Merge remote-tracking branch 'origin/str_size_and_int64_56_backport' into str_size_and_int64

* origin/str_size_and_int64_56_backport: (35 commits)
  drop exec perm on doc files
  fix test for 5.4/5.5
  add test for previous fix
  NEWS
  NEWS
  NEWS
  Fix regression introduce in fix for bug #67118
  update news
  update NEWS
  Fix tests
  Fix possible segfault depending on memory location...
  fix gcov data with some locales (again)
  fix gcov data with some locales (again)
  Update NEWS
  Fixed startup segfault in non-debug builds Fixes issue #87
  Fixed regression introduced by patch for bug #67072
  Fixed bug #67329 fileinfo: NULL pointer deference flaw by processing certain CDF files
  (re)add cve number in NEWS, from 5.4.29
  NEWS
  NEWS
  ...

Author: weltling

Makefile.gcov

@@ -14,7 +14,7 @@ php_lcov.info: lcov-test
 	@rm -rf lcov_data/
 	@$(mkinstalldirs) lcov_data/
 	@echo
-	-@files=`find . -name \*.gcda -o -name \*.gcno -o -name \*.da -o -name \*.c -o -name \*.h | sed -e 's/^\.\///' | sed -e 's/\.gcda//g' -e 's/\.gcno//g' -e 's/\.da//g' | $(EGREP) $(LCOV_INCLUDE) | sed -e 's/.libs/ZZZZ/g' | sort -h | sed -e 's/ZZZZ/.libs/g' | uniq` ;\
+	-@files=`find . -name \*.gcda -o -name \*.gcno -o -name \*.da -o -name \*.c -o -name \*.h | sed -e 's/^\.\///' | sed -e 's/\.gcda//g' -e 's/\.gcno//g' -e 's/\.da//g' | $(EGREP) $(LCOV_INCLUDE) | sed -e 's/.libs/zzzz/g' | sort | sed -e 's/zzzz/.libs/g' | uniq` ;\
 	for x in $$files; do \
 		echo -n . ;\
 		y=`echo $$x | sed -e 's!\.libs/!!'`; \

README.namespaces

@@ -2569,6 +2569,8 @@ PHPAPI int php_date_initialize(php_date_obj *dateobj, /*const*/ char *time_str,
 			err->error_messages[0].position, err->error_messages[0].character, err->error_messages[0].message);
 	}
 	if (err && err->error_count) {
+		timelib_time_dtor(dateobj->time);
+		dateobj->time = 0;
 		return 0;
 	}
 
@@ -2716,9 +2718,7 @@ PHP_METHOD(DateTime, __construct)
 
 	zend_replace_error_handling(EH_THROW, NULL, &error_handling TSRMLS_CC);
 	if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|SO!", &time_str, &time_str_len, &timezone_object, date_ce_timezone)) {
-		if (!php_date_initialize(zend_object_store_get_object(getThis() TSRMLS_CC), time_str, time_str_len, NULL, timezone_object, 1 TSRMLS_CC)) {
-			ZVAL_NULL(getThis());
-		}
+		php_date_initialize(zend_object_store_get_object(getThis() TSRMLS_CC), time_str, time_str_len, NULL, timezone_object, 1 TSRMLS_CC);
 	}
 	zend_restore_error_handling(&error_handling TSRMLS_CC);
 }

UPGRADING

@@ -1,5 +1,5 @@
 --TEST--
-Bug #67118 php-cgi crashes regularly on IIS 7
+Bug #67118 crashes in DateTime when this used after failed __construct
 --INI--
 date.timezone=Europe/Berlin
 --FILE--
@@ -11,17 +11,17 @@ class mydt extends datetime
 		if (!empty($tz) && !is_object($tz)) {
 			$tz = new DateTimeZone($tz);
 		}
-
-		@parent::__construct($time, $tz);
+		try {
+			@parent::__construct($time, $tz);
+		} catch (Exception $e) {
+			echo "Bad date" . $this->format("Y") . "\n";
+		}
 	}
 
 };
 
 new mydt("Funktionsansvarig rådgivning och juridik", "UTC");
+?>
 --EXPECTF--
-Fatal error: Uncaught exception 'Exception' with message 'DateTime::__construct(): Failed to parse time string (Funktionsansvarig rådgivning och juridik) at position 0 (F): The timezone could not be found in the database' in %sbug67118.php:%d
-Stack trace:
-#0 %sbug67118.php(%d): DateTime->__construct('Funktionsansvar...', Object(DateTimeZone))
-#1 %sbug67118.php(%d): mydt->__construct('Funktionsansvar...', 'UTC')
-#2 {main}
-  thrown in %sbug67118.php on line %d
+Warning: DateTime::format(): The DateTime object has not been correctly initialized by its constructor in %sbug67118.php on line %d
+Bad date

ext/date/php_date.c

@@ -0,0 +1,35 @@
+--TEST--
+Regression introduce in fix for Bug #67118
+--INI--
+date.timezone=Europe/Paris
+--FILE--
+<?php
+class Foo extends DateTime {
+    public function __construct($time = null) {
+        $tz = new DateTimeZone('UTC');
+        try {
+            echo "First try\n";
+            parent::__construct($time, $tz);
+            return;
+        } catch (Exception $e) {
+            echo "Second try\n";
+            parent::__construct($time.'C', $tz);
+        }
+    }
+}
+$date = '12 Sep 2007 15:49:12 UT';
+var_dump(new Foo($date));
+?>
+Done
+--EXPECTF--
+First try
+Second try
+object(Foo)#1 (3) {
+  ["date"]=>
+  string(%d) "2007-09-12 15:49:%s"
+  ["timezone_type"]=>
+  int(3)
+  ["timezone"]=>
+  string(3) "UTC"
+}
+Done

ext/date/tests/bug67118.phpt

@@ -822,7 +822,7 @@ diff -u libmagic.orig/ascmagic.c libmagic/ascmagic.c
  }
 diff -u libmagic.orig/cdf.c libmagic/cdf.c
 --- libmagic.orig/cdf.c	Tue Feb 26 17:20:42 2013
-+++ libmagic/cdf.c	Fri Feb 21 00:21:27 2014
++++ libmagic/cdf.c	Tue May 27 22:28:51 2014
 @@ -43,7 +43,17 @@
  #include <err.h>
  #endif
@@ -853,7 +853,63 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
  		return -1;
 
  	return (ssize_t)len;
-@@ -1132,7 +1145,7 @@
+@@ -810,6 +823,10 @@
+ 		    i, inp[i].pi_id, inp[i].pi_type, q - p, offs));
+ 		if (inp[i].pi_type & CDF_VECTOR) {
+ 			nelements = CDF_GETUINT32(q, 1);
++			if (nelements == 0) {
++				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
++				goto out;
++			}
+ 			o = 2;
+ 		} else {
+ 			nelements = 1;
+@@ -884,7 +901,9 @@
+ 			}
+ 			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
+ 			    nelements));
+-			for (j = 0; j < nelements; j++, i++) {
++			for (j = 0; j < nelements && i < sh.sh_properties; 
++			    j++, i++) 
++			{
+ 				uint32_t l = CDF_GETUINT32(q, o);
+ 				inp[i].pi_str.s_len = l;
+ 				inp[i].pi_str.s_buf = (const char *)
+@@ -929,7 +948,7 @@
+ cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h,
+     cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count)
+ {
+-	size_t i, maxcount;
++	size_t maxcount;
+ 	const cdf_summary_info_header_t *si =
+ 	    CAST(const cdf_summary_info_header_t *, sst->sst_tab);
+ 	const cdf_section_declaration_t *sd =
+@@ -944,21 +963,13 @@
+ 	ssi->si_os = CDF_TOLE2(si->si_os);
+ 	ssi->si_class = si->si_class;
+ 	cdf_swap_class(&ssi->si_class);
+-	ssi->si_count = CDF_TOLE2(si->si_count);
++	ssi->si_count = CDF_TOLE4(si->si_count);
+ 	*count = 0;
+ 	maxcount = 0;
+ 	*info = NULL;
+-	for (i = 0; i < CDF_TOLE4(si->si_count); i++) {
+-		if (i >= CDF_LOOP_LIMIT) {
+-			DPRINTF(("Unpack summary info loop limit"));
+-			errno = EFTYPE;
+-			return -1;
+-		}
+-		if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset),
+-		    info, count, &maxcount) == -1) {
++	if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info,
++		count, &maxcount) == -1) 
+ 			return -1;
+-		}
+-	}
+ 	return 0;
+ }
+ 
+@@ -1132,7 +1143,7 @@
  	cdf_directory_t *d;
  	char name[__arraycount(d->d_name)];
  	cdf_stream_t scn;
@@ -862,7 +918,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
 
  	static const char *types[] = { "empty", "user storage",
  	    "user stream", "lockbytes", "property", "root storage" };
-@@ -1185,7 +1198,7 @@
+@@ -1185,7 +1196,7 @@
  cdf_dump_property_info(const cdf_property_info_t *info, size_t count)
  {
  	cdf_timestamp_t tp;
@@ -871,7 +927,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
  	char buf[64];
  	size_t i, j;
 
-@@ -1229,7 +1242,11 @@
+@@ -1229,7 +1240,11 @@
  			break;
  		case CDF_FILETIME:
  			tp = info[i].pi_tp;
@@ -885,7 +941,7 @@ diff -u libmagic.orig/cdf.c libmagic/cdf.c
  			} else {
 diff -u libmagic.orig/cdf.h libmagic/cdf.h
 --- libmagic.orig/cdf.h	Thu Jun 21 00:19:55 2012
-+++ libmagic/cdf.h	Fri Feb 21 00:21:27 2014
++++ libmagic/cdf.h	Tue May 27 22:28:51 2014
 @@ -35,10 +35,12 @@
  #ifndef _H_CDF_
  #define _H_CDF_
@@ -2543,7 +2599,7 @@ diff -u libmagic.orig/print.c libmagic/print.c
  	}
 diff -u libmagic.orig/readcdf.c libmagic/readcdf.c
 --- libmagic.orig/readcdf.c	Tue Jan  7 04:13:42 2014
-+++ libmagic/readcdf.c	Thu Apr 24 20:07:51 2014
++++ libmagic/readcdf.c	Tue May 27 22:28:51 2014
 @@ -30,7 +30,11 @@
  #endif
 

ext/date/tests/bug67118_2.phpt

@@ -35,7 +35,7 @@
 #include "file.h"
 
 #ifndef lint
-FILE_RCSID("@(#)$File: cdf.c,v 1.53 2013/02/26 16:20:42 christos Exp $")
+FILE_RCSID("@(#)$File: cdf.c,v 1.55 2014/02/27 23:26:17 christos Exp $")
 #endif
 
 #include <assert.h>
@@ -365,10 +365,10 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs,
 	size_t ss = CDF_SHORT_SEC_SIZE(h);
 	size_t pos = CDF_SHORT_SEC_POS(h, id);
 	assert(ss == len);
-	if (pos > CDF_SEC_SIZE(h) * sst->sst_len) {
+	if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) {
 		DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %"
 		    SIZE_T_FORMAT "u\n",
-		    pos, CDF_SEC_SIZE(h) * sst->sst_len));
+		    pos + len, CDF_SEC_SIZE(h) * sst->sst_len));
 		return -1;
 	}
 	(void)memcpy(((char *)buf) + offs,
@@ -688,11 +688,13 @@ cdf_read_ssat(const cdf_info_t *info, const cdf_header_t *h,
 
 int
 cdf_read_short_stream(const cdf_info_t *info, const cdf_header_t *h,
-    const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn)
+    const cdf_sat_t *sat, const cdf_dir_t *dir, cdf_stream_t *scn,
+    const cdf_directory_t **root)
 {
 	size_t i;
 	const cdf_directory_t *d;
 
+	*root = NULL;
 	for (i = 0; i < dir->dir_len; i++)
 		if (dir->dir_tab[i].d_type == CDF_DIR_TYPE_ROOT_STORAGE)
 			break;
@@ -701,6 +703,7 @@ cdf_read_short_stream(const cdf_info_t *info, const cdf_header_t *h,
 	if (i == dir->dir_len)
 		goto out;
 	d = &dir->dir_tab[i];
+	*root = d;
 
 	/* If the it is not there, just fake it; some docs don't have it */
 	if (d->d_stream_first_sector < 0)

ext/fileinfo/libmagic.patch

@@ -300,7 +300,8 @@ int cdf_read_dir(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *,
 int cdf_read_ssat(const cdf_info_t *, const cdf_header_t *, const cdf_sat_t *,
     cdf_sat_t *);
 int cdf_read_short_stream(const cdf_info_t *, const cdf_header_t *,
-    const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *);
+    const cdf_sat_t *, const cdf_dir_t *, cdf_stream_t *,
+    const cdf_directory_t **);
 int cdf_read_property_info(const cdf_stream_t *, const cdf_header_t *, uint32_t,
     cdf_property_info_t **, size_t *, size_t *);
 int cdf_read_summary_info(const cdf_info_t *, const cdf_header_t *,