Revert "New implementation (without leaks)"

Girgias · Girgias · commit 7ed0a4d30871 · 2019-12-16T09:10:14.000+01:00
Due to some null bytes disapering and I have no idea why. This reverts commit 236c583.
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
@@ -1571,7 +1571,6 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 {
 	char *string_value;
 	size_t string_len;
-	zend_long old_len = Z_STRLEN_P(str);
 	zend_long offset;
 
 	offset = zend_check_string_offset(dim, BP_VAR_W EXECUTE_DATA_CC);
@@ -1612,6 +1611,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 
 		if ((size_t)offset >= Z_STRLEN_P(str)) {
 			/* Extend string if needed */
+			zend_long old_len = Z_STRLEN_P(str);
 			ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), offset + 1, 0));
 			memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len);
 			Z_STRVAL_P(str)[offset+1] = 0;
@@ -1633,42 +1633,61 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 		return;
 	}
 
-	/* -1 for the byte we are replacing */
-	zend_long new_len = old_len + string_len - 1;
 	if ((size_t)offset >= Z_STRLEN_P(str)) {
 		/* Extend string */
+		zend_long old_len = Z_STRLEN_P(str);
 		ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), offset + string_len, 0));
 		memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len);
 		memcpy(Z_STRVAL_P(str) + offset, string_value, string_len);
 		if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
-			ZVAL_STR(EX_VAR(opline->result.var), zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
+			ZVAL_INTERNED_STR(EX_VAR(opline->result.var), zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
 		}
 		return;
-	}
-
-	zend_string *tmp = zend_string_init(Z_STRVAL_P(str), new_len, 0);
-	if (string_len > 0) {
-		memcpy(ZSTR_VAL(tmp) + offset, string_value, string_len);
-	}
-	/* Copy after the replacement string, from the position of the initial string after the offset,
-	 * for the remainder of the initial string (old length - offset) */
-	memcpy(ZSTR_VAL(tmp) + offset + string_len, Z_STRVAL_P(str) + offset + 1, old_len - offset);
-
-	if (!Z_REFCOUNTED_P(str)) {
-		ZVAL_NEW_STR(str, zend_string_init(Z_STRVAL_P(str), new_len, 0));
+	} else if (!Z_REFCOUNTED_P(str)) {
+		ZVAL_NEW_STR(str, zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
 	} else if (Z_REFCOUNT_P(str) > 1) {
 		Z_DELREF_P(str);
-		ZVAL_NEW_STR(str, zend_string_init(Z_STRVAL_P(str), new_len, 0));
+		ZVAL_NEW_STR(str, zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
 	} else {
 		zend_string_forget_hash_val(Z_STR_P(str));
 	}
-	
-	memcpy(Z_STRVAL_P(str), ZSTR_VAL(tmp), new_len);
-	zend_string_release_ex(tmp, 0);
 
+	// Buffer offset
+	int k = 0;
+	// Source offset
+	int i = 0;
+	char *buffer = emalloc(Z_STRLEN_P(str) + string_len - 1); // -1 as we replace a byte
+	char *source = Z_STRVAL_P(str);
+	// Append bytes from the source string to the buffer until the offset is reached
+	while (i < offset) {
+		buffer[k] = source[i];
+		i++;
+		k++;
+	}
+	i++; // Skip byte being replaced
+	// If not an empty string then append all the bytes from the value to the buffer
+	if (string_len > 0) {
+		int j = 0;
+		while (string_value[j] != '\0') {
+			buffer[k] = string_value[j];
+			j++;
+			k++;
+		}
+	}
+	// Add remaining bytes from the source string.
+	while (source[i] != '\0') {
+		buffer[k] = source[i];
+		i++;
+		k++;
+	}
+	// Append NUL byte to make a valid C string. 
+	buffer[k] = '\0';
+	ZVAL_NEW_STR(str, zend_string_init(buffer, Z_STRLEN_P(str) + string_len - 1, 0));
 	if (UNEXPECTED(RETURN_VALUE_USED(opline))) {
-		ZVAL_STR(EX_VAR(opline->result.var), zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
+		ZVAL_INTERNED_STR(EX_VAR(opline->result.var), zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
 	}
+	
+	efree(buffer);
 }
 
 static zend_property_info *zend_get_prop_not_accepting_double(zend_reference *ref)
diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
@@ -862,7 +862,6 @@ static zend_never_inline ZEND_COLD void zend_wrong_string_offset(void)
 static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim, zval *value, zval *result)
 {
 	zend_string *old_str;
-	zend_long old_len = Z_STRLEN_P(str);
 	zend_uchar c;
 	size_t string_len;
 	zend_long offset;
@@ -896,63 +895,27 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 		c = (zend_uchar)Z_STRVAL_P(value)[0];
 	}
 
-	if (offset < 0) { /* Handle negative offset */
-		offset += (zend_long)Z_STRLEN_P(str);
-	}
-
-	/* If it's a byte char replace byte directly */
-	if (string_len == 1) {
-		if ((size_t) offset >= Z_STRLEN_P(str)) {
-			/* Extend string if needed */
-			Z_STR_P(str) = zend_string_extend(Z_STR_P(str), offset + 1, 0);
-			Z_TYPE_INFO_P(str) = IS_STRING_EX;
-			memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len);
-			Z_STRVAL_P(str)[offset + 1] = 0;
-		} else if (!Z_REFCOUNTED_P(str)) {
-			old_str = Z_STR_P(str);
-			Z_STR_P(str) = zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0);
-			Z_TYPE_INFO_P(str) = IS_STRING_EX;
-			zend_string_release(old_str);
-		} else {
-			SEPARATE_STRING(str);
-			zend_string_forget_hash_val(Z_STR_P(str));
-		}
-
-		Z_STRVAL_P(str)[offset] = c;
-
+	if (string_len == 0) {
+		/* Error on empty input string */
+		zend_error(E_WARNING, "Cannot assign an empty string to a string offset");
 		if (result) {
-			/* Return the new character */
-			ZVAL_INTERNED_STR(result, ZSTR_CHAR(c));
+			ZVAL_NULL(result);
 		}
 		return;
 	}
 
-	/* -1 for the byte we are replacing */
-	zend_long new_len = old_len + string_len - 1;
-	if ((size_t)offset >= Z_STRLEN_P(str)) {
-		old_str = Z_STR_P(str);
-		/* Extend string */
-		ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), offset + string_len, 0));
-		memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len);
-		memcpy(Z_STRVAL_P(str) + offset, ZSTR_VAL(old_str), string_len);
-
-		zend_string_release(old_str);
-		if (result) {
-			ZVAL_STR(result, zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
-		}
-		return;
+	if (offset < 0) { /* Handle negative offset */
+		offset += (zend_long)Z_STRLEN_P(str);
 	}
 
-	old_str = Z_STR_P(str);
-	zend_string *tmp = zend_string_init(Z_STRVAL_P(str), new_len, 0);
-	if (string_len > 0) {
-		memcpy(ZSTR_VAL(tmp) + offset, ZSTR_VAL(old_str), string_len);
-	}
-	/* Copy after the replacement string, from the position of the initial string after the offset,
-	 * for the remainder of the initial string (old length - offset) */
-	memcpy(ZSTR_VAL(tmp) + offset + string_len, Z_STRVAL_P(str) + offset + 1, old_len - offset);
-	
-	if (!Z_REFCOUNTED_P(str)) {
+	if ((size_t)offset >= Z_STRLEN_P(str)) {
+		/* Extend string if needed */
+		zend_long old_len = Z_STRLEN_P(str);
+		Z_STR_P(str) = zend_string_extend(Z_STR_P(str), offset + 1, 0);
+		Z_TYPE_INFO_P(str) = IS_STRING_EX;
+		memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len);
+		Z_STRVAL_P(str)[offset+1] = 0;
+	} else if (!Z_REFCOUNTED_P(str)) {
 		old_str = Z_STR_P(str);
 		Z_STR_P(str) = zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0);
 		Z_TYPE_INFO_P(str) = IS_STRING_EX;
@@ -962,11 +925,11 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 		zend_string_forget_hash_val(Z_STR_P(str));
 	}
 
-	memcpy(Z_STRVAL_P(str), ZSTR_VAL(tmp), new_len);
-	zend_string_release_ex(tmp, 0);
+	Z_STRVAL_P(str)[offset] = c;
 
 	if (result) {
-		ZVAL_STR(result, zend_string_init(Z_STRVAL_P(str), Z_STRLEN_P(str), 0));
+		/* Return the new character */
+		ZVAL_INTERNED_STR(result, ZSTR_CHAR(c));
 	}
 }
 
