From 35d5cd5c6e2d160952274b67d4c20e59f351dd0b Mon Sep 17 00:00:00 2001 From: Insu Yun Date: Tue, 12 Jan 2016 04:21:57 +0000 Subject: phpdbg: fix potential format string bug --- sapi/phpdbg/phpdbg_prompt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sapi/phpdbg/phpdbg_prompt.c') diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 97249765f8..796519ffdf 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -651,7 +651,7 @@ static inline void phpdbg_handle_exception(void) /* {{{ */ phpdbg_error("exception", "name=\"%s\" file=\"%s\" line=\"" ZEND_LONG_FMT "\"", "Uncaught %s in %s on line " ZEND_LONG_FMT, ZSTR_VAL(ex->ce->name), ZSTR_VAL(file), line); zend_string_release(file); - phpdbg_writeln("exceptionmsg", "msg=\"%s\"", ZSTR_VAL(msg)); + phpdbg_writeln("exceptionmsg", "msg=\"%s\"", "%s", ZSTR_VAL(msg)); zend_string_release(msg); if (EG(prev_exception)) { @@ -1627,7 +1627,7 @@ next: execute_data->call->func->type == ZEND_USER_FUNCTION) { zend_execute_ex = execute_ex; } - PHPDBG_G(vmret) = zend_vm_call_opcode_handler(execute_data); + PHPDBG_G(vmret) = zend_vm_call_opcode_handler(execute_data); zend_execute_ex = phpdbg_execute_ex; if (PHPDBG_G(vmret) != 0) { -- cgit v1.2.1 From c9357f82d3882eb3c7cb9f63dbc98d354fb20739 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sun, 14 Feb 2016 14:02:19 +0100 Subject: Format string fixes Conflicts: ext/pgsql/pgsql.c --- sapi/phpdbg/phpdbg_prompt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'sapi/phpdbg/phpdbg_prompt.c') diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 97249765f8..0314442daa 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -1518,7 +1518,11 @@ void phpdbg_execute_ex(zend_execute_data *execute_data) /* {{{ */ line = zval_get_long(zend_read_property(zend_get_exception_base(&zv), &zv, ZEND_STRL("line"), 1, &rv)); msg = zval_get_string(zend_read_property(zend_get_exception_base(&zv), &zv, ZEND_STRL("message"), 1, &rv)); - phpdbg_error("exception", "name=\"%s\" file=\"%s\" line=\"" ZEND_LONG_FMT "\"", "Uncaught %s in %s on line " ZEND_LONG_FMT ": %.*s", ZSTR_VAL(exception->ce->name), ZSTR_VAL(file), line, ZSTR_LEN(msg) < 80 ? ZSTR_LEN(msg) : 80, ZSTR_VAL(msg)); + phpdbg_error("exception", + "name=\"%s\" file=\"%s\" line=\"" ZEND_LONG_FMT "\"", + "Uncaught %s in %s on line " ZEND_LONG_FMT ": %.*s", + ZSTR_VAL(exception->ce->name), ZSTR_VAL(file), line, + ZSTR_LEN(msg) < 80 ? (int) ZSTR_LEN(msg) : 80, ZSTR_VAL(msg)); zend_string_release(msg); zend_string_release(file); -- cgit v1.2.1 From 055b4112188cccdc250790ab063479d2922f5fda Mon Sep 17 00:00:00 2001 From: Bob Weinand Date: Wed, 17 Feb 2016 20:26:47 +0100 Subject: Fix crash when advancing inside an internal function This just happened in the "double ctrl+c" mode, when we halted inside an internal function; there was some code assuming a proper op_array --- sapi/phpdbg/phpdbg_prompt.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'sapi/phpdbg/phpdbg_prompt.c') diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c index 0314442daa..558ca469b5 100644 --- a/sapi/phpdbg/phpdbg_prompt.c +++ b/sapi/phpdbg/phpdbg_prompt.c @@ -518,13 +518,14 @@ PHPDBG_COMMAND(continue) /* {{{ */ } /* }}} */ int phpdbg_skip_line_helper() /* {{{ */ { - const zend_op_array *op_array = &EG(current_execute_data)->func->op_array; + zend_execute_data *ex = phpdbg_user_execute_data(EG(current_execute_data)); + const zend_op_array *op_array = &ex->func->op_array; const zend_op *opline = op_array->opcodes; PHPDBG_G(flags) |= PHPDBG_IN_UNTIL; - PHPDBG_G(seek_ex) = EG(current_execute_data); + PHPDBG_G(seek_ex) = ex; do { - if (opline->lineno != EG(current_execute_data)->opline->lineno + if (opline->lineno != ex->opline->lineno || opline->opcode == ZEND_RETURN || opline->opcode == ZEND_FAST_RET || opline->opcode == ZEND_GENERATOR_RETURN @@ -562,10 +563,11 @@ PHPDBG_COMMAND(next) /* {{{ */ } /* }}} */ static void phpdbg_seek_to_end(void) /* {{{ */ { - const zend_op_array *op_array = &EG(current_execute_data)->func->op_array; + zend_execute_data *ex = phpdbg_user_execute_data(EG(current_execute_data)); + const zend_op_array *op_array = &ex->func->op_array; const zend_op *opline = op_array->opcodes; - PHPDBG_G(seek_ex) = EG(current_execute_data); + PHPDBG_G(seek_ex) = ex; do { switch (opline->opcode) { case ZEND_RETURN: @@ -588,7 +590,7 @@ PHPDBG_COMMAND(finish) /* {{{ */ } phpdbg_seek_to_end(); - if (zend_hash_index_exists(&PHPDBG_G(seek), (zend_ulong) EG(current_execute_data)->opline)) { + if (zend_hash_index_exists(&PHPDBG_G(seek), (zend_ulong) phpdbg_user_execute_data(EG(current_execute_data))->opline)) { zend_hash_clean(&PHPDBG_G(seek)); } else { PHPDBG_G(flags) |= PHPDBG_IN_FINISH; @@ -605,7 +607,7 @@ PHPDBG_COMMAND(leave) /* {{{ */ } phpdbg_seek_to_end(); - if (zend_hash_index_exists(&PHPDBG_G(seek), (zend_ulong) EG(current_execute_data)->opline)) { + if (zend_hash_index_exists(&PHPDBG_G(seek), (zend_ulong) phpdbg_user_execute_data(EG(current_execute_data))->opline)) { zend_hash_clean(&PHPDBG_G(seek)); phpdbg_notice("leave", "type=\"end\"", "Already at the end of the function"); return SUCCESS; -- cgit v1.2.1