Fix #33502: Some nullary functions don't check the number of arguments

We add the missing zend_parse_parameters_none() checks for:

* output_reset_rewrite_vars()
* func_num_args()
* gc_status()
* gc_disable()
* gc_enable()
* gc_enabled()
* gc_collect_cycles()
* gc_mem_caches()
* zend_version()

Author: cmb69

NEWS

@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? ????, PHP 7.3.0beta1
 
 - Core:
+  . Fixed bug #33502 (Some nullary functions don't check the number of
+    arguments). (cmb)
   . Fixed bug #76392 (Error relocating sapi/cli/php: unsupported relocation
     type 37). (Peter Kokot)
 

Zend/zend_builtin_functions.c

@@ -338,6 +338,10 @@ int zend_startup_builtin_functions(void) /* {{{ */
    Get the version of the Zend Engine */
 ZEND_FUNCTION(zend_version)
 {
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
 	RETURN_STRINGL(ZEND_VERSION, sizeof(ZEND_VERSION)-1);
 }
 /* }}} */
@@ -347,6 +351,10 @@ ZEND_FUNCTION(zend_version)
    Returns number of freed bytes */
 ZEND_FUNCTION(gc_mem_caches)
 {
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
 	RETURN_LONG(zend_mm_gc(zend_mm_get_heap()));
 }
 /* }}} */
@@ -356,6 +364,10 @@ ZEND_FUNCTION(gc_mem_caches)
    Returns number of freed zvals */
 ZEND_FUNCTION(gc_collect_cycles)
 {
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
 	RETURN_LONG(gc_collect_cycles());
 }
 /* }}} */
@@ -364,6 +376,10 @@ ZEND_FUNCTION(gc_collect_cycles)
    Returns status of the circular reference collector */
 ZEND_FUNCTION(gc_enabled)
 {
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
 	RETURN_BOOL(gc_enabled());
 }
 /* }}} */
@@ -372,7 +388,13 @@ ZEND_FUNCTION(gc_enabled)
    Activates the circular reference collector */
 ZEND_FUNCTION(gc_enable)
 {
-	zend_string *key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
+	zend_string *key;
+
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
+	key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
 	zend_alter_ini_entry_chars(key, "1", sizeof("1")-1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
 	zend_string_release_ex(key, 0);
 }
@@ -382,7 +404,13 @@ ZEND_FUNCTION(gc_enable)
    Deactivates the circular reference collector */
 ZEND_FUNCTION(gc_disable)
 {
-	zend_string *key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
+	zend_string *key;
+
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
+	key = zend_string_init("zend.enable_gc", sizeof("zend.enable_gc")-1, 0);
 	zend_alter_ini_entry_chars(key, "0", sizeof("0")-1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
 	zend_string_release_ex(key, 0);
 }
@@ -394,6 +422,10 @@ ZEND_FUNCTION(gc_status)
 {
 	zend_gc_status status;
 
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
 	zend_gc_get_status(&status);
 
 	array_init_size(return_value, 3);
@@ -411,6 +443,10 @@ ZEND_FUNCTION(func_num_args)
 {
 	zend_execute_data *ex = EX(prev_execute_data);
 
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
 	if (ZEND_CALL_INFO(ex) & ZEND_CALL_CODE) {
 		zend_error(E_WARNING, "func_num_args():  Called from the global scope - no function context");
 		RETURN_LONG(-1);

main/output.c

@@ -1543,6 +1543,10 @@ PHP_FUNCTION(ob_implicit_flush)
    Reset(clear) URL rewriter values */
 PHP_FUNCTION(output_reset_rewrite_vars)
 {
+	if (zend_parse_parameters_none() == FAILURE) {
+		return;
+	}
+
 	if (php_url_scanner_reset_vars() == SUCCESS) {
 		RETURN_TRUE;
 	} else {