Skip to content

Commit c9f6d59

Browse files
author
Jani Taskinen
committed
MFH: - Fixed buf #42071 (ini scanner allows using NULL as option name).
MFH: Use Z_* macros to access the zvals.
1 parent e8fcd74 commit c9f6d59

File tree

4 files changed

+71
-71
lines changed

4 files changed

+71
-71
lines changed

Zend/zend.h

+1
Original file line numberDiff line numberDiff line change
@@ -648,6 +648,7 @@ END_EXTERN_C()
648648

649649
#define ZEND_MAX_RESERVED_RESOURCES 4
650650

651+
#include "zend_operators.h"
651652
#include "zend_variables.h"
652653

653654
#endif /* ZEND_H */

Zend/zend_ini_parser.y

+44-44
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
+----------------------------------------------------------------------+
44
| Zend Engine |
55
+----------------------------------------------------------------------+
6-
| Copyright (c) 1998-2006 Zend Technologies Ltd. (http://www.zend.com) |
6+
| Copyright (c) 1998-2007 Zend Technologies Ltd. (http://www.zend.com) |
77
+----------------------------------------------------------------------+
88
| This source file is subject to version 2.00 of the Zend license, |
99
| that is bundled with this package in the file LICENSE, and is |
@@ -58,11 +58,11 @@ void zend_ini_do_op(char type, zval *result, zval *op1, zval *op2)
5858
int i_op1, i_op2;
5959
char str_result[MAX_LENGTH_OF_LONG];
6060

61-
i_op1 = atoi(op1->value.str.val);
62-
free(op1->value.str.val);
61+
i_op1 = atoi(Z_STRVAL_P(op1));
62+
free(Z_STRVAL_P(op1));
6363
if (op2) {
64-
i_op2 = atoi(op2->value.str.val);
65-
free(op2->value.str.val);
64+
i_op2 = atoi(Z_STRVAL_P(op2));
65+
free(Z_STRVAL_P(op2));
6666
} else {
6767
i_op2 = 0;
6868
}
@@ -85,46 +85,46 @@ void zend_ini_do_op(char type, zval *result, zval *op1, zval *op2)
8585
break;
8686
}
8787

88-
result->value.str.len = zend_sprintf(str_result, "%d", i_result);
89-
result->value.str.val = (char *) malloc(result->value.str.len+1);
90-
memcpy(result->value.str.val, str_result, result->value.str.len);
91-
result->value.str.val[result->value.str.len] = 0;
92-
result->type = IS_STRING;
88+
Z_STRLEN_P(result) = zend_sprintf(str_result, "%d", i_result);
89+
Z_STRVAL_P(result) = (char *) malloc(Z_STRLEN_P(result)+1);
90+
memcpy(Z_STRVAL_P(result), str_result, Z_STRLEN_P(result));
91+
Z_STRVAL_P(result)[Z_STRLEN_P(result)] = 0;
92+
Z_TYPE_P(result) = IS_STRING;
9393
}
9494

9595
void zend_ini_init_string(zval *result)
9696
{
97-
result->value.str.val = malloc(1);
98-
result->value.str.val[0] = 0;
99-
result->value.str.len = 0;
100-
result->type = IS_STRING;
97+
Z_STRVAL_P(result) = malloc(1);
98+
Z_STRVAL_P(result)[0] = 0;
99+
Z_STRLEN_P(result) = 0;
100+
Z_TYPE_P(result) = IS_STRING;
101101
}
102102

103103
void zend_ini_add_string(zval *result, zval *op1, zval *op2)
104-
{
105-
int length = op1->value.str.len + op2->value.str.len;
106-
107-
result->value.str.val = (char *) realloc(op1->value.str.val, length+1);
108-
memcpy(result->value.str.val+op1->value.str.len, op2->value.str.val, op2->value.str.len);
109-
result->value.str.val[length] = 0;
110-
result->value.str.len = length;
111-
result->type = IS_STRING;
104+
{
105+
int length = Z_STRLEN_P(op1) + Z_STRLEN_P(op2);
106+
107+
Z_STRVAL_P(result) = (char *) realloc(Z_STRVAL_P(op1), length+1);
108+
memcpy(Z_STRVAL_P(result)+Z_STRLEN_P(op1), Z_STRVAL_P(op2), Z_STRLEN_P(op2));
109+
Z_STRVAL_P(result)[length] = 0;
110+
Z_STRLEN_P(result) = length;
111+
Z_TYPE_P(result) = IS_STRING;
112112
}
113113

114114
void zend_ini_get_constant(zval *result, zval *name)
115115
{
116116
zval z_constant;
117117
TSRMLS_FETCH();
118118

119-
if (!memchr(name->value.str.val, ':', name->value.str.len)
120-
&& zend_get_constant(name->value.str.val, name->value.str.len, &z_constant TSRMLS_CC)) {
119+
if (!memchr(Z_STRVAL_P(name), ':', Z_STRLEN_P(name))
120+
&& zend_get_constant(Z_STRVAL_P(name), Z_STRLEN_P(name), &z_constant TSRMLS_CC)) {
121121
/* z_constant is emalloc()'d */
122122
convert_to_string(&z_constant);
123-
result->value.str.val = zend_strndup(z_constant.value.str.val, z_constant.value.str.len);
124-
result->value.str.len = z_constant.value.str.len;
125-
result->type = z_constant.type;
123+
Z_STRVAL_P(result) = zend_strndup(Z_STRVAL(z_constant), Z_STRLEN(z_constant));
124+
Z_STRLEN_P(result) = Z_STRLEN(z_constant);
125+
Z_TYPE_P(result) = Z_TYPE(z_constant);
126126
zval_dtor(&z_constant);
127-
free(name->value.str.val);
127+
free(Z_STRVAL_P(name));
128128
} else {
129129
*result = *name;
130130
}
@@ -136,13 +136,13 @@ void zend_ini_get_var(zval *result, zval *name)
136136
char *envvar;
137137
TSRMLS_FETCH();
138138

139-
if (zend_get_configuration_directive(name->value.str.val, name->value.str.len+1, &curval) == SUCCESS) {
140-
result->value.str.val = zend_strndup(curval.value.str.val, curval.value.str.len);
141-
result->value.str.len = curval.value.str.len;
142-
} else if ((envvar = zend_getenv(name->value.str.val, name->value.str.len TSRMLS_CC)) != NULL ||
143-
(envvar = getenv(name->value.str.val)) != NULL) {
144-
result->value.str.val = strdup(envvar);
145-
result->value.str.len = strlen(envvar);
139+
if (zend_get_configuration_directive(Z_STRVAL_P(name), Z_STRLEN_P(name)+1, &curval) == SUCCESS) {
140+
Z_STRVAL_P(result) = zend_strndup(Z_STRVAL(curval), Z_STRLEN(curval));
141+
Z_STRLEN_P(result) = Z_STRLEN(curval);
142+
} else if ((envvar = zend_getenv(Z_STRVAL_P(name), Z_STRLEN_P(name) TSRMLS_CC)) != NULL ||
143+
(envvar = getenv(Z_STRVAL_P(name))) != NULL) {
144+
Z_STRVAL_P(result) = strdup(envvar);
145+
Z_STRLEN_P(result) = strlen(envvar);
146146
} else {
147147
zend_ini_init_string(result);
148148
}
@@ -252,22 +252,22 @@ statement_list:
252252
statement:
253253
TC_STRING '=' string_or_value {
254254
#if DEBUG_CFG_PARSER
255-
printf("'%s' = '%s'\n", $1.value.str.val, $3.value.str.val);
255+
printf("'%s' = '%s'\n", Z_STRVAL($1), Z_STRVAL($3));
256256
#endif
257257
ZEND_INI_PARSER_CB(&$1, &$3, ZEND_INI_PARSER_ENTRY, ZEND_INI_PARSER_ARG);
258-
free($1.value.str.val);
259-
free($3.value.str.val);
258+
free(Z_STRVAL($1));
259+
free(Z_STRVAL($3));
260260
}
261261
| TC_STRING BRACK '=' string_or_value {
262262
#if DEBUG_CFG_PARSER
263-
printf("'%s'[ ] = '%s'\n", $1.value.str.val, $4.value.str.val);
263+
printf("'%s'[ ] = '%s'\n", Z_STRVAL($1), Z_STRVAL($4));
264264
#endif
265265
ZEND_INI_PARSER_CB(&$1, &$4, ZEND_INI_PARSER_POP_ENTRY, ZEND_INI_PARSER_ARG);
266-
free($1.value.str.val);
267-
free($4.value.str.val);
266+
free(Z_STRVAL($1));
267+
free(Z_STRVAL($4));
268268
}
269-
| TC_STRING { ZEND_INI_PARSER_CB(&$1, NULL, ZEND_INI_PARSER_ENTRY, ZEND_INI_PARSER_ARG); free($1.value.str.val); }
270-
| SECTION { ZEND_INI_PARSER_CB(&$1, NULL, ZEND_INI_PARSER_SECTION, ZEND_INI_PARSER_ARG); free($1.value.str.val); }
269+
| TC_STRING { ZEND_INI_PARSER_CB(&$1, NULL, ZEND_INI_PARSER_ENTRY, ZEND_INI_PARSER_ARG); free(Z_STRVAL($1)); }
270+
| SECTION { ZEND_INI_PARSER_CB(&$1, NULL, ZEND_INI_PARSER_SECTION, ZEND_INI_PARSER_ARG); free(Z_STRVAL($1)); }
271271
| '\n'
272272
;
273273

@@ -286,7 +286,7 @@ var_string_list:
286286
| TC_ENCAPSULATED_STRING { $$ = $1; }
287287
| constant_string { $$ = $1; }
288288
| var_string_list cfg_var_ref { zend_ini_add_string(&$$, &$1, &$2); free($2.value.str.val); }
289-
| var_string_list TC_ENCAPSULATED_STRING { zend_ini_add_string(&$$, &$1, &$2); free($2.value.str.val); }
289+
| var_string_list TC_ENCAPSULATED_STRING { zend_ini_add_string(&$$, &$1, &$2); free(Z_STRVAL($2)); }
290290
| var_string_list constant_string { zend_ini_add_string(&$$, &$1, &$2); free($2.value.str.val); }
291291
;
292292

Zend/zend_ini_scanner.l

+25-27
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,10 @@ ZEND_API ts_rsrc_id ini_scanner_globals_id;
4848
ZEND_API zend_scanner_globals ini_scanner_globals;
4949
#endif
5050

51+
# define YY_INPUT(buf, result, max_size) \
52+
if ( ((result = zend_stream_read(yyin, buf, max_size TSRMLS_CC)) == 0) \
53+
&& zend_stream_ferror( yyin TSRMLS_CC) ) \
54+
YY_FATAL_ERROR( "input in flex scanner failed" );
5155

5256
static char *ini_filename;
5357

@@ -56,19 +60,16 @@ void init_ini_scanner(TSRMLS_D)
5660
SCNG(lineno)=1;
5761
}
5862

59-
6063
int zend_ini_scanner_get_lineno(TSRMLS_D)
6164
{
6265
return SCNG(lineno);
6366
}
6467

65-
6668
char *zend_ini_scanner_get_filename(TSRMLS_D)
6769
{
6870
return ini_filename;
6971
}
7072

71-
7273
int zend_ini_open_file_for_scanning(zend_file_handle *fh TSRMLS_DC)
7374
{
7475
if (FAILURE == zend_stream_fixup(fh TSRMLS_CC)) {
@@ -82,7 +83,6 @@ int zend_ini_open_file_for_scanning(zend_file_handle *fh TSRMLS_DC)
8283
return SUCCESS;
8384
}
8485

85-
8686
int zend_ini_prepare_string_for_scanning(char *str TSRMLS_DC)
8787
{
8888
int len = strlen(str);
@@ -93,7 +93,6 @@ int zend_ini_prepare_string_for_scanning(char *str TSRMLS_DC)
9393
return SUCCESS;
9494
}
9595

96-
9796
void zend_ini_close_file(zend_file_handle *fh TSRMLS_DC)
9897
{
9998
zend_stream_close(fh);
@@ -113,17 +112,17 @@ NEWLINE ("\r"|"\n"|"\r\n")
113112
}
114113

115114
<INITIAL>[ ]*("true"|"on"|"yes")[ ]* {
116-
ini_lval->value.str.val = zend_strndup("1", 1);
117-
ini_lval->value.str.len = 1;
118-
ini_lval->type = IS_STRING;
115+
Z_STRVAL_P(ini_lval) = zend_strndup("1", 1);
116+
Z_STRLEN_P(ini_lval) = 1;
117+
Z_TYPE_P(ini_lval) = IS_STRING;
119118
return CFG_TRUE;
120119
}
121120

122121

123-
<INITIAL>[ ]*("false"|"off"|"no"|"none")[ ]* {
124-
ini_lval->value.str.val = zend_strndup("", 0);
125-
ini_lval->value.str.len = 0;
126-
ini_lval->type = IS_STRING;
122+
<INITIAL>[ ]*("false"|"off"|"no"|"none"|"null")[ ]* {
123+
Z_STRVAL_P(ini_lval) = zend_strndup("", 0);
124+
Z_STRLEN_P(ini_lval) = 0;
125+
Z_TYPE_P(ini_lval) = IS_STRING;
127126
return CFG_FALSE;
128127
}
129128

@@ -142,13 +141,12 @@ NEWLINE ("\r"|"\n"|"\r\n")
142141
yytext++;
143142
yyleng--;
144143

145-
ini_lval->value.str.val = zend_strndup(yytext, yyleng);
146-
ini_lval->value.str.len = yyleng;
147-
ini_lval->type = IS_STRING;
144+
Z_STRVAL_P(ini_lval) = zend_strndup(yytext, yyleng);
145+
Z_STRLEN_P(ini_lval) = yyleng;
146+
Z_TYPE_P(ini_lval) = IS_STRING;
148147
return SECTION;
149148
}
150149

151-
152150
<INITIAL>["][^"]*["] {
153151
char *p = yytext;
154152

@@ -168,22 +166,22 @@ NEWLINE ("\r"|"\n"|"\r\n")
168166
/* eat leading " */
169167
yytext++;
170168

171-
ini_lval->value.str.val = zend_strndup(yytext, yyleng - 2);
172-
ini_lval->value.str.len = yyleng - 2;
173-
ini_lval->type = IS_STRING;
169+
Z_STRVAL_P(ini_lval) = zend_strndup(yytext, yyleng - 2);
170+
Z_STRLEN_P(ini_lval) = yyleng - 2;
171+
Z_TYPE_P(ini_lval) = IS_STRING;
174172
return TC_ENCAPSULATED_STRING;
175173
}
176174

177-
<INITIAL>[&|~$(){}!] {
178-
return yytext[0];
179-
}
180-
181175
<INITIAL>"${" {
182176
return TC_DOLLAR_CURLY;
183177
}
184178

185179
<INITIAL>"}" {
186-
ini_lval->value.lval = (long) yytext[0];
180+
Z_LVAL_P(ini_lval) = (long) yytext[0];
181+
return yytext[0];
182+
}
183+
184+
<INITIAL>[&|~$(){}!] {
187185
return yytext[0];
188186
}
189187

@@ -210,9 +208,9 @@ NEWLINE ("\r"|"\n"|"\r\n")
210208
}
211209
}
212210
if (yyleng!=0) {
213-
ini_lval->value.str.val = zend_strndup(yytext, yyleng);
214-
ini_lval->value.str.len = yyleng;
215-
ini_lval->type = IS_STRING;
211+
Z_STRVAL_P(ini_lval) = zend_strndup(yytext, yyleng);
212+
Z_STRLEN_P(ini_lval) = yyleng;
213+
Z_TYPE_P(ini_lval) = IS_STRING;
216214
return TC_STRING;
217215
} else {
218216
/* whitespace */

Zend/zend_strtod.c

+1
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@
9191

9292
/* $Id$ */
9393

94+
#include <zend_operators.h>
9495
#include <zend_strtod.h>
9596

9697
#ifdef ZTS

0 commit comments

Comments
 (0)