Merge branch 'master' of https://github.com/php/php-src into dave/allow-compat-il-flag

Author: dwgebler

Zend/zend_object_handlers.h

@@ -110,9 +110,29 @@ typedef zend_array *(*zend_object_get_properties_for_t)(zend_object *object, zen
 typedef zend_function *(*zend_object_get_method_t)(zend_object **object, zend_string *method, const zval *key);
 typedef zend_function *(*zend_object_get_constructor_t)(zend_object *object);
 
-/* Object maintenance/destruction */
-typedef void (*zend_object_dtor_obj_t)(zend_object *object);
+/* free_obj should release any resources the object holds, without freeing the
+ * object structure itself. The object does not need to be in a valid state after
+ * free_obj finishes running.
+ *
+ * free_obj will always be invoked, even if the object leaks or a fatal error
+ * occurs. However, during shutdown it may be called once the executor is no
+ * longer active, in which case execution of user code may be skipped.
+ */
 typedef void (*zend_object_free_obj_t)(zend_object *object);
+
+/* dtor_obj is called before free_obj. The object must remain in a valid state
+ * after dtor_obj finishes running. Unlike free_obj, it is run prior to
+ * deactivation of the executor during shutdown, which allows user code to run.
+ *
+ * This handler is not guaranteed to be called (e.g. on fatal error), and as
+ * such should not be used to release resources or deallocate memory. Furthermore,
+ * releasing resources in this handler can break detection of memory leaks, as
+ * cycles may be broken early.
+ *
+ * dtor_obj should be used *only* to call user destruction hooks, such as __destruct.
+ */
+typedef void (*zend_object_dtor_obj_t)(zend_object *object);
+
 typedef zend_object* (*zend_object_clone_obj_t)(zend_object *object);
 
 /* Get class name for display in var_dump and other debugging functions.

azure/community_job.yml

@@ -51,10 +51,7 @@ jobs:
     - script: |
         git clone https://github.com/laravel/framework.git --branch=master --depth=1
         cd framework
-        #php7.3 /usr/bin/composer require "doctrine/dbal:^3.0" --no-interaction
-        php7.3 /usr/bin/composer install --no-progress
-        # Hack to disable a test that hangs on azure
-        sed -i 's/PHP_OS/"Darwin"/' tests/Filesystem/FilesystemTest.php
+        php7.4 /usr/bin/composer install --no-progress
         export USE_ZEND_ALLOC=0
         export ASAN_OPTIONS=exitcode=139
         php vendor/bin/phpunit
@@ -65,8 +62,8 @@ jobs:
     - script: |
         git clone https://github.com/symfony/symfony.git --depth=1
         cd symfony
-        php7.3 /usr/bin/composer install --no-progress
-        php7.3 ./phpunit install
+        php7.4 /usr/bin/composer install --no-progress
+        php7.4 ./phpunit install
         export USE_ZEND_ALLOC=0
         export USE_TRACKED_ALLOC=1
         export ASAN_OPTIONS=exitcode=139
@@ -96,14 +93,14 @@ jobs:
         export USE_ZEND_ALLOC=0
         export USE_TRACKED_ALLOC=1
         export ASAN_OPTIONS=exitcode=139
-        php7.3 /usr/bin/composer install --no-progress
+        php7.4 /usr/bin/composer install --no-progress
         php ./phpunit
         if [ $? -gt 128 ]; then
           exit 1
         fi
       displayName: 'Test PHPUnit'
     - script: |
-        php7.3 /usr/bin/composer create-project symfony/symfony-demo symfony_demo --no-progress
+        php7.4 /usr/bin/composer create-project symfony/symfony-demo symfony_demo --no-progress
         cd symfony_demo
         export USE_ZEND_ALLOC=0
         export USE_TRACKED_ALLOC=1

ext/curl/interface.c

@@ -2018,6 +2018,7 @@ static inline int build_mime_structure_from_hash(php_curl *ch, zval *zpostfields
 #endif
 
 			prop = zend_read_property(curl_CURLFile_class, Z_OBJ_P(current), "name", sizeof("name")-1, 0, &rv);
+			ZVAL_DEREF(prop);
 			if (Z_TYPE_P(prop) != IS_STRING) {
 				php_error_docref(NULL, E_WARNING, "Invalid filename for key %s", ZSTR_VAL(string_key));
 			} else {
@@ -2028,10 +2029,12 @@ static inline int build_mime_structure_from_hash(php_curl *ch, zval *zpostfields
 				}
 
 				prop = zend_read_property(curl_CURLFile_class, Z_OBJ_P(current), "mime", sizeof("mime")-1, 0, &rv);
+				ZVAL_DEREF(prop);
 				if (Z_TYPE_P(prop) == IS_STRING && Z_STRLEN_P(prop) > 0) {
 					type = Z_STRVAL_P(prop);
 				}
 				prop = zend_read_property(curl_CURLFile_class, Z_OBJ_P(current), "postname", sizeof("postname")-1, 0, &rv);
+				ZVAL_DEREF(prop);
 				if (Z_TYPE_P(prop) == IS_STRING && Z_STRLEN_P(prop) > 0) {
 					filename = Z_STRVAL_P(prop);
 				}

ext/opcache/shared_alloc_mmap.c

@@ -50,7 +50,7 @@ static int create_segments(size_t requested_size, zend_shared_segment ***shared_
 #endif
 #ifdef VM_MAKE_TAG
 	/* allows tracking segments via tools such as vmmap */
-	fd = VM_MAKE_TAG(251);
+	fd = VM_MAKE_TAG(251U);
 #endif
 #ifdef MAP_HUGETLB
 	size_t huge_page_size = 2 * 1024 * 1024;

ext/soap/php_sdl.c

@@ -313,6 +313,8 @@ void sdl_restore_uri_credentials(sdlCtx *ctx)
 	ctx->context = NULL;
 }
 
+#define SAFE_STR(a) ((a)?((const char *)a):"")
+
 static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include)
 {
 	sdlPtr tmpsdl = ctx->sdl;
@@ -374,7 +376,7 @@ static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include)
 				if (node_is_equal_ex(trav2, "schema", XSD_NAMESPACE)) {
 					load_schema(ctx, trav2);
 				} else if (is_wsdl_element(trav2) && !node_is_equal(trav2,"documentation")) {
-					soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav2->name);
+					soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav2->name));
 				}
 				trav2 = trav2->next;
 			}
@@ -435,7 +437,7 @@ static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include)
 				soap_error0(E_ERROR, "Parsing WSDL: <service> has no name attribute");
 			}
 		} else if (!node_is_equal(trav,"documentation")) {
-			soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name);
+			soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav->name));
 		}
 		trav = trav->next;
 	}
@@ -545,7 +547,7 @@ static sdlSoapBindingFunctionHeaderPtr wsdl_soap_binding_header(sdlCtx* ctx, xml
 				}
 				smart_str_free(&key);
 			} else if (is_wsdl_element(trav) && !node_is_equal(trav,"documentation")) {
-				soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name);
+				soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav->name));
 			}
 			trav = trav->next;
 		}
@@ -647,7 +649,7 @@ static void wsdl_soap_binding_body(sdlCtx* ctx, xmlNodePtr node, char* wsdl_soap
 			}
 			smart_str_free(&key);
 		} else if (is_wsdl_element(trav) && !node_is_equal(trav,"documentation")) {
-			soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name);
+			soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav->name));
 		}
 		trav = trav->next;
 	}
@@ -679,14 +681,14 @@ static HashTable* wsdl_message(sdlCtx *ctx, xmlChar* message_name)
 		sdlParamPtr param;
 
 		if (trav->ns != NULL && strcmp((char*)trav->ns->href, WSDL_NAMESPACE) != 0) {
-			soap_error1(E_ERROR, "Parsing WSDL: Unexpected extensibility element <%s>", trav->name);
+			soap_error1(E_ERROR, "Parsing WSDL: Unexpected extensibility element <%s>",  SAFE_STR(trav->name));
 		}
 		if (node_is_equal(trav,"documentation")) {
 			trav = trav->next;
 			continue;
 		}
 		if (!node_is_equal(trav,"part")) {
-			soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name);
+			soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav->name));
 		}
 		part = trav;
 		param = emalloc(sizeof(sdlParam));
@@ -695,7 +697,7 @@ static HashTable* wsdl_message(sdlCtx *ctx, xmlChar* message_name)
 
 		name = get_attribute(part->properties, "name");
 		if (name == NULL) {
-			soap_error1(E_ERROR, "Parsing WSDL: No name associated with <part> '%s'", message->name);
+			soap_error1(E_ERROR, "Parsing WSDL: No name associated with <part> '%s'",  SAFE_STR(message->name));
 		}
 
 		param->paramName = estrdup((char*)name->children->content);
@@ -737,9 +739,8 @@ static sdlPtr load_wsdl(zval *this_ptr, char *struri)
 	zend_hash_init(&ctx.portTypes, 0, NULL, NULL, 0);
 	zend_hash_init(&ctx.services,  0, NULL, NULL, 0);
 
-	load_wsdl_ex(this_ptr, struri, &ctx, 0);
 	zend_try {
-
+	load_wsdl_ex(this_ptr, struri, &ctx, 0);
 	schema_pass2(&ctx);
 
 	n = zend_hash_num_elements(&ctx.services);
@@ -766,7 +767,7 @@ static sdlPtr load_wsdl(zval *this_ptr, char *struri)
 					continue;
 				}
 				if (!node_is_equal(trav,"port")) {
-					soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name);
+					soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav->name));
 				}
 
 				port = trav;
@@ -805,7 +806,7 @@ static sdlPtr load_wsdl(zval *this_ptr, char *struri)
 						}
 					}
 					if (trav2 != address && is_wsdl_element(trav2) && !node_is_equal(trav2,"documentation")) {
-						soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav2->name);
+						soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav2->name));
 					}
 				  trav2 = trav2->next;
 				}
@@ -907,7 +908,7 @@ static sdlPtr load_wsdl(zval *this_ptr, char *struri)
 						continue;
 					}
 					if (!node_is_equal(trav2,"operation")) {
-						soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav2->name);
+						soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav2->name));
 					}
 
 					operation = trav2;
@@ -926,7 +927,7 @@ static sdlPtr load_wsdl(zval *this_ptr, char *struri)
 						           !node_is_equal(trav3,"output") &&
 						           !node_is_equal(trav3,"fault") &&
 						           !node_is_equal(trav3,"documentation")) {
-							soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav3->name);
+							soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav3->name));
 						}
 						trav3 = trav3->next;
 					}
@@ -1104,7 +1105,7 @@ static sdlPtr load_wsdl(zval *this_ptr, char *struri)
 												}
 											}
 										} else if (is_wsdl_element(trav) && !node_is_equal(trav,"documentation")) {
-											soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name);
+											soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>",  SAFE_STR(trav->name));
 										}
 										trav = trav->next;
 									}

ext/soap/php_xml.c

@@ -197,7 +197,7 @@ xmlNsPtr node_find_ns(xmlNodePtr node)
 
 int attr_is_equal_ex(xmlAttrPtr node, char *name, char *ns)
 {
-	if (name == NULL || strcmp((char*)node->name, name) == 0) {
+	if (name == NULL || ((node->name) && strcmp((char*)node->name, name) == 0)) {
 		if (ns) {
 			xmlNsPtr nsPtr = attr_find_ns(node);
 			if (nsPtr) {
@@ -213,7 +213,7 @@ int attr_is_equal_ex(xmlAttrPtr node, char *name, char *ns)
 
 int node_is_equal_ex(xmlNodePtr node, char *name, char *ns)
 {
-	if (name == NULL || strcmp((char*)node->name, name) == 0) {
+	if (name == NULL || ((node->name) && strcmp((char*)node->name, name) == 0)) {
 		if (ns) {
 			xmlNsPtr nsPtr = node_find_ns(node);
 			if (nsPtr) {

ext/soap/tests/bug80672.phpt

@@ -0,0 +1,15 @@
+--TEST--
+Bug #80672 Null Dereference in SoapClient
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+try {
+    $client = new SoapClient(__DIR__ . "/bug80672.xml");
+    $query = $soap->query(array('sXML' => 'something'));
+} catch(SoapFault $e) {
+    print $e->getMessage();
+}
+?>
+--EXPECTF--
+SOAP-ERROR: Parsing WSDL: Unexpected WSDL element <>

ext/soap/tests/bug80672.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<soap:definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+  xmlns:soap="http://schemas.xmlsoap.org/wsdl/">
+<![CDATA[test]]>
+</soap:definitions>

ext/standard/crc32.c

@@ -43,6 +43,7 @@ static inline int has_crc32_insn() {
 	size_t reslen = sizeof(res);
 	if (sysctlbyname("hw.optional.armv8_crc32", &res, &reslen, NULL, 0) < 0)
 		res = 0;
+	return res;
 # else
 	res = 0;
 	return res;

ext/standard/file.c

@@ -564,10 +564,6 @@ PHP_FUNCTION(file_get_contents)
 		RETURN_FALSE;
 	}
 
-	if (maxlen > INT_MAX) {
-		php_error_docref(NULL, E_WARNING, "maxlen truncated from " ZEND_LONG_FMT " to %d bytes", maxlen, INT_MAX);
-		maxlen = INT_MAX;
-	}
 	if ((contents = php_stream_copy_to_mem(stream, maxlen, 0)) != NULL) {
 		RETVAL_STR(contents);
 	} else {

ext/standard/streamsfuncs.c

@@ -458,10 +458,6 @@ PHP_FUNCTION(stream_get_contents)
 		}
 	}
 
-	if (maxlen > INT_MAX) {
-		php_error_docref(NULL, E_WARNING, "Argument #2 ($maxlength) is truncated from " ZEND_LONG_FMT " to %d bytes", maxlen, INT_MAX);
-		maxlen = INT_MAX;
-	}
 	if ((contents = php_stream_copy_to_mem(stream, maxlen, 0))) {
 		RETURN_STR(contents);
 	} else {

ext/zend_test/tests/observer_error_05.phpt

@@ -6,6 +6,8 @@ Observer: End handlers fire after a userland fatal error
 zend_test.observer.enabled=1
 zend_test.observer.observe_all=1
 zend_test.observer.show_return_value=1
+--XFAIL--
+This is unsafe and fails on macos
 --FILE--
 <?php
 set_error_handler(function ($errno, $errstr, $errfile, $errline) {