diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 2f44d6be7bd2d..e44a746ff0846 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -191,7 +191,7 @@ static zend_always_inline uint32_t prop_get_flags(const property_reference *ref) static inline bool is_closure_invoke(const zend_class_entry *ce, const zend_string *lcname) { return ce == zend_ce_closure - && zend_string_equals_literal(lcname, ZEND_INVOKE_FUNC_NAME); + && zend_string_equals(lcname, ZSTR_KNOWN(ZEND_STR_MAGIC_INVOKE)); } static zend_function *_copy_function(zend_function *fptr) /* {{{ */ diff --git a/ext/session/session.c b/ext/session/session.c index b9b5bfbb025c0..e790fa074d606 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -41,7 +41,6 @@ #include "ext/standard/url_scanner_ex.h" #include "ext/standard/info.h" #include "zend_smart_str.h" -#include "zend_exceptions.h" #include "ext/standard/url.h" #include "ext/standard/basic_functions.h" #include "ext/standard/head.h" @@ -1725,16 +1724,8 @@ PHPAPI php_session_status php_get_session_status(void) static bool php_session_abort(void) { if (PS(session_status) == php_session_active) { - if ((PS(mod_data) || PS(mod_user_implemented)) && PS(mod)->s_close) { - zend_object *old_exception = EG(exception); - EG(exception) = NULL; - + if (PS(mod_data) || PS(mod_user_implemented)) { PS(mod)->s_close(&PS(mod_data)); - if (!EG(exception)) { - EG(exception) = old_exception; - } else if (old_exception) { - zend_exception_set_previous(EG(exception), old_exception); - } } PS(session_status) = php_session_none; return true; diff --git a/ext/session/tests/sessionhandler_validateid_return_type.phpt b/ext/session/tests/sessionhandler_validateid_return_type.phpt deleted file mode 100644 index a100694588206..0000000000000 --- a/ext/session/tests/sessionhandler_validateid_return_type.phpt +++ /dev/null @@ -1,35 +0,0 @@ ---TEST-- -SessionHandler::validateId must return bool ---INI-- -session.use_strict_mode=1 ---EXTENSIONS-- -session ---SKIPIF-- - ---FILE-- -getMessage(), "\n"; -} - -session_write_close(); - -try { - session_start(); -} catch (Throwable $e) { - echo $e->getMessage(), "\n"; -} -?> ---EXPECTF-- -Session id must be a string diff --git a/ext/session/tests/user_session_module/session_set_save_handler_class_012.phpt b/ext/session/tests/user_session_module/session_set_save_handler_class_012.phpt index a532dff7f821a..f96206efbb647 100644 --- a/ext/session/tests/user_session_module/session_set_save_handler_class_012.phpt +++ b/ext/session/tests/user_session_module/session_set_save_handler_class_012.phpt @@ -43,8 +43,6 @@ var_dump(session_id(), $oldHandler, ini_get('session.save_handler'), $handler->i --EXPECTF-- *** Testing session_set_save_handler() : incorrect arguments for existing handler open *** Open: - -Warning: SessionHandler::close(): Parent session handler is not open in %s on line %d SessionHandler::open() expects exactly 2 arguments, 0 given Warning: Undefined global variable $_SESSION in %s on line %d diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c index 18cdb8304c252..5e3675f875bdd 100644 --- a/ext/soap/php_encoding.c +++ b/ext/soap/php_encoding.c @@ -2439,13 +2439,7 @@ static xmlNodePtr to_xml_array(encodeTypePtr type, zval *data, int style, xmlNod if (style == SOAP_ENCODED) { if (soap_version == SOAP_1_1) { smart_str_0(&array_type); -#if defined(__GNUC__) && __GNUC__ >= 11 - ZEND_DIAGNOSTIC_IGNORED_START("-Wstringop-overread") -#endif - bool is_xsd_any_type = strcmp(ZSTR_VAL(array_type.s),"xsd:anyType") == 0; -#if defined(__GNUC__) && __GNUC__ >= 11 - ZEND_DIAGNOSTIC_IGNORED_END -#endif + bool is_xsd_any_type = zend_string_equals_literal(array_type.s, "xsd:anyType"); if (is_xsd_any_type) { smart_str_free(&array_type); smart_str_appendl(&array_type,"xsd:ur-type",sizeof("xsd:ur-type")-1); @@ -2529,19 +2523,20 @@ static zval *to_zval_array(zval *ret, encodeTypePtr type, xmlNodePtr data) xmlNsPtr nsptr; parse_namespace(attr->children->content, &type, &ns); + char *type_dup = estrdup(type); nsptr = xmlSearchNs(attr->doc, attr->parent, BAD_CAST(ns)); - end = strrchr(type,'['); + end = strrchr(type_dup,'['); if (end) { *end = '\0'; dimension = calc_dimension(end+1); dims = get_position(dimension, end+1); } if (nsptr != NULL) { - enc = get_encoder(SOAP_GLOBAL(sdl), (char*)nsptr->href, type); + enc = get_encoder(SOAP_GLOBAL(sdl), (char*)nsptr->href, type_dup); } if (ns) {efree(ns);} - + if (type_dup) efree(type_dup); } else if ((attr = get_soap_enc_attribute(data->properties,"itemType")) && attr->children && attr->children->content) { diff --git a/ext/sysvshm/sysvshm.c b/ext/sysvshm/sysvshm.c index 55ee6493bfb0a..7f064c50a2945 100644 --- a/ext/sysvshm/sysvshm.c +++ b/ext/sysvshm/sysvshm.c @@ -311,11 +311,13 @@ PHP_FUNCTION(shm_get_var) shm_data = &shm_var->mem; PHP_VAR_UNSERIALIZE_INIT(var_hash); - if (php_var_unserialize(return_value, (const unsigned char **) &shm_data, (unsigned char *) shm_data + shm_var->length, &var_hash) != 1) { + int res = php_var_unserialize(return_value, (const unsigned char **) &shm_data, (unsigned char *) shm_data + shm_var->length, &var_hash); + PHP_VAR_UNSERIALIZE_DESTROY(var_hash); + if (res != 1) { php_error_docref(NULL, E_WARNING, "Variable data in shared memory is corrupted"); - RETVAL_FALSE; + zval_ptr_dtor(return_value); + RETURN_FALSE; } - PHP_VAR_UNSERIALIZE_DESTROY(var_hash); } /* }}} */ diff --git a/ext/sysvshm/tests/shm_get_var_leak.phpt b/ext/sysvshm/tests/shm_get_var_leak.phpt new file mode 100644 index 0000000000000..037bad7c41d72 --- /dev/null +++ b/ext/sysvshm/tests/shm_get_var_leak.phpt @@ -0,0 +1,37 @@ +--TEST-- +shm_get_var() leaks if variable is corrupted +--EXTENSIONS-- +sysvshm +ffi +--INI-- +ffi.enable=1 +--SKIPIF-- + +--FILE-- +shmat($ffi->shmget($key, 0, 0), $ffi->new('void *'), 0); + +$ptr[0x40 + 13] = 0; // Corrupt first byte of second element of serialized data + +var_dump(shm_get_var($s, 0)); + +shm_remove($s); + +?> +--EXPECTF-- +Warning: shm_get_var(): Variable data in shared memory is corrupted in %s on line %d +bool(false)