Merge branch 'PHP-5.6' of git.php.net:/php-src into PHP-5.6

* 'PHP-5.6' of git.php.net:/php-src:
  Improvements to fix #72714, suggested by nikic
  Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequence
  Fix #72714: _xml_startElementHandler() segmentation fault
  update NEWS
  Fixed bug #72852 imap_mail null dereference
  Revert "Fix dba configuration for Windows"
  Fix dba configuration for Windows
  Fix broken test include
  fix NEWS
  Add myself as PDO_OCI maintainer

Author: laruence

EXTENSIONS

@@ -205,7 +205,7 @@ STATUS:              Working
 SINCE:               5.1
 -------------------------------------------------------------------------------
 EXTENSION:           pdo_oci
-PRIMARY MAINTAINER:  Unknown
+PRIMARY MAINTAINER:  Christopher Jones <sixd@php.net>
 MAINTENANCE:         Odd fixes
 STATUS:              Working
 SINCE:               5.1

ext/dba/tests/dba_handler.inc

@@ -40,7 +40,7 @@ do {
 	}
 	if ($handler != 'cdb') {
 		$db_writer = dba_open($db_filename, 'c'.$lock_flag, $handler);
-		if (($dba_reader = @dba_open($db_filename, 'r'.$lock_flag.($lock_flag ? 't' : ''), $handler))===false) {
+		if (($dba_reader = @dba_open($db_filename, 'r'.$lock_flag.'t', $handler))===false) {
 			echo "Read during write: not allowed\n";
 		} else {
 			echo "Read during write: allowed\n";

ext/imap/php_imap.c

@@ -3922,7 +3922,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
 		bt_len++;
 		offset = 0;
 		addr = NULL;
-		rfc822_parse_adrlist(&addr, tempMailTo, NULL);
+		rfc822_parse_adrlist(&addr, tempMailTo, "NO HOST");
 		while (addr) {
 			if (addr->host == NULL || strcmp(addr->host, ERRHOST) == 0) {
 				PHP_IMAP_BAD_DEST;
@@ -3951,7 +3951,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
 		bt_len++;
 		offset = 0;
 		addr = NULL;
-		rfc822_parse_adrlist(&addr, tempMailTo, NULL);
+		rfc822_parse_adrlist(&addr, tempMailTo, "NO HOST");
 		while (addr) {
 			if (addr->host == NULL || strcmp(addr->host, ERRHOST) == 0) {
 				PHP_IMAP_BAD_DEST;
@@ -3977,7 +3977,7 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
 		bt_len++;
 		offset = 0;
 		addr = NULL;
-		rfc822_parse_adrlist(&addr, tempMailTo, NULL);
+		rfc822_parse_adrlist(&addr, tempMailTo, "NO HOST");
 		while (addr) {
 			if (addr->host == NULL || strcmp(addr->host, ERRHOST) == 0) {
 				PHP_IMAP_BAD_DEST;

ext/intl/grapheme/grapheme_util.c

@@ -221,7 +221,7 @@ int grapheme_ascii_check(const unsigned char *day, int32_t len)
 {
 	int ret_len = len;
 	while ( len-- ) {
-	if ( *day++ > 0x7f )
+	if ( *day++ > 0x7f || (*day == '\n' && *(day - 1) == '\r') )
 		return -1;
 	}
 

ext/intl/tests/bug65732.phpt

@@ -0,0 +1,19 @@
+--TEST--
+Bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence)
+--SKIPIF--
+<?php
+if (!extension_loaded('intl')) die('skip intl extension not available');
+?>
+--FILE--
+<?php
+var_dump(grapheme_strlen("\r\n"));
+var_dump(grapheme_substr(implode("\r\n", ['abc', 'def', 'ghi']), 5));
+var_dump(grapheme_strrpos("a\r\nb", 'b'));
+?>
+==DONE==
+--EXPECT--
+int(1)
+string(7) "ef
+ghi"
+int(2)
+==DONE==

ext/xml/tests/bug72714.phpt

@@ -0,0 +1,35 @@
+--TEST--
+Bug #72714 (_xml_startElementHandler() segmentation fault)
+--SKIPIF--
+<?php
+if (!extension_loaded('xml')) die('skip xml extension not available');
+?>
+--FILE--
+<?php
+function startElement($parser, $name, $attribs) {
+    var_dump($name);
+}
+
+function endElement($parser, $name) {}
+
+function parse($tagstart) {
+    $xml = '<ns1:total>867</ns1:total>';
+
+    $xml_parser = xml_parser_create();
+    xml_set_element_handler($xml_parser, 'startElement', 'endElement');
+
+    xml_parser_set_option($xml_parser, XML_OPTION_SKIP_TAGSTART, $tagstart);
+    xml_parse($xml_parser, $xml);
+
+    xml_parser_free($xml_parser);
+}
+
+parse(3015809298423721);
+parse(20);
+?>
+===DONE===
+--EXPECTF--
+Notice: xml_parser_set_option(): tagstart ignored, because it is out of range in %s%ebug72714.php on line %d
+string(9) "NS1:TOTAL"
+string(0) ""
+===DONE===

ext/xml/xml.c

@@ -66,6 +66,10 @@ ZEND_GET_MODULE(xml)
 #endif /* COMPILE_DL_XML */
 /* }}} */
 
+
+#define SKIP_TAGSTART(str) ((str) + (parser->toffset > strlen(str) ? strlen(str) : parser->toffset))
+
+
 /* {{{ function prototypes */
 PHP_MINIT_FUNCTION(xml);
 PHP_MINFO_FUNCTION(xml);
@@ -785,7 +789,7 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch
 
 		if (parser->startElementHandler) {
 			args[0] = _xml_resource_zval(parser->index);
-			args[1] = _xml_string_zval(((char *) tag_name) + parser->toffset);
+			args[1] = _xml_string_zval(SKIP_TAGSTART((char *) tag_name));
 			MAKE_STD_ZVAL(args[2]);
 			array_init(args[2]);
 
@@ -816,9 +820,9 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch
 				array_init(tag);
 				array_init(atr);
 
-				_xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
+				_xml_add_to_info(parser,SKIP_TAGSTART((char *) tag_name));
 
-				add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
+				add_assoc_string(tag,"tag",SKIP_TAGSTART((char *) tag_name),1);
 				add_assoc_string(tag,"type","open",1);
 				add_assoc_long(tag,"level",parser->level);
 
@@ -870,7 +874,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name)
 
 		if (parser->endElementHandler) {
 			args[0] = _xml_resource_zval(parser->index);
-			args[1] = _xml_string_zval(((char *) tag_name) + parser->toffset);
+			args[1] = _xml_string_zval(SKIP_TAGSTART((char *) tag_name));
 
 			if ((retval = xml_call_handler(parser, parser->endElementHandler, parser->endElementPtr, 2, args))) {
 				zval_ptr_dtor(&retval);
@@ -887,9 +891,9 @@ void _xml_endElementHandler(void *userData, const XML_Char *name)
 
 				array_init(tag);
 
-				_xml_add_to_info(parser,((char *) tag_name) + parser->toffset);
+				_xml_add_to_info(parser,SKIP_TAGSTART((char *) tag_name));
 
-				add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */
+				add_assoc_string(tag,"tag",SKIP_TAGSTART((char *) tag_name),1);
 				add_assoc_string(tag,"type","close",1);
 				add_assoc_long(tag,"level",parser->level);
 
@@ -990,9 +994,9 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
 
 						array_init(tag);
 
-						_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
+						_xml_add_to_info(parser,SKIP_TAGSTART(parser->ltags[parser->level-1]));
 
-						add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1);
+						add_assoc_string(tag,"tag",SKIP_TAGSTART(parser->ltags[parser->level-1]),1);
 						add_assoc_string(tag,"value",decoded_value,0);
 						add_assoc_string(tag,"type","cdata",1);
 						add_assoc_long(tag,"level",parser->level);
@@ -1633,6 +1637,10 @@ PHP_FUNCTION(xml_parser_set_option)
 		case PHP_XML_OPTION_SKIP_TAGSTART:
 			convert_to_long_ex(val);
 			parser->toffset = Z_LVAL_PP(val);
+			if (parser->toffset < 0) {
+				php_error_docref(NULL TSRMLS_CC, E_NOTICE, "tagstart ignored, because it is out of range");
+				parser->toffset = 0;
+			}
 			break;
 		case PHP_XML_OPTION_SKIP_WHITE:
 			convert_to_long_ex(val);