5.4.0rc7

smalyshev · smalyshev · commit db1700c71cf8 · 2012-02-02T17:31:05.000Z
diff --git a/NEWS b/NEWS
@@ -1,5 +1,7 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+?? Feb 2012, PHP 5.4.0 RC 8
+
 02 Feb 2012, PHP 5.4.0 RC 7
 - Core:
   . Fix bug #60895 (Possible invalid handler usage in windows random
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -1177,7 +1177,11 @@ php_mysqlnd_rset_field_read(void * _packet, MYSQLND_CONN_DATA * conn TSRMLS_DC)
 		BAIL_IF_NO_MORE_DATA;
 	}
 
-	/* 1 byte filler */
+	/* 1 byte length */
+	if (12 != *p) {
+		DBG_ERR_FMT("Protocol error. Server sent false length. Expected 12 got %d", (int) *p);
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Protocol error. Server sent false length. Expected 12");
+	}
 	p++;
 	BAIL_IF_NO_MORE_DATA;
 
diff --git a/main/php_variables.c b/main/php_variables.c
@@ -57,7 +57,7 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 {
 	char *p = NULL;
 	char *ip;		/* index pointer */
-	char *index, *escaped_index = NULL;
+	char *index;
 	char *var, *var_orig;
 	int var_len, index_len;
 	zval *gpc_element, **gpc_element_p;
@@ -174,26 +174,28 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 			if (!index) {
 				MAKE_STD_ZVAL(gpc_element);
 				array_init(gpc_element);
-				zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+				if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+					zval_ptr_dtor(&gpc_element);
+					zval_dtor(val);
+					free_alloca(var_orig, use_heap);
+					return;
+				}
 			} else {
-				escaped_index = index;
-				if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
+				if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE
 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
 					if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
 						if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
 							php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
 						}
 						MAKE_STD_ZVAL(gpc_element);
 						array_init(gpc_element);
-						zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+						zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 					} else {
+						zval_dtor(val);
 						free_alloca(var_orig, use_heap);
 						return;
 					}
 				}
-				if (index != escaped_index) {
-					efree(escaped_index);
-				}
 			}
 			symtable1 = Z_ARRVAL_PP(gpc_element_p);
 			/* ip pointed to the '[' character, now obtain the key */
@@ -214,9 +216,10 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 		gpc_element->value = val->value;
 		Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
 		if (!index) {
-			zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+			if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
+				zval_ptr_dtor(&gpc_element);
+			}
 		} else {
-			escaped_index = index;
 			/* 
 			 * According to rfc2965, more specific paths are listed above the less specific ones.
 			 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
@@ -225,21 +228,18 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
 			 */
 			if (PG(http_globals)[TRACK_VARS_COOKIE] &&
 				symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) &&
-				zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
+				zend_symtable_exists(symtable1, index, index_len + 1)) {
 				zval_ptr_dtor(&gpc_element);
 			} else {
 				if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
 					if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
 						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
 					}
-					zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+					zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
 				} else {
 					zval_ptr_dtor(&gpc_element);
 				}
 			}
-			if (escaped_index != index) {
-				efree(escaped_index);
-			}
 		}
 	}
 	free_alloca(var_orig, use_heap);
