.phpt new file mode 100644 index 00000000000..09eadb9ee15 --- /dev/null +++ b/ext/standard/tests/serialize/bug67072_2.phpt @@ -0,0 +1,84 @@ +--TEST-- +Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes +--FILE-- + +===DONE== +--EXPECTF-- +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4 + +Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4 +object(stdClass)#%d (0) { +} +object(MyClass)#%d (0) { +} +object(MyClassSer)#%d (0) { +} +object(MyClassSer2)#%d (0) { +} + +Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9 +bool(false) + +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9 +bool(false) +object(SplObjectStorage)#%d (1) { + ["storage":"SplObjectStorage":private]=> + array(0) { + } +} +object(__PHP_Incomplete_Class)#%d (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(6) "FooBar" +} + +Warning: Erroneous data format for unserializing 'Closure' in %s on line 9 + +Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9 +bool(false) +object(ArrayObject)#%d (1) { + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(MyArrayObject)#1 (2) { + ["a"]=> + int(1) + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(Directory)#1 (0) { +} +===DONE== From 5ecee6ebce576142fd13d2d1ec0bd52dac3086f9 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Wed, 4 Jun 2014 01:06:01 -0700 Subject: [PATCH 31/67] Fix bug #67349: Locale::parseLocale Double Free --- ext/intl/locale/locale_methods.c | 7 +++---- ext/intl/tests/locale_parse_locale2.phpt | 6 +++++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 21b5847f2d3..8eb663cb167 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -269,8 +269,7 @@ static char* get_icu_value_internal( const char* loc_name , char* tag_name, int* grOffset = findOffset( LOC_GRANDFATHERED , loc_name ); if( grOffset >= 0 ){ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - tag_value = estrdup(loc_name); - return tag_value; + return estrdup(loc_name); } else { /* Since Grandfathered , no value , do nothing , retutn NULL */ return NULL; @@ -280,8 +279,8 @@ static char* get_icu_value_internal( const char* loc_name , char* tag_name, int* if( fromParseLocale==1 ){ /* Handle singletons */ if( strcmp(tag_name , LOC_LANG_TAG)==0 ){ - if( strlen(loc_name)>1 && (isIDPrefix(loc_name) ==1 ) ){ - return (char *)loc_name; + if( strlen(loc_name)>1 && (isIDPrefix(loc_name) == 1)){ + return estrdup(loc_name); } } diff --git a/ext/intl/tests/locale_parse_locale2.phpt b/ext/intl/tests/locale_parse_locale2.phpt index 6012862a489..30cc8cc0ae5 100644 --- a/ext/intl/tests/locale_parse_locale2.phpt +++ b/ext/intl/tests/locale_parse_locale2.phpt @@ -63,7 +63,8 @@ function ut_main() //Some Invalid Tags: 'de-419-DE', 'a-DE', - 'ar-a-aaa-b-bbb-a-ccc' + 'ar-a-aaa-b-bbb-a-ccc', + 'x-AAAAAA', ); @@ -201,3 +202,6 @@ No values found from Locale parsing. --------------------- ar-a-aaa-b-bbb-a-ccc: language : 'ar' , +--------------------- +x-AAAAAA: +private0 : 'AAAAAA' , From 2a29add9e41cf98eb516be6bafd66a13cb42b9b3 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 8 Jun 2014 13:44:40 -0700 Subject: [PATCH 32/67] Fix bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) --- ext/intl/locale/locale_methods.c | 8 ++++++++ ext/intl/tests/bug67397.phpt | 21 +++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 ext/intl/tests/bug67397.phpt diff --git a/ext/intl/locale/locale_methods.c b/ext/intl/locale/locale_methods.c index 8eb663cb167..0597182bdc6 100644 --- a/ext/intl/locale/locale_methods.c +++ b/ext/intl/locale/locale_methods.c @@ -497,6 +497,14 @@ static void get_icu_disp_value_src_php( char* tag_name, INTERNAL_FUNCTION_PARAME RETURN_FALSE; } + if(loc_name_len > ULOC_FULLNAME_CAPACITY) { + /* See bug 67397: overlong locale names cause trouble in uloc_getDisplayName */ + spprintf(&msg , 0, "locale_get_display_%s : name too long", tag_name ); + intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, msg , 1 TSRMLS_CC ); + efree(msg); + RETURN_FALSE; + } + if(loc_name_len == 0) { loc_name = intl_locale_get_default(TSRMLS_C); } diff --git a/ext/intl/tests/bug67397.phpt b/ext/intl/tests/bug67397.phpt new file mode 100644 index 00000000000..b2b2911f8a0 --- /dev/null +++ b/ext/intl/tests/bug67397.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #67397 (Buffer overflow in locale_get_display_name->uloc_getDisplayName (libicu 4.8.1)) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +false +'locale_get_display_name : name too long: U_ILLEGAL_ARGUMENT_ERROR' From a374dfab567ff7f0ab0dc150f14cc891b0340b47 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 19:46:16 -0700 Subject: [PATCH 33/67] Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion --- ext/spl/spl_array.c | 2 +- ext/spl/spl_observer.c | 2 +- ext/spl/tests/SplObjectStorage_unserialize_bad.phpt | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ext/spl/spl_array.c b/ext/spl/spl_array.c index c4b237b4b7a..c38065f1493 100644 --- a/ext/spl/spl_array.c +++ b/ext/spl/spl_array.c @@ -1804,7 +1804,7 @@ SPL_METHOD(Array, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/spl_observer.c b/ext/spl/spl_observer.c index 57ddf492d1c..f493154b20f 100644 --- a/ext/spl/spl_observer.c +++ b/ext/spl/spl_observer.c @@ -914,7 +914,7 @@ SPL_METHOD(SplObjectStorage, unserialize) ++p; ALLOC_INIT_ZVAL(pmembers); - if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC)) { + if (!php_var_unserialize(&pmembers, &p, s + buf_len, &var_hash TSRMLS_CC) || Z_TYPE_P(pmembers) != IS_ARRAY) { zval_ptr_dtor(&pmembers); goto outexcept; } diff --git a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt index a525317093b..8f0676de3b4 100644 --- a/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt +++ b/ext/spl/tests/SplObjectStorage_unserialize_bad.phpt @@ -7,6 +7,7 @@ $badblobs = array( 'x:i:2;i:0;,i:1;;i:0;,i:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};R:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', 'x:i:3;O:8:"stdClass":0:{},O:8:"stdClass":0:{};r:2;,i:1;;O:8:"stdClass":0:{},r:2;;m:a:0:{}', +'x:i:1;O:8:"stdClass":0:{},N;;m:s:40:"1234567890123456789012345678901234567890"', ); foreach($badblobs as $blob) { try { @@ -17,6 +18,7 @@ try { echo $e->getMessage()."\n"; } } +echo "DONE\n"; --EXPECTF-- Error at offset 6 of 34 bytes Error at offset 46 of 89 bytes @@ -42,4 +44,5 @@ object(SplObjectStorage)#2 (1) { } } } - +Error at offset 79 of 78 bytes +DONE From 3804c0d00fa6e629173fb1c8c61f8f88d5fe39b9 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 23 Jun 2014 00:19:37 -0700 Subject: [PATCH 34/67] Fix bug #67498 - phpinfo() Type Confusion Information Leak Vulnerability --- ext/standard/info.c | 8 ++++---- .../tests/general_functions/bug67498.phpt | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 ext/standard/tests/general_functions/bug67498.phpt diff --git a/ext/standard/info.c b/ext/standard/info.c index 03ced35fb3d..0626a7067bb 100644 --- a/ext/standard/info.c +++ b/ext/standard/info.c @@ -866,16 +866,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC) php_info_print_table_start(); php_info_print_table_header(2, "Variable", "Value"); - if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data)); } - if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) { + if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) { php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data)); } php_print_gpcse_array(ZEND_STRL("_REQUEST") TSRMLS_CC); diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt new file mode 100644 index 00000000000..5b5951b0f8b --- /dev/null +++ b/ext/standard/tests/general_functions/bug67498.phpt @@ -0,0 +1,15 @@ +--TEST-- +phpinfo() Type Confusion Information Leak Vulnerability +--FILE-- + +==DONE== +--EXPECTF-- +phpinfo() + +PHP Variables +%A +==DONE== From 66cdd8fd76a63201c04956251c8e75450292cd64 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 21 Jun 2014 21:28:33 -0700 Subject: [PATCH 35/67] Better fix for bug #67072 with more BC provisions --- ext/standard/tests/serialize/bug67072_2.phpt | 84 ++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 ext/standard/tests/serialize/bug67072_2.phpt diff --git a/ext/standard/tests/serialize/bug67072_2.phpt b/ext/standard/tests/serialize/bug67072_2.phpt new file mode 100644 index 00000000000..09eadb9ee15 --- /dev/null +++ b/ext/standard/tests/serialize/bug67072_2.phpt @@ -0,0 +1,84 @@ +--TEST-- +Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes +--FILE-- + +===DONE== +--EXPECTF-- +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4 + +Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4 +object(stdClass)#%d (0) { +} +object(MyClass)#%d (0) { +} +object(MyClassSer)#%d (0) { +} +object(MyClassSer2)#%d (0) { +} + +Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9 +bool(false) + +Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9 + +Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9 +bool(false) +object(SplObjectStorage)#%d (1) { + ["storage":"SplObjectStorage":private]=> + array(0) { + } +} +object(__PHP_Incomplete_Class)#%d (1) { + ["__PHP_Incomplete_Class_Name"]=> + string(6) "FooBar" +} + +Warning: Erroneous data format for unserializing 'Closure' in %s on line 9 + +Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9 +bool(false) +object(ArrayObject)#%d (1) { + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(MyArrayObject)#1 (2) { + ["a"]=> + int(1) + ["storage":"ArrayObject":private]=> + array(0) { + } +} +object(Directory)#1 (0) { +} +===DONE== From 9d1d25e625ce7efebd633c460690d2949e58fb4c Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 24 Jun 2014 11:21:43 -0700 Subject: [PATCH 36/67] Fix test - because of big #67397 we don't allow overlong locales anymore --- ext/intl/tests/bug62082.phpt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ext/intl/tests/bug62082.phpt b/ext/intl/tests/bug62082.phpt index e6ca73e3006..dab1252afda 100644 --- a/ext/intl/tests/bug62082.phpt +++ b/ext/intl/tests/bug62082.phpt @@ -10,6 +10,7 @@ var_dump(locale_get_display_name(str_repeat("a", 300), null)); var_dump(locale_get_display_name(str_repeat("a", 512), null)); var_dump(locale_get_display_name(str_repeat("a", 600), null)); --EXPECT-- -string(300) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -string(512) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -string(600) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +bool(false) +bool(false) +bool(false) + From 78c3ca105b0e4d7429f5381a667973810b7be86e Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 24 Jun 2014 11:24:07 -0700 Subject: [PATCH 37/67] remove bug67072_2 test for 5.6+ since we'd have cleaner solution --- ext/standard/tests/serialize/bug67072_2.phpt | 84 -------------------- 1 file changed, 84 deletions(-) delete mode 100644 ext/standard/tests/serialize/bug67072_2.phpt diff --git a/ext/standard/tests/serialize/bug67072_2.phpt b/ext/standard/tests/serialize/bug67072_2.phpt deleted file mode 100644 index 09eadb9ee15..00000000000 --- a/ext/standard/tests/serialize/bug67072_2.phpt +++ /dev/null @@ -1,84 +0,0 @@ ---TEST-- -Bug #67072 Echoing unserialized "SplFileObject" crash - BC break fixes ---FILE-- - -===DONE== ---EXPECTF-- -Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 4 - -Notice: unserialize(): Error at offset 26 of 66 bytes in %s on line 4 -object(stdClass)#%d (0) { -} -object(MyClass)#%d (0) { -} -object(MyClassSer)#%d (0) { -} -object(MyClassSer2)#%d (0) { -} - -Warning: Erroneous data format for unserializing 'SplFileObject' in %s on line 9 - -Notice: unserialize(): Error at offset 24 of 25 bytes in %s on line 9 -bool(false) - -Warning: Erroneous data format for unserializing 'MySplFileObject' in %s on line 9 - -Notice: unserialize(): Error at offset 26 of 27 bytes in %s on line 9 -bool(false) -object(SplObjectStorage)#%d (1) { - ["storage":"SplObjectStorage":private]=> - array(0) { - } -} -object(__PHP_Incomplete_Class)#%d (1) { - ["__PHP_Incomplete_Class_Name"]=> - string(6) "FooBar" -} - -Warning: Erroneous data format for unserializing 'Closure' in %s on line 9 - -Notice: unserialize(): Error at offset 17 of 18 bytes in %s on line 9 -bool(false) -object(ArrayObject)#%d (1) { - ["storage":"ArrayObject":private]=> - array(0) { - } -} -object(MyArrayObject)#1 (2) { - ["a"]=> - int(1) - ["storage":"ArrayObject":private]=> - array(0) { - } -} -object(Directory)#1 (0) { -} -===DONE== From ad9ed232e746e69c374e946dd4054ced49bb5a22 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Thu, 26 Jun 2014 10:35:47 -0700 Subject: [PATCH 38/67] more extensive note on unserialize() change --- UPGRADING | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/UPGRADING b/UPGRADING index 80b6fb1aa62..92ed275a081 100644 --- a/UPGRADING +++ b/UPGRADING @@ -10,6 +10,7 @@ PHP 5.4 UPGRADE NOTES 2. Changes to reserved words and classes 3. Changes to engine behavior 4. Changes to existing functions + a. unserialize() change 5. Changes to existing classes 6. Changes to existing methods 7. Deprecated Functionality @@ -350,8 +351,45 @@ PHP 5.4 UPGRADE NOTES - Since 5.4.7, ctor is always called when new user stream wrapper object is created. Before, it was called only when stream_open was called. -- Manipulated serialization strings for objects implementing Serializable by - replacing "C:" with "O:" at the start will now produce an error. +4a. unserialize() change +------------------------ + +- Starting PHP 5.4.29, the bug fix for bug #67072 introduces a change to + unserialize() function, detailed below: + + If the string looking like 'O:..:"ClassName":...' is unserialized, and + the class named is an internal class that declares custom unserializer + function, or extends such class, unserialize would fail. + + Using O: for user classes not extending internal classes (including + those implementing Serializable) is still supported in 5.4, though + it is deprecated and may not be supported in 5.6. Same for using O: for + internal classes implementing Serializable (like ArrayObject) and + classes that extend them. + + The reason for that is that O: format is meant to be used with classes + that do not define custom handlers, and was never intended for the use + with classes that do. When used with the class that relies on custom + unserializer, it can leave the object of such internal class in an + inconsistent state which has been observed to result in crashes and may + also lead to memory corruption and ultimately even arbitrary code + execution. This was never the intended use of unserializer, and mere + possibility of doing this constitutes a bug, since the data passed to + unserialize() is not a valid serialization of any object. Since there + are many applications applying unserialize() to untrusted data, this + presents a potential security vulnerability. Thus, keeping such bug in + the code base was considered too dangerous. + + We are aware that some applications use O: format as a way to + instantiate classes. This was never the intended usage of serializer, + and ReflectionClass methods such as newInstance or + newInstanceWithoutConstructor can be used for that. We're working on + providing more comprehensive solution for such use cases in PHP 5.6 and + welcome the ideas in this area. + + We note also that using unserialize() on any data that is not the result + of serialize() call continues to be an unsupported scenario and should + not be relied on to produce any specific result. ============================== 5. Changes to existing classes From b5003c3a86f38f63d5dac4622ce4d00452570a8e Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Thu, 26 Jun 2014 10:39:38 -0700 Subject: [PATCH 39/67] more extensive note on unserialize() change --- UPGRADING | 43 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/UPGRADING b/UPGRADING index 4bc5d4143d1..0ddd276197a 100644 --- a/UPGRADING +++ b/UPGRADING @@ -7,6 +7,7 @@ PHP 5.5 UPGRADE NOTES 2. Changes in SAPI modules 3. Deprecated Functionality 4. Changed Functions + a. unserialize() change 5. New Functions 6. New Classes and Interfaces 7. Removed Extensions @@ -193,8 +194,46 @@ PHP 5.5 UPGRADE NOTES - Since 5.5.4, fputcsv() has fifth parameter escape_char, allowing to specify escape char. -- Manipulated serialization strings for objects implementing Serializable by - replacing "C:" with "O:" at the start will now produce an error. +4a. unserialize() change +------------------------ + +- Starting PHP 5.5.13, the bug fix for bug #67072 introduces a change to + unserialize() function, detailed below: + + If the string looking like 'O:..:"ClassName":...' is unserialized, and + the class named is an internal class that declares custom unserializer + function, or extends such class, unserialize would fail. + + Using O: for user classes not extending internal classes (including + those implementing Serializable) is still supported in 5.4, though + it is deprecated and may not be supported in 5.6 for classes that do not + originally serialize to O:. Same for using O: for internal classes + implementing Serializable (like ArrayObject) and classes that extend + them. + + The reason for that is that O: format is meant to be used with classes + that do not define custom handlers, and was never intended for the use + with classes that do. When used with the class that relies on custom + unserializer, it can leave the object of such internal class in an + inconsistent state which has been observed to result in crashes and may + also lead to memory corruption and ultimately even arbitrary code + execution. This was never the intended use of unserializer, and mere + possibility of doing this constitutes a bug, since the data passed to + unserialize() is not a valid serialization of any object. Since there + are many applications applying unserialize() to untrusted data, this + presents a potential security vulnerability. Thus, keeping such bug in + the code base was considered too dangerous. + + We are aware that some applications use O: format as a way to + instantiate classes. This was never the intended usage of serializer, + and ReflectionClass methods such as newInstance or + newInstanceWithoutConstructor can be used for that. We're working on + providing more comprehensive solution for such use cases in PHP 5.6 and + welcome the ideas in this area. + + We note also that using unserialize() on any data that is not the result + of serialize() call continues to be an unsupported scenario and should + not be relied on to produce any specific result. ======================================== 5. New Functions From b23460063f913dc6dfcfa1a3b0a71c07c4f5491e Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Thu, 26 Jun 2014 15:25:19 -0700 Subject: [PATCH 40/67] better explanation --- UPGRADING | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/UPGRADING b/UPGRADING index 92ed275a081..1fdcda7f387 100644 --- a/UPGRADING +++ b/UPGRADING @@ -363,9 +363,10 @@ PHP 5.4 UPGRADE NOTES Using O: for user classes not extending internal classes (including those implementing Serializable) is still supported in 5.4, though - it is deprecated and may not be supported in 5.6. Same for using O: for - internal classes implementing Serializable (like ArrayObject) and - classes that extend them. + it is deprecated and may not be supported in 5.6 for classes that do not + originally serialize to O:. Same for using O: for internal classes + implementing Serializable (like ArrayObject) and classes that extend + them. The reason for that is that O: format is meant to be used with classes that do not define custom handlers, and was never intended for the use From 2db96fea2d87bf3e24760e846b4a8633bd158330 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Thu, 26 Jun 2014 21:15:47 -0700 Subject: [PATCH 41/67] update the date --- NEWS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 8ed7f8067c7..7ddee6a2526 100644 --- a/NEWS +++ b/NEWS @@ -15,7 +15,7 @@ PHP NEWS - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam) -?? ??? 2014, PHP 5.4.30 +26 Jun 2014, PHP 5.4.30 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) From a0ecb3794f00e65cd2a073b2073e32d6c2fb7180 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 27 Jun 2014 09:45:53 +0200 Subject: [PATCH 42/67] Fix Bug #67530 error_log=syslog ignored As for Bug #64915 Systemd use --nodaemonize but need to error_log to file or syslog to be honoured --- sapi/fpm/fpm/fpm_stdio.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c index d81e10150db..769d3a6338c 100644 --- a/sapi/fpm/fpm/fpm_stdio.c +++ b/sapi/fpm/fpm/fpm_stdio.c @@ -268,7 +268,11 @@ int fpm_stdio_open_error_log(int reopen) /* {{{ */ if (!strcasecmp(fpm_global_config.error_log, "syslog")) { openlog(fpm_global_config.syslog_ident, LOG_PID | LOG_CONS, fpm_global_config.syslog_facility); fpm_globals.error_log_fd = ZLOG_SYSLOG; +#if HAVE_UNISTD_H + if (fpm_global_config.daemonize || (!isatty(STDERR_FILENO) && !fpm_globals.force_stderr)) { +#else if (fpm_global_config.daemonize) { +#endif zlog_set_fd(fpm_globals.error_log_fd); } return 0; From bf328b16817a9d7dfc7aaf078d4e944ab14ce0e1 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 27 Jun 2014 09:47:28 +0200 Subject: [PATCH 43/67] Fix Bug #67531 syslog cannot be set in pool configuration error_log is listed in FPM_PHP_INI_TO_EXPAND, but should not be expand when value = syslog --- sapi/fpm/fpm/fpm_conf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c index 688c6402505..103a830389c 100644 --- a/sapi/fpm/fpm/fpm_conf.c +++ b/sapi/fpm/fpm/fpm_conf.c @@ -1069,6 +1069,9 @@ static int fpm_conf_process_all_pools() /* {{{ */ } } for (kv = wp->config->php_admin_values; kv; kv = kv->next) { + if (!strcasecmp(kv->key, "error_log") && !strcasecmp(kv->value, "syslog")) { + continue; + } for (p = options; *p; p++) { if (!strcasecmp(kv->key, *p)) { fpm_evaluate_full_path(&kv->value, wp, NULL, 0); From 334758794da5fc38a5fb9cf2c962eb535bab6b67 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 27 Jun 2014 09:50:01 +0200 Subject: [PATCH 44/67] NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 7ddee6a2526..7463305219d 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,10 @@ PHP NEWS . Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam) +- FPM: + . Fix bug #67530 (error_log=syslog ignored). (Remi) + . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) + - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam) From 6c72ea87fd5c1155f31bea75c1711e0143bb6447 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 27 Jun 2014 09:50:43 +0200 Subject: [PATCH 45/67] NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index fce2198a7ab..27dfca41f72 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,10 @@ PHP NEWS . Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam) +- FPM: + . Fix bug #67530 (error_log=syslog ignored). (Remi) + . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) + - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam) From f201d061ba0d41344667527b64bbfefbcc67d5e5 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 27 Jun 2014 09:51:34 +0200 Subject: [PATCH 46/67] NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 373f8108816..0fdf0555d83 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,10 @@ PHP NEWS . Fixed bug #67468 (Segfault in highlight_file()/highlight_string()). (Andreas Ferber) +- FPM: + . Fix bug #67530 (error_log=syslog ignored). (Remi) + . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) + - phpdbg: . Fix Bug #67499 (readline feature not enabled when build with libedit). (Remi) From cc22f021fe7c7cf41cd6302374db8eba0f173653 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Fri, 27 Jun 2014 16:27:36 +0200 Subject: [PATCH 47/67] removing the format added by mistake, props to Solar Designer for spotting this. --- UPGRADING | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UPGRADING b/UPGRADING index 1fdcda7f387..f38e640b92f 100644 --- a/UPGRADING +++ b/UPGRADING @@ -312,7 +312,7 @@ PHP 5.4 UPGRADE NOTES to limit the amount of stack frames returned. - Fixed crypt_blowfish handling of 8-bit characters. crypt() in Blowfish mode - now supports hashes marked $2a$, $2x$, $2y$ and $2z$. + now supports hashes marked $2a$, $2x$ and $2y$. - mbstring now supports following encodings: Shift_JIS/UTF-8 Emoji, JIS X0213:2004 (Shift_JIS-2004, EUC-JP-2004, ISO-2022-JP-2004), From 4ac89660306fe0e0a94173ce5b065b71e94ac525 Mon Sep 17 00:00:00 2001 From: Davey Shafik Date: Sun, 29 Jun 2014 04:32:01 -0400 Subject: [PATCH 48/67] Fix typo in `finish` help Fixes #96 --- phpdbg_help.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpdbg_help.c b/phpdbg_help.c index f2d074ded60..7856e1554a6 100644 --- a/phpdbg_help.c +++ b/phpdbg_help.c @@ -613,7 +613,7 @@ phpdbg_help_text_t phpdbg_help_text[] = { {"finish", "The **finish** command causes control to be passed back to the vm, continuing execution. Any " "breakpoints that are encountered within the current stack frame will be skipped. Execution " -"will then continue until the next breakpoint after leaving the stack frame or unitil " +"will then continue until the next breakpoint after leaving the stack frame or until " "completion of the script" CR CR "Note when **step**ping is enabled, any opcode steps within the current stack frame are also " From 2e667544085856789c75061344faac4dd05fe69c Mon Sep 17 00:00:00 2001 From: Davey Shafik Date: Sun, 29 Jun 2014 04:33:27 -0400 Subject: [PATCH 49/67] Replace incorrect `E` command with `ev` in watch help Fixes #95 --- phpdbg_help.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpdbg_help.c b/phpdbg_help.c index f2d074ded60..58f995b5a95 100644 --- a/phpdbg_help.c +++ b/phpdbg_help.c @@ -629,7 +629,7 @@ phpdbg_help_text_t phpdbg_help_text[] = { "**Examples**" CR CR " $P frame 2" CR -" $P E $count" CR +" $P ev $count" CR " Go to frame 2 and print out variable **$count** in that frame" CR CR "Note that this frame scope is discarded when execution continues, with the execution frame " From 219beac36b9e421fd9a4920f214e9c63747eaafb Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Sun, 29 Jun 2014 11:26:03 +0200 Subject: [PATCH 50/67] Fix readline/libedit (Thanks to @remicollet) --- config.m4 | 2 +- phpdbg.h | 3 +++ phpdbg_btree.c | 2 +- phpdbg_btree.h | 2 +- phpdbg_cmd.c | 6 +++--- phpdbg_prompt.c | 5 +++++ phpdbg_utils.c | 6 +++++- 7 files changed, 19 insertions(+), 7 deletions(-) diff --git a/config.m4 b/config.m4 index 1a6640eaca2..d78a439af02 100644 --- a/config.m4 +++ b/config.m4 @@ -21,7 +21,7 @@ if test "$PHP_PHPDBG" != "no"; then PHP_PHPDBG_CFLAGS="-D_GNU_SOURCE" PHP_PHPDBG_FILES="phpdbg.c phpdbg_parser.c phpdbg_lexer.c phpdbg_prompt.c phpdbg_help.c phpdbg_break.c phpdbg_print.c phpdbg_bp.c phpdbg_opcode.c phpdbg_list.c phpdbg_utils.c phpdbg_info.c phpdbg_cmd.c phpdbg_set.c phpdbg_frame.c phpdbg_watch.c phpdbg_btree.c" - if test "$PHP_READLINE" != "no"; then + if test "$PHP_READLINE" != "no" -o "$PHP_LIBEDIT" != "no"; then PHPDBG_EXTRA_LIBS="$PHP_READLINE_LIBS" fi diff --git a/phpdbg.h b/phpdbg.h index 12350d5425d..2fa2d5093a8 100644 --- a/phpdbg.h +++ b/phpdbg.h @@ -68,6 +68,9 @@ # include # include #endif +#ifdef HAVE_LIBEDIT +# include +#endif #include "phpdbg_lexer.h" #include "phpdbg_cmd.h" diff --git a/phpdbg_btree.c b/phpdbg_btree.c index 8fc2561e047..491445399b7 100644 --- a/phpdbg_btree.c +++ b/phpdbg_btree.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2013 The PHP Group | + | Copyright (c) 1997-2014 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | diff --git a/phpdbg_btree.h b/phpdbg_btree.h index 5fb217db35e..af2a6ac3146 100644 --- a/phpdbg_btree.h +++ b/phpdbg_btree.h @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2013 The PHP Group | + | Copyright (c) 1997-2014 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | diff --git a/phpdbg_cmd.c b/phpdbg_cmd.c index d4ce8ebc55f..a45513bee6b 100644 --- a/phpdbg_cmd.c +++ b/phpdbg_cmd.c @@ -792,7 +792,7 @@ PHPDBG_API int phpdbg_stack_execute(phpdbg_param_t *stack, char **why TSRMLS_DC) PHPDBG_API char* phpdbg_read_input(char *buffered TSRMLS_DC) /* {{{ */ { char *cmd = NULL; -#ifndef HAVE_LIBREADLINE +#if !defined(HAVE_LIBREADLINE) && !defined(HAVE_LIBEDIT) char buf[PHPDBG_MAX_CMD]; #endif char *buffer = NULL; @@ -811,7 +811,7 @@ disconnect: return NULL; } -#ifndef HAVE_LIBREADLINE +#if !defined(HAVE_LIBREADLINE) && !defined(HAVE_LIBEDIT) if (!(PHPDBG_G(flags) & PHPDBG_IS_REMOTE)) { if (!phpdbg_write("%s", phpdbg_get_prompt(TSRMLS_C))) { goto disconnect; @@ -850,7 +850,7 @@ readline: buffer = estrdup(cmd); -#ifdef HAVE_LIBREADLINE +#if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDIT) if (!buffered && cmd && !(PHPDBG_G(flags) & PHPDBG_IS_REMOTE)) { free(cmd); diff --git a/phpdbg_prompt.c b/phpdbg_prompt.c index 5379e775867..d91ef3f3f5c 100644 --- a/phpdbg_prompt.c +++ b/phpdbg_prompt.c @@ -732,6 +732,11 @@ PHPDBG_COMMAND(print) /* {{{ */ #else phpdbg_writeln("Readline\tno"); #endif +#ifdef HAVE_LIBEDIT + phpdbg_writeln("Libedit\t\tyes"); +#else + phpdbg_writeln("Libedit\t\tno"); +#endif phpdbg_writeln("Exec\t\t%s", PHPDBG_G(exec) ? PHPDBG_G(exec) : "none"); phpdbg_writeln("Compiled\t%s", PHPDBG_G(ops) ? "yes" : "no"); diff --git a/phpdbg_utils.c b/phpdbg_utils.c index 98748b202a1..3ce2fade17d 100644 --- a/phpdbg_utils.c +++ b/phpdbg_utils.c @@ -400,12 +400,16 @@ PHPDBG_API const char *phpdbg_get_prompt(TSRMLS_D) /* {{{ */ } /* create cached prompt */ +#ifndef HAVE_LIBEDIT + /* TODO: libedit doesn't seems to support coloured prompt */ if ((PHPDBG_G(flags) & PHPDBG_IS_COLOURED)) { asprintf( &PHPDBG_G(prompt)[1], "\033[%sm%s\033[0m ", PHPDBG_G(colors)[PHPDBG_COLOR_PROMPT]->code, PHPDBG_G(prompt)[0]); - } else { + } else +#endif + { asprintf( &PHPDBG_G(prompt)[1], "%s ", PHPDBG_G(prompt)[0]); From 986a89ae1b47a4acc0b57a6e9027a91bd0ae7683 Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Sun, 29 Jun 2014 11:26:27 +0200 Subject: [PATCH 51/67] Fix issue krakjoe/phpdbg#99 register function has the same behavior as run --- phpdbg_lexer.c | 1044 +++++++++++++++++++++++++++--------------------- phpdbg_lexer.l | 36 +- 2 files changed, 609 insertions(+), 471 deletions(-) diff --git a/phpdbg_lexer.c b/phpdbg_lexer.c index 420dcac042d..2643dfa62b2 100644 --- a/phpdbg_lexer.c +++ b/phpdbg_lexer.c @@ -96,33 +96,49 @@ yyc_INITIAL: }; YYDEBUG(0, *YYCURSOR); - YYFILL(3); + YYFILL(4); yych = *YYCURSOR; - if (yych <= 0x1F) { - if (yych <= '\t') { + if (yych <= 'D') { + if (yych <= '\n') { if (yych <= 0x00) goto yy6; if (yych <= 0x08) goto yy11; + if (yych >= '\n') goto yy4; } else { - if (yych <= '\n') goto yy4; - if (yych != '\r') goto yy11; + if (yych <= '\r') { + if (yych <= '\f') goto yy11; + } else { + if (yych != ' ') goto yy11; + } } } else { - if (yych <= 'e') { - if (yych <= ' ') goto yy2; - if (yych <= 'd') goto yy11; - goto yy7; + if (yych <= 'd') { + if (yych <= 'Q') { + if (yych <= 'E') goto yy7; + goto yy11; + } else { + if (yych <= 'R') goto yy10; + if (yych <= 'S') goto yy8; + goto yy11; + } } else { - if (yych <= 'q') goto yy11; - if (yych <= 'r') goto yy9; - if (yych <= 's') goto yy8; - goto yy11; + if (yych <= 'q') { + if (yych <= 'e') goto yy7; + goto yy11; + } else { + if (yych <= 'r') goto yy9; + if (yych <= 's') goto yy8; + goto yy11; + } } } -yy2: YYDEBUG(2, *YYCURSOR); ++YYCURSOR; - if (yybm[0+(yych = *YYCURSOR)] & 128) { - goto yy19; + if ((yych = *YYCURSOR) <= '\f') { + if (yych <= 0x08) goto yy3; + if (yych <= '\n') goto yy26; + } else { + if (yych <= '\r') goto yy26; + if (yych == ' ') goto yy26; } yy3: YYDEBUG(3, *YYCURSOR); @@ -134,49 +150,60 @@ yy3: YYCURSOR = LEX(text); goto restart; } -#line 138 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 154 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy4: YYDEBUG(4, *YYCURSOR); ++YYCURSOR; - if (yybm[0+(yych = *YYCURSOR)] & 128) { - goto yy19; + if ((yych = *YYCURSOR) <= '\f') { + if (yych <= 0x08) goto yy5; + if (yych <= '\n') goto yy26; + } else { + if (yych <= '\r') goto yy26; + if (yych == ' ') goto yy26; } +yy5: YYDEBUG(5, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 68 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return 0; } -#line 151 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 172 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy6: YYDEBUG(6, *YYCURSOR); yych = *++YYCURSOR; goto yy3; yy7: YYDEBUG(7, *YYCURSOR); - yych = *++YYCURSOR; - if (yych == 'v') goto yy17; + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'V') goto yy22; + if (yych == 'v') goto yy22; goto yy3; yy8: YYDEBUG(8, *YYCURSOR); - yych = *++YYCURSOR; - if (yych == 'h') goto yy15; + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'H') goto yy18; + if (yych == 'h') goto yy18; goto yy3; yy9: YYDEBUG(9, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 128) { + goto yy15; + } + if (yych == 'U') goto yy12; if (yych == 'u') goto yy12; + goto yy3; yy10: YYDEBUG(10, *YYCURSOR); - yyleng = (size_t) YYCURSOR - (size_t) yytext; -#line 155 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" - { - YYSETCONDITION(RAW); - phpdbg_init_param(yylval, EMPTY_PARAM); - return T_RUN; -} -#line 180 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'U') goto yy12; + if (yych == 'u') goto yy12; + goto yy3; yy11: YYDEBUG(11, *YYCURSOR); yych = *++YYCURSOR; @@ -184,18 +211,62 @@ yy11: yy12: YYDEBUG(12, *YYCURSOR); yych = *++YYCURSOR; + if (yych == 'N') goto yy14; if (yych == 'n') goto yy14; +yy13: YYDEBUG(13, *YYCURSOR); YYCURSOR = YYMARKER; - goto yy10; + goto yy3; yy14: YYDEBUG(14, *YYCURSOR); yych = *++YYCURSOR; - goto yy10; + if (yybm[0+yych] & 128) { + goto yy15; + } + goto yy13; yy15: YYDEBUG(15, *YYCURSOR); ++YYCURSOR; + YYFILL(1); + yych = *YYCURSOR; YYDEBUG(16, *YYCURSOR); + if (yybm[0+yych] & 128) { + goto yy15; + } + YYDEBUG(17, *YYCURSOR); + yyleng = (size_t) YYCURSOR - (size_t) yytext; +#line 155 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" + { + YYSETCONDITION(RAW); + phpdbg_init_param(yylval, EMPTY_PARAM); + return T_RUN; +} +#line 245 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy18: + YYDEBUG(18, *YYCURSOR); + yych = *++YYCURSOR; + if (yych <= '\f') { + if (yych <= 0x08) goto yy13; + if (yych >= '\v') goto yy13; + } else { + if (yych <= '\r') goto yy19; + if (yych != ' ') goto yy13; + } +yy19: + YYDEBUG(19, *YYCURSOR); + ++YYCURSOR; + YYFILL(1); + yych = *YYCURSOR; + YYDEBUG(20, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy21; + if (yych <= '\n') goto yy19; + } else { + if (yych <= '\r') goto yy19; + if (yych == ' ') goto yy19; + } +yy21: + YYDEBUG(21, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 150 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -203,11 +274,32 @@ yy15: phpdbg_init_param(yylval, EMPTY_PARAM); return T_SHELL; } -#line 207 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy17: - YYDEBUG(17, *YYCURSOR); +#line 278 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy22: + YYDEBUG(22, *YYCURSOR); + yych = *++YYCURSOR; + if (yych <= '\f') { + if (yych <= 0x08) goto yy13; + if (yych >= '\v') goto yy13; + } else { + if (yych <= '\r') goto yy23; + if (yych != ' ') goto yy13; + } +yy23: + YYDEBUG(23, *YYCURSOR); ++YYCURSOR; - YYDEBUG(18, *YYCURSOR); + YYFILL(1); + yych = *YYCURSOR; + YYDEBUG(24, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy25; + if (yych <= '\n') goto yy23; + } else { + if (yych <= '\r') goto yy23; + if (yych == ' ') goto yy23; + } +yy25: + YYDEBUG(25, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 145 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -215,17 +307,22 @@ yy17: phpdbg_init_param(yylval, EMPTY_PARAM); return T_EVAL; } -#line 219 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy19: - YYDEBUG(19, *YYCURSOR); +#line 311 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy26: + YYDEBUG(26, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(20, *YYCURSOR); - if (yybm[0+yych] & 128) { - goto yy19; + YYDEBUG(27, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy28; + if (yych <= '\n') goto yy26; + } else { + if (yych <= '\r') goto yy26; + if (yych == ' ') goto yy26; } - YYDEBUG(21, *YYCURSOR); +yy28: + YYDEBUG(28, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 139 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -233,7 +330,7 @@ yy19: goto restart; } -#line 237 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 334 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" } /* *********************************** */ yyc_NORMAL: @@ -272,71 +369,59 @@ yyc_NORMAL: 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, }; - YYDEBUG(22, *YYCURSOR); + YYDEBUG(29, *YYCURSOR); YYFILL(11); yych = *YYCURSOR; - if (yych <= ':') { - if (yych <= ' ') { - if (yych <= '\n') { - if (yych <= 0x00) goto yy29; - if (yych <= 0x08) goto yy32; - if (yych >= '\n') goto yy27; - } else { - if (yych == '\r') goto yy24; - if (yych <= 0x1F) goto yy32; - } - } else { - if (yych <= '.') { - if (yych == '#') goto yy47; - if (yych <= '-') goto yy32; - goto yy34; - } else { - if (yych <= '/') goto yy32; - if (yych <= '0') goto yy37; - if (yych <= '9') goto yy34; - goto yy49; - } - } - } else { - if (yych <= 'i') { - if (yych <= 'd') { - if (yych == 'Z') goto yy38; - if (yych <= 'c') goto yy32; - goto yy39; - } else { - if (yych <= 'e') goto yy40; - if (yych <= 'f') goto yy41; - if (yych <= 'h') goto yy32; - goto yy30; - } - } else { - if (yych <= 's') { - if (yych <= 'm') goto yy32; - if (yych <= 'n') goto yy42; - if (yych <= 'o') goto yy43; - goto yy32; - } else { - if (yych <= 'x') { - if (yych <= 't') goto yy44; - goto yy32; - } else { - if (yych <= 'y') goto yy45; - if (yych <= 'z') goto yy46; - goto yy32; - } - } - } + YYDEBUG(-1, yych); + switch (yych) { + case 0x00: goto yy36; + case '\t': + case '\r': + case ' ': goto yy31; + case '\n': goto yy34; + case '#': goto yy54; + case '.': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': goto yy41; + case '0': goto yy44; + case ':': goto yy56; + case 'D': + case 'd': goto yy45; + case 'E': + case 'e': goto yy46; + case 'F': + case 'f': goto yy47; + case 'I': + case 'i': goto yy37; + case 'N': + case 'n': goto yy48; + case 'O': + case 'o': goto yy49; + case 'T': + case 't': goto yy50; + case 'Y': + case 'y': goto yy51; + case 'Z': goto yy52; + case 'z': goto yy53; + default: goto yy39; } -yy24: - YYDEBUG(24, *YYCURSOR); +yy31: + YYDEBUG(31, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(25, *YYCURSOR); + YYDEBUG(32, *YYCURSOR); if (yybm[0+yych] & 8) { - goto yy24; + goto yy31; } - YYDEBUG(26, *YYCURSOR); + YYDEBUG(33, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 139 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -344,33 +429,34 @@ yy24: goto restart; } -#line 348 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy27: - YYDEBUG(27, *YYCURSOR); +#line 433 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy34: + YYDEBUG(34, *YYCURSOR); ++YYCURSOR; if (yybm[0+(yych = *YYCURSOR)] & 8) { - goto yy24; + goto yy31; } -yy28: - YYDEBUG(28, *YYCURSOR); +yy35: + YYDEBUG(35, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 68 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return 0; } -#line 362 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy29: - YYDEBUG(29, *YYCURSOR); +#line 447 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy36: + YYDEBUG(36, *YYCURSOR); yych = *++YYCURSOR; - goto yy28; -yy30: - YYDEBUG(30, *YYCURSOR); + goto yy35; +yy37: + YYDEBUG(37, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'f') goto yy94; - goto yy33; -yy31: - YYDEBUG(31, *YYCURSOR); + if (yych == 'F') goto yy105; + if (yych == 'f') goto yy105; + goto yy40; +yy38: + YYDEBUG(38, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 125 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -379,48 +465,48 @@ yy31: yylval->len = yyleng; return T_ID; } -#line 383 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy32: - YYDEBUG(32, *YYCURSOR); +#line 469 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy39: + YYDEBUG(39, *YYCURSOR); yyaccept = 0; YYMARKER = ++YYCURSOR; YYFILL(3); yych = *YYCURSOR; -yy33: - YYDEBUG(33, *YYCURSOR); +yy40: + YYDEBUG(40, *YYCURSOR); if (yybm[0+yych] & 16) { - goto yy32; + goto yy39; } - if (yych <= '9') goto yy31; - goto yy54; -yy34: - YYDEBUG(34, *YYCURSOR); + if (yych <= '9') goto yy38; + goto yy61; +yy41: + YYDEBUG(41, *YYCURSOR); yyaccept = 1; YYMARKER = ++YYCURSOR; YYFILL(3); yych = *YYCURSOR; - YYDEBUG(35, *YYCURSOR); + YYDEBUG(42, *YYCURSOR); if (yybm[0+yych] & 32) { - goto yy34; + goto yy41; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy36; - if (yych <= 0x08) goto yy32; + if (yych <= 0x00) goto yy43; + if (yych <= 0x08) goto yy39; } else { - if (yych != '\r') goto yy32; + if (yych != '\r') goto yy39; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy36; - if (yych <= '"') goto yy32; + if (yych <= ' ') goto yy43; + if (yych <= '"') goto yy39; } else { - if (yych == ':') goto yy54; - goto yy32; + if (yych == ':') goto yy61; + goto yy39; } } -yy36: - YYDEBUG(36, *YYCURSOR); +yy43: + YYDEBUG(43, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 106 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -428,164 +514,168 @@ yy36: yylval->num = atoi(yytext); return T_DIGITS; } -#line 432 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy37: - YYDEBUG(37, *YYCURSOR); +#line 518 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy44: + YYDEBUG(44, *YYCURSOR); yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy34; + goto yy41; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy36; - if (yych <= 0x08) goto yy33; - goto yy36; + if (yych <= 0x00) goto yy43; + if (yych <= 0x08) goto yy40; + goto yy43; } else { - if (yych == '\r') goto yy36; - goto yy33; + if (yych == '\r') goto yy43; + goto yy40; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy36; - if (yych <= '"') goto yy33; - goto yy36; + if (yych <= ' ') goto yy43; + if (yych <= '"') goto yy40; + goto yy43; } else { - if (yych == 'x') goto yy90; - goto yy33; + if (yych == 'x') goto yy101; + goto yy40; } } -yy38: - YYDEBUG(38, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'E') goto yy87; - goto yy33; -yy39: - YYDEBUG(39, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'i') goto yy81; - goto yy33; -yy40: - YYDEBUG(40, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'n') goto yy76; - goto yy33; -yy41: - YYDEBUG(41, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'a') goto yy73; - goto yy33; -yy42: - YYDEBUG(42, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'o') goto yy71; - goto yy33; -yy43: - YYDEBUG(43, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'f') goto yy70; - if (yych == 'n') goto yy66; - goto yy33; -yy44: - YYDEBUG(44, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'r') goto yy68; - goto yy33; yy45: YYDEBUG(45, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy65; - goto yy33; + if (yych == 'I') goto yy95; + if (yych == 'i') goto yy95; + goto yy40; yy46: YYDEBUG(46, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy53; - goto yy33; + if (yych == 'N') goto yy90; + if (yych == 'n') goto yy90; + goto yy40; yy47: YYDEBUG(47, *YYCURSOR); - ++YYCURSOR; + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'A') goto yy87; + if (yych == 'a') goto yy87; + goto yy40; +yy48: YYDEBUG(48, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'O') goto yy83; + if (yych == 'o') goto yy83; + goto yy40; +yy49: + YYDEBUG(49, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= 'N') { + if (yych == 'F') goto yy82; + if (yych <= 'M') goto yy40; + goto yy76; + } else { + if (yych <= 'f') { + if (yych <= 'e') goto yy40; + goto yy82; + } else { + if (yych == 'n') goto yy76; + goto yy40; + } + } +yy50: + YYDEBUG(50, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'R') goto yy80; + if (yych == 'r') goto yy80; + goto yy40; +yy51: + YYDEBUG(51, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'E') goto yy75; + if (yych == 'e') goto yy75; + goto yy40; +yy52: + YYDEBUG(52, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'E') goto yy72; + goto yy40; +yy53: + YYDEBUG(53, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'e') goto yy60; + goto yy40; +yy54: + YYDEBUG(54, *YYCURSOR); + ++YYCURSOR; + YYDEBUG(55, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 84 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return T_POUND; } -#line 523 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy49: - YYDEBUG(49, *YYCURSOR); +#line 625 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy56: + YYDEBUG(56, *YYCURSOR); ++YYCURSOR; - if ((yych = *YYCURSOR) == ':') goto yy51; - YYDEBUG(50, *YYCURSOR); + if ((yych = *YYCURSOR) == ':') goto yy58; + YYDEBUG(57, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 90 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return T_COLON; } -#line 534 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy51: - YYDEBUG(51, *YYCURSOR); +#line 636 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy58: + YYDEBUG(58, *YYCURSOR); ++YYCURSOR; - YYDEBUG(52, *YYCURSOR); + YYDEBUG(59, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 87 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return T_DCOLON; } -#line 544 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy53: - YYDEBUG(53, *YYCURSOR); +#line 646 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy60: + YYDEBUG(60, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'n') goto yy59; - goto yy33; -yy54: - YYDEBUG(54, *YYCURSOR); + if (yych == 'n') goto yy66; + goto yy40; +yy61: + YYDEBUG(61, *YYCURSOR); yych = *++YYCURSOR; - if (yych == '/') goto yy56; -yy55: - YYDEBUG(55, *YYCURSOR); + if (yych == '/') goto yy63; +yy62: + YYDEBUG(62, *YYCURSOR); YYCURSOR = YYMARKER; - if (yyaccept <= 3) { - if (yyaccept <= 1) { - if (yyaccept <= 0) { - goto yy31; - } else { - goto yy36; - } + if (yyaccept <= 1) { + if (yyaccept <= 0) { + goto yy38; } else { - if (yyaccept <= 2) { - goto yy64; - } else { - goto yy67; - } + goto yy43; } } else { - if (yyaccept <= 5) { - if (yyaccept <= 4) { - goto yy72; - } else { - goto yy93; - } + if (yyaccept <= 2) { + goto yy71; } else { - goto yy95; + goto yy104; } } -yy56: - YYDEBUG(56, *YYCURSOR); +yy63: + YYDEBUG(63, *YYCURSOR); yych = *++YYCURSOR; - if (yych != '/') goto yy55; - YYDEBUG(57, *YYCURSOR); + if (yych != '/') goto yy62; + YYDEBUG(64, *YYCURSOR); ++YYCURSOR; - YYDEBUG(58, *YYCURSOR); + YYDEBUG(65, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 78 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -594,52 +684,52 @@ yy56: yylval->len = yyleng; return T_PROTO; } -#line 598 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy59: - YYDEBUG(59, *YYCURSOR); +#line 688 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy66: + YYDEBUG(66, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'd') goto yy33; - YYDEBUG(60, *YYCURSOR); + if (yych != 'd') goto yy40; + YYDEBUG(67, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != '_') goto yy33; -yy61: - YYDEBUG(61, *YYCURSOR); + if (yych != '_') goto yy40; +yy68: + YYDEBUG(68, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy62; + goto yy69; } - goto yy33; -yy62: - YYDEBUG(62, *YYCURSOR); + goto yy40; +yy69: + YYDEBUG(69, *YYCURSOR); yyaccept = 2; YYMARKER = ++YYCURSOR; YYFILL(3); yych = *YYCURSOR; - YYDEBUG(63, *YYCURSOR); + YYDEBUG(70, *YYCURSOR); if (yybm[0+yych] & 64) { - goto yy62; + goto yy69; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy64; - if (yych <= 0x08) goto yy32; + if (yych <= 0x00) goto yy71; + if (yych <= 0x08) goto yy39; } else { - if (yych != '\r') goto yy32; + if (yych != '\r') goto yy39; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy64; - if (yych <= '"') goto yy32; + if (yych <= ' ') goto yy71; + if (yych <= '"') goto yy39; } else { - if (yych == ':') goto yy54; - goto yy32; + if (yych == ':') goto yy61; + goto yy39; } } -yy64: - YYDEBUG(64, *YYCURSOR); +yy71: + YYDEBUG(71, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 118 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -648,32 +738,53 @@ yy64: yylval->len = yyleng; return T_OPCODE; } -#line 652 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy65: - YYDEBUG(65, *YYCURSOR); +#line 742 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy72: + YYDEBUG(72, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != 's') goto yy33; -yy66: - YYDEBUG(66, *YYCURSOR); - yyaccept = 3; + if (yych != 'N') goto yy40; + YYDEBUG(73, *YYCURSOR); + yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych <= '\r') { - if (yych <= 0x08) { - if (yych >= 0x01) goto yy33; - } else { - if (yych <= '\n') goto yy67; - if (yych <= '\f') goto yy33; - } + if (yych != 'D') goto yy40; + YYDEBUG(74, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == '_') goto yy68; + goto yy40; +yy75: + YYDEBUG(75, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'S') goto yy76; + if (yych != 's') goto yy40; +yy76: + YYDEBUG(76, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy40; + if (yych >= '\v') goto yy40; } else { - if (yych <= ' ') { - if (yych <= 0x1F) goto yy33; - } else { - if (yych != '#') goto yy33; - } + if (yych <= '\r') goto yy77; + if (yych != ' ') goto yy40; } -yy67: - YYDEBUG(67, *YYCURSOR); +yy77: + YYDEBUG(77, *YYCURSOR); + ++YYCURSOR; + YYFILL(1); + yych = *YYCURSOR; + YYDEBUG(78, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy79; + if (yych <= '\n') goto yy77; + } else { + if (yych <= '\r') goto yy77; + if (yych == ' ') goto yy77; + } +yy79: + YYDEBUG(79, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 94 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -681,42 +792,52 @@ yy67: yylval->num = 1; return T_TRUTHY; } -#line 685 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy68: - YYDEBUG(68, *YYCURSOR); +#line 796 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy80: + YYDEBUG(80, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'u') goto yy33; - YYDEBUG(69, *YYCURSOR); + if (yych == 'U') goto yy81; + if (yych != 'u') goto yy40; +yy81: + YYDEBUG(81, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy66; - goto yy33; -yy70: - YYDEBUG(70, *YYCURSOR); + if (yych == 'E') goto yy76; + if (yych == 'e') goto yy76; + goto yy40; +yy82: + YYDEBUG(82, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'f') goto yy33; -yy71: - YYDEBUG(71, *YYCURSOR); - yyaccept = 4; + if (yych == 'F') goto yy83; + if (yych != 'f') goto yy40; +yy83: + YYDEBUG(83, *YYCURSOR); + yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych <= '\r') { - if (yych <= 0x08) { - if (yych >= 0x01) goto yy33; - } else { - if (yych <= '\n') goto yy72; - if (yych <= '\f') goto yy33; - } + if (yych <= '\f') { + if (yych <= 0x08) goto yy40; + if (yych >= '\v') goto yy40; } else { - if (yych <= ' ') { - if (yych <= 0x1F) goto yy33; - } else { - if (yych != '#') goto yy33; - } + if (yych <= '\r') goto yy84; + if (yych != ' ') goto yy40; } -yy72: - YYDEBUG(72, *YYCURSOR); +yy84: + YYDEBUG(84, *YYCURSOR); + ++YYCURSOR; + YYFILL(1); + yych = *YYCURSOR; + YYDEBUG(85, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy86; + if (yych <= '\n') goto yy84; + } else { + if (yych <= '\r') goto yy84; + if (yych == ' ') goto yy84; + } +yy86: + YYDEBUG(86, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 100 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -724,119 +845,130 @@ yy72: yylval->num = 0; return T_FALSY; } -#line 728 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy73: - YYDEBUG(73, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'l') goto yy33; - YYDEBUG(74, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 's') goto yy33; - YYDEBUG(75, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy71; - goto yy33; -yy76: - YYDEBUG(76, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'a') goto yy33; - YYDEBUG(77, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'b') goto yy33; - YYDEBUG(78, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'l') goto yy33; - YYDEBUG(79, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'e') goto yy33; - YYDEBUG(80, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'd') goto yy66; - goto yy33; -yy81: - YYDEBUG(81, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 's') goto yy33; - YYDEBUG(82, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'a') goto yy33; - YYDEBUG(83, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'b') goto yy33; - YYDEBUG(84, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'l') goto yy33; - YYDEBUG(85, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'e') goto yy33; - YYDEBUG(86, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'd') goto yy71; - goto yy33; +#line 849 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy87: YYDEBUG(87, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'N') goto yy33; + if (yych == 'L') goto yy88; + if (yych != 'l') goto yy40; +yy88: YYDEBUG(88, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'D') goto yy33; + if (yych == 'S') goto yy89; + if (yych != 's') goto yy40; +yy89: YYDEBUG(89, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '_') goto yy61; - goto yy33; + if (yych == 'E') goto yy83; + if (yych == 'e') goto yy83; + goto yy40; yy90: YYDEBUG(90, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yybm[0+yych] & 128) { - goto yy91; - } - goto yy33; + if (yych == 'A') goto yy91; + if (yych != 'a') goto yy40; yy91: YYDEBUG(91, *YYCURSOR); - yyaccept = 5; + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'B') goto yy92; + if (yych != 'b') goto yy40; +yy92: + YYDEBUG(92, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'L') goto yy93; + if (yych != 'l') goto yy40; +yy93: + YYDEBUG(93, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'E') goto yy94; + if (yych != 'e') goto yy40; +yy94: + YYDEBUG(94, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'D') goto yy76; + if (yych == 'd') goto yy76; + goto yy40; +yy95: + YYDEBUG(95, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'S') goto yy96; + if (yych != 's') goto yy40; +yy96: + YYDEBUG(96, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'A') goto yy97; + if (yych != 'a') goto yy40; +yy97: + YYDEBUG(97, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'B') goto yy98; + if (yych != 'b') goto yy40; +yy98: + YYDEBUG(98, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'L') goto yy99; + if (yych != 'l') goto yy40; +yy99: + YYDEBUG(99, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'E') goto yy100; + if (yych != 'e') goto yy40; +yy100: + YYDEBUG(100, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'D') goto yy83; + if (yych == 'd') goto yy83; + goto yy40; +yy101: + YYDEBUG(101, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 128) { + goto yy102; + } + goto yy40; +yy102: + YYDEBUG(102, *YYCURSOR); + yyaccept = 3; YYMARKER = ++YYCURSOR; YYFILL(3); yych = *YYCURSOR; - YYDEBUG(92, *YYCURSOR); + YYDEBUG(103, *YYCURSOR); if (yybm[0+yych] & 128) { - goto yy91; + goto yy102; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy93; - if (yych <= 0x08) goto yy32; + if (yych <= 0x00) goto yy104; + if (yych <= 0x08) goto yy39; } else { - if (yych != '\r') goto yy32; + if (yych != '\r') goto yy39; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy93; - if (yych <= '"') goto yy32; + if (yych <= ' ') goto yy104; + if (yych <= '"') goto yy39; } else { - if (yych == ':') goto yy54; - goto yy32; + if (yych == ':') goto yy61; + goto yy39; } } -yy93: - YYDEBUG(93, *YYCURSOR); +yy104: + YYDEBUG(104, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 112 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -844,27 +976,33 @@ yy93: yylval->addr = strtoul(yytext, 0, 16); return T_ADDR; } -#line 848 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy94: - YYDEBUG(94, *YYCURSOR); - yyaccept = 6; +#line 980 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy105: + YYDEBUG(105, *YYCURSOR); + yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych <= '\r') { - if (yych <= 0x08) { - if (yych >= 0x01) goto yy33; - } else { - if (yych <= '\n') goto yy95; - if (yych <= '\f') goto yy33; - } + if (yych <= '\f') { + if (yych <= 0x08) goto yy40; + if (yych >= '\v') goto yy40; } else { - if (yych <= ' ') { - if (yych <= 0x1F) goto yy33; - } else { - if (yych != '#') goto yy33; - } + if (yych <= '\r') goto yy106; + if (yych != ' ') goto yy40; } -yy95: - YYDEBUG(95, *YYCURSOR); +yy106: + YYDEBUG(106, *YYCURSOR); + ++YYCURSOR; + YYFILL(1); + yych = *YYCURSOR; + YYDEBUG(107, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy108; + if (yych <= '\n') goto yy106; + } else { + if (yych <= '\r') goto yy106; + if (yych == ' ') goto yy106; + } +yy108: + YYDEBUG(108, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 72 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -872,7 +1010,7 @@ yy95: phpdbg_init_param(yylval, EMPTY_PARAM); return T_IF; } -#line 876 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 1014 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" } /* *********************************** */ yyc_RAW: @@ -911,29 +1049,29 @@ yyc_RAW: 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, }; - YYDEBUG(96, *YYCURSOR); + YYDEBUG(109, *YYCURSOR); YYFILL(2); yych = *YYCURSOR; if (yybm[0+yych] & 32) { - goto yy98; + goto yy111; } - if (yych <= 0x00) goto yy103; - if (yych == '\n') goto yy101; - goto yy104; -yy98: - YYDEBUG(98, *YYCURSOR); + if (yych <= 0x00) goto yy116; + if (yych == '\n') goto yy114; + goto yy117; +yy111: + YYDEBUG(111, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(99, *YYCURSOR); + YYDEBUG(112, *YYCURSOR); if (yybm[0+yych] & 32) { - goto yy98; + goto yy111; } - if (yych <= 0x00) goto yy100; - if (yych == '\n') goto yy106; - goto yy104; -yy100: - YYDEBUG(100, *YYCURSOR); + if (yych <= 0x00) goto yy113; + if (yych == '\n') goto yy119; + goto yy117; +yy113: + YYDEBUG(113, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 132 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -942,45 +1080,45 @@ yy100: yylval->len = yyleng; return T_INPUT; } -#line 946 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy101: - YYDEBUG(101, *YYCURSOR); +#line 1084 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy114: + YYDEBUG(114, *YYCURSOR); ++YYCURSOR; if (yybm[0+(yych = *YYCURSOR)] & 128) { - goto yy106; + goto yy119; } -yy102: - YYDEBUG(102, *YYCURSOR); +yy115: + YYDEBUG(115, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 68 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return 0; } -#line 960 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy103: - YYDEBUG(103, *YYCURSOR); +#line 1098 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy116: + YYDEBUG(116, *YYCURSOR); yych = *++YYCURSOR; - goto yy102; -yy104: - YYDEBUG(104, *YYCURSOR); + goto yy115; +yy117: + YYDEBUG(117, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(105, *YYCURSOR); + YYDEBUG(118, *YYCURSOR); if (yybm[0+yych] & 64) { - goto yy104; + goto yy117; } - goto yy100; -yy106: - YYDEBUG(106, *YYCURSOR); + goto yy113; +yy119: + YYDEBUG(119, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(107, *YYCURSOR); + YYDEBUG(120, *YYCURSOR); if (yybm[0+yych] & 128) { - goto yy106; + goto yy119; } - YYDEBUG(108, *YYCURSOR); + YYDEBUG(121, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 139 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -988,7 +1126,7 @@ yy106: goto restart; } -#line 992 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 1130 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" } } #line 168 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" diff --git a/phpdbg_lexer.l b/phpdbg_lexer.l index 4d9c837f1e4..751db2807c2 100644 --- a/phpdbg_lexer.l +++ b/phpdbg_lexer.l @@ -43,18 +43,18 @@ restart: /*!re2c re2c:yyfill:check = 0; -T_TRUE "true" -T_YES "yes" -T_ON "on" -T_ENABLED "enabled" -T_FALSE "false" -T_NO "no" -T_OFF "off" -T_DISABLED "disabled" -T_EVAL "ev" -T_SHELL "sh" -T_IF "if" -T_RUN "run" +T_TRUE 'true' +T_YES 'yes' +T_ON 'on' +T_ENABLED 'enabled' +T_FALSE 'false' +T_NO 'no' +T_OFF 'off' +T_DISABLED 'disabled' +T_EVAL 'ev' +T_SHELL 'sh' +T_IF 'if' +T_RUN 'run' T_RUN_SHORT "r" WS [ \r\n\t]+ DIGITS [0-9\.]+ @@ -69,7 +69,7 @@ INPUT [^\n\000]+ return 0; } -{T_IF} { +{T_IF}{WS} { YYSETCONDITION(RAW); phpdbg_init_param(yylval, EMPTY_PARAM); return T_IF; @@ -91,13 +91,13 @@ INPUT [^\n\000]+ return T_COLON; } -{T_YES}|{T_ON}|{T_ENABLED}|{T_TRUE} { +({T_YES}|{T_ON}|{T_ENABLED}|{T_TRUE}){WS} { phpdbg_init_param(yylval, NUMERIC_PARAM); yylval->num = 1; return T_TRUTHY; } -{T_NO}|{T_OFF}|{T_DISABLED}|{T_FALSE} { +({T_NO}|{T_OFF}|{T_DISABLED}|{T_FALSE}){WS} { phpdbg_init_param(yylval, NUMERIC_PARAM); yylval->num = 0; return T_FALSY; @@ -142,17 +142,17 @@ INPUT [^\n\000]+ goto restart; } -{T_EVAL} { +{T_EVAL}{WS} { YYSETCONDITION(RAW); phpdbg_init_param(yylval, EMPTY_PARAM); return T_EVAL; } -{T_SHELL} { +{T_SHELL}{WS} { YYSETCONDITION(RAW); phpdbg_init_param(yylval, EMPTY_PARAM); return T_SHELL; } -{T_RUN}|{T_RUN_SHORT} { +({T_RUN}|{T_RUN_SHORT}){WS} { YYSETCONDITION(RAW); phpdbg_init_param(yylval, EMPTY_PARAM); return T_RUN; From 16ae792988c577299ea9a34e11ad798739c2d888 Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Sun, 29 Jun 2014 11:40:48 +0200 Subject: [PATCH 52/67] Fix issue krakjoe/phpdbg#98 break if does not seem to work --- phpdbg_parser.c | 138 ++++++++++++++++++++++++------------------------ phpdbg_parser.y | 12 ++--- 2 files changed, 75 insertions(+), 75 deletions(-) diff --git a/phpdbg_parser.c b/phpdbg_parser.c index f9a3e4d299a..e34c2f48ff4 100644 --- a/phpdbg_parser.c +++ b/phpdbg_parser.c @@ -436,7 +436,7 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 25 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 41 +#define YYLAST 42 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 21 @@ -493,8 +493,8 @@ static const yytype_uint8 yytranslate[] = static const yytype_uint8 yyprhs[] = { 0, 0, 3, 5, 7, 8, 10, 13, 17, 22, - 27, 33, 37, 43, 47, 49, 51, 53, 55, 57, - 59, 61, 64, 67, 70, 72 + 27, 33, 37, 43, 47, 50, 52, 54, 56, 58, + 60, 62, 64, 67, 70, 72 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ @@ -504,9 +504,9 @@ static const yytype_int8 yyrhs[] = 23, 24, -1, 18, 10, 14, -1, 18, 10, 12, 14, -1, 13, 18, 10, 14, -1, 13, 18, 10, 12, 14, -1, 18, 11, 18, -1, 18, 11, 18, - 12, 14, -1, 18, 12, 14, -1, 17, -1, 16, - -1, 15, -1, 7, -1, 8, -1, 14, -1, 18, - -1, 6, 19, -1, 3, 19, -1, 5, 19, -1, + 12, 14, -1, 18, 12, 14, -1, 6, 19, -1, + 17, -1, 16, -1, 15, -1, 7, -1, 8, -1, + 14, -1, 18, -1, 3, 19, -1, 5, 19, -1, 4, -1, 4, 19, -1 }; @@ -514,8 +514,8 @@ static const yytype_int8 yyrhs[] = static const yytype_uint8 yyrline[] = { 0, 66, 66, 67, 68, 72, 73, 77, 82, 87, - 97, 107, 112, 118, 124, 125, 126, 127, 128, 129, - 130, 134, 139, 144, 149, 153 + 97, 107, 112, 118, 124, 129, 130, 131, 132, 133, + 134, 135, 139, 144, 149, 153 }; #endif @@ -552,15 +552,15 @@ static const yytype_uint8 yyr1[] = { 0, 21, 22, 22, 22, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, - 24, 25, 25, 25, 25, 25 + 24, 24, 25, 25, 25, 25 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 1, 1, 0, 1, 2, 3, 4, 4, - 5, 3, 5, 3, 1, 1, 1, 1, 1, 1, - 1, 2, 2, 2, 1, 2 + 5, 3, 5, 3, 2, 1, 1, 1, 1, 1, + 1, 1, 2, 2, 1, 2 }; /* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM. @@ -568,9 +568,9 @@ static const yytype_uint8 yyr2[] = means the default is an error. */ static const yytype_uint8 yydefact[] = { - 4, 0, 24, 0, 0, 17, 18, 0, 19, 16, - 15, 14, 20, 0, 2, 5, 3, 22, 25, 23, - 21, 0, 0, 0, 0, 1, 6, 0, 0, 7, + 4, 0, 24, 0, 0, 18, 19, 0, 20, 17, + 16, 15, 21, 0, 2, 5, 3, 22, 25, 23, + 14, 0, 0, 0, 0, 1, 6, 0, 0, 7, 11, 13, 0, 9, 8, 0, 10, 12 }; @@ -585,16 +585,16 @@ static const yytype_int8 yydefgoto[] = #define YYPACT_NINF -11 static const yytype_int8 yypact[] = { - -3, -10, 10, 11, 12, -11, -11, 14, -11, -11, - -11, -11, -4, 28, 9, -11, -11, -11, -11, -11, - -11, 23, 6, 16, 21, -11, -11, 7, 22, -11, - 25, -11, 24, -11, -11, 26, -11, -11 + -3, -10, 11, 12, 13, -11, -11, 15, -11, -11, + -11, -11, -4, 29, 10, -11, -11, -11, -11, -11, + -11, 24, 7, 17, 22, -11, -11, 8, 23, -11, + 26, -11, 25, -11, -11, 27, -11, -11 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { - -11, -11, -11, 27, -11 + -11, -11, -11, 28, -11 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If @@ -604,10 +604,10 @@ static const yytype_int8 yypgoto[] = static const yytype_uint8 yytable[] = { 1, 2, 3, 4, 5, 6, 22, 23, 24, 17, - 7, 8, 9, 10, 11, 12, 5, 6, 28, 32, - 29, 33, 7, 8, 9, 10, 11, 12, 25, 18, - 19, 20, 21, 27, 30, 31, 34, 35, 36, 0, - 37, 26 + 7, 8, 9, 10, 11, 12, 4, 5, 6, 28, + 32, 29, 33, 7, 8, 9, 10, 11, 12, 25, + 18, 19, 20, 21, 27, 30, 31, 34, 35, 36, + 0, 37, 26 }; #define yypact_value_is_default(yystate) \ @@ -619,10 +619,10 @@ static const yytype_uint8 yytable[] = static const yytype_int8 yycheck[] = { 3, 4, 5, 6, 7, 8, 10, 11, 12, 19, - 13, 14, 15, 16, 17, 18, 7, 8, 12, 12, - 14, 14, 13, 14, 15, 16, 17, 18, 0, 19, - 19, 19, 18, 10, 18, 14, 14, 12, 14, -1, - 14, 14 + 13, 14, 15, 16, 17, 18, 6, 7, 8, 12, + 12, 14, 14, 13, 14, 15, 16, 17, 18, 0, + 19, 19, 19, 18, 10, 18, 14, 14, 12, 14, + -1, 14, 14 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing @@ -1563,48 +1563,6 @@ yyreduce: case 14: /* Line 1802 of yacc.c */ #line 124 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" - { (yyval) = (yyvsp[(1) - (1)]); } - break; - - case 15: -/* Line 1802 of yacc.c */ -#line 125 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" - { (yyval) = (yyvsp[(1) - (1)]); } - break; - - case 16: -/* Line 1802 of yacc.c */ -#line 126 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" - { (yyval) = (yyvsp[(1) - (1)]); } - break; - - case 17: -/* Line 1802 of yacc.c */ -#line 127 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" - { (yyval) = (yyvsp[(1) - (1)]); } - break; - - case 18: -/* Line 1802 of yacc.c */ -#line 128 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" - { (yyval) = (yyvsp[(1) - (1)]); } - break; - - case 19: -/* Line 1802 of yacc.c */ -#line 129 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" - { (yyval) = (yyvsp[(1) - (1)]); } - break; - - case 20: -/* Line 1802 of yacc.c */ -#line 130 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" - { (yyval) = (yyvsp[(1) - (1)]); } - break; - - case 21: -/* Line 1802 of yacc.c */ -#line 134 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" { (yyval).type = COND_PARAM; (yyval).str = (yyvsp[(2) - (2)]).str; @@ -1612,6 +1570,48 @@ yyreduce: } break; + case 15: +/* Line 1802 of yacc.c */ +#line 129 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" + { (yyval) = (yyvsp[(1) - (1)]); } + break; + + case 16: +/* Line 1802 of yacc.c */ +#line 130 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" + { (yyval) = (yyvsp[(1) - (1)]); } + break; + + case 17: +/* Line 1802 of yacc.c */ +#line 131 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" + { (yyval) = (yyvsp[(1) - (1)]); } + break; + + case 18: +/* Line 1802 of yacc.c */ +#line 132 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" + { (yyval) = (yyvsp[(1) - (1)]); } + break; + + case 19: +/* Line 1802 of yacc.c */ +#line 133 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" + { (yyval) = (yyvsp[(1) - (1)]); } + break; + + case 20: +/* Line 1802 of yacc.c */ +#line 134 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" + { (yyval) = (yyvsp[(1) - (1)]); } + break; + + case 21: +/* Line 1802 of yacc.c */ +#line 135 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" + { (yyval) = (yyvsp[(1) - (1)]); } + break; + case 22: /* Line 1802 of yacc.c */ #line 139 "/var/root/php-src/sapi/phpdbg/phpdbg_parser.y" diff --git a/phpdbg_parser.y b/phpdbg_parser.y index fd81edfc29d..702bf78455d 100644 --- a/phpdbg_parser.y +++ b/phpdbg_parser.y @@ -121,6 +121,11 @@ parameter $$.len = $1.len; $$.num = $3.num; } + | T_IF T_INPUT { + $$.type = COND_PARAM; + $$.str = $2.str; + $$.len = $2.len; + } | T_OPCODE { $$ = $1; } | T_ADDR { $$ = $1; } | T_LITERAL { $$ = $1; } @@ -131,12 +136,7 @@ parameter ; full_expression - : T_IF T_INPUT { - $$.type = COND_PARAM; - $$.str = $2.str; - $$.len = $2.len; - } - | T_EVAL T_INPUT { + : T_EVAL T_INPUT { $$.type = EVAL_PARAM; $$.str = $2.str; $$.len = $2.len; From d29842532397233a0a9419962426965063ad376d Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Sun, 29 Jun 2014 11:55:42 +0200 Subject: [PATCH 53/67] Inform about back command existence in help - Fixes krakjoe/phpdbg#100 No way to list the current stack/frames --- phpdbg_help.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpdbg_help.c b/phpdbg_help.c index 9af6c1532d5..1e58dc69cad 100644 --- a/phpdbg_help.c +++ b/phpdbg_help.c @@ -318,8 +318,9 @@ phpdbg_help_text_t phpdbg_help_text[] = { "**Information**" CR " **list** list PHP source" CR " **info** displays information on the debug session" CR -" **print** show opcodes " CR +" **print** show opcodes" CR " **frame** select a stack frame and print a stack frame summary" CR +" **back** shows the current backtrace" CR " **help** provide help on a topic" CR CR "**Starting and Stopping Execution**" CR From 959a006d6149b60278cd76a5289a6ecda925ed03 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Sun, 29 Jun 2014 18:00:31 +0800 Subject: [PATCH 54/67] Fixed test --- ext/intl/tests/dateformat_localtime.phpt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/intl/tests/dateformat_localtime.phpt b/ext/intl/tests/dateformat_localtime.phpt index 79f297db74c..4d185c232dd 100644 --- a/ext/intl/tests/dateformat_localtime.phpt +++ b/ext/intl/tests/dateformat_localtime.phpt @@ -3,6 +3,8 @@ datefmt_localtime_code() icu <= 4.2 --SKIPIF-- +--INI-- +date.timezone=UTC --FILE-- Date: Sun, 29 Jun 2014 12:18:39 +0200 Subject: [PATCH 55/67] Fix issue krakjoe/phpdbg#97 - list now appends a newline if there is none The prompt should always ensure it is on a newline --- phpdbg_list.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/phpdbg_list.c b/phpdbg_list.c index 037c6c38b2a..c7452222243 100644 --- a/phpdbg_list.c +++ b/phpdbg_list.c @@ -130,7 +130,7 @@ void phpdbg_list_file(const char *filename, long count, long offset, int highlig char *opened = NULL; char buffer[8096] = {0,}; long line = 0; - + php_stream *stream = NULL; if (VCWD_STAT(filename, &st) == FAILURE) { @@ -146,6 +146,8 @@ void phpdbg_list_file(const char *filename, long count, long offset, int highlig } while (php_stream_gets(stream, buffer, sizeof(buffer)) != NULL) { + long linelen = strlen(buffer); + ++line; if (!offset || offset <= line) { @@ -159,9 +161,13 @@ void phpdbg_list_file(const char *filename, long count, long offset, int highlig phpdbg_write(">%05ld: %s", line, buffer); } } + + if (buffer[linelen - 1] != '\n') { + phpdbg_write("\n"); + } } - - if ((count + (offset-1)) == line) + + if ((count + (offset - 1)) == line) break; } From 58c69746e585312f73163d749bd5613cd21c9a1b Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Sun, 29 Jun 2014 12:43:51 +0200 Subject: [PATCH 56/67] Fixed issue krakjoe/phpdbg#94 - List behavior is inconsistent --- phpdbg_lexer.c | 539 +++++++++++++++++++++++++------------------------ phpdbg_lexer.l | 2 +- phpdbg_list.c | 13 +- 3 files changed, 284 insertions(+), 270 deletions(-) diff --git a/phpdbg_lexer.c b/phpdbg_lexer.c index 2643dfa62b2..3092dc396dd 100644 --- a/phpdbg_lexer.c +++ b/phpdbg_lexer.c @@ -379,7 +379,8 @@ yyc_NORMAL: case '\r': case ' ': goto yy31; case '\n': goto yy34; - case '#': goto yy54; + case '#': goto yy55; + case '-': goto yy41; case '.': case '1': case '2': @@ -389,27 +390,27 @@ yyc_NORMAL: case '6': case '7': case '8': - case '9': goto yy41; - case '0': goto yy44; - case ':': goto yy56; + case '9': goto yy42; + case '0': goto yy45; + case ':': goto yy57; case 'D': - case 'd': goto yy45; + case 'd': goto yy46; case 'E': - case 'e': goto yy46; + case 'e': goto yy47; case 'F': - case 'f': goto yy47; + case 'f': goto yy48; case 'I': case 'i': goto yy37; case 'N': - case 'n': goto yy48; + case 'n': goto yy49; case 'O': - case 'o': goto yy49; + case 'o': goto yy50; case 'T': - case 't': goto yy50; + case 't': goto yy51; case 'Y': - case 'y': goto yy51; - case 'Z': goto yy52; - case 'z': goto yy53; + case 'y': goto yy52; + case 'Z': goto yy53; + case 'z': goto yy54; default: goto yy39; } yy31: @@ -429,7 +430,7 @@ yy31: goto restart; } -#line 433 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 434 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy34: YYDEBUG(34, *YYCURSOR); ++YYCURSOR; @@ -443,7 +444,7 @@ yy35: { return 0; } -#line 447 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 448 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy36: YYDEBUG(36, *YYCURSOR); yych = *++YYCURSOR; @@ -452,8 +453,8 @@ yy37: YYDEBUG(37, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'F') goto yy105; - if (yych == 'f') goto yy105; + if (yych == 'F') goto yy106; + if (yych == 'f') goto yy106; goto yy40; yy38: YYDEBUG(38, *YYCURSOR); @@ -465,7 +466,7 @@ yy38: yylval->len = yyleng; return T_ID; } -#line 469 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 470 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy39: YYDEBUG(39, *YYCURSOR); yyaccept = 0; @@ -478,35 +479,43 @@ yy40: goto yy39; } if (yych <= '9') goto yy38; - goto yy61; + goto yy62; yy41: YYDEBUG(41, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 32) { + goto yy42; + } + goto yy40; +yy42: + YYDEBUG(42, *YYCURSOR); yyaccept = 1; YYMARKER = ++YYCURSOR; YYFILL(3); yych = *YYCURSOR; - YYDEBUG(42, *YYCURSOR); + YYDEBUG(43, *YYCURSOR); if (yybm[0+yych] & 32) { - goto yy41; + goto yy42; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy43; + if (yych <= 0x00) goto yy44; if (yych <= 0x08) goto yy39; } else { if (yych != '\r') goto yy39; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy43; + if (yych <= ' ') goto yy44; if (yych <= '"') goto yy39; } else { - if (yych == ':') goto yy61; + if (yych == ':') goto yy62; goto yy39; } } -yy43: - YYDEBUG(43, *YYCURSOR); +yy44: + YYDEBUG(44, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 106 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -514,168 +523,168 @@ yy43: yylval->num = atoi(yytext); return T_DIGITS; } -#line 518 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy44: - YYDEBUG(44, *YYCURSOR); +#line 527 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy45: + YYDEBUG(45, *YYCURSOR); yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy41; + goto yy42; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy43; + if (yych <= 0x00) goto yy44; if (yych <= 0x08) goto yy40; - goto yy43; + goto yy44; } else { - if (yych == '\r') goto yy43; + if (yych == '\r') goto yy44; goto yy40; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy43; + if (yych <= ' ') goto yy44; if (yych <= '"') goto yy40; - goto yy43; + goto yy44; } else { - if (yych == 'x') goto yy101; + if (yych == 'x') goto yy102; goto yy40; } } -yy45: - YYDEBUG(45, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'I') goto yy95; - if (yych == 'i') goto yy95; - goto yy40; yy46: YYDEBUG(46, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'N') goto yy90; - if (yych == 'n') goto yy90; + if (yych == 'I') goto yy96; + if (yych == 'i') goto yy96; goto yy40; yy47: YYDEBUG(47, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'A') goto yy87; - if (yych == 'a') goto yy87; + if (yych == 'N') goto yy91; + if (yych == 'n') goto yy91; goto yy40; yy48: YYDEBUG(48, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'O') goto yy83; - if (yych == 'o') goto yy83; + if (yych == 'A') goto yy88; + if (yych == 'a') goto yy88; goto yy40; yy49: YYDEBUG(49, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych <= 'N') { - if (yych == 'F') goto yy82; - if (yych <= 'M') goto yy40; - goto yy76; - } else { - if (yych <= 'f') { - if (yych <= 'e') goto yy40; - goto yy82; - } else { - if (yych == 'n') goto yy76; - goto yy40; - } - } + if (yych == 'O') goto yy84; + if (yych == 'o') goto yy84; + goto yy40; yy50: YYDEBUG(50, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'R') goto yy80; - if (yych == 'r') goto yy80; - goto yy40; + if (yych <= 'N') { + if (yych == 'F') goto yy83; + if (yych <= 'M') goto yy40; + goto yy77; + } else { + if (yych <= 'f') { + if (yych <= 'e') goto yy40; + goto yy83; + } else { + if (yych == 'n') goto yy77; + goto yy40; + } + } yy51: YYDEBUG(51, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'E') goto yy75; - if (yych == 'e') goto yy75; + if (yych == 'R') goto yy81; + if (yych == 'r') goto yy81; goto yy40; yy52: YYDEBUG(52, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'E') goto yy72; + if (yych == 'E') goto yy76; + if (yych == 'e') goto yy76; goto yy40; yy53: YYDEBUG(53, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy60; + if (yych == 'E') goto yy73; goto yy40; yy54: YYDEBUG(54, *YYCURSOR); - ++YYCURSOR; + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'e') goto yy61; + goto yy40; +yy55: YYDEBUG(55, *YYCURSOR); + ++YYCURSOR; + YYDEBUG(56, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 84 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return T_POUND; } -#line 625 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy56: - YYDEBUG(56, *YYCURSOR); - ++YYCURSOR; - if ((yych = *YYCURSOR) == ':') goto yy58; +#line 634 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy57: YYDEBUG(57, *YYCURSOR); + ++YYCURSOR; + if ((yych = *YYCURSOR) == ':') goto yy59; + YYDEBUG(58, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 90 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return T_COLON; } -#line 636 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy58: - YYDEBUG(58, *YYCURSOR); - ++YYCURSOR; +#line 645 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy59: YYDEBUG(59, *YYCURSOR); + ++YYCURSOR; + YYDEBUG(60, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 87 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return T_DCOLON; } -#line 646 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy60: - YYDEBUG(60, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'n') goto yy66; - goto yy40; +#line 655 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy61: YYDEBUG(61, *YYCURSOR); - yych = *++YYCURSOR; - if (yych == '/') goto yy63; + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'n') goto yy67; + goto yy40; yy62: YYDEBUG(62, *YYCURSOR); + yych = *++YYCURSOR; + if (yych == '/') goto yy64; +yy63: + YYDEBUG(63, *YYCURSOR); YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept <= 0) { goto yy38; } else { - goto yy43; + goto yy44; } } else { if (yyaccept <= 2) { - goto yy71; + goto yy72; } else { - goto yy104; + goto yy105; } } -yy63: - YYDEBUG(63, *YYCURSOR); - yych = *++YYCURSOR; - if (yych != '/') goto yy62; +yy64: YYDEBUG(64, *YYCURSOR); - ++YYCURSOR; + yych = *++YYCURSOR; + if (yych != '/') goto yy63; YYDEBUG(65, *YYCURSOR); + ++YYCURSOR; + YYDEBUG(66, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 78 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -684,52 +693,52 @@ yy63: yylval->len = yyleng; return T_PROTO; } -#line 688 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy66: - YYDEBUG(66, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'd') goto yy40; +#line 697 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy67: YYDEBUG(67, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != '_') goto yy40; -yy68: + if (yych != 'd') goto yy40; YYDEBUG(68, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yybm[0+yych] & 64) { - goto yy69; - } - goto yy40; + if (yych != '_') goto yy40; yy69: YYDEBUG(69, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 64) { + goto yy70; + } + goto yy40; +yy70: + YYDEBUG(70, *YYCURSOR); yyaccept = 2; YYMARKER = ++YYCURSOR; YYFILL(3); yych = *YYCURSOR; - YYDEBUG(70, *YYCURSOR); + YYDEBUG(71, *YYCURSOR); if (yybm[0+yych] & 64) { - goto yy69; + goto yy70; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy71; + if (yych <= 0x00) goto yy72; if (yych <= 0x08) goto yy39; } else { if (yych != '\r') goto yy39; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy71; + if (yych <= ' ') goto yy72; if (yych <= '"') goto yy39; } else { - if (yych == ':') goto yy61; + if (yych == ':') goto yy62; goto yy39; } } -yy71: - YYDEBUG(71, *YYCURSOR); +yy72: + YYDEBUG(72, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 118 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -738,53 +747,53 @@ yy71: yylval->len = yyleng; return T_OPCODE; } -#line 742 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy72: - YYDEBUG(72, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'N') goto yy40; +#line 751 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy73: YYDEBUG(73, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych != 'D') goto yy40; + if (yych != 'N') goto yy40; YYDEBUG(74, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '_') goto yy68; - goto yy40; -yy75: + if (yych != 'D') goto yy40; YYDEBUG(75, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'S') goto yy76; - if (yych != 's') goto yy40; + if (yych == '_') goto yy69; + goto yy40; yy76: YYDEBUG(76, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'S') goto yy77; + if (yych != 's') goto yy40; +yy77: + YYDEBUG(77, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\f') { if (yych <= 0x08) goto yy40; if (yych >= '\v') goto yy40; } else { - if (yych <= '\r') goto yy77; + if (yych <= '\r') goto yy78; if (yych != ' ') goto yy40; } -yy77: - YYDEBUG(77, *YYCURSOR); +yy78: + YYDEBUG(78, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(78, *YYCURSOR); - if (yych <= '\f') { - if (yych <= 0x08) goto yy79; - if (yych <= '\n') goto yy77; - } else { - if (yych <= '\r') goto yy77; - if (yych == ' ') goto yy77; - } -yy79: YYDEBUG(79, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy80; + if (yych <= '\n') goto yy78; + } else { + if (yych <= '\r') goto yy78; + if (yych == ' ') goto yy78; + } +yy80: + YYDEBUG(80, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 94 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -792,52 +801,52 @@ yy79: yylval->num = 1; return T_TRUTHY; } -#line 796 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy80: - YYDEBUG(80, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'U') goto yy81; - if (yych != 'u') goto yy40; +#line 805 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy81: YYDEBUG(81, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'E') goto yy76; - if (yych == 'e') goto yy76; - goto yy40; + if (yych == 'U') goto yy82; + if (yych != 'u') goto yy40; yy82: YYDEBUG(82, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'F') goto yy83; - if (yych != 'f') goto yy40; + if (yych == 'E') goto yy77; + if (yych == 'e') goto yy77; + goto yy40; yy83: YYDEBUG(83, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'F') goto yy84; + if (yych != 'f') goto yy40; +yy84: + YYDEBUG(84, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\f') { if (yych <= 0x08) goto yy40; if (yych >= '\v') goto yy40; } else { - if (yych <= '\r') goto yy84; + if (yych <= '\r') goto yy85; if (yych != ' ') goto yy40; } -yy84: - YYDEBUG(84, *YYCURSOR); +yy85: + YYDEBUG(85, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(85, *YYCURSOR); - if (yych <= '\f') { - if (yych <= 0x08) goto yy86; - if (yych <= '\n') goto yy84; - } else { - if (yych <= '\r') goto yy84; - if (yych == ' ') goto yy84; - } -yy86: YYDEBUG(86, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy87; + if (yych <= '\n') goto yy85; + } else { + if (yych <= '\r') goto yy85; + if (yych == ' ') goto yy85; + } +yy87: + YYDEBUG(87, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 100 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -845,130 +854,130 @@ yy86: yylval->num = 0; return T_FALSY; } -#line 849 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy87: - YYDEBUG(87, *YYCURSOR); - yyaccept = 0; - yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'L') goto yy88; - if (yych != 'l') goto yy40; +#line 858 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy88: YYDEBUG(88, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'S') goto yy89; - if (yych != 's') goto yy40; + if (yych == 'L') goto yy89; + if (yych != 'l') goto yy40; yy89: YYDEBUG(89, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'E') goto yy83; - if (yych == 'e') goto yy83; - goto yy40; + if (yych == 'S') goto yy90; + if (yych != 's') goto yy40; yy90: YYDEBUG(90, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'A') goto yy91; - if (yych != 'a') goto yy40; + if (yych == 'E') goto yy84; + if (yych == 'e') goto yy84; + goto yy40; yy91: YYDEBUG(91, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'B') goto yy92; - if (yych != 'b') goto yy40; + if (yych == 'A') goto yy92; + if (yych != 'a') goto yy40; yy92: YYDEBUG(92, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'L') goto yy93; - if (yych != 'l') goto yy40; + if (yych == 'B') goto yy93; + if (yych != 'b') goto yy40; yy93: YYDEBUG(93, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'E') goto yy94; - if (yych != 'e') goto yy40; + if (yych == 'L') goto yy94; + if (yych != 'l') goto yy40; yy94: YYDEBUG(94, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'D') goto yy76; - if (yych == 'd') goto yy76; - goto yy40; + if (yych == 'E') goto yy95; + if (yych != 'e') goto yy40; yy95: YYDEBUG(95, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'S') goto yy96; - if (yych != 's') goto yy40; + if (yych == 'D') goto yy77; + if (yych == 'd') goto yy77; + goto yy40; yy96: YYDEBUG(96, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'A') goto yy97; - if (yych != 'a') goto yy40; + if (yych == 'S') goto yy97; + if (yych != 's') goto yy40; yy97: YYDEBUG(97, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'B') goto yy98; - if (yych != 'b') goto yy40; + if (yych == 'A') goto yy98; + if (yych != 'a') goto yy40; yy98: YYDEBUG(98, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'L') goto yy99; - if (yych != 'l') goto yy40; + if (yych == 'B') goto yy99; + if (yych != 'b') goto yy40; yy99: YYDEBUG(99, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'E') goto yy100; - if (yych != 'e') goto yy40; + if (yych == 'L') goto yy100; + if (yych != 'l') goto yy40; yy100: YYDEBUG(100, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'D') goto yy83; - if (yych == 'd') goto yy83; - goto yy40; + if (yych == 'E') goto yy101; + if (yych != 'e') goto yy40; yy101: YYDEBUG(101, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yybm[0+yych] & 128) { - goto yy102; - } + if (yych == 'D') goto yy84; + if (yych == 'd') goto yy84; goto yy40; yy102: YYDEBUG(102, *YYCURSOR); + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 128) { + goto yy103; + } + goto yy40; +yy103: + YYDEBUG(103, *YYCURSOR); yyaccept = 3; YYMARKER = ++YYCURSOR; YYFILL(3); yych = *YYCURSOR; - YYDEBUG(103, *YYCURSOR); + YYDEBUG(104, *YYCURSOR); if (yybm[0+yych] & 128) { - goto yy102; + goto yy103; } if (yych <= 0x1F) { if (yych <= '\n') { - if (yych <= 0x00) goto yy104; + if (yych <= 0x00) goto yy105; if (yych <= 0x08) goto yy39; } else { if (yych != '\r') goto yy39; } } else { if (yych <= '#') { - if (yych <= ' ') goto yy104; + if (yych <= ' ') goto yy105; if (yych <= '"') goto yy39; } else { - if (yych == ':') goto yy61; + if (yych == ':') goto yy62; goto yy39; } } -yy104: - YYDEBUG(104, *YYCURSOR); +yy105: + YYDEBUG(105, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 112 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -976,33 +985,33 @@ yy104: yylval->addr = strtoul(yytext, 0, 16); return T_ADDR; } -#line 980 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy105: - YYDEBUG(105, *YYCURSOR); +#line 989 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +yy106: + YYDEBUG(106, *YYCURSOR); yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\f') { if (yych <= 0x08) goto yy40; if (yych >= '\v') goto yy40; } else { - if (yych <= '\r') goto yy106; + if (yych <= '\r') goto yy107; if (yych != ' ') goto yy40; } -yy106: - YYDEBUG(106, *YYCURSOR); +yy107: + YYDEBUG(107, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(107, *YYCURSOR); - if (yych <= '\f') { - if (yych <= 0x08) goto yy108; - if (yych <= '\n') goto yy106; - } else { - if (yych <= '\r') goto yy106; - if (yych == ' ') goto yy106; - } -yy108: YYDEBUG(108, *YYCURSOR); + if (yych <= '\f') { + if (yych <= 0x08) goto yy109; + if (yych <= '\n') goto yy107; + } else { + if (yych <= '\r') goto yy107; + if (yych == ' ') goto yy107; + } +yy109: + YYDEBUG(109, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 72 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -1010,7 +1019,7 @@ yy108: phpdbg_init_param(yylval, EMPTY_PARAM); return T_IF; } -#line 1014 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 1023 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" } /* *********************************** */ yyc_RAW: @@ -1049,29 +1058,29 @@ yyc_RAW: 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, }; - YYDEBUG(109, *YYCURSOR); + YYDEBUG(110, *YYCURSOR); YYFILL(2); yych = *YYCURSOR; if (yybm[0+yych] & 32) { - goto yy111; + goto yy112; } - if (yych <= 0x00) goto yy116; - if (yych == '\n') goto yy114; - goto yy117; -yy111: - YYDEBUG(111, *YYCURSOR); + if (yych <= 0x00) goto yy117; + if (yych == '\n') goto yy115; + goto yy118; +yy112: + YYDEBUG(112, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(112, *YYCURSOR); - if (yybm[0+yych] & 32) { - goto yy111; - } - if (yych <= 0x00) goto yy113; - if (yych == '\n') goto yy119; - goto yy117; -yy113: YYDEBUG(113, *YYCURSOR); + if (yybm[0+yych] & 32) { + goto yy112; + } + if (yych <= 0x00) goto yy114; + if (yych == '\n') goto yy120; + goto yy118; +yy114: + YYDEBUG(114, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 132 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -1080,45 +1089,45 @@ yy113: yylval->len = yyleng; return T_INPUT; } -#line 1084 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy114: - YYDEBUG(114, *YYCURSOR); - ++YYCURSOR; - if (yybm[0+(yych = *YYCURSOR)] & 128) { - goto yy119; - } +#line 1093 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy115: YYDEBUG(115, *YYCURSOR); + ++YYCURSOR; + if (yybm[0+(yych = *YYCURSOR)] & 128) { + goto yy120; + } +yy116: + YYDEBUG(116, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 68 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { return 0; } -#line 1098 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" -yy116: - YYDEBUG(116, *YYCURSOR); - yych = *++YYCURSOR; - goto yy115; +#line 1107 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" yy117: YYDEBUG(117, *YYCURSOR); - ++YYCURSOR; - YYFILL(1); - yych = *YYCURSOR; + yych = *++YYCURSOR; + goto yy116; +yy118: YYDEBUG(118, *YYCURSOR); - if (yybm[0+yych] & 64) { - goto yy117; - } - goto yy113; -yy119: - YYDEBUG(119, *YYCURSOR); ++YYCURSOR; YYFILL(1); yych = *YYCURSOR; - YYDEBUG(120, *YYCURSOR); - if (yybm[0+yych] & 128) { - goto yy119; + YYDEBUG(119, *YYCURSOR); + if (yybm[0+yych] & 64) { + goto yy118; } + goto yy114; +yy120: + YYDEBUG(120, *YYCURSOR); + ++YYCURSOR; + YYFILL(1); + yych = *YYCURSOR; YYDEBUG(121, *YYCURSOR); + if (yybm[0+yych] & 128) { + goto yy120; + } + YYDEBUG(122, *YYCURSOR); yyleng = (size_t) YYCURSOR - (size_t) yytext; #line 139 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" { @@ -1126,7 +1135,7 @@ yy119: goto restart; } -#line 1130 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" +#line 1139 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.c" } } #line 168 "/var/root/php-src/sapi/phpdbg/phpdbg_lexer.l" diff --git a/phpdbg_lexer.l b/phpdbg_lexer.l index 751db2807c2..7b3ce38c472 100644 --- a/phpdbg_lexer.l +++ b/phpdbg_lexer.l @@ -57,7 +57,7 @@ T_IF 'if' T_RUN 'run' T_RUN_SHORT "r" WS [ \r\n\t]+ -DIGITS [0-9\.]+ +DIGITS [-]?[0-9\.]+ ID [^ \r\n\t:#\000]+ ADDR [0][x][a-fA-F0-9]+ OPCODE (ZEND_|zend_)([A-Za-z])+ diff --git a/phpdbg_list.c b/phpdbg_list.c index c7452222243..e8db4e605c7 100644 --- a/phpdbg_list.c +++ b/phpdbg_list.c @@ -137,7 +137,7 @@ void phpdbg_list_file(const char *filename, long count, long offset, int highlig phpdbg_error("Failed to stat file %s", filename); return; } - + stream = php_stream_open_wrapper(filename, "rb", USE_PATH, &opened); if (!stream) { @@ -145,13 +145,17 @@ void phpdbg_list_file(const char *filename, long count, long offset, int highlig return; } + if (offset < 0) { + count += offset; + offset = 0; + } + while (php_stream_gets(stream, buffer, sizeof(buffer)) != NULL) { long linelen = strlen(buffer); ++line; - if (!offset || offset <= line) { - /* Without offset, or offset reached */ + if (offset <= line) { if (!highlight) { phpdbg_write("%05ld: %s", line, buffer); } else { @@ -167,8 +171,9 @@ void phpdbg_list_file(const char *filename, long count, long offset, int highlig } } - if ((count + (offset - 1)) == line) + if (count > 0 && count + offset - 1 < line) { break; + } } php_stream_close(stream); From b1e32a4f7a6c2351a2006c2c1b9085336ba513e4 Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Sun, 29 Jun 2014 12:54:33 +0200 Subject: [PATCH 57/67] Updated NEWS file for recent phpdbg fixes --- NEWS | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS b/NEWS index 0fdf0555d83..3a18ff3c613 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,14 @@ PHP NEWS - phpdbg: . Fix Bug #67499 (readline feature not enabled when build with libedit). (Remi) + . Fix issue krakjoe/phpdbg#94 (List behavior is inconsistent). (Bob) + . Fix issue krakjoe/phpdbg#97 (The prompt should always ensure it is on a + newline). (Bob) + . Fix issue krakjoe/phpdbg#98 (break if does not seem to work). (Bob) + . Fix issue krakjoe/phpdbg#99 (register function has the same behavior as + run). (Bob) + . Fix issue krakjoe/phpdbg#100 (No way to list the current stack/frames) + (Help entry was missing). (Bob) 19 Jun 2014, PHP 5.6.0 Release Candidate 1 From 19e5852ad8dd38480f008e82ae2dbbdd9e0ac11c Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 01:02:22 +0200 Subject: [PATCH 58/67] adding NEWS entry for the fix for bug #65641 --- NEWS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS b/NEWS index 3a18ff3c613..0b9c2635055 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ PHP NEWS - FPM: . Fix bug #67530 (error_log=syslog ignored). (Remi) . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) + . Fix bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when + using Apache). (David Zuelke) - phpdbg: . Fix Bug #67499 (readline feature not enabled when build with libedit). (Remi) From a7d1656b96ad33ab31309fc505692793d4b4731f Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 01:30:36 +0200 Subject: [PATCH 59/67] Fix bug #67091: make install fails to install libphp5.so on FreeBSD 10.0 Simplest fix is to remove the specific checks for freebsd1* as it also matches freebsd10, and nobody should be using >=PHP 5.4 with freebsd 1.x(if it is even possible to make it to compile there). --- NEWS | 2 ++ build/libtool.m4 | 8 -------- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index 7463305219d..ef4b3de1f6d 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ PHP NEWS code). (Adam) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) + . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). + (Ferenc) - CLI server: . Implemented FR #67429 (CLI server is missing some new HTTP response codes). diff --git a/build/libtool.m4 b/build/libtool.m4 index 77735d36b3e..3d52d1a375c 100644 --- a/build/libtool.m4 +++ b/build/libtool.m4 @@ -1532,10 +1532,6 @@ dgux*) shlibpath_var=LD_LIBRARY_PATH ;; -freebsd1*) - dynamic_linker=no - ;; - freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. @@ -5842,10 +5838,6 @@ _LT_EOF _LT_AC_TAGVAR(hardcode_shlibpath_var, $1)=no ;; - freebsd1*) - _LT_AC_TAGVAR(ld_shlibs, $1)=no - ;; - # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little From 12885ef48902dcc622eafd771db1f3cc41cbbe6d Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 01:34:29 +0200 Subject: [PATCH 60/67] NEWS --- NEWS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS b/NEWS index 27dfca41f72..cb1e712e1d6 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ PHP NEWS code). (Adam) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) + . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). + (Ferenc) - CLI server: . Implemented FR #67429 (CLI server is missing some new HTTP response codes). From e7c88637c2e4a74617b1721ca6f199b7c224789d Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 01:35:02 +0200 Subject: [PATCH 61/67] NEWS --- NEWS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS b/NEWS index 0b9c2635055..c6cb68de1ae 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ PHP NEWS constant). (Laruence) . Fixed bug #67468 (Segfault in highlight_file()/highlight_string()). (Andreas Ferber) + . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). + (Ferenc) - FPM: . Fix bug #67530 (error_log=syslog ignored). (Remi) From 6d8d5e9310831c8ebf001dd8d67fc1a6341bde88 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 02:32:06 +0200 Subject: [PATCH 62/67] fix the last fpm NEWS entry, the other bug is related, but not the same what we fixed here --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index c6cb68de1ae..0fc51ca7b4c 100644 --- a/NEWS +++ b/NEWS @@ -13,8 +13,8 @@ PHP NEWS - FPM: . Fix bug #67530 (error_log=syslog ignored). (Remi) . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) - . Fix bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when - using Apache). (David Zuelke) + . Fix bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi:// + incompatibilities). (David Zuelke) - phpdbg: . Fix Bug #67499 (readline feature not enabled when build with libedit). (Remi) From 803cfe32e657c3c3f3776f1470fd598f5e6a107a Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 12:30:24 +0200 Subject: [PATCH 63/67] --enable-fpm for the travis build --- travis/compile.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/travis/compile.sh b/travis/compile.sh index 899fb5a3351..cc8b03be867 100755 --- a/travis/compile.sh +++ b/travis/compile.sh @@ -13,6 +13,7 @@ fi ./configure --quiet \ $DEBUG \ $TS \ +--enable-fpm \ --with-pdo-mysql=mysqlnd \ --with-mysql=mysqlnd \ --with-mysqli=mysqlnd \ From 9c8b42960dbf51a2a0d863d22a5a4c344528f93d Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 18:37:23 +0200 Subject: [PATCH 64/67] Revert "Fix Bug #67530 error_log=syslog ignored" This reverts commit a0ecb3794f00e65cd2a073b2073e32d6c2fb7180. --- sapi/fpm/fpm/fpm_stdio.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c index 769d3a6338c..d81e10150db 100644 --- a/sapi/fpm/fpm/fpm_stdio.c +++ b/sapi/fpm/fpm/fpm_stdio.c @@ -268,11 +268,7 @@ int fpm_stdio_open_error_log(int reopen) /* {{{ */ if (!strcasecmp(fpm_global_config.error_log, "syslog")) { openlog(fpm_global_config.syslog_ident, LOG_PID | LOG_CONS, fpm_global_config.syslog_facility); fpm_globals.error_log_fd = ZLOG_SYSLOG; -#if HAVE_UNISTD_H - if (fpm_global_config.daemonize || (!isatty(STDERR_FILENO) && !fpm_globals.force_stderr)) { -#else if (fpm_global_config.daemonize) { -#endif zlog_set_fd(fpm_globals.error_log_fd); } return 0; From 48df4464eae716dfe42403c94989ecd3104f21c5 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 18:37:56 +0200 Subject: [PATCH 65/67] remove the NEWS entry for the reverted fpm fix --- NEWS | 1 - 1 file changed, 1 deletion(-) diff --git a/NEWS b/NEWS index ef4b3de1f6d..89edf0c32c2 100644 --- a/NEWS +++ b/NEWS @@ -15,7 +15,6 @@ PHP NEWS (Adam) - FPM: - . Fix bug #67530 (error_log=syslog ignored). (Remi) . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) - Streams: From e5fdb5b3f02fcb61efa5aa7d6e5ccd15838470a2 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 18:38:31 +0200 Subject: [PATCH 66/67] remove the NEWS entry for the reverted fpm fix --- NEWS | 1 - 1 file changed, 1 deletion(-) diff --git a/NEWS b/NEWS index cb1e712e1d6..2deb0e295b7 100644 --- a/NEWS +++ b/NEWS @@ -15,7 +15,6 @@ PHP NEWS (Adam) - FPM: - . Fix bug #67530 (error_log=syslog ignored). (Remi) . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) - Streams: From 023d53fea5109aef3a1fc9ec7864b02ea1ec054c Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Mon, 30 Jun 2014 18:39:06 +0200 Subject: [PATCH 67/67] remove the NEWS entry for the reverted fpm fix --- NEWS | 1 - 1 file changed, 1 deletion(-) diff --git a/NEWS b/NEWS index 0fc51ca7b4c..2321470043a 100644 --- a/NEWS +++ b/NEWS @@ -11,7 +11,6 @@ PHP NEWS (Ferenc) - FPM: - . Fix bug #67530 (error_log=syslog ignored). (Remi) . Fix bug #67531 (syslog cannot be set in pool configuration). (Remi) . Fix bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi:// incompatibilities). (David Zuelke)