[pull] master from php:master

Zend/tests/oss_fuzz_447521098.phpt

@@ -0,0 +1,13 @@
+--TEST--
+OSS-Fuzz #447521098: Fatal error during sccp shift eval
+--FILE--
+<?php
+function test() {
+    $x = 0;
+    $y = -1;
+    $x >> $y;
+}
+?>
+===DONE===
+--EXPECT--
+===DONE===

Zend/zend_compile.c

@@ -9998,7 +9998,9 @@ ZEND_API bool zend_binary_op_produces_error(uint32_t opcode, const zval *op1, co
 	/* Operation which cast float/float-strings to integers might produce incompatible float to int errors */
 	if (opcode == ZEND_SL || opcode == ZEND_SR || opcode == ZEND_BW_OR
 			|| opcode == ZEND_BW_AND || opcode == ZEND_BW_XOR) {
-		return !zend_is_op_long_compatible(op1) || !zend_is_op_long_compatible(op2);
+		if (!zend_is_op_long_compatible(op1) || !zend_is_op_long_compatible(op2)) {
+			return 1;
+		}
 	}
 
 	if (opcode == ZEND_DIV && zval_get_double(op2) == 0.0) {
@@ -10009,7 +10011,9 @@ ZEND_API bool zend_binary_op_produces_error(uint32_t opcode, const zval *op1, co
 	/* Mod is an operation that will cast float/float-strings to integers which might
 	   produce float to int incompatible errors, and also cannot be divided by 0 */
 	if (opcode == ZEND_MOD) {
-		return  !zend_is_op_long_compatible(op1) || !zend_is_op_long_compatible(op2) || zval_get_long(op2) == 0;
+		if (!zend_is_op_long_compatible(op1) || !zend_is_op_long_compatible(op2) || zval_get_long(op2) == 0) {
+			return 1;
+		}
 	}
 
 	if ((opcode == ZEND_POW) && zval_get_double(op1) == 0 && zval_get_double(op2) < 0) {

ext/gd/libgd/gdkanji.c

@@ -368,6 +368,8 @@ do_convert (unsigned char *to, unsigned char *from, const char *code)
       else
 	error ("something happen");
       strcpy ((char *) to, (const char *) from);
+      if (iconv_close (cd) != 0)
+      	error ("iconv_close() error");
       return;
     }
 

ext/gd/tests/gh19955.phpt

@@ -0,0 +1,15 @@
+--TEST--
+GH-19955: (imagefttext() memory leak)
+--EXTENSIONS--
+gd
+--CREDITS--
+YuanchengJiang
+--FILE--
+<?php
+ini_set('error_reporting', E_ALL&~E_WARNING);
+$im = imagecreate(64, 32);
+imagefttext(imagecreate(8, 8), 0, 0, 0, 0, 255, __DIR__ . "/Tuffy.ttf", 'Ж');
+echo "OK"
+?>
+--EXPECT--
+OK

ext/lexbor/lexbor/core/str.c

@@ -80,6 +80,7 @@ lexbor_str_destroy(lexbor_str_t *str, lexbor_mraw_t *mraw, bool destroy_obj)
     }
 
     if (str->data != NULL) {
+        lexbor_str_clean(str);
         str->data = lexbor_mraw_free(mraw, str->data);
     }
 

ext/uri/tests/gh19979.phpt

@@ -0,0 +1,28 @@
+--TEST--
+GH-19979: Zend/zend_string.h:191:24: runtime error: null pointer passed as argument 2, which is declared to never be null
+--FILE--
+<?php
+
+$baseUrl = \Uri\WhatWg\Url::parse('https://example.com/path?query');
+var_dump(\Uri\WhatWg\Url::parse('relative', $baseUrl));
+
+?>
+--EXPECTF--
+object(Uri\WhatWg\Url)#%d (8) {
+  ["scheme"]=>
+  string(5) "https"
+  ["username"]=>
+  NULL
+  ["password"]=>
+  NULL
+  ["host"]=>
+  string(11) "example.com"
+  ["port"]=>
+  NULL
+  ["path"]=>
+  string(9) "/relative"
+  ["query"]=>
+  NULL
+  ["fragment"]=>
+  NULL
+}

ext/zip/php_zip.c

@@ -2338,6 +2338,11 @@ PHP_METHOD(ZipArchive, setEncryptionName)
 		RETURN_FALSE;
 	}
 
+	if (UNEXPECTED(zip_file_set_encryption(intern, idx, ZIP_EM_NONE, NULL) < 0)) {
+		php_error_docref(NULL, E_WARNING, "password reset failed");
+		RETURN_FALSE;
+	}
+
 	if (zip_file_set_encryption(intern, idx, (zip_uint16_t)method, password)) {
 		RETURN_FALSE;
 	}
@@ -2361,6 +2366,11 @@ PHP_METHOD(ZipArchive, setEncryptionIndex)
 
 	ZIP_FROM_OBJECT(intern, self);
 
+	if (UNEXPECTED(zip_file_set_encryption(intern, index, ZIP_EM_NONE, NULL) < 0)) {
+		php_error_docref(NULL, E_WARNING, "password reset failed");
+		RETURN_FALSE;
+	}
+
 	if (zip_file_set_encryption(intern, index, (zip_uint16_t)method, password)) {
 		RETURN_FALSE;
 	}

ext/zip/tests/gh19932.phpt

@@ -0,0 +1,25 @@
+--TEST--
+GH-19932 (ZipArchive::setEncryptionName()/setEncryptionIndex() memory leak)
+--EXTENSIONS--
+zip
+--SKIPIF--
+<?php if (!method_exists('ZipArchive', 'setEncryptionName')) die('skip encryption not supported'); ?>
+--FILE--
+<?php
+$zip = new ZipArchive();
+$zip->open(__DIR__ . "/gh19932.zip", ZipArchive::CREATE);
+$zip->addFromString("test.txt", "test");
+$zip->setEncryptionName("test.txt", ZipArchive::EM_AES_256, "password");
+$zip->setEncryptionName("test.txt", ZipArchive::EM_AES_256, "password");
+$zip->setEncryptionIndex("0", ZipArchive::EM_AES_256, "password");
+$zip->setEncryptionIndex("0", ZipArchive::EM_AES_256, "password");
+$zip->close();
+echo "OK";
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . "/gh19932.zip");
+?>
+--EXPECT--
+OK
+

ext/zlib/tests/gh19922.phpt

@@ -0,0 +1,12 @@
+--TEST--
+GH-19922 (gzopen double free on debug build and unseekable stream)
+--EXTENSIONS--
+zlib
+--FILE--
+<?php
+var_dump(gzopen("php://output", 14));
+?>
+--EXPECTF--
+
+Warning: gzopen(php://output): could not make seekable - php://output in %s on line %d
+bool(false)

main/streams/streams.c

@@ -2217,7 +2217,6 @@ PHPAPI php_stream *_php_stream_open_wrapper_ex(const char *path, const char *mod
 	int persistent = options & STREAM_OPEN_PERSISTENT;
 	zend_string *path_str = NULL;
 	zend_string *resolved_path = NULL;
-	char *copy_of_path = NULL;
 
 	if (opened_path) {
 		if (options & STREAM_OPEN_FOR_ZEND_STREAM) {
@@ -2294,8 +2293,7 @@ PHPAPI php_stream *_php_stream_open_wrapper_ex(const char *path, const char *mod
 		if (stream->orig_path) {
 			pefree(stream->orig_path, persistent);
 		}
-		copy_of_path = pestrdup(path, persistent);
-		stream->orig_path = copy_of_path;
+		stream->orig_path = pestrdup(path, persistent);
 #if ZEND_DEBUG
 		stream->open_filename = __zend_orig_filename ? __zend_orig_filename : __zend_filename;
 		stream->open_lineno = __zend_orig_lineno ? __zend_orig_lineno : __zend_lineno;
@@ -2354,11 +2352,6 @@ PHPAPI php_stream *_php_stream_open_wrapper_ex(const char *path, const char *mod
 		}
 	}
 	php_stream_tidy_wrapper_error_log(wrapper);
-#if ZEND_DEBUG
-	if (stream == NULL && copy_of_path != NULL) {
-		pefree(copy_of_path, persistent);
-	}
-#endif
 	if (resolved_path) {
 		zend_string_release_ex(resolved_path, 0);
 	}