Merge branch 'master' into sccp

* master: (37 commits)
  #73594 tests only check the extra params if dns_get_record is successful
  Fixed bug #74852 (property_exists returns true on unknown DateInterval property)
  fix uninitialized var
  fix comparison warning
  comply with POSIX signature
  fix warning
  remove some casts
  cleanup casts
  remove useless cast
  eliminate casts
  sync vim mode lines in main
  [ci skip] update NEWS
  [ci skip] update NEWS
  [ci skip] update NEWS
  Fixed bug #74883 SQLite3::__construct() produces "out of memory" exception with invalid flags
  Silent compiler warning
  Fix test
  Deprecated the read_exif_data() alias
  Add myself as exif maintainer
  update libs versions
  ...

Author: dstogov

EXTENSIONS

@@ -269,7 +269,7 @@ STATUS:              Working
 SINCE:               5.3
 -------------------------------------------------------------------------------
 EXTENSION:           exif
-PRIMARY MAINTAINER:  Marcus Boerger <helly@php.net>
+PRIMARY MAINTAINER:  Kalle Sommer Nielsen <kalle@php.net>
 MAINTENANCE:         Maintained
 STATUS:              Working
 SINCE:               4.2

NEWS

@@ -9,6 +9,21 @@ PHP                                                                        NEWS
     unserialize). (Nikita)
   . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
     php_parse_date()). (Derick)
+  . Fixed bug #74878 (Data race in ZTS builds). (Nikita)
+
+- Date:
+  . Fixed bug #74852 (property_exists returns true on unknown DateInterval 
+    property). (jhdxr)	
+
+- EXIF:
+  . Deprecated the read_exif_data() alias. (Kalle)
+  . Fixed bug #74428 (exif_read_data(): "Illegal IFD size" warning occurs with 
+    correct exif format). (bradpiccho at gmail dot com, Kalle)
+  . Fixed bug #72819 (EXIF thumbnails not read anymore). (Kalle)
+  . Fixed bug #62523 (php crashes with segfault when exif_read_data called). 
+    (Kalle)
+  . Fixed bug #50660 (exif_read_data(): Illegal IFD offset (works fine with 
+    other exif readers). (skinny dot bravo at gmail dot com, Kalle)
 
 - GD:
   . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
@@ -25,6 +40,10 @@ PHP                                                                        NEWS
   . Fixed bug #74873 (Minor BC break: PCRE_JIT changes output of preg_match()).
     (Dmitry)
 
+- SQLite3:
+  . Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception
+    with invalid flags). (Anatol)
+
 06 Jul 2017, PHP 7.2.0alpha3
 
 - Core:
@@ -229,6 +248,8 @@ PHP                                                                        NEWS
   . Fixed bug #73961 (environmental build dependency in hash sha3 source).
     (krakjoe)
   . Changed HashContext from resource to object. (Rouven Weßling, Sara)
+  . Disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2.
+    (Andrey Andreev, Nikita)
 
 - intl:
   . Fixed bug #74433 (wrong reflection for Normalizer methods). (villfa)

UPGRADING

@@ -49,8 +49,8 @@ PHP 7.2 UPGRADE NOTES
     example `bcmod('4', '3.5')` now returns '0.5' instead of '1'.
 
 - Hash:
-  . The hash_hmac(), hash_hmac_file() and hash_pbkdf2() functions no longer
-    accept non-cryptographic hashes.
+  . The hash_hmac(), hash_hmac_file(), hash_pbkdf2() and hash_init() (with
+    HASH_HMAC) functions no longer accept non-cryptographic hashes.
 
 - JSON
   . The json_decode() option JSON_OBJECT_AS_ARRAY is used if the second
@@ -164,6 +164,9 @@ PHP 8.0.
   . The create_function() function has been deprecated, use anonymous functions
     instead.
   . The each() function has been deprecated, use a foreach loop instead.
+  
+- EXIF:
+  . The read_exif_data() alias have been deprecated, use exif_read_data() instead.
 
 - GD:
   . png2wbmp() and jpeg2wbmp() have been deprecated.

Zend/zend_API.c

@@ -3742,6 +3742,10 @@ ZEND_API int zend_declare_property_ex(zend_class_entry *ce, zend_string *name, z
 				break;
 		}
 	}
+
+	/* Must be interned to avoid ZTS data races */
+	name = zend_new_interned_string(zend_string_copy(name));
+
 	if (access_type & ZEND_ACC_PUBLIC) {
 		property_info->name = zend_string_copy(name);
 	} else if (access_type & ZEND_ACC_PRIVATE) {

ext/date/php_date.c

@@ -2016,7 +2016,7 @@ static int date_interval_has_property(zval *object, zval *member, int type, void
 	zval *prop;
 	int retval = 0;
 
-	if (Z_TYPE_P(member) != IS_STRING) {
+	if (UNEXPECTED(Z_TYPE_P(member) != IS_STRING)) {
 		ZVAL_COPY(&tmp_member, member);
 		convert_to_string(&tmp_member);
 		member = &tmp_member;
@@ -2032,10 +2032,10 @@ static int date_interval_has_property(zval *object, zval *member, int type, void
 		}
 		return retval;
 	}
-
-	prop = date_interval_read_property(object, member, type, cache_slot, &rv);
-
-	if (prop != NULL) {
+	
+	prop = date_interval_read_property(object, member, BP_VAR_IS, cache_slot, &rv);
+	
+	if (prop != &EG(uninitialized_zval)) {
 		if (type == 2) {
 			retval = 1;
 		} else if (type == 1) {

ext/date/tests/bug74852.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Bug #74852 property_exists returns true on unknown DateInterval property
+--FILE--
+<?php
+
+$interval = new DateInterval('P2D');
+var_dump(property_exists($interval,'abcde'));
+var_dump(isset($interval->abcde));
+var_dump($interval->abcde);
+
+?>
+--EXPECTF--
+bool(false)
+bool(false)
+
+Notice: Undefined property: DateInterval::$abcde in %s on line %d
+NULL

ext/exif/exif.c

@@ -120,7 +120,7 @@ ZEND_END_ARG_INFO()
  */
 const zend_function_entry exif_functions[] = {
 	PHP_FE(exif_read_data, arginfo_exif_read_data)
-	PHP_FALIAS(read_exif_data, exif_read_data, arginfo_exif_read_data)
+	PHP_DEP_FALIAS(read_exif_data, exif_read_data, arginfo_exif_read_data)
 	PHP_FE(exif_tagname, arginfo_exif_tagname)
 	PHP_FE(exif_thumbnail, arginfo_exif_thumbnail)
 	PHP_FE(exif_imagetype, arginfo_exif_imagetype)
@@ -1340,8 +1340,10 @@ typedef enum mn_byte_order_t {
 
 typedef enum mn_offset_mode_t {
 	MN_OFFSET_NORMAL,
-	MN_OFFSET_MAKER,
-	MN_OFFSET_GUESS
+	MN_OFFSET_MAKER
+#ifdef KALLE_0
+	, MN_OFFSET_GUESS
+#endif
 } mn_offset_mode_t;
 
 typedef struct {
@@ -1357,7 +1359,7 @@ typedef struct {
 
 /* Remember to update PHP_MINFO if updated */
 static const maker_note_type maker_note_array[] = {
-  { tag_table_VND_CANON,     "Canon",                   NULL,  NULL,							 0,  0,  MN_ORDER_INTEL,    MN_OFFSET_GUESS},
+  { tag_table_VND_CANON,     "Canon",                   NULL,  NULL,							 0,  0,  MN_ORDER_INTEL,    MN_OFFSET_NORMAL},
   { tag_table_VND_CASIO,     "CASIO",                   NULL,  NULL,							 0,  0,  MN_ORDER_MOTOROLA, MN_OFFSET_NORMAL},
   { tag_table_VND_FUJI,      "FUJIFILM",                NULL,  "FUJIFILM\x0C\x00\x00\x00",		 12, 12, MN_ORDER_INTEL,    MN_OFFSET_MAKER},
   { tag_table_VND_NIKON,     "NIKON",                   NULL,  "Nikon\x00\x01\x00",				 8,  8,  MN_ORDER_NORMAL,   MN_OFFSET_NORMAL},
@@ -2677,7 +2679,7 @@ static void exif_process_SOFn (uchar *Data, int marker, jpeg_sof_info *result)
 /* }}} */
 
 /* forward declarations */
-static int exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start, char *offset_base, size_t IFDlength, size_t displacement, int section_index);
+static int exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start, char *offset_base, size_t IFDlength, size_t displacement, int section_index, int tag);
 static int exif_process_IFD_TAG(    image_info_type *ImageInfo, char *dir_entry, char *offset_base, size_t IFDlength, size_t displacement, int section_index, int ReadNextIFD, tag_table_type tag_table);
 
 /* {{{ exif_get_markername
@@ -3118,7 +3120,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 {
 	size_t i;
 	int de, section_index = SECTION_MAKERNOTE;
-	int NumDirEntries, old_motorola_intel, offset_diff;
+	int NumDirEntries, old_motorola_intel;
+#ifdef KALLE_0
+	int offset_diff;
+#endif
 	const maker_note_type *maker_note;
 	char *dir_start;
 
@@ -3176,6 +3181,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 		case MN_OFFSET_MAKER:
 			offset_base = value_ptr;
 			break;
+#ifdef KALLE_0
 		case MN_OFFSET_GUESS:
 			if (maker_note->offset + 10 + 4 >= value_len) {
 				/* Can not read dir_start+10 since it's beyond value end */
@@ -3192,6 +3198,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 			}
 			offset_base = value_ptr + offset_diff;
 			break;
+#endif
 		default:
 		case MN_OFFSET_NORMAL:
 			break;
@@ -3524,7 +3531,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
 						exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD Pointer");
 						return FALSE;
 					}
-					if (!exif_process_IFD_in_JPEG(ImageInfo, Subdir_start, offset_base, IFDlength, displacement, sub_section_index)) {
+					if (!exif_process_IFD_in_JPEG(ImageInfo, Subdir_start, offset_base, IFDlength, displacement, sub_section_index, tag)) {
 						return FALSE;
 					}
 #ifdef EXIF_DEBUG
@@ -3541,19 +3548,19 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
 
 /* {{{ exif_process_IFD_in_JPEG
  * Process one of the nested IFDs directories. */
-static int exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start, char *offset_base, size_t IFDlength, size_t displacement, int section_index)
+static int exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start, char *offset_base, size_t IFDlength, size_t displacement, int section_index, int tag)
 {
 	int de;
 	int NumDirEntries;
-	int NextDirOffset;
+	int NextDirOffset = 0;
 
 #ifdef EXIF_DEBUG
 	exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Process %s (x%04X(=%d))", exif_get_sectionname(section_index), IFDlength, IFDlength);
 #endif
 
 	ImageInfo->sections_found |= FOUND_IFD0;
 
-	if ((dir_start + 2) >= (offset_base+IFDlength)) {
+	if ((dir_start + 2) > (offset_base+IFDlength)) {
 		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size");
 		return FALSE;
 	}
@@ -3581,11 +3588,15 @@ static int exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start,
 	 * Hack to make it process IDF1 I hope
 	 * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202) to the thumbnail
 	 */
-	if ((dir_start+2+12*de + 4) >= (offset_base+IFDlength)) {
+	if ((dir_start+2+12*de + 4) > (offset_base+IFDlength)) {
 		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size");
 		return FALSE;
 	}
-	NextDirOffset = php_ifd_get32u(dir_start+2+12*de, ImageInfo->motorola_intel);
+
+	if (tag != TAG_EXIF_IFD_POINTER && tag != TAG_GPS_IFD_POINTER) {
+		NextDirOffset = php_ifd_get32u(dir_start+2+12*de, ImageInfo->motorola_intel);
+	}
+
 	if (NextDirOffset) {
 		/* the next line seems false but here IFDlength means length of all IFDs */
 		if (offset_base + NextDirOffset < offset_base || offset_base + NextDirOffset > offset_base+IFDlength) {
@@ -3596,7 +3607,7 @@ static int exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start,
 #ifdef EXIF_DEBUG
 		exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Expect next IFD to be thumbnail");
 #endif
-		if (exif_process_IFD_in_JPEG(ImageInfo, offset_base + NextDirOffset, offset_base, IFDlength, displacement, SECTION_THUMBNAIL)) {
+		if (exif_process_IFD_in_JPEG(ImageInfo, offset_base + NextDirOffset, offset_base, IFDlength, displacement, SECTION_THUMBNAIL, 0)) {
 #ifdef EXIF_DEBUG
 			exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Thumbnail size: 0x%04X", ImageInfo->Thumbnail.size);
 #endif
@@ -3651,7 +3662,7 @@ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf,
 
 	ImageInfo->sections_found |= FOUND_IFD0;
 	/* First directory starts at offset 8. Offsets starts at 0. */
-	exif_process_IFD_in_JPEG(ImageInfo, CharBuf+offset_of_ifd, CharBuf, length/*-14*/, displacement, SECTION_IFD0);
+	exif_process_IFD_in_JPEG(ImageInfo, CharBuf+offset_of_ifd, CharBuf, length/*-14*/, displacement, SECTION_IFD0, 0);
 
 #ifdef EXIF_DEBUG
 	exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Process TIFF in JPEG done");

ext/exif/tests/bug50660/bug50660-1.jpg

@@ -0,0 +1,19 @@
+--TEST--
+Bug #50660 (exif_read_data(): Illegal IFD offset (works fine with other exif readers))
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--INI--
+output_handler=
+zlib.output_compression=0 
+--FILE--
+<?php
+$infile = dirname(__FILE__).'/bug50660-1.jpg';
+var_dump(exif_read_data($infile) !== false);
+$infile = dirname(__FILE__).'/bug50660-2.jpg';
+var_dump(exif_read_data($infile) !== false);
+?>
+===DONE===
+--EXPECT--
+bool(true)
+bool(true)
+===DONE===

ext/exif/tests/bug50660/bug50660-2.jpg

@@ -7,12 +7,10 @@ extension_loaded("exif") or die("skip need exif");
 --FILE--
 <?php
 echo "Test\n";
-var_dump(exif_read_data(__DIR__."/bug62523_1.jpg"));
+var_dump(count(exif_read_data(__DIR__."/bug62523_1.jpg")));
 ?>
 Done
---EXPECTF--
+--EXPECT--
 Test
-
-Warning: exif_read_data(bug62523_1.jpg): File not supported in %sbug62523_1.php on line %d
-bool(false)
+int(86)
 Done

ext/exif/tests/bug50660/bug50660.phpt

@@ -10,9 +10,7 @@ echo "Test\n";
 var_dump(count(exif_read_data(__DIR__."/bug62523_2.jpg")));
 ?>
 Done
---EXPECTF--
+--EXPECT--
 Test
-
-Warning: exif_read_data(bug62523_2.jpg): IFD data bad offset: 0xADB23672 length 0x0D94 in %s%ebug62523_2.php on line %d
-int(30)
+int(76)
 Done

ext/exif/tests/bug62523_1.jpg

@@ -0,0 +1,16 @@
+--TEST--
+Bug #72819 (EXIF thumbnails not read anymore)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--INI--
+output_handler=
+zlib.output_compression=0 
+--FILE--
+<?php
+$infile = dirname(__FILE__).'/bug72819.jpg';
+var_dump(strlen(exif_thumbnail($infile)));
+?>
+===DONE===
+--EXPECT--
+int(5448)
+===DONE===

ext/exif/tests/bug62523_1.phpt

@@ -0,0 +1,16 @@
+--TEST--
+Bug #73115 (exif_read_data triggers warning on reading binary strings)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--INI--
+output_handler=
+zlib.output_compression=0 
+--FILE--
+<?php
+$infile = dirname(__FILE__).'/bug73115.JPG';
+var_dump(count(exif_read_data($infile)));
+?>
+===DONE===
+--EXPECT--
+int(80)
+===DONE===

ext/exif/tests/bug62523_2.phpt

@@ -0,0 +1,50 @@
+--TEST--
+Bug #74428 (exif_read_data(): "Illegal IFD size" warning occurs with correct exif format)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--INI--
+output_handler=
+zlib.output_compression=0 
+--FILE--
+<?php
+$infile = dirname(__FILE__).'/bug74428.jpg';
+var_dump(exif_read_data($infile));
+?>
+===DONE===
+--EXPECTF--
+array(11) {
+  ["FileName"]=>
+  string(12) "bug74428.jpg"
+  ["FileDateTime"]=>
+  int(%d)
+  ["FileSize"]=>
+  int(1902)
+  ["FileType"]=>
+  int(2)
+  ["MimeType"]=>
+  string(10) "image/jpeg"
+  ["SectionsFound"]=>
+  string(19) "ANY_TAG, IFD0, EXIF"
+  ["COMPUTED"]=>
+  array(5) {
+    ["html"]=>
+    string(22) "width="88" height="28""
+    ["Height"]=>
+    int(28)
+    ["Width"]=>
+    int(88)
+    ["IsColor"]=>
+    int(1)
+    ["ByteOrderMotorola"]=>
+    int(0)
+  }
+  ["Orientation"]=>
+  int(1)
+  ["Exif_IFD_Pointer"]=>
+  int(38)
+  ["ExifImageWidth"]=>
+  int(88)
+  ["ExifImageLength"]=>
+  int(28)
+}
+===DONE===