[pull] master from php:master

Zend/tests/short_echo_as_identifier.phpt

@@ -0,0 +1,15 @@
+--TEST--
+<?= cannot be used as an identifier
+--FILE--
+<?php
+trait T {
+    public function x() {}
+}
+class C {
+    use T {
+        x as y?><?= as my_echo;
+    }
+}
+?>
+--EXPECTF--
+Parse error: Cannot use "<?=" as an identifier in %s on line %d

Zend/zend_language_parser.y

@@ -296,7 +296,7 @@ identifier:
 		T_STRING { $$ = $1; }
 	| 	semi_reserved  {
 			zval zv;
-			zend_lex_tstring(&zv, $1);
+			if (zend_lex_tstring(&zv, $1) == FAILURE) { YYABORT; }
 			$$ = zend_ast_create_zval(&zv);
 		}
 ;
@@ -852,7 +852,8 @@ trait_alias:
 		trait_method_reference T_AS T_STRING
 			{ $$ = zend_ast_create(ZEND_AST_TRAIT_ALIAS, $1, $3); }
 	|	trait_method_reference T_AS reserved_non_modifiers
-			{ zval zv; zend_lex_tstring(&zv, $3);
+			{ zval zv;
+			  if (zend_lex_tstring(&zv, $3) == FAILURE) { YYABORT; }
 			  $$ = zend_ast_create(ZEND_AST_TRAIT_ALIAS, $1, zend_ast_create_zval(&zv)); }
 	|	trait_method_reference T_AS member_modifier identifier
 			{ $$ = zend_ast_create_ex(ZEND_AST_TRAIT_ALIAS, $3, $1, $4); }

Zend/zend_language_scanner.h

@@ -78,7 +78,7 @@ ZEND_API void zend_restore_lexical_state(zend_lex_state *lex_state);
 ZEND_API int zend_prepare_string_for_scanning(zval *str, const char *filename);
 ZEND_API void zend_multibyte_yyinput_again(zend_encoding_filter old_input_filter, const zend_encoding *old_encoding);
 ZEND_API int zend_multibyte_set_filter(const zend_encoding *onetime_encoding);
-ZEND_API void zend_lex_tstring(zval *zv, zend_lexer_ident_ref ident_ref);
+ZEND_API int zend_lex_tstring(zval *zv, zend_lexer_ident_ref ident_ref);
 
 END_EXTERN_C()
 

Zend/zend_language_scanner.l

@@ -306,15 +306,21 @@ ZEND_API void zend_destroy_file_handle(zend_file_handle *file_handle)
 	}
 }
 
-ZEND_API void zend_lex_tstring(zval *zv, zend_lexer_ident_ref ident_ref)
+ZEND_API int zend_lex_tstring(zval *zv, zend_lexer_ident_ref ident_ref)
 {
 	char *ident = (char *) SCNG(yy_start) + ident_ref.offset;
 	size_t length = ident_ref.len;
+	if (length == sizeof("<?=")-1 && memcmp(ident, "<?=", sizeof("<?=")-1) == 0) {
+		zend_throw_exception(zend_ce_parse_error, "Cannot use \"<?=\" as an identifier", 0);
+		return FAILURE;
+	}
+
 	if (SCNG(on_event)) {
 		SCNG(on_event)(ON_FEEDBACK, T_STRING, 0, ident, length, SCNG(on_event_context));
 	}
 
 	ZVAL_STRINGL(zv, ident, length);
+	return SUCCESS;
 }
 
 #define BOM_UTF32_BE	"\x00\x00\xfe\xff"
@@ -2149,7 +2155,8 @@ string:
 <INITIAL>"<?=" {
 	BEGIN(ST_IN_SCRIPTING);
 	if (PARSER_MODE()) {
-		RETURN_TOKEN(T_ECHO);
+		/* We'll reject this as an identifier in zend_lex_tstring. */
+		RETURN_TOKEN_WITH_IDENT(T_ECHO);
 	}
 	RETURN_TOKEN(T_OPEN_TAG_WITH_ECHO);
 }

ext/openssl/tests/CertificateGenerator.inc

@@ -3,7 +3,6 @@
 class CertificateGenerator
 {
     const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf';
-    const SAN_CONFIG = __DIR__ . DIRECTORY_SEPARATOR . 'san.cnf';
 
     /** @var resource */
     private $ca;
@@ -96,32 +95,56 @@ class CertificateGenerator
             $dn['commonName'] = $commonNameForCert;
         }
 
-        $config = [
-            'digest_alg' => 'sha256',
-            'req_extensions' => 'v3_req',
-            'x509_extensions' => 'usr_cert',
-        ];
-        if ($subjectAltName !== null) {
-            putenv("PHP_SUBJECTALTNAME=$subjectAltName");
-            $config['config'] = self::SAN_CONFIG;
-        }
-
-        $this->lastKey = self::generateKey($keyLength);
-        $this->lastCert = openssl_csr_sign(
-            openssl_csr_new($dn, $this->lastKey, $config),
-            $this->ca,
-            $this->caKey,
-            /* days */ 2,
-            $config,
-        );
+        $subjectAltNameConfig =
+            $subjectAltName ? "subjectAltName = $subjectAltName" : "";
+        $configCode = <<<CONFIG
+[ req ]
+distinguished_name = req_distinguished_name
+default_md = sha256
+
+[ req_distinguished_name ]
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+$subjectAltNameConfig
+
+[ usr_cert ]
+basicConstraints = CA:FALSE
+$subjectAltNameConfig
+CONFIG;
+        $configFile = $file . '.cnf';
+        file_put_contents($configFile, $configCode);
+
+        try {
+            $config = [
+                'config' => $configFile,
+                'req_extensions' => 'v3_req',
+                'x509_extensions' => 'usr_cert',
+            ];
+
+            $this->lastKey = self::generateKey($keyLength);
+            $this->lastCert = openssl_csr_sign(
+                openssl_csr_new($dn, $this->lastKey, $config),
+                $this->ca,
+                $this->caKey,
+                /* days */ 2,
+                $config,
+            );
+            if (!$this->lastCert) {
+                throw new Exception('Failed to create certificate');
+            }
 
-        $certText = '';
-        openssl_x509_export($this->lastCert, $certText);
+            $certText = '';
+            openssl_x509_export($this->lastCert, $certText);
 
-        $keyText = '';
-        openssl_pkey_export($this->lastKey, $keyText);
+            $keyText = '';
+            openssl_pkey_export($this->lastKey, $keyText);
 
-        file_put_contents($file, $certText . PHP_EOL . $keyText);
+            file_put_contents($file, $certText . PHP_EOL . $keyText);
+        } finally {
+            unlink($configFile);
+        }
     }
 
     public function getCertDigest($algo)

ext/spl/spl_directory.c

@@ -95,6 +95,7 @@ static void spl_filesystem_object_destroy_object(zend_object *object) /* {{{ */
 				php_stream_pclose(intern->u.file.stream);
 			}
 			intern->u.file.stream = NULL;
+			ZVAL_UNDEF(&intern->u.file.zresource);
 		}
 		break;
 	default:
@@ -1927,12 +1928,16 @@ static int spl_filesystem_file_call(spl_filesystem_object *intern, zend_function
 {
 	zend_fcall_info fci;
 	zend_fcall_info_cache fcic;
-	zval *zresource_ptr = &intern->u.file.zresource;
+	zval *zresource_ptr = &intern->u.file.zresource, *params;
 	int result;
 	int num_args = pass_num_args + (arg2 ? 2 : 1);
 
-	zval *params = (zval*)safe_emalloc(num_args, sizeof(zval), 0);
+	if (Z_ISUNDEF_P(zresource_ptr)) {
+		zend_throw_exception_ex(spl_ce_RuntimeException, 0, "Object not initialized");
+		return FAILURE;
+	}
 
+	params = (zval*)safe_emalloc(num_args, sizeof(zval), 0);
 	params[0] = *zresource_ptr;
 
 	if (arg2) {

ext/spl/tests/bug79710.phpt

@@ -0,0 +1,40 @@
+--TEST--
+Bug #79710: Reproducible segfault in error_handler during GC involved an SplFileObject
+--FILE--
+<?php
+
+class Target
+{
+    public $sfo;
+    public function __construct($sfo) {
+        $this->sfo = $sfo;
+    }
+    public function __destruct() {
+        // If the SplFileObject is destructed first,
+        // underlying FD is no longer valid and will cause error upon calling flock
+        $this->sfo->flock(2);
+    }
+}
+
+class Run
+{
+    static $sfo;
+    static $foo;
+    public static function main() {
+        // Creation ordering is important for repro
+        // $sfo needed to be destructed before $foo.
+        Run::$sfo = new SplTempFileObject();
+        Run::$foo = new Target(Run::$sfo);
+    }
+}
+
+Run::main();
+
+?>
+--EXPECTF--
+Fatal error: Uncaught RuntimeException: Object not initialized in %s:%d
+Stack trace:
+#0 %s(%d): SplFileObject->flock(2)
+#1 [internal function]: Target->__destruct()
+#2 {main}
+  thrown in %s on line %d