This reverts commit 94e9d0a2ae.
This code needs to be mindful about modifications to the array
happening during callback execution. It was written in a way that
only accessed the reference, which is guaranteed not to move. The
changed implementation instead accesses the array slot, leading to
use-after-free.
Run ext/standard/tests/array/bug61967.phpt under valgrind to see
the issue.
* all arguments for ftp_pasv are required
* $varname for getenv function isn't required anymore
* fsockopen and pfsockopen only require $hostname
* strtok can work with only one parameter
* strpbrk needs two parameters to work
* required parameters and add some parameters in openssl_* functions
The sizeof()s for Content-Length and Transfer-Encoding were missing
the trailing ":". Apart from being generally wrong, this no longer
verified that the header actually contains a colon, leading to the
null http_header_value being used.
Additionally, in the interest of being defensive, also make sure
that http_header_value is non-null by setting it to the end of
the header line (effectively an empty string) if there is no colon.
If the following conditions are correct, this value is not going
to be used though.
PHP contained two different off-by-one errors, which are fixed here. First,
it created a buffer of size HOST_NAME_MAX, not adding space for a null
terminator. Second, it subtracted 1 from the size of that buffer when passing
its size to gethostname(), despite gethostname() expecting it to be a buffer
size including space for a terminating null byte, not a string length.
Directly fail unserialization when trying to acquire an r/R
reference to an UNDEF HT slot. Previously this left an UNDEF and
later deleted the index/key from the HT.
What actually caused the issue here is a combination of two
factors: First, the key deletion was performed using the hash API,
rather than the symtable API, such that the element was not actually
removed if it used an integral string key. Second, a subsequent
deletion operation, while collecting trailing UNDEF ranges, would
mark the element as available for reuse (leaving a corrupted HT
state with nNumOfElemnts > nNumUsed).
Fix this by failing early and dropping the deletion code.
Anatol Belski