Merge branch 'master' of https://github.com/kamil-tekiela/php-src

Author: kamil-tekiela

NEWS

@@ -2,6 +2,13 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.0.0rc2
 
+- Curl:
+  . Fixed bug #80121 (Null pointer deref if CurlHandle directly instantiated).
+    (Nikita)
+
+- SPL.
+  . Fixed bug #65387 (Circular references in SPL iterators are not garbage
+    collected). (Nikita)
 
 01 Oct 2020, PHP 8.0.0rc1
 

UPGRADING

@@ -341,6 +341,8 @@ PHP 8.0 UPGRADE NOTES
 
 - LDAP:
   . The deprecated function ldap_sort has been removed.
+  . The deprecated function ldap_control_paged_result has been removed.
+  . The deprecated function ldap_control_paged_result_response has been removed.
   . The interface of ldap_set_rebind_proc has changed; the $callback parameter
     does not accept empty string anymore; null value shall be used instead.
 
@@ -606,6 +608,9 @@ PHP 8.0 UPGRADE NOTES
   . Calling crypt() without an explicit salt is no longer supported. If you
     would like to produce a strong hash with an auto-generated salt, use
     password_hash() instead.
+  . substr(), mb_substr(), iconv_substr() and grapheme_substr() now consistently
+    clamp out-of-bounds offsets to the string boundary. Previously, false was
+    returned instead of the empty string in some cases.
 
 - Sysvmsg:
   . msg_get_queue() will now return an SysvMessageQueue object rather than a

Zend/tests/div_by_zero_in_static.phpt

@@ -0,0 +1,11 @@
+--TEST--
+Division by zero in static
+--FILE--
+<?php
+static $a = 1/0;
+?>
+--EXPECTF--
+Fatal error: Uncaught DivisionByZeroError: Division by zero in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d

Zend/tests/instantiate_all_classes.phpt

@@ -0,0 +1,15 @@
+--TEST--
+Try to instantiate all classes without arguments
+--FILE--
+<?php
+
+foreach (get_declared_classes() as $class) {
+    try {
+        new $class;
+    } catch (Throwable) {}
+}
+
+?>
+===DONE===
+--EXPECT--
+===DONE===

Zend/zend_operators.c

@@ -1253,7 +1253,9 @@ ZEND_API zend_result ZEND_FASTCALL pow_function(zval *result, zval *op1, zval *o
 }
 /* }}} */
 
-static zend_result ZEND_FASTCALL div_function_base(zval *result, zval *op1, zval *op2) /* {{{ */
+/* Returns SUCCESS/FAILURE/TYPES_NOT_HANDLED */
+#define TYPES_NOT_HANDLED 1
+static int ZEND_FASTCALL div_function_base(zval *result, zval *op1, zval *op2) /* {{{ */
 {
 	zend_uchar type_pair = TYPE_PAIR(Z_TYPE_P(op1), Z_TYPE_P(op2));
 
@@ -1290,23 +1292,25 @@ static zend_result ZEND_FASTCALL div_function_base(zval *result, zval *op1, zval
 		ZVAL_DOUBLE(result, (double)Z_LVAL_P(op1) / Z_DVAL_P(op2));
 		return SUCCESS;
 	} else {
-		return FAILURE;
+		return TYPES_NOT_HANDLED;
 	}
 division_by_0:
 	if (result != op1) {
 		ZVAL_UNDEF(result);
 	}
 	zend_throw_error(zend_ce_division_by_zero_error, "Division by zero");
-	return SUCCESS;
+	return FAILURE;
 }
 /* }}} */
 
 ZEND_API zend_result ZEND_FASTCALL div_function(zval *result, zval *op1, zval *op2) /* {{{ */
 {
 	ZVAL_DEREF(op1);
 	ZVAL_DEREF(op2);
-	if (div_function_base(result, op1, op2) == SUCCESS) {
-		return SUCCESS;
+
+	int retval = div_function_base(result, op1, op2);
+	if (retval != TYPES_NOT_HANDLED) {
+		return retval;
 	}
 
 	ZEND_TRY_BINARY_OBJECT_OPERATION(ZEND_DIV);
@@ -1325,12 +1329,9 @@ ZEND_API zend_result ZEND_FASTCALL div_function(zval *result, zval *op1, zval *o
 		zval_ptr_dtor(result);
 	}
 
-	if (div_function_base(result, &op1_copy, &op2_copy) == SUCCESS) {
-		return SUCCESS;
-	}
-
-	ZEND_ASSERT(0 && "Operation must succeed");
-	return FAILURE;
+	retval = div_function_base(result, &op1_copy, &op2_copy);
+	ZEND_ASSERT(retval != TYPES_NOT_HANDLED && "Types should be handled");
+	return retval;
 }
 /* }}} */
 

build/gen_stub.php

@@ -31,7 +31,8 @@ function processStubFile(string $stubFile, Context $context) {
             throw new Exception("File $stubFile does not exist");
         }
 
-        $arginfoFile = str_replace('.stub.php', '', $stubFile) . '_arginfo.h';
+        $arginfoFile = str_replace('.stub.php', '', $stubFile)
+                     . ($context->legacy ? '_legacy' : '') . '_arginfo.h';
         $stubCode = file_get_contents($stubFile);
         $stubHash = computeStubHash($stubCode);
         $oldStubHash = extractStubHash($arginfoFile);
@@ -42,6 +43,12 @@ function processStubFile(string $stubFile, Context $context) {
 
         initPhpParser();
         $fileInfo = parseStubFile($stubCode);
+        if ($context->legacy) {
+            foreach ($fileInfo->getAllFuncInfos() as $funcInfo) {
+                $funcInfo->discardInfoForOldPhpVersions();
+            }
+        }
+
         $arginfoCode = generateArgInfoCode($fileInfo, $stubHash);
         file_put_contents($arginfoFile, $arginfoCode);
 
@@ -534,6 +541,14 @@ private function getFlagsAsString(): string
 
         return $flags;
     }
+
+    public function discardInfoForOldPhpVersions(): void {
+        $this->return->type = null;
+        foreach ($this->args as $arg) {
+            $arg->type = null;
+            $arg->defaultValue = null;
+        }
+    }
 }
 
 class ClassInfo {
@@ -1148,10 +1163,11 @@ function initPhpParser() {
 }
 
 $optind = null;
-$options = getopt("f", ["force-regeneration", "parameter-stats"], $optind);
+$options = getopt("f", ["force-regeneration", "parameter-stats", "legacy"], $optind);
 
 $context = new Context;
 $printParameterStats = isset($options["parameter-stats"]);
+$context->legacy = isset($options["legacy"]);
 $context->forceRegeneration =
     isset($options["f"]) || isset($options["force-regeneration"]) || $printParameterStats;
 

ext/curl/interface.c

@@ -3308,6 +3308,12 @@ static void curl_free_obj(zend_object *object)
 	fprintf(stderr, "DTOR CALLED, ch = %x\n", ch);
 #endif
 
+	if (!ch->cp) {
+		/* Can happen if constructor throws. */
+		zend_object_std_dtor(&ch->std);
+		return;
+	}
+
 	_php_curl_verify_handlers(ch, 0);
 
 	/*
@@ -3321,12 +3327,10 @@ static void curl_free_obj(zend_object *object)
 	 *
 	 * Libcurl commit d021f2e8a00 fix this issue and should be part of 7.28.2
 	 */
-	if (ch->cp != NULL) {
-		curl_easy_setopt(ch->cp, CURLOPT_HEADERFUNCTION, curl_write_nothing);
-		curl_easy_setopt(ch->cp, CURLOPT_WRITEFUNCTION, curl_write_nothing);
+	curl_easy_setopt(ch->cp, CURLOPT_HEADERFUNCTION, curl_write_nothing);
+	curl_easy_setopt(ch->cp, CURLOPT_WRITEFUNCTION, curl_write_nothing);
 
-		curl_easy_cleanup(ch->cp);
-	}
+	curl_easy_cleanup(ch->cp);
 
 	/* cURL destructors should be invoked only by last curl handle */
 	if (--(*ch->clone) == 0) {

ext/curl/multi.c

@@ -537,6 +537,12 @@ void curl_multi_free_obj(zend_object *object)
 	php_curl *ch;
 	zval	*pz_ch;
 
+	if (!mh->multi) {
+		/* Can happen if constructor throws. */
+		zend_object_std_dtor(&mh->std);
+		return;
+	}
+
 	for (pz_ch = (zval *)zend_llist_get_first_ex(&mh->easyh, &pos); pz_ch;
 		pz_ch = (zval *)zend_llist_get_next_ex(&mh->easyh, &pos)) {
 		if (!(OBJ_FLAGS(Z_OBJ_P(pz_ch)) & IS_OBJ_FREE_CALLED)) {

ext/curl/tests/bug80121.phpt

@@ -0,0 +1,26 @@
+--TEST--
+Bug #80121: Null pointer deref if CurlHandle directly instantiated
+--FILE--
+<?php
+
+try {
+    new CurlHandle;
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+try {
+    new CurlMultiHandle;
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+try {
+    new CurlShareHandle;
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+Cannot directly construct CurlHandle, use curl_init() instead
+Cannot directly construct CurlMultiHandle, use curl_multi_init() instead
+Cannot directly construct CurlShareHandle, use curl_share_init() instead

ext/enchant/enchant.stub.php

@@ -18,10 +18,10 @@ function enchant_broker_free(EnchantBroker $broker): bool {}
 function enchant_broker_get_error(EnchantBroker $broker): string|false {}
 
 /** @deprecated */
-function enchant_broker_set_dict_path(EnchantBroker $broker, int $name, string $value): bool {}
+function enchant_broker_set_dict_path(EnchantBroker $broker, int $type, string $path): bool {}
 
 /** @deprecated */
-function enchant_broker_get_dict_path(EnchantBroker $broker, int $name): string|false {}
+function enchant_broker_get_dict_path(EnchantBroker $broker, int $type): string|false {}
 
 function enchant_broker_list_dicts(EnchantBroker $broker): array {}
 
@@ -30,7 +30,7 @@ function enchant_broker_request_dict(EnchantBroker $broker, string $tag): Enchan
 function enchant_broker_request_pwl_dict(EnchantBroker $broker, string $filename): EnchantDictionary|false {}
 
 /** @deprecated */
-function enchant_broker_free_dict(EnchantDictionary $dict): bool {}
+function enchant_broker_free_dict(EnchantDictionary $dictionary): bool {}
 
 function enchant_broker_dict_exists(EnchantBroker $broker, string $tag): bool {}
 
@@ -39,32 +39,32 @@ function enchant_broker_set_ordering(EnchantBroker $broker, string $tag, string
 function enchant_broker_describe(EnchantBroker $broker): array {}
 
 /** @param array $suggestions */
-function enchant_dict_quick_check(EnchantDictionary $dict, string $word, &$suggestions = null): bool {}
+function enchant_dict_quick_check(EnchantDictionary $dictionary, string $word, &$suggestions = null): bool {}
 
-function enchant_dict_check(EnchantDictionary $dict, string $word): bool {}
+function enchant_dict_check(EnchantDictionary $dictionary, string $word): bool {}
 
-function enchant_dict_suggest(EnchantDictionary $dict, string $word): array {}
+function enchant_dict_suggest(EnchantDictionary $dictionary, string $word): array {}
 
-function enchant_dict_add(EnchantDictionary $dict, string $word): void {}
+function enchant_dict_add(EnchantDictionary $dictionary, string $word): void {}
 
 /**
 * @alias enchant_dict_add
 * @deprecated
 */
-function enchant_dict_add_to_personal(EnchantDictionary $dict, string $word): void {}
+function enchant_dict_add_to_personal(EnchantDictionary $dictionary, string $word): void {}
 
-function enchant_dict_add_to_session(EnchantDictionary $dict, string $word): void {}
+function enchant_dict_add_to_session(EnchantDictionary $dictionary, string $word): void {}
 
-function enchant_dict_is_added(EnchantDictionary $dict, string $word): bool {}
+function enchant_dict_is_added(EnchantDictionary $dictionary, string $word): bool {}
 
 /**
 * @alias enchant_dict_is_added
 * @deprecated
 */
-function enchant_dict_is_in_session(EnchantDictionary $dict, string $word): bool {}
+function enchant_dict_is_in_session(EnchantDictionary $dictionary, string $word): bool {}
 
-function enchant_dict_store_replacement(EnchantDictionary $dict, string $mis, string $cor): void {}
+function enchant_dict_store_replacement(EnchantDictionary $dictionary, string $misspelled, string $correct): void {}
 
-function enchant_dict_get_error(EnchantDictionary $dict): string|false {}
+function enchant_dict_get_error(EnchantDictionary $dictionary): string|false {}
 
-function enchant_dict_describe(EnchantDictionary $dict): array {}
+function enchant_dict_describe(EnchantDictionary $dictionary): array {}

ext/enchant/enchant_arginfo.h

@@ -1,5 +1,5 @@
 /* This is a generated file, edit the .stub.php file instead.
- * Stub hash: 22c47f0b30f6952a42546c403fbd2e92836661fa */
+ * Stub hash: 31f7c4cd39e58d6474b90acd65f4b7bda7a6ddf3 */
 
 ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_enchant_broker_init, 0, 0, EnchantBroker, MAY_BE_FALSE)
 ZEND_END_ARG_INFO()
@@ -14,13 +14,13 @@ ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_broker_set_dict_path, 0, 3, _IS_BOOL, 0)
 	ZEND_ARG_OBJ_INFO(0, broker, EnchantBroker, 0)
-	ZEND_ARG_TYPE_INFO(0, name, IS_LONG, 0)
-	ZEND_ARG_TYPE_INFO(0, value, IS_STRING, 0)
+	ZEND_ARG_TYPE_INFO(0, type, IS_LONG, 0)
+	ZEND_ARG_TYPE_INFO(0, path, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_enchant_broker_get_dict_path, 0, 2, MAY_BE_STRING|MAY_BE_FALSE)
 	ZEND_ARG_OBJ_INFO(0, broker, EnchantBroker, 0)
-	ZEND_ARG_TYPE_INFO(0, name, IS_LONG, 0)
+	ZEND_ARG_TYPE_INFO(0, type, IS_LONG, 0)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_broker_list_dicts, 0, 1, IS_ARRAY, 0)
@@ -38,7 +38,7 @@ ZEND_BEGIN_ARG_WITH_RETURN_OBJ_TYPE_MASK_EX(arginfo_enchant_broker_request_pwl_d
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_broker_free_dict, 0, 1, _IS_BOOL, 0)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_broker_dict_exists, 0, 2, _IS_BOOL, 0)
@@ -55,23 +55,23 @@ ZEND_END_ARG_INFO()
 #define arginfo_enchant_broker_describe arginfo_enchant_broker_list_dicts
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_dict_quick_check, 0, 2, _IS_BOOL, 0)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
 	ZEND_ARG_TYPE_INFO(0, word, IS_STRING, 0)
 	ZEND_ARG_INFO_WITH_DEFAULT_VALUE(1, suggestions, "null")
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_dict_check, 0, 2, _IS_BOOL, 0)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
 	ZEND_ARG_TYPE_INFO(0, word, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_dict_suggest, 0, 2, IS_ARRAY, 0)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
 	ZEND_ARG_TYPE_INFO(0, word, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_dict_add, 0, 2, IS_VOID, 0)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
 	ZEND_ARG_TYPE_INFO(0, word, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 
@@ -84,17 +84,17 @@ ZEND_END_ARG_INFO()
 #define arginfo_enchant_dict_is_in_session arginfo_enchant_dict_check
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_dict_store_replacement, 0, 3, IS_VOID, 0)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
-	ZEND_ARG_TYPE_INFO(0, mis, IS_STRING, 0)
-	ZEND_ARG_TYPE_INFO(0, cor, IS_STRING, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
+	ZEND_ARG_TYPE_INFO(0, misspelled, IS_STRING, 0)
+	ZEND_ARG_TYPE_INFO(0, correct, IS_STRING, 0)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_MASK_EX(arginfo_enchant_dict_get_error, 0, 1, MAY_BE_STRING|MAY_BE_FALSE)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
 ZEND_END_ARG_INFO()
 
 ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_enchant_dict_describe, 0, 1, IS_ARRAY, 0)
-	ZEND_ARG_OBJ_INFO(0, dict, EnchantDictionary, 0)
+	ZEND_ARG_OBJ_INFO(0, dictionary, EnchantDictionary, 0)
 ZEND_END_ARG_INFO()