[packages/php/PHP_7_0] - rel 2; fixes segfault introduced in 7.0.26 - https://bugs.php.net/bug.php?id=75573
arekm
arekm at pld-linux.org
Wed Dec 6 10:58:30 CET 2017
commit 676471797993311228e1da017c0603472d6ed25a
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed Dec 6 10:58:23 2017 +0100
- rel 2; fixes segfault introduced in 7.0.26 - https://bugs.php.net/bug.php?id=75573
php-bug-75573.patch | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++++
php.spec | 4 +-
2 files changed, 124 insertions(+), 1 deletion(-)
---
diff --git a/php.spec b/php.spec
index 949ae88..b6b3d35 100644
--- a/php.spec
+++ b/php.spec
@@ -150,7 +150,7 @@ Summary(ru.UTF-8): PHP Версии 7 - язык препроцессирова
Summary(uk.UTF-8): PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
Name: %{orgname}%{php_suffix}
Version: 7.0.26
-Release: 1
+Release: 2
Epoch: 4
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
@@ -216,6 +216,7 @@ Patch68: php-mysql-ssl-context.patch
Patch70: mysqlnd-ssl.patch
Patch71: libdb-info.patch
Patch72: phar-hash-shared.patch
+Patch73: php-bug-75573.patch
URL: http://php.net/
%{?with_interbase:%{!?with_interbase_inst:BuildRequires: Firebird-devel >= 1.0.2.908-2}}
%{?with_pspell:BuildRequires: aspell-devel >= 2:0.50.0}
@@ -2008,6 +2009,7 @@ cp -p php.ini-production php.ini
%patch70 -p1
%patch71 -p1
%patch72 -p1
+%patch73 -p1
%{__sed} -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
diff --git a/php-bug-75573.patch b/php-bug-75573.patch
new file mode 100644
index 0000000..f111593
--- /dev/null
+++ b/php-bug-75573.patch
@@ -0,0 +1,121 @@
+commit d4dee4a6144ff12c6ac4b29968dda13eda406011
+Author: Xinchen Hui <laruence at gmail.com>
+Date: Wed Nov 29 14:46:21 2017 +0800
+
+ Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
+
+ (cherry picked from commit 3b9ba7b6bd9e24bdbeca8e8e3f24cee2fccc51d8)
+
+diff --git a/Zend/tests/bug75573.phpt b/Zend/tests/bug75573.phpt
+new file mode 100644
+index 0000000000..476ff6e6cf
+--- /dev/null
++++ b/Zend/tests/bug75573.phpt
+@@ -0,0 +1,64 @@
++--TEST--
++Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
++--FILE--
++<?php
++
++class A
++{
++ var $_stdObject;
++ function initialize($properties = FALSE) {
++ $this->_stdObject = $properties ? (object) $properties : new stdClass();
++ parent::initialize();
++ }
++ function &__get($property)
++ {
++ if (isset($this->_stdObject->{$property})) {
++ $retval =& $this->_stdObject->{$property};
++ return $retval;
++ } else {
++ return NULL;
++ }
++ }
++ function &__set($property, $value)
++ {
++ return $this->_stdObject->{$property} = $value;
++ }
++ function __isset($property_name)
++ {
++ return isset($this->_stdObject->{$property_name});
++ }
++}
++
++class B extends A
++{
++ function initialize($properties = array())
++ {
++ parent::initialize($properties);
++ }
++ function &__get($property)
++ {
++ if (isset($this->settings) && isset($this->settings[$property])) {
++ $retval =& $this->settings[$property];
++ return $retval;
++ } else {
++ return parent::__get($property);
++ }
++ }
++}
++
++$b = new B();
++$b->settings = [ "foo" => "bar", "name" => "abc" ];
++var_dump($b->name);
++var_dump($b->settings);
++?>
++--EXPECTF--
++Warning: Creating default object from empty value in %sbug75573.php on line %d
++
++Notice: Only variable references should be returned by reference in %sbug75573.php on line %d
++string(3) "abc"
++array(2) {
++ ["foo"]=>
++ string(3) "bar"
++ ["name"]=>
++ string(3) "abc"
++}
+diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
+index 3b86a1a6eb..54f093ae10 100644
+--- a/Zend/zend_object_handlers.c
++++ b/Zend/zend_object_handlers.c
+@@ -602,13 +602,13 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_
+ zval_ptr_dtor(&tmp_object);
+ goto exit;
+ } else {
+- zval_ptr_dtor(&tmp_object);
+ if (Z_STRVAL_P(member)[0] == '\0') {
+ if (Z_STRLEN_P(member) == 0) {
+ zend_throw_error(NULL, "Cannot access empty property");
+ retval = &EG(uninitialized_zval);
+ goto exit;
+ } else {
++ zval_ptr_dtor(&tmp_object);
+ zend_throw_error(NULL, "Cannot access property started with '\\0'");
+ retval = &EG(uninitialized_zval);
+ goto exit;
+commit 0eb262eacb834c15c669cee19051f07bdc48ddd3
+Author: Anatol Belski <ab at php.net>
+Date: Mon Dec 4 14:11:40 2017 +0100
+
+ Use dtor unconditionally in error case
+
+diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
+index 54f093ae10..791ae1ccfa 100644
+--- a/Zend/zend_object_handlers.c
++++ b/Zend/zend_object_handlers.c
+@@ -603,12 +603,12 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_
+ goto exit;
+ } else {
+ if (Z_STRVAL_P(member)[0] == '\0') {
++ zval_ptr_dtor(&tmp_object);
+ if (Z_STRLEN_P(member) == 0) {
+ zend_throw_error(NULL, "Cannot access empty property");
+ retval = &EG(uninitialized_zval);
+ goto exit;
+ } else {
+- zval_ptr_dtor(&tmp_object);
+ zend_throw_error(NULL, "Cannot access property started with '\\0'");
+ retval = &EG(uninitialized_zval);
+ goto exit;
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/676471797993311228e1da017c0603472d6ed25a
More information about the pld-cvs-commit
mailing list