From ab48bc89c5442807407748e9b50952b8a60cf7c4 Mon Sep 17 00:00:00 2001 From: "Holly Li (WIPRO LIMITED)" Date: Wed, 3 Jul 2019 12:05:58 -0700 Subject: [PATCH 1/7] fix tests --- ext/dom/tests/dom005.phpt | 3 +- ext/mysqli/tests/bug68077.phpt | 7 +- ext/mysqli/tests/mysqli_expire_password.phpt | 5 +- .../tests/openssl_error_string_basic.phpt | 80 +++++++++++-------- ext/phar/tests/bug69720.phpt | 3 +- ext/phar/tests/bug77396.phpt | 2 +- ext/phar/tests/create_path_error.phpt | 10 +-- ext/simplexml/tests/008.phpt | 4 +- ext/standard/tests/file/bug41655_1.phpt | 6 ++ .../tests/file/pathinfo_basic1-win32.phpt | 26 +++--- .../tests/file/pathinfo_basic2-win32.phpt | 8 +- ext/standard/tests/serialize/bug64146.phpt | 2 + .../stream_socket_enable_crypto-win32.phpt | 2 + ext/standard/tests/strings/bug65769.phpt | 11 ++- ext/xmlreader/tests/bug64230.phpt | 4 +- 15 files changed, 101 insertions(+), 72 deletions(-) diff --git a/ext/dom/tests/dom005.phpt b/ext/dom/tests/dom005.phpt index 715aec4024..d7e828cc32 100644 --- a/ext/dom/tests/dom005.phpt +++ b/ext/dom/tests/dom005.phpt @@ -5,7 +5,7 @@ Test 5: HTML Test --FILE-- loadHTMLFile(dirname(__FILE__)."/test.html"); +$dom->loadHTMLFile(dirname(__FILE__)."/test.html", LIBXML_NOBLANKS); print "--- save as XML\n"; print adjustDoctype($dom->saveXML()); @@ -16,7 +16,6 @@ print adjustDoctype($dom->saveHTML()); function adjustDoctype($xml) { return str_replace(array("DOCTYPE HTML",'

','

'),array("DOCTYPE html",'',''),$xml); } - --EXPECT-- --- save as XML diff --git a/ext/mysqli/tests/bug68077.phpt b/ext/mysqli/tests/bug68077.phpt index 3b6fa92ae3..639603aa50 100644 --- a/ext/mysqli/tests/bug68077.phpt +++ b/ext/mysqli/tests/bug68077.phpt @@ -17,6 +17,9 @@ if ($msg = check_local_infile_support($link, $engine)) mysqli_close($link); ?> --INI-- +mysqli.allow_local_infile=1 +mysqli.allow_persistent=1 +mysqli.max_persistent=1 open_basedir= --FILE-- query("SELECT 1 FROM DUAL")) printf("[005] [%d] %s\n", $link->errno, $link->error); - if (!$link->query("LOAD DATA LOCAL INFILE '" . __DIR__ . "/bug53503.data' INTO TABLE test")) { + if (!$link->query("LOAD DATA LOCAL INFILE '" . str_replace("\\", "/", __DIR__) . "/bug53503.data' INTO TABLE test")) { printf("[006] [%d] %s\n", $link->errno, $link->error); echo "bug\n"; } else { @@ -74,7 +77,7 @@ $link->close(); unlink('bug53503.data'); ?> ---EXPECTF-- +--EXPECT-- done [006] [2000] open_basedir restriction in effect. Unable to open file done diff --git a/ext/mysqli/tests/mysqli_expire_password.phpt b/ext/mysqli/tests/mysqli_expire_password.phpt index 4fdf902c79..4a3e8836d2 100644 --- a/ext/mysqli/tests/mysqli_expire_password.phpt +++ b/ext/mysqli/tests/mysqli_expire_password.phpt @@ -126,11 +126,10 @@ if (!mysqli_query($link, sprintf("GRANT SELECT ON TABLE %s.test TO expiretest@'% mysqli_query($link, 'DROP USER expiretest@localhost'); ?> --EXPECTF-- - -Warning: mysqli_real_connect(): (HY000/1862): %s in %s on line %d +Warning: mysqli%sconnect(): (HY000/1862): %s in %s on line %d [001] Cannot connect [1862] %s -Warning: mysqli_real_connect(): (HY000/1862): %s in %s on line %d +Warning: mysqli%sconnect(): (HY000/1862): %s in %s on line %d [003] Cannot connect [1862] %s [006] Connect allowed, query fail, [1820] %s [008] Connect allowed, pw set, [0%A diff --git a/ext/openssl/tests/openssl_error_string_basic.phpt b/ext/openssl/tests/openssl_error_string_basic.phpt index 82f3099264..cdf558e9a5 100644 --- a/ext/openssl/tests/openssl_error_string_basic.phpt +++ b/ext/openssl/tests/openssl_error_string_basic.phpt @@ -6,35 +6,46 @@ openssl_error_string() tests 14) { - $error_code = substr($error_string, 6, 8); - if (isset($expected_errors[$error_code])) { - $expected_errors[$error_code] = true; - } - } + $expected_errors = array_fill_keys($expected_error_codes, false); + $all_errors = array(); + while (($error_string = openssl_error_string()) !== false) { + if (preg_match(",.+:([0-9A-F]+):.+,", $error_string, $m) > 0) { + $error_code = $m[1]; + if (isset($expected_errors[$error_code])) { + $expected_errors[$error_code] = true; + } + $all_errors[$error_code] = $error_string; + } else { + $all_errors[] = $error_string; } + } - $fail = false; - foreach ($expected_errors as $error_code => $error_code_found) { - if (!$error_code_found) { - $fail = true; - echo "$name: no error code $error_code\n"; - } - } + $fail = false; + foreach ($expected_errors as $error_code => $error_code_found) { + if (!$error_code_found) { + $fail = true; + echo "$name: no error code $error_code\n"; + } + } - if (!$fail) { - echo "$name: ok\n"; + if (!$fail) { + echo "$name: ok\n"; + } else { + echo "$name: uncaught errors\n"; + foreach ($all_errors as $code => $str) { + if (!isset($expected_errors[$code]) || !$expected_errors[$code]) { + echo "\t", $code, ": ", $str, "\n"; + } } + } } // helper for debugging errors function dump_openssl_errors($name) { - echo "\n$name\n"; - while (($error_string = openssl_error_string()) !== false) { - var_dump($error_string); - } + echo "\n$name\n"; + while (($error_string = openssl_error_string()) !== false) { + var_dump($error_string); + } } // common output file @@ -71,14 +82,17 @@ for ($i = 0; $i < 20; $i++) { } $error_queue_size = 0; while (($enc_error_new = openssl_error_string()) !== false) { - if ($enc_error_new !== $enc_error) { - echo "The new encoding error doesn't match the expected one\n"; - } - ++$error_queue_size; + if ($enc_error_new !== $enc_error) { + echo "The new encoding error doesn't match the expected one\n"; + } + ++$error_queue_size; } var_dump($error_queue_size); echo "\n"; +$is_111 = OPENSSL_VERSION_NUMBER >= 0x10101000; +$err_pem_no_start_line = $is_111 ? '0909006C': '0906D06C'; + // PKEY echo "PKEY errors\n"; // file for pkey (file:///) fails when opennig (BIO_new_file) @@ -86,16 +100,16 @@ echo "PKEY errors\n"; expect_openssl_errors('openssl_pkey_export_to_file opening', ['02001002', '2006D080']); // file or private pkey is not correct PEM - failing PEM_read_bio_PrivateKey @openssl_pkey_export_to_file($csr_file, $output_file); -expect_openssl_errors('openssl_pkey_export_to_file pem', ['0906D06C']); +expect_openssl_errors('openssl_pkey_export_to_file pem', [$err_pem_no_start_line]); // file to export cannot be written @openssl_pkey_export_to_file($private_key_file, $invalid_file_for_write); -expect_openssl_errors('openssl_pkey_export_to_file write', ['2006D002', '09072007']); -// succesful export +expect_openssl_errors('openssl_pkey_export_to_file write', ['2006D002']); +// successful export @openssl_pkey_export($private_key_file_with_pass, $out, 'wrong pwd'); expect_openssl_errors('openssl_pkey_export', ['06065064', '0906A065']); // invalid x509 for getting public key @openssl_pkey_get_public($private_key_file); -expect_openssl_errors('openssl_pkey_get_public', ['0906D06C']); +expect_openssl_errors('openssl_pkey_get_public', [$err_pem_no_start_line]); // private encrypt with unknown padding @openssl_private_encrypt("data", $crypted, $private_key_file, 1000); expect_openssl_errors('openssl_private_encrypt', ['04066076']); @@ -105,7 +119,7 @@ expect_openssl_errors('openssl_private_decrypt', ['04065072']); // public encrypt and decrypt with failed padding check and padding @openssl_public_encrypt("data", $crypted, $public_key_file, 1000); @openssl_public_decrypt("data", $crypted, $public_key_file); -expect_openssl_errors('openssl_private_(en|de)crypt padding', OPENSSL_VERSION_NUMBER < 0x10100000 ? ['0906D06C', '04068076', '0407006A', '04067072'] : ['0906D06C', '04068076', '04067072']); +expect_openssl_errors('openssl_private_(en|de)crypt padding', [$err_pem_no_start_line, '04068076', '04067072']); // X509 echo "X509 errors\n"; @@ -114,7 +128,7 @@ echo "X509 errors\n"; expect_openssl_errors('openssl_x509_export_to_file open', ['02001002']); // file or str cert is not correct PEM - failing PEM_read_bio_X509 or PEM_ASN1_read_bio @openssl_x509_export_to_file($csr_file, $output_file); -expect_openssl_errors('openssl_x509_export_to_file pem', ['0906D06C']); +expect_openssl_errors('openssl_x509_export_to_file pem', [$err_pem_no_start_line]); // file to export cannot be written @openssl_x509_export_to_file($crt_file, $invalid_file_for_write); expect_openssl_errors('openssl_x509_export_to_file write', ['2006D002']); @@ -126,10 +140,10 @@ expect_openssl_errors('openssl_x509_checkpurpose purpose', ['0B086079']); echo "CSR errors\n"; // file for csr (file:///) fails when opennig (BIO_new_file) @openssl_csr_get_subject("file://" . $invalid_file_for_read); -expect_openssl_errors('openssl_csr_get_subject open', ['02001002', '2006D080', '20068079', '0906D06C']); +expect_openssl_errors('openssl_csr_get_subject open', ['02001002', '2006D080']); // file or str csr is not correct PEM - failing PEM_read_bio_X509_REQ @openssl_csr_get_subject($crt_file); -expect_openssl_errors('openssl_csr_get_subjec pem', ['0906D06C']); +expect_openssl_errors('openssl_csr_get_subjec pem', [$err_pem_no_start_line]); // other possible cuases that are difficult to catch: // - ASN1_STRING_to_UTF8 fails in add_assoc_name_entry diff --git a/ext/phar/tests/bug69720.phpt b/ext/phar/tests/bug69720.phpt index 43b701d014..c0f76c7a0e 100644 --- a/ext/phar/tests/bug69720.phpt +++ b/ext/phar/tests/bug69720.phpt @@ -22,10 +22,9 @@ try { } ?> --EXPECTF-- - MY_METADATA_NULL -Warning: file_get_contents(phar:///%s): failed to open stream: phar error: "test.php" is not a file in phar "%s.phar" in %s.php on line %d +Warning: file_get_contents(phar://%s): failed to open stream: phar error: "test.php" is not a file in phar "%s.phar" in %s.php on line %d array(1) { ["whatever"]=> int(123) diff --git a/ext/phar/tests/create_path_error.phpt b/ext/phar/tests/create_path_error.phpt index d457deb22d..3449b07fc6 100644 --- a/ext/phar/tests/create_path_error.phpt +++ b/ext/phar/tests/create_path_error.phpt @@ -75,10 +75,10 @@ string(5) "query" 6: 7: 8: -9:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character -10:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character -11:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character -12:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character -13:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character +9:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character +10:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character +11:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character +12:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character +13:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character Error: Phar::offsetSet() expects parameter 1 to be a valid path, string given===DONE=== diff --git a/ext/simplexml/tests/008.phpt b/ext/simplexml/tests/008.phpt index 8734ba4a46..f6c41f43e5 100644 --- a/ext/simplexml/tests/008.phpt +++ b/ext/simplexml/tests/008.phpt @@ -42,7 +42,5 @@ array(1) { array(0) { } -Warning: SimpleXMLElement::xpath(): Invalid expression in %s on line %d - -Warning: SimpleXMLElement::xpath(): xmlXPathEval: evaluation failed in %s on line %d +Warning: SimpleXMLElement::xpath(): Invalid expression in %s on line %d%A bool(false) diff --git a/ext/standard/tests/file/bug41655_1.phpt b/ext/standard/tests/file/bug41655_1.phpt index 62d64dfb1e..618a04667e 100644 --- a/ext/standard/tests/file/bug41655_1.phpt +++ b/ext/standard/tests/file/bug41655_1.phpt @@ -1,5 +1,11 @@ --TEST-- Bug #41655 (open_basedir bypass via glob()) 1/2 +--SKIPIF-- + --CREDITS-- Dave Kelsey --INI-- diff --git a/ext/standard/tests/file/pathinfo_basic1-win32.phpt b/ext/standard/tests/file/pathinfo_basic1-win32.phpt index 9e84b99790..2adf90bc94 100644 --- a/ext/standard/tests/file/pathinfo_basic1-win32.phpt +++ b/ext/standard/tests/file/pathinfo_basic1-win32.phpt @@ -71,7 +71,7 @@ foreach($paths as $path) { echo "Done\n"; ?> ---EXPECTF-- +--EXPECT-- *** Testing basic functions of pathinfo() *** -- Iteration 1 -- string(0) "" @@ -99,42 +99,42 @@ array(3) { } -- Iteration 3 -- string(2) "c:" -string(2) "c:" +string(1) "c" string(0) "" -string(2) "c:" +string(1) "c" array(3) { ["dirname"]=> string(2) "c:" ["basename"]=> - string(2) "c:" + string(1) "c" ["filename"]=> - string(2) "c:" + string(1) "c" } -- Iteration 4 -- string(3) "c:\" -string(2) "c:" +string(1) "c" string(0) "" -string(2) "c:" +string(1) "c" array(3) { ["dirname"]=> string(3) "c:\" ["basename"]=> - string(2) "c:" + string(1) "c" ["filename"]=> - string(2) "c:" + string(1) "c" } -- Iteration 5 -- string(3) "c:\" -string(2) "c:" +string(1) "c" string(0) "" -string(2) "c:" +string(1) "c" array(3) { ["dirname"]=> string(3) "c:\" ["basename"]=> - string(2) "c:" + string(1) "c" ["filename"]=> - string(2) "c:" + string(1) "c" } -- Iteration 6 -- string(1) "." diff --git a/ext/standard/tests/file/pathinfo_basic2-win32.phpt b/ext/standard/tests/file/pathinfo_basic2-win32.phpt index c88bc25ffc..99c7265a6f 100644 --- a/ext/standard/tests/file/pathinfo_basic2-win32.phpt +++ b/ext/standard/tests/file/pathinfo_basic2-win32.phpt @@ -168,18 +168,18 @@ array(3) { } -- Iteration 9 -- string(3) "c:." -string(11) "c:afile.txt" +string(9) "afile.txt" string(3) "txt" -string(7) "c:afile" +string(5) "afile" array(4) { ["dirname"]=> string(3) "c:." ["basename"]=> - string(11) "c:afile.txt" + string(9) "afile.txt" ["extension"]=> string(3) "txt" ["filename"]=> - string(7) "c:afile" + string(5) "afile" } -- Iteration 10 -- string(12) "..\.\..\test" diff --git a/ext/standard/tests/serialize/bug64146.phpt b/ext/standard/tests/serialize/bug64146.phpt index 18ae78d0ce..21a0200b47 100644 --- a/ext/standard/tests/serialize/bug64146.phpt +++ b/ext/standard/tests/serialize/bug64146.phpt @@ -1,5 +1,7 @@ --TEST-- Bug #64146 (serialize incorrectly saving objects when they are cloned) +--XFAIL-- +Bug #66085, fixed in PHP 7 expected to fail for PHP 5.6 --FILE-- --FILE-- in %s on line %d From 693e938d986ad7827514dd16d999b445d2cf1366 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Tue, 22 Nov 2016 22:43:23 +0100 Subject: [PATCH 3/7] Add support for "xfail" to phpt SKIPIF sections If SKIPIF output starts with "xfail" instead of "skip", the test will be marked as XFAIL with the following message. Example: --TEST-- Test xfailif feature --SKIPIF-- --FILE-- ... (cherry picked from commit 5cee9dfe9a479c15d08f66a4baca83ed4e7ed288) --- run-tests.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/run-tests.php b/run-tests.php index 0949d50c88..7dab5aba1f 100755 --- a/run-tests.php +++ b/run-tests.php @@ -1553,6 +1553,11 @@ function run_test($php, $file, $env) $info = " (warn: $m[1])"; } } + + if (!strncasecmp('xfail', ltrim($output), 5)) { + // Pretend we have an XFAIL section + $section_text['XFAIL'] = trim(substr(ltrim($output), 5)); + } } } From 6aba0755dac44bc82f9e72225f7cc572d1aa49f5 Mon Sep 17 00:00:00 2001 From: "Holly Li (WIPRO LIMITED)" Date: Mon, 15 Jul 2019 23:10:19 -0700 Subject: [PATCH 4/7] xfail phar tests --- ext/phar/tests/phar_bz2.phpt | 1 + ext/phar/tests/phar_gzip.phpt | 1 + ext/phar/tests/tar/rename.phpt | 5 ++++- ext/phar/tests/tar/rename_dir.phpt | 5 ++++- ext/phar/tests/tar/rmdir.phpt | 5 ++++- ext/phar/tests/tar/tar_gzip.phpt | 1 + ext/phar/tests/zip/rename.phpt | 5 ++++- ext/phar/tests/zip/rename_dir.phpt | 5 ++++- ext/phar/tests/zip/rmdir.phpt | 5 ++++- 9 files changed, 27 insertions(+), 6 deletions(-) diff --git a/ext/phar/tests/phar_bz2.phpt b/ext/phar/tests/phar_bz2.phpt index 0e6e3ecb54..106fa89415 100644 --- a/ext/phar/tests/phar_bz2.phpt +++ b/ext/phar/tests/phar_bz2.phpt @@ -5,6 +5,7 @@ Phar: bzipped phar if (!extension_loaded("phar")) die("skip"); if (!extension_loaded("spl")) die("skip SPL not available"); if (!extension_loaded("bz2")) die("skip bz2 not available"); +if (phpversion() < "7.0.0" && extension_loaded('Zend OPcache') && ini_get('opcache.enable_cli')==1) die("xfail for PHP version lower than 7 when OPcache enabled"); ?> --INI-- phar.readonly=0 diff --git a/ext/phar/tests/phar_gzip.phpt b/ext/phar/tests/phar_gzip.phpt index c722834ba6..19d5606d9e 100644 --- a/ext/phar/tests/phar_gzip.phpt +++ b/ext/phar/tests/phar_gzip.phpt @@ -7,6 +7,7 @@ if (version_compare(PHP_VERSION, "6.0", ">")) die("skip pre-unicode version of P if (!extension_loaded("spl")) die("skip SPL not available"); if (!extension_loaded("zlib")) die("skip zlib not available"); if (version_compare(phpversion(), '5.2.6', '<')) die("skip zlib is buggy in PHP < 5.2.6"); +if (phpversion() < "7.0.0" && extension_loaded('Zend OPcache') && ini_get('opcache.enable_cli')==1) die("xfail for PHP version lower than 7 when OPcache enabled"); ?> --INI-- phar.readonly=0 diff --git a/ext/phar/tests/tar/rename.phpt b/ext/phar/tests/tar/rename.phpt index 96588a6596..9b2b4f49a4 100644 --- a/ext/phar/tests/tar/rename.phpt +++ b/ext/phar/tests/tar/rename.phpt @@ -1,7 +1,10 @@ --TEST-- Phar: rename test tar-based --SKIPIF-- - + --INI-- phar.readonly=0 phar.require_hash=0 diff --git a/ext/phar/tests/tar/rename_dir.phpt b/ext/phar/tests/tar/rename_dir.phpt index 0b9578945a..4ca8ceba08 100644 --- a/ext/phar/tests/tar/rename_dir.phpt +++ b/ext/phar/tests/tar/rename_dir.phpt @@ -1,7 +1,10 @@ --TEST-- Phar: rename_dir test tar-based --SKIPIF-- - + --INI-- phar.readonly=0 phar.require_hash=0 diff --git a/ext/phar/tests/tar/rmdir.phpt b/ext/phar/tests/tar/rmdir.phpt index be037823d6..6cb5eabfe5 100644 --- a/ext/phar/tests/tar/rmdir.phpt +++ b/ext/phar/tests/tar/rmdir.phpt @@ -1,7 +1,10 @@ --TEST-- Phar: rmdir test tar-based --SKIPIF-- - + --INI-- phar.readonly=0 phar.require_hash=0 diff --git a/ext/phar/tests/tar/tar_gzip.phpt b/ext/phar/tests/tar/tar_gzip.phpt index d44e1b193c..a13a80a538 100644 --- a/ext/phar/tests/tar/tar_gzip.phpt +++ b/ext/phar/tests/tar/tar_gzip.phpt @@ -7,6 +7,7 @@ if (version_compare(PHP_VERSION, "6.0", ">")) die("skip pre-unicode version of P if (!extension_loaded("spl")) die("skip SPL not available"); if (!extension_loaded("zlib")) die("skip zlib not available"); if (version_compare(phpversion(), '5.2.6', '<')) die("skip zlib is buggy in PHP < 5.2.6"); +if (phpversion() < "7.0.0" && extension_loaded('Zend OPcache') && ini_get('opcache.enable_cli')==1) die("xfail for PHP version lower than 7 when OPcache enabled"); ?> --INI-- phar.readonly=0 diff --git a/ext/phar/tests/zip/rename.phpt b/ext/phar/tests/zip/rename.phpt index 9b1f5c98cd..776bcae964 100644 --- a/ext/phar/tests/zip/rename.phpt +++ b/ext/phar/tests/zip/rename.phpt @@ -1,7 +1,10 @@ --TEST-- Phar: rename test zip-based --SKIPIF-- - + --INI-- phar.readonly=0 phar.require_hash=0 diff --git a/ext/phar/tests/zip/rename_dir.phpt b/ext/phar/tests/zip/rename_dir.phpt index bb03c7fd66..3452f8fa74 100644 --- a/ext/phar/tests/zip/rename_dir.phpt +++ b/ext/phar/tests/zip/rename_dir.phpt @@ -1,7 +1,10 @@ --TEST-- Phar: rename_dir test zip-based --SKIPIF-- - + --INI-- phar.readonly=0 phar.require_hash=0 diff --git a/ext/phar/tests/zip/rmdir.phpt b/ext/phar/tests/zip/rmdir.phpt index c7ef9dacac..7d062d537f 100644 --- a/ext/phar/tests/zip/rmdir.phpt +++ b/ext/phar/tests/zip/rmdir.phpt @@ -1,7 +1,10 @@ --TEST-- Phar: rmdir test zip-based --SKIPIF-- - + --INI-- phar.readonly=0 phar.require_hash=0 From 13cbda640120afdaf68f44bb482723d451bc86ec Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 7 Jul 2019 17:01:01 -0700 Subject: [PATCH 5/7] Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) (cherry picked from commit dea2989ab8ba87a6180af497b2efaf0527e985c5) --- ext/exif/exif.c | 2 +- ext/exif/tests/bug78222.phpt | 11 +++++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 ext/exif/tests/bug78222.jpg create mode 100644 ext/exif/tests/bug78222.phpt diff --git a/ext/exif/exif.c b/ext/exif/exif.c index b6c31773ab..a5fa0b8fb0 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3508,7 +3508,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo TSRMLS_DC) size_t length=2, pos=0; jpeg_sof_info sof_info; - if (!data) { + if (!data || ImageInfo->Thumbnail.size < 4) { return FALSE; /* nothing to do here */ } if (memcmp(data, "\xFF\xD8\xFF", 3)) { diff --git a/ext/exif/tests/bug78222.phpt b/ext/exif/tests/bug78222.phpt new file mode 100644 index 0000000000..0e4ead33e4 --- /dev/null +++ b/ext/exif/tests/bug78222.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) +--SKIPIF-- + +--FILE-- + +DONE +--EXPECTF-- +DONE \ No newline at end of file From 63c0ed60c2b5580b1542690d52d4a26401342563 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 7 Jul 2019 17:39:59 -0700 Subject: [PATCH 6/7] Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment) (cherry picked from commit aeb6d13185a2ea4f1496ede2697469faed98ce05) --- ext/exif/exif.c | 6 +++--- ext/exif/tests/bug78256.phpt | 11 +++++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 ext/exif/tests/bug78256.jpg create mode 100644 ext/exif/tests/bug78256.phpt diff --git a/ext/exif/exif.c b/ext/exif/exif.c index a5fa0b8fb0..ec362f7e6d 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -2628,7 +2628,7 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP { int a; char *decode; - size_t len;; + size_t len; *pszEncoding = NULL; /* Copy the comment */ @@ -2641,11 +2641,11 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP /* First try to detect BOM: ZERO WIDTH NOBREAK SPACE (FEFF 16) * since we have no encoding support for the BOM yet we skip that. */ - if (!memcmp(szValuePtr, "\xFE\xFF", 2)) { + if (ByteCount >=2 && !memcmp(szValuePtr, "\xFE\xFF", 2)) { decode = "UCS-2BE"; szValuePtr = szValuePtr+2; ByteCount -= 2; - } else if (!memcmp(szValuePtr, "\xFF\xFE", 2)) { + } else if (ByteCount >=2 && !memcmp(szValuePtr, "\xFF\xFE", 2)) { decode = "UCS-2LE"; szValuePtr = szValuePtr+2; ByteCount -= 2; diff --git a/ext/exif/tests/bug78256.phpt b/ext/exif/tests/bug78256.phpt new file mode 100644 index 0000000000..37a3f1d824 --- /dev/null +++ b/ext/exif/tests/bug78256.phpt @@ -0,0 +1,11 @@ +--TEST-- +Bug #78256 (heap-buffer-overflow on exif_process_user_comment) +--SKIPIF-- + +--FILE-- + +DONE +--EXPECTF-- +DONE \ No newline at end of file From 245e5011da14098b8158cf5c5400483399729298 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Mon, 29 Jul 2019 16:08:03 +0200 Subject: [PATCH 7/7] Fix #77919: Potential UAF in Phar RSHUTDOWN We have to properly clean up in case phar_flush() is failing. We also make the expectation of the respective test case less liberal to avoid missing such bugs in the future. (cherry picked from commit cd1101e8c87aa175c2d5e87ddec656e50ef4ab5d) --- ext/phar/phar_object.c | 4 +++- ext/phar/tests/bug71488.phpt | 5 ++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 77e08c52a5..d69837218f 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -2026,7 +2026,7 @@ static zval *phar_rename_archive(phar_archive_data **sphar, char *ext, zend_bool char *newname = NULL, *newpath = NULL; zval *ret, arg1; zend_class_entry *ce; - char *error; + char *error = NULL; const char *pcr_error; int ext_len = ext ? strlen(ext) : 0; int oldname_len; @@ -2186,6 +2186,8 @@ static zval *phar_rename_archive(phar_archive_data **sphar, char *ext, zend_bool phar_flush(phar, 0, 0, 1, &error TSRMLS_CC); if (error) { + zend_hash_del(&(PHAR_G(phar_fname_map)), newpath, phar->fname_len); + *sphar = NULL; zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "%s", error); efree(error); efree(oldpath); diff --git a/ext/phar/tests/bug71488.phpt b/ext/phar/tests/bug71488.phpt index 8468ce212a..b8c0f33250 100644 --- a/ext/phar/tests/bug71488.phpt +++ b/ext/phar/tests/bug71488.phpt @@ -15,4 +15,7 @@ DONE ?> --EXPECTF-- Fatal error: Uncaught BadMethodCallException: tar-based phar "%s/bug71488.test" cannot be created, link "%s" is too long for format in %sbug71488.php:%d -Stack trace:%A +Stack trace: +#0 %s(%d): PharData->decompress('test') +#1 {main} + thrown in %s on line %d