diff options
| -rw-r--r-- | php-bug75514.patch (renamed from 0001-Fixed-bug-75514-mt_rand-returns-value-outside-min-ma.patch) | 0 | ||||
| -rw-r--r-- | php-bug75573.patch | 107 | ||||
| -rw-r--r-- | php71.spec | 11 |
3 files changed, 115 insertions, 3 deletions
diff --git a/0001-Fixed-bug-75514-mt_rand-returns-value-outside-min-ma.patch b/php-bug75514.patch index c963933..c963933 100644 --- a/0001-Fixed-bug-75514-mt_rand-returns-value-outside-min-ma.patch +++ b/php-bug75514.patch diff --git a/php-bug75573.patch b/php-bug75573.patch new file mode 100644 index 0000000..46cf095 --- /dev/null +++ b/php-bug75573.patch @@ -0,0 +1,107 @@ +From 3b9ba7b6bd9e24bdbeca8e8e3f24cee2fccc51d8 Mon Sep 17 00:00:00 2001 +From: Xinchen Hui <laruence@gmail.com> +Date: Wed, 29 Nov 2017 14:46:21 +0800 +Subject: [PATCH] Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26) + +--- + NEWS | 1 + + Zend/tests/bug75573.phpt | 64 +++++++++++++++++++++++++++++++++++++++++++++ + Zend/zend_object_handlers.c | 10 +++---- + 3 files changed, 69 insertions(+), 6 deletions(-) + create mode 100644 Zend/tests/bug75573.phpt + +diff --git a/Zend/tests/bug75573.phpt b/Zend/tests/bug75573.phpt +new file mode 100644 +index 0000000..476ff6e +--- /dev/null ++++ b/Zend/tests/bug75573.phpt +@@ -0,0 +1,64 @@ ++--TEST-- ++Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26) ++--FILE-- ++<?php ++ ++class A ++{ ++ var $_stdObject; ++ function initialize($properties = FALSE) { ++ $this->_stdObject = $properties ? (object) $properties : new stdClass(); ++ parent::initialize(); ++ } ++ function &__get($property) ++ { ++ if (isset($this->_stdObject->{$property})) { ++ $retval =& $this->_stdObject->{$property}; ++ return $retval; ++ } else { ++ return NULL; ++ } ++ } ++ function &__set($property, $value) ++ { ++ return $this->_stdObject->{$property} = $value; ++ } ++ function __isset($property_name) ++ { ++ return isset($this->_stdObject->{$property_name}); ++ } ++} ++ ++class B extends A ++{ ++ function initialize($properties = array()) ++ { ++ parent::initialize($properties); ++ } ++ function &__get($property) ++ { ++ if (isset($this->settings) && isset($this->settings[$property])) { ++ $retval =& $this->settings[$property]; ++ return $retval; ++ } else { ++ return parent::__get($property); ++ } ++ } ++} ++ ++$b = new B(); ++$b->settings = [ "foo" => "bar", "name" => "abc" ]; ++var_dump($b->name); ++var_dump($b->settings); ++?> ++--EXPECTF-- ++Warning: Creating default object from empty value in %sbug75573.php on line %d ++ ++Notice: Only variable references should be returned by reference in %sbug75573.php on line %d ++string(3) "abc" ++array(2) { ++ ["foo"]=> ++ string(3) "bar" ++ ["name"]=> ++ string(3) "abc" ++} +diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c +index 10045b5..d9ebd84 100644 +--- a/Zend/zend_object_handlers.c ++++ b/Zend/zend_object_handlers.c +@@ -668,13 +668,11 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_ + } + zval_ptr_dtor(&tmp_object); + goto exit; +- } else { ++ } else if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) { + zval_ptr_dtor(&tmp_object); +- if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) { +- zend_throw_error(NULL, "Cannot access property started with '\\0'"); +- retval = &EG(uninitialized_zval); +- goto exit; +- } ++ zend_throw_error(NULL, "Cannot access property started with '\\0'"); ++ retval = &EG(uninitialized_zval); ++ goto exit; + } + } + +-- +2.1.4 + @@ -113,7 +113,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 3%{?dist} +Release: 4%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -170,6 +170,8 @@ Patch48: php-7.1.9-openssl-load-config.patch Patch91: php-5.6.3-oci8conf.patch # Upstream fixes (100+) +Patch100: php-bug75573.patch +Patch101: php-bug75514.patch # Security fixes (200+) @@ -180,7 +182,6 @@ Patch300: php-7.0.10-datetests.patch Patch301: php-7.0.0-oldpcre.patch # WIP -Patch400: 0001-Fixed-bug-75514-mt_rand-returns-value-outside-min-ma.patch BuildRequires: bzip2-devel, curl-devel >= 7.9 BuildRequires: httpd-devel >= 2.0.46-1, pam-devel @@ -1019,6 +1020,8 @@ support for JavaScript Object Notation (JSON) to PHP. %patch91 -p1 -b .remi-oci8 # upstream patches +%patch100 -p1 -b .bug75573 +%patch101 -p1 -b .bug75514 # security patches @@ -1034,7 +1037,6 @@ fi %endif # WIP patch -%patch400 -p1 -bug75514 # Prevent %%doc confusion over LICENSE files cp Zend/LICENSE Zend/ZEND_LICENSE @@ -2057,6 +2059,9 @@ fi %changelog +* Fri Dec 1 2017 Remi Collet <remi@remirepo.net> - 7.1.12-4 +- add upstream patch for https://bugs.php.net/75573 + * Tue Nov 28 2017 Remi Collet <remi@remirepo.net> - 7.1.12-3 - refresh patch for https://bugs.php.net/75514 |