Merge branch 'php:master' into master

Author: marcosmarcolin

Zend/tests/gh10251.phpt

@@ -0,0 +1,25 @@
+--TEST--
+GH-10251 (Assertion `(flag & (1<<3)) == 0' failed.)
+--FILE--
+<?php
+#[\AllowDynamicProperties]
+class A
+{
+    function __set($o, $l)
+    {
+        $this->$p = $v;
+    }
+}
+$a = new A();
+$pp = "";
+$op = $pp & "";
+// Bitwise operators on strings don't compute the hash.
+// The code below previously assumed a hash was actually computed, leading to a crash.
+$a->$op = 0;
+echo "Done\n";
+?>
+--EXPECTF--
+Warning: Undefined variable $v in %s on line %d
+
+Warning: Undefined variable $p in %s on line %d
+Done

Zend/zend_object_handlers.c

@@ -553,9 +553,8 @@ ZEND_API uint32_t *zend_get_property_guard(zend_object *zobj, zend_string *membe
 	if (EXPECTED(Z_TYPE_P(zv) == IS_STRING)) {
 		zend_string *str = Z_STR_P(zv);
 		if (EXPECTED(str == member) ||
-		     /* "str" always has a pre-calculated hash value here */
-		    (EXPECTED(ZSTR_H(str) == zend_string_hash_val(member)) &&
-		     EXPECTED(zend_string_equal_content(str, member)))) {
+		    /* str and member don't necessarily have a pre-calculated hash value here */
+		    EXPECTED(zend_string_equal_content(str, member))) {
 			return &Z_PROPERTY_GUARD_P(zv);
 		} else if (EXPECTED(Z_PROPERTY_GUARD_P(zv) == 0)) {
 			zval_ptr_dtor_str(zv);

ext/gd/gd.c

@@ -3987,9 +3987,7 @@ static int _php_image_output_putbuf(struct gdIOCtx *ctx, const void* buf, int l)
 
 static void _php_image_output_ctxfree(struct gdIOCtx *ctx) /* {{{ */
 {
-	if(ctx) {
-		efree(ctx);
-	}
+	efree(ctx);
 } /* }}} */
 
 static void _php_image_stream_putc(struct gdIOCtx *ctx, int c) /* {{{ */ {
@@ -4009,21 +4007,16 @@ static void _php_image_stream_ctxfree(struct gdIOCtx *ctx) /* {{{ */
 	if(ctx->data) {
 		ctx->data = NULL;
 	}
-	if(ctx) {
-		efree(ctx);
-	}
+	efree(ctx);
 } /* }}} */
 
 static void _php_image_stream_ctxfreeandclose(struct gdIOCtx *ctx) /* {{{ */
 {
-
 	if(ctx->data) {
 		php_stream_close((php_stream *) ctx->data);
 		ctx->data = NULL;
 	}
-	if(ctx) {
-		efree(ctx);
-	}
+	efree(ctx);
 } /* }}} */
 
 static gdIOCtx *create_stream_context_from_zval(zval *to_zval) {

ext/mbstring/libmbfl/filters/mbfilter_utf8.c

@@ -225,7 +225,9 @@ static size_t mb_utf8_to_wchar(unsigned char **in, size_t *in_len, uint32_t *buf
 
 		if (c < 0x80) {
 			*out++ = c;
-		} else if (c >= 0xC2 && c <= 0xDF) { /* 2 byte character */
+		} else if (c < 0xC2) {
+			*out++ = MBFL_BAD_INPUT;
+		} else if (c <= 0xDF) { /* 2 byte character */
 			if (p < e) {
 				unsigned char c2 = *p++;
 				if ((c2 & 0xC0) != 0x80) {
@@ -237,7 +239,7 @@ static size_t mb_utf8_to_wchar(unsigned char **in, size_t *in_len, uint32_t *buf
 			} else {
 				*out++ = MBFL_BAD_INPUT;
 			}
-		} else if (c >= 0xE0 && c <= 0xEF) { /* 3 byte character */
+		} else if (c <= 0xEF) { /* 3 byte character */
 			if ((e - p) >= 2) {
 				unsigned char c2 = *p++;
 				unsigned char c3 = *p++;
@@ -262,7 +264,7 @@ static size_t mb_utf8_to_wchar(unsigned char **in, size_t *in_len, uint32_t *buf
 					}
 				}
 			}
-		} else if (c >= 0xF0 && c <= 0xF4) { /* 4 byte character */
+		} else if (c <= 0xF4) { /* 4 byte character */
 			if ((e - p) >= 3) {
 				unsigned char c2 = *p++;
 				unsigned char c3 = *p++;

ext/mbstring/mbstring.c

@@ -1717,30 +1717,19 @@ PHP_FUNCTION(mb_str_split)
 
 static size_t mb_get_strlen(zend_string *string, const mbfl_encoding *encoding)
 {
-	size_t len = 0;
+	unsigned int char_len = encoding->flag & (MBFL_ENCTYPE_SBCS | MBFL_ENCTYPE_WCS2 | MBFL_ENCTYPE_WCS4);
+	if (char_len) {
+		return ZSTR_LEN(string) / char_len;
+	}
 
-	if (encoding->flag & MBFL_ENCTYPE_SBCS) {
-		return ZSTR_LEN(string);
-	} else if (encoding->flag & MBFL_ENCTYPE_WCS2) {
-		return ZSTR_LEN(string) / 2;
-	} else if (encoding->flag & MBFL_ENCTYPE_WCS4) {
-		return ZSTR_LEN(string) / 4;
-	} else if (encoding->mblen_table) {
-		const unsigned char *mbtab = encoding->mblen_table;
-		unsigned char *p = (unsigned char*)ZSTR_VAL(string), *e = p + ZSTR_LEN(string);
-		while (p < e) {
-			p += mbtab[*p];
-			len++;
-		}
-	} else {
-		uint32_t wchar_buf[128];
-		unsigned char *in = (unsigned char*)ZSTR_VAL(string);
-		size_t in_len = ZSTR_LEN(string);
-		unsigned int state = 0;
+	uint32_t wchar_buf[128];
+	unsigned char *in = (unsigned char*)ZSTR_VAL(string);
+	size_t in_len = ZSTR_LEN(string);
+	unsigned int state = 0;
+	size_t len = 0;
 
-		while (in_len) {
-			len += encoding->to_wchar(&in, &in_len, wchar_buf, 128, &state);
-		}
+	while (in_len) {
+		len += encoding->to_wchar(&in, &in_len, wchar_buf, 128, &state);
 	}
 
 	return len;
@@ -2052,7 +2041,10 @@ static zend_string* mb_get_substr(zend_string *input, size_t from, size_t len, c
 			len = in_len;
 		}
 		return zend_string_init_fast((const char*)in, len);
-	} else if (enc->mblen_table != NULL) {
+	} else if (enc->mblen_table) {
+		/* The use of the `mblen_table` means that for encodings like MacJapanese,
+		 * we treat each character in its native charset as "1 character", even if it
+		 * maps to a sequence of several codepoints */
 		const unsigned char *mbtab = enc->mblen_table;
 		unsigned char *limit = in + in_len;
 		while (from && in < limit) {
@@ -2265,7 +2257,21 @@ PHP_FUNCTION(mb_substr)
 
 	size_t mblen = 0;
 	if (from < 0 || (!len_is_null && len < 0)) {
-		mblen = mb_get_strlen(str, enc);
+		if (enc->mblen_table) {
+			/* Because we use the `mblen_table` when iterating over the string and
+			 * extracting the requested part, we also need to use it here for counting
+			 * the "length" of the string
+			 * Otherwise, we can get wrong results for text encodings like MacJapanese,
+			 * where one native 'character' can map to a sequence of several codepoints */
+			const unsigned char *mbtab = enc->mblen_table;
+			unsigned char *p = (unsigned char*)ZSTR_VAL(str), *e = p + ZSTR_LEN(str);
+			while (p < e) {
+				p += mbtab[*p];
+				mblen++;
+			}
+		} else {
+			mblen = mb_get_strlen(str, enc);
+		}
 	}
 
 	/* if "from" position is negative, count start position from the end

ext/mbstring/tests/mb_str_split_jp.phpt

@@ -80,6 +80,23 @@ foreach (['SJIS', 'SJIS-2004', 'MacJapanese', 'SJIS-Mobile#DOCOMO', 'SJIS-Mobile
     echo "$encoding: [" . implode(', ', array_map('bin2hex', $array)) . "]\n";
 }
 
+/*
+Some MacJapanese characters map to a sequence of several Unicode codepoints. Examples:
+
+0x85AB  0xF862+0x0058+0x0049+0x0049+0x0049  # roman numeral thirteen
+0x85AC  0xF861+0x0058+0x0049+0x0056 # roman numeral fourteen
+0x85AD  0xF860+0x0058+0x0056    # roman numeral fifteen
+0x85BF  0xF862+0x0078+0x0069+0x0069+0x0069  # small roman numeral thirteen
+0x85C0  0xF861+0x0078+0x0069+0x0076 # small roman numeral fourteen
+0x85C1  0xF860+0x0078+0x0076    # small roman numeral fifteen
+
+Even though they map to multiple codepoints, mb_str_split treats these as ONE character each
+*/
+
+echo "== MacJapanese characters which map to 3-5 codepoints each ==\n";
+echo "[", implode(', ', array_map('bin2hex', mb_str_split("abc\x85\xAB\x85\xAC\x85\xAD", 1, 'MacJapanese'))), "]\n";
+echo "[", implode(', ', array_map('bin2hex', mb_str_split("abc\x85\xBF\x85\xC0\x85\xC1", 2, 'MacJapanese'))), "]\n";
+
 ?>
 --EXPECT--
 BIG-5: a4e9 a5bb
@@ -104,3 +121,6 @@ SJIS-Mobile#KDDI: [80a1, 6162, 6380, a1]
 SJIS-Mobile#KDDI: [6162, 63fd, feff, 6162, fdfe, ff]
 SJIS-Mobile#SoftBank: [80a1, 6162, 6380, a1]
 SJIS-Mobile#SoftBank: [6162, 63fd, feff, 6162, fdfe, ff]
+== MacJapanese characters which map to 3-5 codepoints each ==
+[61, 62, 63, 85ab, 85ac, 85ad]
+[6162, 6385bf, 85c085c1]

ext/mbstring/tests/mb_strlen.phpt

@@ -93,7 +93,7 @@ try {
 6
 == MacJapanese ==
 2
-6
+7
 == SJIS-2004 ==
 2
 6

ext/mbstring/tests/mb_substr.phpt

@@ -64,6 +64,16 @@ echo "SJIS-Mobile#SoftBank:\n";
 print bin2hex(mb_substr("\x80abc\x80\xA1", 3, 2, 'SJIS-Mobile#SoftBank')) . "\n";
 print bin2hex(mb_substr("\x80abc\x80\xA1", 0, 3, 'SJIS-Mobile#SoftBank')) . "\n";
 
+echo "-- Testing MacJapanese characters which map to 3-5 codepoints each --\n";
+
+/* There are many characters in MacJapanese which map to sequences of several codepoints */
+print bin2hex(mb_substr("abc\x85\xAB\x85\xAC\x85\xAD", 0, 3, 'MacJapanese')) . "\n";
+print bin2hex(mb_substr("abc\x85\xAB\x85\xAC\x85\xAD", 3, 2, 'MacJapanese')) . "\n";
+print bin2hex(mb_substr("abc\x85\xAB\x85\xAC\x85\xAD", -2, 1, 'MacJapanese')) . "\n";
+print bin2hex(mb_substr("abc\x85\xBF\x85\xC0\x85\xC1", 0, 3, 'MacJapanese')) . "\n";
+print bin2hex(mb_substr("abc\x85\xBF\x85\xC0\x85\xC1", 3, 2, 'MacJapanese')) . "\n";
+print bin2hex(mb_substr("abc\x85\xBF\x85\xC0\x85\xC1", -2, 1, 'MacJapanese')) . "\n";
+
 echo "ISO-2022-JP:\n";
 print "1: " . bin2hex(mb_substr($iso2022jp, 0, 3, 'ISO-2022-JP')) . "\n";
 print "2: " . bin2hex(mb_substr($iso2022jp, -1, null, 'ISO-2022-JP')) . "\n";
@@ -145,6 +155,13 @@ SJIS-Mobile#KDDI:
 SJIS-Mobile#SoftBank:
 6380
 806162
+-- Testing MacJapanese characters which map to 3-5 codepoints each --
+616263
+85ab85ac
+85ac
+616263
+85bf85c0
+85c0
 ISO-2022-JP:
 1: 1b2442212121721b284241
 2: 43

sapi/phpdbg/phpdbg.c

@@ -1378,6 +1378,8 @@ int main(int argc, char **argv) /* {{{ */
 					get_zend_version()
 				);
 			}
+			PHPDBG_G(flags) |= PHPDBG_IS_QUITTING;
+			php_module_shutdown();
 			sapi_deactivate();
 			sapi_shutdown();
 			php_ini_builder_deinit(&ini_builder);