[pull] master from php:master

ext/mysqli/mysqli.c

@@ -136,10 +136,6 @@ void php_clear_mysql(MY_MYSQL *mysql) {
 		zend_string_release_ex(mysql->hash_key, 0);
 		mysql->hash_key = NULL;
 	}
-	if (!Z_ISUNDEF(mysql->li_read)) {
-		zval_ptr_dtor(&(mysql->li_read));
-		ZVAL_UNDEF(&mysql->li_read);
-	}
 }
 /* }}} */
 
@@ -788,7 +784,7 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags
 			}
 		}
 	}
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	if (fetchtype < MYSQLI_ASSOC || fetchtype > MYSQLI_BOTH) {
 		zend_argument_value_error(ERROR_ARG_POS(2), "must be one of MYSQLI_NUM, MYSQLI_ASSOC, or MYSQLI_BOTH");

ext/mysqli/mysqli_api.c

@@ -324,7 +324,7 @@ PHP_FUNCTION(mysqli_data_seek)
 		RETURN_THROWS();
 	}
 
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	if (mysqli_result_is_unbuffered(result)) {
 		if (hasThis()) {
@@ -670,7 +670,7 @@ PHP_FUNCTION(mysqli_fetch_field)
 		RETURN_THROWS();
 	}
 
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	if (!(field = mysql_fetch_field(result))) {
 		RETURN_FALSE;
@@ -694,7 +694,7 @@ PHP_FUNCTION(mysqli_fetch_fields)
 		RETURN_THROWS();
 	}
 
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	array_init(return_value);
 	num_fields = mysql_num_fields(result);
@@ -727,7 +727,7 @@ PHP_FUNCTION(mysqli_fetch_field_direct)
 		RETURN_THROWS();
 	}
 
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	if (offset >= (zend_long) mysql_num_fields(result)) {
 		zend_argument_value_error(ERROR_ARG_POS(2), "must be less than the number of fields for this result set");
@@ -755,7 +755,7 @@ PHP_FUNCTION(mysqli_fetch_lengths)
 		RETURN_THROWS();
 	}
 
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	// TODO Warning?
 	if (!(ret = mysql_fetch_lengths(result))) {
@@ -809,7 +809,7 @@ PHP_FUNCTION(mysqli_field_seek)
 		RETURN_THROWS();
 	}
 
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	if ((uint32_t)fieldnr >= mysql_num_fields(result)) {
 		zend_argument_value_error(ERROR_ARG_POS(2), "must be less than the number of fields for this result set");
@@ -830,7 +830,7 @@ PHP_FUNCTION(mysqli_field_tell)
 	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "O", &mysql_result, mysqli_result_class_entry) == FAILURE) {
 		RETURN_THROWS();
 	}
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	RETURN_LONG(mysql_field_tell(result));
 }
@@ -845,7 +845,7 @@ PHP_FUNCTION(mysqli_free_result)
 	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "O", &mysql_result, mysqli_result_class_entry) == FAILURE) {
 		RETURN_THROWS();
 	}
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	mysqli_free_result(result, false);
 	MYSQLI_CLEAR_RESOURCE(mysql_result);
@@ -1123,7 +1123,7 @@ PHP_FUNCTION(mysqli_num_fields)
 	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "O", &mysql_result, mysqli_result_class_entry) == FAILURE) {
 		RETURN_THROWS();
 	}
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	RETURN_LONG(mysql_num_fields(result));
 }
@@ -1138,7 +1138,7 @@ PHP_FUNCTION(mysqli_num_rows)
 	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "O", &mysql_result, mysqli_result_class_entry) == FAILURE) {
 		RETURN_THROWS();
 	}
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	if (mysqli_result_is_unbuffered_and_not_everything_is_fetched(result)) {
 		zend_throw_error(NULL, "mysqli_num_rows() cannot be used in MYSQLI_USE_RESULT mode");

ext/mysqli/mysqli_nonapi.c

@@ -107,7 +107,6 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, bool is_real_connect, b
 			mysql = (MY_MYSQL *) ecalloc(1, sizeof(MY_MYSQL));
 			self_alloced = true;
 		}
-		flags |= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */
 	} else {
 		/* We have flags too */
 		if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "O|s!s!s!s!l!s!l", &object, mysqli_link_class_entry,
@@ -118,11 +117,10 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, bool is_real_connect, b
 		mysqli_resource = (Z_MYSQLI_P(object))->ptr;
 		MYSQLI_FETCH_RESOURCE_CONN(mysql, object, MYSQLI_STATUS_INITIALIZED);
 
-		/* set some required options */
-		flags |= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */
 		/* remove some insecure options */
 		flags &= ~CLIENT_MULTI_STATEMENTS;   /* don't allow multi_queries via connect parameter */
 	}
+	flags |= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */
 
 	if (!socket_len || !socket) {
 		socket = MyG(default_socket);
@@ -316,7 +314,7 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, bool is_real_connect, b
 		mysql->hash_key = NULL;
 		mysql->persistent = false;
 	}
-	if (!is_real_connect && self_alloced) {
+	if (self_alloced) {
 		efree(mysql);
 	}
 	RETVAL_FALSE;
@@ -393,7 +391,7 @@ PHP_FUNCTION(mysqli_fetch_column)
 	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "O|l", &mysql_result, mysqli_result_class_entry, &col_no) == FAILURE) {
 		RETURN_THROWS();
 	}
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES*, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES*, mysql_result, MYSQLI_STATUS_VALID);
 
 	if (col_no < 0) {
 		zend_argument_value_error(ERROR_ARG_POS(2), "must be greater than or equal to 0");
@@ -425,7 +423,7 @@ PHP_FUNCTION(mysqli_fetch_all)
 	if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "O|l", &mysql_result, mysqli_result_class_entry, &mode) == FAILURE) {
 		RETURN_THROWS();
 	}
-	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE(result, MYSQL_RES *, mysql_result, MYSQLI_STATUS_VALID);
 
 	if (!mode || (mode & ~MYSQLI_BOTH)) {
 		zend_argument_value_error(ERROR_ARG_POS(2), "must be one of MYSQLI_NUM, MYSQLI_ASSOC, or MYSQLI_BOTH");

ext/mysqli/mysqli_priv.h

@@ -55,7 +55,6 @@ extern void php_clear_mysql(MY_MYSQL *);
 extern MYSQLI_WARNING *php_get_warnings(MYSQLND_CONN_DATA * mysql);
 
 extern void php_clear_warnings(MYSQLI_WARNING *w);
-extern void php_free_stmt_bind_buffer(BIND_BUFFER bbuf, int type);
 extern void php_mysqli_report_error(const char *sqlstate, int errorno, const char *error);
 extern void php_mysqli_report_index(const char *query, unsigned int status);
 extern void php_mysqli_throw_sql_exception(char *sqlstate, int errorno, char *format, ...);

ext/mysqli/mysqli_result_iterator.c

@@ -98,7 +98,7 @@ static void php_mysqli_result_iterator_move_forward(zend_object_iterator *iter)
 	mysqli_object *intern = iterator->result;
 	MYSQL_RES	*result;
 
-	MYSQLI_FETCH_RESOURCE_BY_OBJ(result, MYSQL_RES *, intern, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE_BY_OBJ(result, MYSQL_RES *, intern, MYSQLI_STATUS_VALID);
 
 	zval_ptr_dtor(&iterator->current_row);
 	php_mysqli_fetch_into_hash_aux(&iterator->current_row, result, MYSQLI_ASSOC);
@@ -115,7 +115,7 @@ static void php_mysqli_result_iterator_rewind(zend_object_iterator *iter)
 	mysqli_object *intern = iterator->result;
 	MYSQL_RES	*result;
 
-	MYSQLI_FETCH_RESOURCE_BY_OBJ(result, MYSQL_RES *, intern, "mysqli_result", MYSQLI_STATUS_VALID);
+	MYSQLI_FETCH_RESOURCE_BY_OBJ(result, MYSQL_RES *, intern, MYSQLI_STATUS_VALID);
 
 	if (mysqli_result_is_unbuffered(result)) {
 		if (result->unbuf->eof_reached) {

ext/mysqli/mysqli_warning.c

@@ -125,7 +125,7 @@ PHP_METHOD(mysqli_warning, next)
 	}
 
 	if (obj->ptr) {
-		MYSQLI_FETCH_RESOURCE(w, MYSQLI_WARNING *, ZEND_THIS, "mysqli_warning", MYSQLI_STATUS_VALID);
+		MYSQLI_FETCH_RESOURCE(w, MYSQLI_WARNING *, ZEND_THIS, MYSQLI_STATUS_VALID);
 
 		if (w && w->next) {
 			w = w->next;

ext/mysqli/php_mysqli_structs.h

@@ -38,32 +38,14 @@ enum mysqli_status {
 	MYSQLI_STATUS_VALID
 };
 
-typedef struct {
-	char		*val;
-	zend_ulong		buflen;
-	zend_ulong		output_len;
-	zend_ulong		type;
-} VAR_BUFFER;
-
-typedef struct {
-	unsigned int	var_cnt;
-	VAR_BUFFER		*buf;
-	zval			*vars;
-	my_bool			*is_null;
-} BIND_BUFFER;
-
 typedef struct {
 	MYSQL_STMT	*stmt;
-	BIND_BUFFER	param;
-	BIND_BUFFER	result;
 	char		*query;
 } MY_STMT;
 
 typedef struct {
 	MYSQL			*mysql;
 	zend_string		*hash_key;
-	zval			li_read;
-	php_stream		*li_stream;
 	unsigned int 	multi_query;
 	bool		persistent;
 	int				async_result_fetch_type;
@@ -177,7 +159,7 @@ extern void php_mysqli_fetch_into_hash_aux(zval *return_value, MYSQL_RES * resul
 	MYSQLI_REGISTER_RESOURCE_EX(__ptr, object)\
 }
 
-#define MYSQLI_FETCH_RESOURCE(__ptr, __type, __id, __name, __check) \
+#define MYSQLI_FETCH_RESOURCE(__ptr, __type, __id, __check) \
 { \
 	MYSQLI_RESOURCE *my_res; \
 	mysqli_object *intern = Z_MYSQLI_P(__id); \
@@ -192,7 +174,7 @@ extern void php_mysqli_fetch_into_hash_aux(zval *return_value, MYSQL_RES * resul
 	}\
 }
 
-#define MYSQLI_FETCH_RESOURCE_BY_OBJ(__ptr, __type, __obj, __name, __check) \
+#define MYSQLI_FETCH_RESOURCE_BY_OBJ(__ptr, __type, __obj, __check) \
 { \
 	MYSQLI_RESOURCE *my_res; \
 	if (!(my_res = (MYSQLI_RESOURCE *)(__obj->ptr))) {\
@@ -208,7 +190,7 @@ extern void php_mysqli_fetch_into_hash_aux(zval *return_value, MYSQL_RES * resul
 
 #define MYSQLI_FETCH_RESOURCE_CONN(__ptr, __id, __check) \
 { \
-	MYSQLI_FETCH_RESOURCE((__ptr), MY_MYSQL *, (__id), "mysqli_link", (__check)); \
+	MYSQLI_FETCH_RESOURCE((__ptr), MY_MYSQL *, (__id), (__check)); \
 	if (!(__ptr)->mysql) { \
 		zend_throw_error(NULL, "%s object is not fully initialized", ZSTR_VAL(Z_OBJCE_P(__id)->name)); \
 		RETURN_THROWS(); \
@@ -217,7 +199,7 @@ extern void php_mysqli_fetch_into_hash_aux(zval *return_value, MYSQL_RES * resul
 
 #define MYSQLI_FETCH_RESOURCE_STMT(__ptr, __id, __check) \
 { \
-	MYSQLI_FETCH_RESOURCE((__ptr), MY_STMT *, (__id), "mysqli_stmt", (__check)); \
+	MYSQLI_FETCH_RESOURCE((__ptr), MY_STMT *, (__id), (__check)); \
 	ZEND_ASSERT((__ptr)->stmt && "Missing statement?"); \
 }
 

ext/phar/phar_object.c

@@ -703,11 +703,6 @@ PHP_METHOD(Phar, webPhar)
 			goto cleanup_fail;
 		}
 
-		if (Z_TYPE_P(rewrite_fci.retval) == IS_UNDEF || Z_TYPE(retval) == IS_UNDEF) {
-			zend_throw_exception_ex(phar_ce_PharException, 0, "phar error: rewrite callback must return a string or false");
-			goto cleanup_fail;
-		}
-
 		switch (Z_TYPE(retval)) {
 			case IS_STRING:
 				efree(entry);
@@ -3174,12 +3169,14 @@ static int phar_test_compression(zval *zv, void *argument) /* {{{ */
 	if (!PHAR_G(has_bz2)) {
 		if (entry->flags & PHAR_ENT_COMPRESSED_BZ2) {
 			*(int *) argument = 0;
+			return ZEND_HASH_APPLY_STOP;
 		}
 	}
 
 	if (!PHAR_G(has_zlib)) {
 		if (entry->flags & PHAR_ENT_COMPRESSED_GZ) {
 			*(int *) argument = 0;
+			return ZEND_HASH_APPLY_STOP;
 		}
 	}
 
@@ -4518,28 +4515,27 @@ PHP_METHOD(PharFileInfo, __construct)
 }
 /* }}} */
 
-#define PHAR_ENTRY_OBJECT() \
+#define PHAR_ENTRY_OBJECT_EX(throw) \
 	zval *zobj = ZEND_THIS; \
 	phar_entry_object *entry_obj = (phar_entry_object*)((char*)Z_OBJ_P(zobj) - Z_OBJ_P(zobj)->handlers->offset); \
 	if (!entry_obj->entry) { \
-		zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, \
-			"Cannot call method on an uninitialized PharFileInfo object"); \
-		RETURN_THROWS(); \
+		if (throw) { \
+			zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, \
+				"Cannot call method on an uninitialized PharFileInfo object"); \
+		} \
+		return; \
 	}
 
+#define PHAR_ENTRY_OBJECT() PHAR_ENTRY_OBJECT_EX(true)
+
 /* {{{ clean up directory-based entry objects */
 PHP_METHOD(PharFileInfo, __destruct)
 {
-	zval *zobj = ZEND_THIS;
-	phar_entry_object *entry_obj = (phar_entry_object*)((char*)Z_OBJ_P(zobj) - Z_OBJ_P(zobj)->handlers->offset);
-
 	if (zend_parse_parameters_none() == FAILURE) {
 		RETURN_THROWS();
 	}
 
-	if (!entry_obj->entry) {
-		return;
-	}
+	PHAR_ENTRY_OBJECT_EX(false);
 
 	if (entry_obj->entry->is_temp_dir) {
 		if (entry_obj->entry->filename) {

ext/phar/zip.c

@@ -641,13 +641,6 @@ int phar_parse_zipfile(php_stream *fp, char *fname, size_t fname_len, char *alia
 
 			zend_off_t restore_pos = php_stream_tell(fp);
 			php_stream_seek(fp, entry.offset, SEEK_SET);
-			/* these next lines should be for php < 5.2.6 after 5.3 filters are fixed */
-			fp->writepos = 0;
-			fp->readpos = 0;
-			php_stream_seek(fp, entry.offset, SEEK_SET);
-			fp->writepos = 0;
-			fp->readpos = 0;
-			/* the above lines should be for php < 5.2.6 after 5.3 filters are fixed */
 
 			mydata->alias_len = entry.uncompressed_filesize;
 			if (entry.flags & PHAR_ENT_COMPRESSED_GZ) {

ext/spl/spl_heap.c

@@ -1257,6 +1257,10 @@ PHP_METHOD(SplHeap, __unserialize)
 		Z_PARAM_ARRAY_HT(data)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (UNEXPECTED(spl_heap_consistency_validations(intern, true) != SUCCESS)) {
+		RETURN_THROWS();
+	}
+
 	if (zend_hash_num_elements(data) != 2) {
 		zend_throw_exception_ex(NULL, 0, "Invalid serialization data for %s object", ZSTR_VAL(intern->std.ce->name));
 		RETURN_THROWS();
@@ -1285,10 +1289,6 @@ PHP_METHOD(SplHeap, __unserialize)
 		RETURN_THROWS();
 	}
 
-	if (EG(exception)) {
-		RETURN_THROWS();
-	}
-
 	if (UNEXPECTED(spl_heap_consistency_validations(intern, false) != SUCCESS)) {
 		RETURN_THROWS();
 	}

ext/spl/tests/heap_unserialize_under_corruption_or_modification.phpt

@@ -0,0 +1,30 @@
+--TEST--
+SplHeap should not accept unserialize data when it is corrupted or under modification
+--FILE--
+<?php
+
+class MyHeap extends SplMaxHeap {
+    public function compare($a, $b): int {
+        global $array;
+        static $counter = 0;
+        if ($counter++ === 0)
+            $this->__unserialize($array);
+        return $a < $b ? -1 : ($a == $b ? 0 : 1);
+    }
+}
+
+$heap = new SplMaxHeap;
+$heap->insert(1);
+$array = $heap->__serialize();
+
+$heap = new MyHeap;
+$heap->insert(0);
+try {
+    $heap->insert(2);
+} catch (RuntimeException $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+Heap cannot be changed when it is already being modified.