| /PHP-7.4/Zend/tests/ |
| H A D | bug70898.phpt | 2 Bug #70895 null ptr deref and segfault with crafted callable
|
| H A D | bug70124.phpt | 2 Bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION_SPEC_HANDLER)
|
| /PHP-7.4/Zend/ |
| H A D | zend_portability.h | 636 #define ZEND_SLIDE_TO_ALIGNED(alignment, ptr) (((zend_uintptr_t)(ptr) + ((alignment)-1)) & ~((align… argument
637 #define ZEND_SLIDE_TO_ALIGNED16(ptr) ZEND_SLIDE_TO_ALIGNED(Z_UL(16), ptr) argument
|
| H A D | zend.c | 1739 void **ptr; in zend_map_ptr_new() local
1753 ptr = (void**)CG(map_ptr_base) + CG(map_ptr_last); in zend_map_ptr_new()
1754 *ptr = NULL; in zend_map_ptr_new()
1757 return ptr; in zend_map_ptr_new()
1759 return ZEND_MAP_PTR_PTR2OFFSET(ptr); in zend_map_ptr_new()
1768 void **ptr; in zend_map_ptr_extend() local
1782 ptr = (void**)CG(map_ptr_base) + CG(map_ptr_last); in zend_map_ptr_extend()
1783 memset(ptr, 0, (last - CG(map_ptr_last)) * sizeof(void*)); in zend_map_ptr_extend()
|
| /PHP-7.4/ext/fileinfo/libmagic/ |
| H A D | softmagic.c | 154 const char *ptr; in file_fmtcheck() local
159 ptr = fmtcheck(desc, def); in file_fmtcheck()
160 if (ptr == def) in file_fmtcheck()
164 return ptr; in file_fmtcheck()
501 l = CAST(size_t, ptr - sptr); in varexpand()
507 ptr += 2; in varexpand()
508 if (!*ptr || ptr[1] != '?') in varexpand()
518 switch (*ptr) { in varexpand()
521 ptr = t; in varexpand()
524 ptr = e; in varexpand()
[all …]
|
| /PHP-7.4/ext/curl/ |
| H A D | multi.c | 117 if (!Z_RES_P(z_ch)->ptr) { in _php_curl_multi_cleanup_list()
410 php_curlm *mh = (php_curlm *)rsrc->ptr; in _php_curl_multi_close()
419 if (Z_RES_P(pz_ch)->ptr) { in _php_curl_multi_close()
436 rsrc->ptr = NULL; in _php_curl_multi_close()
|
| /PHP-7.4/ext/libxml/ |
| H A D | php_libxml.h | 67 void *ptr; member
|
| /PHP-7.4/ext/simplexml/ |
| H A D | simplexml.c | 1286 } else if (sxe1->document->ptr == sxe2->document->ptr) { in sxe_objects_compare()
1322 sxe->xpath = xmlXPathNewContext((xmlDocPtr) sxe->document->ptr); in SXE_METHOD()
1335 ns = xmlGetNsList((xmlDocPtr) sxe->document->ptr, nodeptr); in SXE_METHOD()
1402 sxe->xpath = xmlXPathNewContext((xmlDocPtr) sxe->document->ptr); in SXE_METHOD()
1441 bytes = xmlSaveFile(filename, (xmlDocPtr) sxe->document->ptr); in SXE_METHOD()
1454 xmlNodeDumpOutput(outbuf, (xmlDocPtr) sxe->document->ptr, node, 0, 0, NULL); in SXE_METHOD()
1469 …umpMemoryEnc((xmlDocPtr) sxe->document->ptr, &strval, &strval_len, (const char *) ((xmlDocPtr) sxe… in SXE_METHOD()
1486 …umpOutput(outbuf, (xmlDocPtr) sxe->document->ptr, node, 0, 0, (const char *) ((xmlDocPtr) sxe->doc… in SXE_METHOD()
1614 node = xmlDocGetRootElement((xmlDocPtr)sxe->document->ptr); in SXE_METHOD()
1900 contents = xmlNodeListGetString((xmlDocPtr) sxe->document->ptr, node->children, 1); in sxe_object_cast_ex()
[all …]
|
| /PHP-7.4/sapi/phpdbg/ |
| H A D | phpdbg.c | 985 fflush(PHPDBG_G(io)[PHPDBG_STDOUT].ptr); in php_sapi_phpdbg_flush()
1670 zend_phpdbg_globals *ptr = TSRMG_BULK_STATIC(phpdbg_globals_id, zend_phpdbg_globals *); in main() local
1671 *ptr = *settings; in main()
1694 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main()
1835 PHPDBG_G(io)[PHPDBG_STDIN].ptr = stdin; in main()
1837 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main()
1846 PHPDBG_G(io)[PHPDBG_STDIN].ptr = stdin; in main()
1848 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main()
1851 PHPDBG_G(io)[PHPDBG_STDIN].ptr = stdin; in main()
1853 PHPDBG_G(io)[PHPDBG_STDOUT].ptr = stdout; in main()
[all …]
|
| /PHP-7.4/ext/standard/ |
| H A D | streamsfuncs.c | 851 char *xmsg, int xcode, size_t bytes_sofar, size_t bytes_max, void * ptr) in user_space_stream_notifier() argument
853 zval *callback = &context->notifier->ptr; in user_space_stream_notifier()
880 if (notifier && Z_TYPE(notifier->ptr) != IS_UNDEF) { in user_space_stream_notifier_dtor()
881 zval_ptr_dtor(¬ifier->ptr); in user_space_stream_notifier_dtor()
882 ZVAL_UNDEF(¬ifier->ptr); in user_space_stream_notifier_dtor()
922 ZVAL_COPY(&context->notifier->ptr, tmp); in parse_context_params()
1072 …if (context->notifier && Z_TYPE(context->notifier->ptr) != IS_UNDEF && context->notifier->func == … in PHP_FUNCTION()
1073 Z_TRY_ADDREF(context->notifier->ptr); in PHP_FUNCTION()
1074 …add_assoc_zval_ex(return_value, "notification", sizeof("notification")-1, &context->notifier->ptr); in PHP_FUNCTION()
|
| /PHP-7.4/ext/gd/libgd/ |
| H A D | gd_topal.c | 318 register JSAMPROW ptr; in prescan_quantize() local
328 ptr = input_buf[row]; in prescan_quantize()
331 int r = gdTrueColorGetRed (*ptr) >> C0_SHIFT; in prescan_quantize()
332 int g = gdTrueColorGetGreen (*ptr) >> C1_SHIFT; in prescan_quantize()
333 int b = gdTrueColorGetBlue (*ptr) >> C2_SHIFT; in prescan_quantize()
336 if ((oim->transparent >= 0) && (*ptr == oim->transparent)) in prescan_quantize()
338 ptr++; in prescan_quantize()
346 ptr++; in prescan_quantize()
|
| /PHP-7.4/ext/dba/ |
| H A D | dba.c | 456 dba_info *info = (dba_info *)rsrc->ptr; in dba_close_rsrc()
465 if (Z_RES_P(el)->ptr == pDba) { in dba_close_pe_rsrc_deleter()
480 dba_info *info = (dba_info *)rsrc->ptr; in dba_close_pe_rsrc()
624 info = (dba_info *)(le->ptr); in php_dba_find()
626 return (dba_info *)(le->ptr); in php_dba_find()
702 info = (dba_info *)le->ptr; in php_dba_open()
1322 info = (dba_info *)(le->ptr); in PHP_FUNCTION()
|
| /PHP-7.4/ext/reflection/ |
| H A D | php_reflection.c | 105 target = intern->ptr; \
147 void *ptr; member
219 if (intern->ptr) { in reflection_free_objects_storage()
224 efree(intern->ptr); in reflection_free_objects_storage()
246 efree(intern->ptr); in reflection_free_objects_storage()
254 intern->ptr = NULL; in reflection_free_objects_storage()
1090 intern->ptr = ce; in zend_reflection_class_factory()
1537 if (intern->ptr) { in ZEND_METHOD()
1543 intern->ptr = fptr; in ZEND_METHOD()
2402 intern->ptr = ref; in ZEND_METHOD()
[all …]
|
| /PHP-7.4/ext/enchant/ |
| H A D | enchant.c | 231 if (rsrc->ptr) { in php_enchant_broker_free()
232 enchant_broker *broker = (enchant_broker *)rsrc->ptr; in php_enchant_broker_free()
263 if (rsrc->ptr) { in php_enchant_dict_free()
264 enchant_dict *pdict = (enchant_dict *)rsrc->ptr; in php_enchant_dict_free()
|
| /PHP-7.4/ext/pcre/pcre2lib/ |
| H A D | pcre2_jit_compile.c | 651 else if (ptr + 1 < end && ptr[1] >= 0x80 && ptr[1] < 0xc0) \
655 if (ptr[0] >= 0xc2 && ptr[0] <= 0xdf) \
660 else if (ptr + 2 < end && ptr[2] >= 0x80 && ptr[2] < 0xc0) \
674 else if (ptr + 3 < end && ptr[3] >= 0x80 && ptr[3] < 0xc0) \
714 else if (ptr - 1 > start && ptr[-1] >= 0x80 && ptr[-1] < 0xc0) \
723 else if (ptr - 2 > start && ptr[-2] >= 0x80 && ptr[-2] < 0xc0) \
737 else if (ptr - 3 > start && ptr[-3] >= 0x80 && ptr[-3] < 0xc0) \
776 if (ptr[0] < 0xd800 || ptr[0] >= 0xe000) \
778 else if (ptr[0] < 0xdc00 && ptr + 1 < end && ptr[1] >= 0xdc00 && ptr[1] < 0xe000) \
810 if (ptr[0] < 0xd800 || (ptr[0] >= 0xe000 && ptr[0] < 0x110000)) \
[all …]
|
| /PHP-7.4/ext/pdo_mysql/ |
| H A D | mysql_statement.c | 727 static int pdo_mysql_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, size_t *len, int *caller… in pdo_mysql_stmt_get_col() argument
751 *ptr = (char*)&S->stmt->data->result_bind[colno].zv; in pdo_mysql_stmt_get_col()
758 *ptr = NULL; in pdo_mysql_stmt_get_col()
762 *ptr = S->bound_result[colno].buffer; in pdo_mysql_stmt_get_col()
774 *ptr = S->current_data[colno]; in pdo_mysql_stmt_get_col()
|
| /PHP-7.4/ext/opcache/ |
| H A D | zend_shared_alloc.c | 623 int zend_accel_in_shm(void *ptr) in zend_accel_in_shm() argument
632 if ((char*)ptr >= (char*)ZSMMG(shared_segments)[i]->p && in zend_accel_in_shm()
633 (char*)ptr < (char*)ZSMMG(shared_segments)[i]->p + ZSMMG(shared_segments)[i]->size) { in zend_accel_in_shm()
|
| H A D | zend_accelerator_util_funcs.c | 37 #define IN_ARENA(ptr) \ argument
38 ((void*)(ptr) >= ZCG(current_persistent_script)->arena_mem && \
39 …(void*)(ptr) < (void*)((char*)ZCG(current_persistent_script)->arena_mem + ZCG(current_persistent_s…
41 #define ARENA_REALLOC(ptr) \ argument
42 …(void*)(((char*)(ptr)) + ((char*)ZCG(arena_mem) - (char*)ZCG(current_persistent_script)->arena_mem…
|
| /PHP-7.4/ext/mysqlnd/ |
| H A D | mysqlnd_wireprotocol.c | 1409 p = buffer->ptr; in php_mysqlnd_read_row_ex()
1432 …buffer->ptr = pool->resize_chunk(pool, buffer->ptr, *data_size - header.size, *data_size + preallo… in php_mysqlnd_read_row_ex()
1433 if (!buffer->ptr) { in php_mysqlnd_read_row_ex()
1450 if (ret == FAIL && buffer->ptr) { in php_mysqlnd_read_row_ex()
1451 pool->free_chunk(pool, buffer->ptr); in php_mysqlnd_read_row_ex()
1452 buffer->ptr = NULL; in php_mysqlnd_read_row_ex()
1466 const zend_uchar * p = row_buffer->ptr; in php_mysqlnd_rowp_read_binary_protocol()
1558 zend_uchar * p = row_buffer->ptr; in php_mysqlnd_rowp_read_text_protocol_aux()
1773 if (ERROR_MARKER == (*(p = packet->row_buffer.ptr))) { in php_mysqlnd_rowp_read()
1840 if (p->row_buffer.ptr) { in php_mysqlnd_rowp_free_mem()
[all …]
|
| /PHP-7.4/ext/pspell/ |
| H A D | pspell.c | 214 PspellManager *manager = (PspellManager *)rsrc->ptr; in ZEND_GET_MODULE()
221 PspellConfig *config = (PspellConfig *)rsrc->ptr; in php_pspell_close_config()
232 config = (PspellConfig *)Z_RES_P(res)->ptr; \
241 manager = (PspellManager *)Z_RES_P(res)->ptr; \
|
| /PHP-7.4/ext/pdo_oci/ |
| H A D | oci_statement.c | 757 static int oci_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, size_t *len, int *caller_frees… in oci_stmt_get_col() argument
765 *ptr = NULL; in oci_stmt_get_col()
773 … *ptr = (char*)oci_create_lob_stream(&stmt->database_object_handle, stmt, (OCILobLocator*)C->data); in oci_stmt_get_col()
777 return *ptr ? 1 : 0; in oci_stmt_get_col()
780 *ptr = C->data; in oci_stmt_get_col()
787 *ptr = C->data; in oci_stmt_get_col()
|
| /PHP-7.4/ext/spl/ |
| H A D | php_spl.c | 264 char *ptr = class_file; in spl_autoload() local
265 char *end = ptr + class_file_len; in spl_autoload()
267 while ((ptr = memchr(ptr, '\\', (end - ptr))) != NULL) { in spl_autoload()
268 *ptr = DEFAULT_SLASH; in spl_autoload()
|
| H A D | spl_iterators.c | 1197 char *ptr; in SPL_METHOD() local
1236 ptr = ZSTR_VAL(str); in SPL_METHOD()
1239 ptr += Z_STRLEN(prefix); in SPL_METHOD()
1241 ptr += Z_STRLEN(entry); in SPL_METHOD()
1243 ptr += Z_STRLEN(postfix); in SPL_METHOD()
1244 *ptr = 0; in SPL_METHOD()
1290 ptr = ZSTR_VAL(str); in SPL_METHOD()
1293 ptr += Z_STRLEN(prefix); in SPL_METHOD()
1295 ptr += Z_STRLEN(key); in SPL_METHOD()
1297 ptr += Z_STRLEN(postfix); in SPL_METHOD()
[all …]
|
| /PHP-7.4/ext/mysqli/ |
| H A D | mysqli_api.c | 688 mysqli_plist_entry *plist = (mysqli_plist_entry *) le->ptr; in php_mysqli_close()
729 …php_mysqli_close(mysql, MYSQLI_CLOSE_EXPLICIT, ((MYSQLI_RESOURCE *)(Z_MYSQLI_P(mysql_link))->ptr)-… in PHP_FUNCTION()
730 ((MYSQLI_RESOURCE *)(Z_MYSQLI_P(mysql_link))->ptr)->status = MYSQLI_STATUS_UNKNOWN; in PHP_FUNCTION()
1493 if (is_method && (Z_MYSQLI_P(getThis()))->ptr) {
1514 mysqli_resource->ptr = (void *)mysql;
1520 (Z_MYSQLI_P(getThis()))->ptr = mysqli_resource;
1908 mysqli_resource->ptr = (void *)stmt;
2461 mysqli_resource->ptr = (void *)stmt;
2511 mysqli_resource->ptr = (void *)result;
2615 mysqli_resource->ptr = (void *)result;
[all …]
|
| /PHP-7.4/sapi/apache2handler/ |
| H A D | sapi_apache2.c | 86 char *val, *ptr; in php_apache_sapi_header_handler() local
106 ptr = val; in php_apache_sapi_header_handler()
135 *ptr = ':'; in php_apache_sapi_header_handler()
|
