[packages/php/PHP_7_1] Rel 16; Don't corrupt memory by freeing too much.

Thu Jun 13 19:44:24 CEST 2024

commit 9e4bdccc7067690b81ed55e74ff421a1a4cd89be
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Jun 13 19:22:58 2024 +0200

    Rel 16; Don't corrupt memory by freeing too much.
    
    To reproduce before this fix:
    php-7.1.33]$ make -j10 && USE_ZEND_ALLOC=0 valgrind --leak-check=full \
    ./sapi/cli/.libs/php  -r 'var_dump(array(get_cfg_var("cfg_file_path"),php_ini_loaded_file()));'

 php-sapi-ini-file.patch | 48 +++++++++++++++++++++++-------------------------
 php.spec                |  2 +-
 2 files changed, 24 insertions(+), 26 deletions(-)
---

diff --git a/php.spec b/php.spec
index b190002..dd42b19 100644
--- a/php.spec
+++ b/php.spec
@@ -151,7 +151,7 @@ Summary(ru.UTF-8):	PHP Версии 7 - язык препроцессирова
 Summary(uk.UTF-8):	PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
 Version:	7.1.33
-Release:	15
+Release:	16
 Epoch:		4
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
diff --git a/php-sapi-ini-file.patch b/php-sapi-ini-file.patch
index d18142a..876ba7f 100644
--- a/php-sapi-ini-file.patch
+++ b/php-sapi-ini-file.patch
@@ -1,11 +1,6 @@
-to test which is main php.ini:
-$ php -r 'var_dump(array(get_cfg_var("cfg_file_path"),php_ini_loaded_file()));'
-
-https://github.com/pld-linux/php/commit/762ec2e
-
---- php-7.0.0RC6.orig/main/php_ini.c	2015-11-10 23:58:52.227101032 +0200
-+++ php-7.0.0RC6/main/php_ini.c	2015-11-11 00:01:43.502674750 +0200
-@@ -375,12 +375,19 @@
+--- php-7.1.33.org/main/php_ini.c	2019-10-22 19:00:03.000000000 +0200
++++ php-7.1.33.new/main/php_ini.c	2024-06-13 19:13:23.976364417 +0200
+@@ -377,12 +377,19 @@ static void php_load_zend_extension_cb(v
  }
  /* }}} */
  
@@ -25,7 +20,7 @@ https://github.com/pld-linux/php/commit/762ec2e
  	int php_ini_scanned_path_len;
  	char *open_basedir;
  	int free_ini_search_path = 0;
-@@ -557,8 +564,26 @@
+@@ -559,8 +566,28 @@ int php_init_config(void)
  				}
  			}
  		}
@@ -34,7 +29,8 @@ https://github.com/pld-linux/php/commit/762ec2e
 +			fh.handle.fp = php_fopen_with_path("php.ini", "r", php_ini_search_path, &opened_path);
 +			if (fh.handle.fp) {
 +				fh.filename = ZSTR_VAL(opened_path);
-+
+ 
+-		/* Otherwise search for php-%sapi-module-name%.ini file in search path */
 +				// parse the ini file now
 +				PG(open_basedir) = open_basedir;
 +				fh.type = ZEND_HANDLE_FP;
@@ -42,18 +38,19 @@ https://github.com/pld-linux/php/commit/762ec2e
 +				open_basedir = PG(open_basedir);
 +				PG(open_basedir) = NULL;
 +				fh.handle.fp = NULL;
-+
 +				php_ini_loaded_file = estrdup(fh.filename);
 +				fh.filename = NULL;
++				// opened_path no longer needed as we will use php_ini_loaded_file
++				zend_string_release(opened_path);
++				opened_path = NULL;
 +			}
 +		}
- 
--		/* Otherwise search for php-%sapi-module-name%.ini file in search path */
++
 +		/* Also search for php-%sapi-module-name%.ini file in search path */
  		if (!fh.handle.fp) {
  			const char *fmt = "php-%s.ini";
  			char *ini_fname;
-@@ -568,15 +593,8 @@
+@@ -570,15 +597,8 @@ int php_init_config(void)
  			if (fh.handle.fp) {
  				fh.filename = ZSTR_VAL(opened_path);
  			}
@@ -70,7 +67,7 @@ https://github.com/pld-linux/php/commit/762ec2e
  	}
  
  	if (free_ini_search_path) {
-@@ -593,14 +611,28 @@
+@@ -595,14 +615,30 @@ int php_init_config(void)
  
  		{
  			zval tmp;
@@ -79,28 +76,29 @@ https://github.com/pld-linux/php/commit/762ec2e
 +			// test with:
 +			// php -r 'var_dump(array(get_cfg_var("cfg_file_path"),php_ini_loaded_file()));'
 +			if (php_ini_loaded_file) {
-+				if (fh.filename) {
-+					efree((char *)fh.filename);
-+				}
 +				fh.filename = php_ini_loaded_file;
 +			}
  
  			ZVAL_NEW_STR(&tmp, zend_string_init(fh.filename, strlen(fh.filename), 1));
  			zend_hash_str_update(&configuration_hash, "cfg_file_path", sizeof("cfg_file_path")-1, &tmp);
- 			if (opened_path) {
- 				zend_string_release(opened_path);
--			} else {
++
++			if (php_ini_loaded_file) {
++				// free our fh.filename main ini duplicate
++				efree((char *)php_ini_loaded_file);
 +			}
 +
-+			if (fh.filename) {
+ 			if (opened_path) {
++				// free php_fopen_with_path allocated area
+ 				zend_string_release(opened_path);
+ 			} else {
++				// free expand_filepath allocated area
  				efree((char *)fh.filename);
-+				fh.filename = NULL;
  			}
 +
  			php_ini_opened_path = zend_strndup(Z_STRVAL(tmp), Z_STRLEN(tmp));
  		}
  	}
-@@ -624,13 +656,15 @@
+@@ -626,13 +662,15 @@ int php_init_config(void)
  		zend_llist scanned_ini_list;
  		zend_llist_element *element;
  		int l, total_l = 0;
@@ -117,7 +115,7 @@ https://github.com/pld-linux/php/commit/762ec2e
  		for (debpath = bufpath ; debpath ; debpath=endpath) {
  			endpath = strchr(debpath, DEFAULT_DIR_SEPARATOR);
  			if (endpath) {
-@@ -643,7 +677,7 @@
+@@ -645,7 +683,7 @@ int php_init_config(void)
  			}
  			lenpath = (int)strlen(debpath);
  
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/9e4bdccc7067690b81ed55e74ff421a1a4cd89be

