/PHP-7.4/Zend/tests/ |
H A D | bug70898.phpt | 2 Bug #70895 null ptr deref and segfault with crafted callable
|
H A D | bug70124.phpt | 2 Bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION_SPEC_HANDLER)
|
/PHP-7.4/Zend/ |
H A D | zend_portability.h | 636 #define ZEND_SLIDE_TO_ALIGNED(alignment, ptr) (((zend_uintptr_t)(ptr) + ((alignment)-1)) & ~((align… argument 637 #define ZEND_SLIDE_TO_ALIGNED16(ptr) ZEND_SLIDE_TO_ALIGNED(Z_UL(16), ptr) argument
|
H A D | zend.c | 1739 void **ptr; in zend_map_ptr_new() local 1753 ptr = (void**)CG(map_ptr_base) + CG(map_ptr_last); in zend_map_ptr_new() 1754 *ptr = NULL; in zend_map_ptr_new() 1757 return ptr; in zend_map_ptr_new() 1759 return ZEND_MAP_PTR_PTR2OFFSET(ptr); in zend_map_ptr_new() 1768 void **ptr; in zend_map_ptr_extend() local 1782 ptr = (void**)CG(map_ptr_base) + CG(map_ptr_last); in zend_map_ptr_extend() 1783 memset(ptr, 0, (last - CG(map_ptr_last)) * sizeof(void*)); in zend_map_ptr_extend()
|
/PHP-7.4/ext/fileinfo/libmagic/ |
H A D | softmagic.c | 154 const char *ptr; in file_fmtcheck() local 159 ptr = fmtcheck(desc, def); in file_fmtcheck() 160 if (ptr == def) in file_fmtcheck() 164 return ptr; in file_fmtcheck() 501 l = CAST(size_t, ptr - sptr); in varexpand() 507 ptr += 2; in varexpand() 508 if (!*ptr || ptr[1] != '?') in varexpand() 518 switch (*ptr) { in varexpand() 521 ptr = t; in varexpand() 524 ptr = e; in varexpand() [all …]
|
/PHP-7.4/ext/curl/ |
H A D | multi.c | 117 if (!Z_RES_P(z_ch)->ptr) { in _php_curl_multi_cleanup_list() 410 php_curlm *mh = (php_curlm *)rsrc->ptr; in _php_curl_multi_close() 419 if (Z_RES_P(pz_ch)->ptr) { in _php_curl_multi_close() 436 rsrc->ptr = NULL; in _php_curl_multi_close()
|
/PHP-7.4/ext/libxml/ |
H A D | php_libxml.h | 67 void *ptr; member
|
/PHP-7.4/ext/simplexml/ |
H A D | simplexml.c | 1286 } else if (sxe1->document->ptr == sxe2->document->ptr) { in sxe_objects_compare() 1322 sxe->xpath = xmlXPathNewContext((xmlDocPtr) sxe->document->ptr); in SXE_METHOD() 1335 ns = xmlGetNsList((xmlDocPtr) sxe->document->ptr, nodeptr); in SXE_METHOD() 1402 sxe->xpath = xmlXPathNewContext((xmlDocPtr) sxe->document->ptr); in SXE_METHOD() 1441 bytes = xmlSaveFile(filename, (xmlDocPtr) sxe->document->ptr); in SXE_METHOD() 1454 xmlNodeDumpOutput(outbuf, (xmlDocPtr) sxe->document->ptr, node, 0, 0, NULL); in SXE_METHOD() 1469 …umpMemoryEnc((xmlDocPtr) sxe->document->ptr, &strval, &strval_len, (const char *) ((xmlDocPtr) sxe… in SXE_METHOD() 1486 …umpOutput(outbuf, (xmlDocPtr) sxe->document->ptr, node, 0, 0, (const char *) ((xmlDocPtr) sxe->doc… in SXE_METHOD() 1614 node = xmlDocGetRootElement((xmlDocPtr)sxe->document->ptr); in SXE_METHOD() 1900 contents = xmlNodeListGetString((xmlDocPtr) sxe->document->ptr, node->children, 1); in sxe_object_cast_ex() [all …]
|
/PHP-7.4/sapi/phpdbg/ |
H A D | phpdbg.c | 985 fflush(PHPDBG_G(io)[PHPDBG_STDOUT].ptr); in php_sapi_phpdbg_flush() 1670 zend_phpdbg_globals *ptr = TSRMG_BULK_STATIC(phpdbg_globals_id, zend_phpdbg_globals *); in main() local 1671 *ptr = *settings; in main() 1694 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main() 1835 PHPDBG_G(io)[PHPDBG_STDIN].ptr = stdin; in main() 1837 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main() 1846 PHPDBG_G(io)[PHPDBG_STDIN].ptr = stdin; in main() 1848 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main() 1851 PHPDBG_G(io)[PHPDBG_STDIN].ptr = stdin; in main() 1853 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main() [all …]
|
/PHP-7.4/ext/standard/ |
H A D | streamsfuncs.c | 851 char *xmsg, int xcode, size_t bytes_sofar, size_t bytes_max, void * ptr) in user_space_stream_notifier() argument 853 zval *callback = &context->notifier->ptr; in user_space_stream_notifier() 880 if (notifier && Z_TYPE(notifier->ptr) != IS_UNDEF) { in user_space_stream_notifier_dtor() 881 zval_ptr_dtor(¬ifier->ptr); in user_space_stream_notifier_dtor() 882 ZVAL_UNDEF(¬ifier->ptr); in user_space_stream_notifier_dtor() 922 ZVAL_COPY(&context->notifier->ptr, tmp); in parse_context_params() 1072 …if (context->notifier && Z_TYPE(context->notifier->ptr) != IS_UNDEF && context->notifier->func == … in PHP_FUNCTION() 1073 Z_TRY_ADDREF(context->notifier->ptr); in PHP_FUNCTION() 1074 …add_assoc_zval_ex(return_value, "notification", sizeof("notification")-1, &context->notifier->ptr); in PHP_FUNCTION()
|
/PHP-7.4/ext/gd/libgd/ |
H A D | gd_topal.c | 318 register JSAMPROW ptr; in prescan_quantize() local 328 ptr = input_buf[row]; in prescan_quantize() 331 int r = gdTrueColorGetRed (*ptr) >> C0_SHIFT; in prescan_quantize() 332 int g = gdTrueColorGetGreen (*ptr) >> C1_SHIFT; in prescan_quantize() 333 int b = gdTrueColorGetBlue (*ptr) >> C2_SHIFT; in prescan_quantize() 336 if ((oim->transparent >= 0) && (*ptr == oim->transparent)) in prescan_quantize() 338 ptr++; in prescan_quantize() 346 ptr++; in prescan_quantize()
|
/PHP-7.4/ext/dba/ |
H A D | dba.c | 456 dba_info *info = (dba_info *)rsrc->ptr; in dba_close_rsrc() 465 if (Z_RES_P(el)->ptr == pDba) { in dba_close_pe_rsrc_deleter() 480 dba_info *info = (dba_info *)rsrc->ptr; in dba_close_pe_rsrc() 624 info = (dba_info *)(le->ptr); in php_dba_find() 626 return (dba_info *)(le->ptr); in php_dba_find() 702 info = (dba_info *)le->ptr; in php_dba_open() 1322 info = (dba_info *)(le->ptr); in PHP_FUNCTION()
|
/PHP-7.4/ext/reflection/ |
H A D | php_reflection.c | 105 target = intern->ptr; \ 147 void *ptr; member 219 if (intern->ptr) { in reflection_free_objects_storage() 224 efree(intern->ptr); in reflection_free_objects_storage() 246 efree(intern->ptr); in reflection_free_objects_storage() 254 intern->ptr = NULL; in reflection_free_objects_storage() 1090 intern->ptr = ce; in zend_reflection_class_factory() 1537 if (intern->ptr) { in ZEND_METHOD() 1543 intern->ptr = fptr; in ZEND_METHOD() 2402 intern->ptr = ref; in ZEND_METHOD() [all …]
|
/PHP-7.4/ext/enchant/ |
H A D | enchant.c | 231 if (rsrc->ptr) { in php_enchant_broker_free() 232 enchant_broker *broker = (enchant_broker *)rsrc->ptr; in php_enchant_broker_free() 263 if (rsrc->ptr) { in php_enchant_dict_free() 264 enchant_dict *pdict = (enchant_dict *)rsrc->ptr; in php_enchant_dict_free()
|
/PHP-7.4/ext/pcre/pcre2lib/ |
H A D | pcre2_jit_compile.c | 651 else if (ptr + 1 < end && ptr[1] >= 0x80 && ptr[1] < 0xc0) \ 655 if (ptr[0] >= 0xc2 && ptr[0] <= 0xdf) \ 660 else if (ptr + 2 < end && ptr[2] >= 0x80 && ptr[2] < 0xc0) \ 674 else if (ptr + 3 < end && ptr[3] >= 0x80 && ptr[3] < 0xc0) \ 714 else if (ptr - 1 > start && ptr[-1] >= 0x80 && ptr[-1] < 0xc0) \ 723 else if (ptr - 2 > start && ptr[-2] >= 0x80 && ptr[-2] < 0xc0) \ 737 else if (ptr - 3 > start && ptr[-3] >= 0x80 && ptr[-3] < 0xc0) \ 776 if (ptr[0] < 0xd800 || ptr[0] >= 0xe000) \ 778 else if (ptr[0] < 0xdc00 && ptr + 1 < end && ptr[1] >= 0xdc00 && ptr[1] < 0xe000) \ 810 if (ptr[0] < 0xd800 || (ptr[0] >= 0xe000 && ptr[0] < 0x110000)) \ [all …]
|
/PHP-7.4/ext/pdo_mysql/ |
H A D | mysql_statement.c | 727 static int pdo_mysql_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, size_t *len, int *caller… in pdo_mysql_stmt_get_col() argument 751 *ptr = (char*)&S->stmt->data->result_bind[colno].zv; in pdo_mysql_stmt_get_col() 758 *ptr = NULL; in pdo_mysql_stmt_get_col() 762 *ptr = S->bound_result[colno].buffer; in pdo_mysql_stmt_get_col() 774 *ptr = S->current_data[colno]; in pdo_mysql_stmt_get_col()
|
/PHP-7.4/ext/opcache/ |
H A D | zend_shared_alloc.c | 623 int zend_accel_in_shm(void *ptr) in zend_accel_in_shm() argument 632 if ((char*)ptr >= (char*)ZSMMG(shared_segments)[i]->p && in zend_accel_in_shm() 633 (char*)ptr < (char*)ZSMMG(shared_segments)[i]->p + ZSMMG(shared_segments)[i]->size) { in zend_accel_in_shm()
|
H A D | zend_accelerator_util_funcs.c | 37 #define IN_ARENA(ptr) \ argument 38 ((void*)(ptr) >= ZCG(current_persistent_script)->arena_mem && \ 39 …(void*)(ptr) < (void*)((char*)ZCG(current_persistent_script)->arena_mem + ZCG(current_persistent_s… 41 #define ARENA_REALLOC(ptr) \ argument 42 …(void*)(((char*)(ptr)) + ((char*)ZCG(arena_mem) - (char*)ZCG(current_persistent_script)->arena_mem…
|
/PHP-7.4/ext/mysqlnd/ |
H A D | mysqlnd_wireprotocol.c | 1409 p = buffer->ptr; in php_mysqlnd_read_row_ex() 1432 …buffer->ptr = pool->resize_chunk(pool, buffer->ptr, *data_size - header.size, *data_size + preallo… in php_mysqlnd_read_row_ex() 1433 if (!buffer->ptr) { in php_mysqlnd_read_row_ex() 1450 if (ret == FAIL && buffer->ptr) { in php_mysqlnd_read_row_ex() 1451 pool->free_chunk(pool, buffer->ptr); in php_mysqlnd_read_row_ex() 1452 buffer->ptr = NULL; in php_mysqlnd_read_row_ex() 1466 const zend_uchar * p = row_buffer->ptr; in php_mysqlnd_rowp_read_binary_protocol() 1558 zend_uchar * p = row_buffer->ptr; in php_mysqlnd_rowp_read_text_protocol_aux() 1773 if (ERROR_MARKER == (*(p = packet->row_buffer.ptr))) { in php_mysqlnd_rowp_read() 1840 if (p->row_buffer.ptr) { in php_mysqlnd_rowp_free_mem() [all …]
|
/PHP-7.4/ext/pspell/ |
H A D | pspell.c | 214 PspellManager *manager = (PspellManager *)rsrc->ptr; in ZEND_GET_MODULE() 221 PspellConfig *config = (PspellConfig *)rsrc->ptr; in php_pspell_close_config() 232 config = (PspellConfig *)Z_RES_P(res)->ptr; \ 241 manager = (PspellManager *)Z_RES_P(res)->ptr; \
|
/PHP-7.4/ext/pdo_oci/ |
H A D | oci_statement.c | 757 static int oci_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, size_t *len, int *caller_frees… in oci_stmt_get_col() argument 765 *ptr = NULL; in oci_stmt_get_col() 773 … *ptr = (char*)oci_create_lob_stream(&stmt->database_object_handle, stmt, (OCILobLocator*)C->data); in oci_stmt_get_col() 777 return *ptr ? 1 : 0; in oci_stmt_get_col() 780 *ptr = C->data; in oci_stmt_get_col() 787 *ptr = C->data; in oci_stmt_get_col()
|
/PHP-7.4/ext/spl/ |
H A D | php_spl.c | 264 char *ptr = class_file; in spl_autoload() local 265 char *end = ptr + class_file_len; in spl_autoload() 267 while ((ptr = memchr(ptr, '\\', (end - ptr))) != NULL) { in spl_autoload() 268 *ptr = DEFAULT_SLASH; in spl_autoload()
|
H A D | spl_iterators.c | 1197 char *ptr; in SPL_METHOD() local 1236 ptr = ZSTR_VAL(str); in SPL_METHOD() 1239 ptr += Z_STRLEN(prefix); in SPL_METHOD() 1241 ptr += Z_STRLEN(entry); in SPL_METHOD() 1243 ptr += Z_STRLEN(postfix); in SPL_METHOD() 1244 *ptr = 0; in SPL_METHOD() 1290 ptr = ZSTR_VAL(str); in SPL_METHOD() 1293 ptr += Z_STRLEN(prefix); in SPL_METHOD() 1295 ptr += Z_STRLEN(key); in SPL_METHOD() 1297 ptr += Z_STRLEN(postfix); in SPL_METHOD() [all …]
|
/PHP-7.4/ext/mysqli/ |
H A D | mysqli_api.c | 688 mysqli_plist_entry *plist = (mysqli_plist_entry *) le->ptr; in php_mysqli_close() 729 …php_mysqli_close(mysql, MYSQLI_CLOSE_EXPLICIT, ((MYSQLI_RESOURCE *)(Z_MYSQLI_P(mysql_link))->ptr)-… in PHP_FUNCTION() 730 ((MYSQLI_RESOURCE *)(Z_MYSQLI_P(mysql_link))->ptr)->status = MYSQLI_STATUS_UNKNOWN; in PHP_FUNCTION() 1493 if (is_method && (Z_MYSQLI_P(getThis()))->ptr) { 1514 mysqli_resource->ptr = (void *)mysql; 1520 (Z_MYSQLI_P(getThis()))->ptr = mysqli_resource; 1908 mysqli_resource->ptr = (void *)stmt; 2461 mysqli_resource->ptr = (void *)stmt; 2511 mysqli_resource->ptr = (void *)result; 2615 mysqli_resource->ptr = (void *)result; [all …]
|
/PHP-7.4/sapi/apache2handler/ |
H A D | sapi_apache2.c | 86 char *val, *ptr; in php_apache_sapi_header_handler() local 106 ptr = val; in php_apache_sapi_header_handler() 135 *ptr = ':'; in php_apache_sapi_header_handler()
|