Merge branch 'PHP-7.1' of git.php.net:php-src into PHP-7.1

* 'PHP-7.1' of git.php.net:php-src: (53 commits)
  Fix bug #72785 - allowed_classes only applies to outermost unserialize()
  Fix #70752: Depacking with wrong password leaves 0 length files
  Unbreak FAST_ZPP dead code
  Updated NEWS
  Fixes #72590: Opcache restart with kill_all_lockers does not work
  Limit editorconfig to C code
  Updated NEWS
  Updated NEWS
  Updated NEWS
  Fix #72972, Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE
  Change the name of the second parameter of image writer functions
  Added editorconfig file
  Implement #47456: Missing PCRE option 'J'
  Use integer placeholders, since values can vary with the TDS version
  phpdbg: couple of network function return checks. Possible overflow when copy the socket_path configuration.
  Same issue as #72926 in another place.
  Sync fix for bug #72910 with current upstream
  Fix #72994: mbc_to_code() out of bounds read
  Bump PHP_API_VERSION
  Fix bug #72996
  ...

Author: Yasuo Ohgaki

.editorconfig

@@ -0,0 +1,16 @@
+; http://editorconfig.org/
+
+root = true
+
+[*.{c,h}]
+charset                  = UTF-8
+end_of_line              = LF
+indent_size              = 4
+indent_style             = tab
+insert_final_newline     = true
+tab_width                = 4
+trim_trailing_whitespace = true
+
+[*.yml]
+indent_size              = 2
+indent_style             = space

NEWS

@@ -2,7 +2,20 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2016, PHP 7.1.0RC2
 
+- Filter:
+  . Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
+    FILTER_FLAG_NO_PRIV_RANGE). (julien)
+
+-GD:
+  . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
+    (cmb)
 
+- Opcache:
+  . Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp()
+    function). (Laruence)
+
+- SQLite3:
+  . Updated to SQLite3 3.14.1. (cmb)
 
 01 Sep 2016, PHP 7.1.0RC1
 

UPGRADING

@@ -61,7 +61,7 @@ PHP 7.1 UPGRADE NOTES
   . Fixes to random number generators mean that mt_rand() now produces a
     different sequence of outputs to previous versions. If you relied on
     mt_srand() to produce a deterministic sequence, it can be called using
-    mt_srand($seed, MT_RAND_PHP) to produce old the sequences.
+    mt_srand($seed, MT_RAND_PHP) to produce the old sequences.
   . URL rewriter has been improved.
      . Use dedicated buffer for Session module rewrite and User rewrite.
      . Full path URL rewrite is supported. Allowed domain can be specified.
@@ -103,7 +103,7 @@ PHP 7.1 UPGRADE NOTES
      . session.entropy_length
   . New INIs and defaults
      . session.sid_length (Number of session ID characters - 22 to 256.
-       (php.ini-* default: 26 Compitled default: 32)
+       (php.ini-* default: 26 Compiled default: 32)
      . session.sid_bits_per_character (Bits used per character. 4 to 6.
        php.ini-* default: 5 Compiled default: 4)
     Length of old session ID string is determined as follows
@@ -122,7 +122,7 @@ PHP 7.1 UPGRADE NOTES
 
 - Reflection:
   . The behavior of ReflectionMethod::invoke() and ::invokeArgs() has been
-    aligned, what causes slightly different behavior than before for some
+    aligned, which causes slightly different behavior than before for some
     pathological cases.
   . ReflectionType::__toString() will now return the type name with a leading
     "?" if it is nullable. To retrieve the type name without leading "?" the new
@@ -268,7 +268,7 @@ PHP 7.1 UPGRADE NOTES
 
 - DBA:
   . Data modification functions (e.g.: dba_insert()) now throw an instance of
-    Error instead of triggering a catchable fatal error if the key is does not
+    Error instead of triggering a catchable fatal error if the key does not
     contain exactly two elements.
 
 - DOM:

Zend/zend_API.c

@@ -2911,7 +2911,7 @@ static int zend_is_callable_check_func(int check_flags, zval *callable, zend_fca
 	zend_string *mname, *cname;
 	zend_string *lmname;
 	const char *colon;
-	size_t clen, mlen;
+	size_t clen;
 	HashTable *ftable;
 	int call_via_handler = 0;
 	zend_class_entry *scope;
@@ -2964,6 +2964,8 @@ static int zend_is_callable_check_func(int check_flags, zval *callable, zend_fca
 		colon > Z_STRVAL_P(callable) &&
 		*(colon-1) == ':'
 	) {
+		size_t mlen;
+
 		colon--;
 		clen = colon - Z_STRVAL_P(callable);
 		mlen = Z_STRLEN_P(callable) - clen - 2;
@@ -2996,7 +2998,6 @@ static int zend_is_callable_check_func(int check_flags, zval *callable, zend_fca
 		mname = zend_string_init(Z_STRVAL_P(callable) + clen + 2, mlen, 0);
 	} else if (ce_org) {
 		/* Try to fetch find static method of given class. */
-		mlen = Z_STRLEN_P(callable);
 		mname = Z_STR_P(callable);
 		zend_string_addref(mname);
 		ftable = &ce_org->function_table;

Zend/zend_virtual_cwd.c

@@ -328,32 +328,19 @@ CWD_API int php_sys_stat_ex(const char *path, zend_stat_t *buf, int lstat) /* {{
 		buf->st_dev = buf->st_rdev = 0;
 	} else {
 		wchar_t cur_path[MAXPATHLEN+1];
-		DWORD len = sizeof(cur_path);
-		wchar_t *tmp = cur_path;
-
-		while(1) {
-			DWORD r = GetCurrentDirectoryW(len, tmp);
-			if (r < len) {
-				if (tmp[1] == L':') {
-					if (pathw[0] >= L'A' && pathw[0] <= L'Z') {
-						buf->st_dev = buf->st_rdev = pathw[0] - L'A';
-					} else {
-						buf->st_dev = buf->st_rdev = pathw[0] - L'a';
-					}
+
+		if (NULL != _wgetcwd(cur_path, sizeof(cur_path)/sizeof(wchar_t))) {
+			if (cur_path[1] == L':') {
+				if (pathw[0] >= L'A' && pathw[0] <= L'Z') {
+					buf->st_dev = buf->st_rdev = pathw[0] - L'A';
 				} else {
-					buf->st_dev = buf->st_rdev = -1;
+					buf->st_dev = buf->st_rdev = pathw[0] - L'a';
 				}
-				break;
-			} else if (!r) {
-				buf->st_dev = buf->st_rdev = -1;
-				break;
 			} else {
-				len = r+1;
-				tmp = (wchar_t*)malloc(len*sizeof(wchar_t));
+				buf->st_dev = buf->st_rdev = -1;
 			}
-		}
-		if (tmp != cur_path) {
-			free(tmp);
+		} else {
+			buf->st_dev = buf->st_rdev = -1;
 		}
 	}
 
@@ -934,7 +921,7 @@ static int tsrm_realpath_r(char *path, int start, int len, int *ll, time_t *t, i
 			wchar_t * reparsetarget;
 			BOOL isVolume = FALSE;
 			char *printname = NULL, *substitutename = NULL;
-			int printname_len, substitutename_len;
+			int substitutename_len;
 			int substitutename_off = 0;
 
 			if(++(*ll) > LINK_MAX) {
@@ -969,7 +956,6 @@ static int tsrm_realpath_r(char *path, int start, int len, int *ll, time_t *t, i
 
 			if(pbuffer->ReparseTag == IO_REPARSE_TAG_SYMLINK) {
 				reparsetarget = pbuffer->SymbolicLinkReparseBuffer.ReparseTarget;
-				printname_len = pbuffer->MountPointReparseBuffer.PrintNameLength / sizeof(WCHAR);
 				isabsolute = (pbuffer->SymbolicLinkReparseBuffer.Flags == 0) ? 1 : 0;
 				printname = php_win32_ioutil_w_to_any(reparsetarget + pbuffer->MountPointReparseBuffer.PrintNameOffset  / sizeof(WCHAR));
 				if (!printname) {
@@ -992,7 +978,6 @@ static int tsrm_realpath_r(char *path, int start, int len, int *ll, time_t *t, i
 			else if(pbuffer->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) {
 				isabsolute = 1;
 				reparsetarget = pbuffer->MountPointReparseBuffer.ReparseTarget;
-				printname_len = pbuffer->MountPointReparseBuffer.PrintNameLength / sizeof(WCHAR);
 				printname = php_win32_ioutil_w_to_any(reparsetarget + pbuffer->MountPointReparseBuffer.PrintNameOffset  / sizeof(WCHAR));
 				if (!printname) {
 					free_alloca(pbuffer, use_heap_large);

ext/exif/exif.c

@@ -3724,8 +3724,11 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
 									fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size);
 									if (fgot < ImageInfo->Thumbnail.size) {
 										EXIF_ERRLOG_THUMBEOF(ImageInfo)
+										efree(ImageInfo->Thumbnail.data);
+										ImageInfo->Thumbnail.data = NULL;
+									} else {
+										exif_thumbnail_build(ImageInfo);
 									}
-									exif_thumbnail_build(ImageInfo);
 								}
 							}
 						}

ext/filter/logical_filters.c

@@ -789,8 +789,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 			if (flags & FILTER_FLAG_NO_PRIV_RANGE) {
 				if (
 					(ip[0] == 10) ||
-					(ip[0] == 169 && ip[1] == 254) ||
-					(ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
+					(ip[0] == 172 && ip[1] >= 16 && ip[1] <= 31) ||
 					(ip[0] == 192 && ip[1] == 168)
 				) {
 					RETURN_VALIDATION_FAILED
@@ -800,19 +799,9 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 			if (flags & FILTER_FLAG_NO_RES_RANGE) {
 				if (
 					(ip[0] == 0) ||
-					(ip[0] == 10) ||
-					(ip[0] == 100 && (ip[1] >= 64 && ip[1] <= 127)) ||
+					(ip[0] >= 240) ||
 					(ip[0] == 127) ||
-					(ip[0] == 169 && ip[1] == 254) ||
-					(ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
-					(ip[0] == 192 && ip[1] == 0 && ip[2] == 0) ||
-					(ip[0] == 192 && ip[1] == 0 && ip[2] == 2) ||
-					(ip[0] == 192 && ip[1] == 88 && ip[2] == 99) ||
-					(ip[0] == 192 && ip[1] == 168) ||
-					(ip[0] == 198 && (ip[1] == 18 || ip[1] == 19)) ||
-					(ip[0] == 198 && ip[1] == 51 && ip[2] == 100) ||
-					(ip[0] == 203 && ip[1] == 0 && ip[2] == 113) ||
-					(ip[0] >= 224 && ip[0] <= 255)
+					(ip[0] == 169 && ip[1] == 254)
 				) {
 					RETURN_VALIDATION_FAILED
 				}

ext/filter/tests/018.phpt

@@ -41,9 +41,9 @@ string(9) "127.0.0.1"
 bool(false)
 string(12) "192.0.34.166"
 bool(false)
-bool(false)
-bool(false)
-bool(false)
+string(9) "192.0.0.1"
+string(10) "100.64.0.0"
+string(15) "100.127.255.255"
 string(12) "192.0.34.166"
 bool(false)
 string(15) "255.255.255.255"

ext/filter/tests/filter_ipv4_rfc6890.phpt

@@ -85,8 +85,8 @@ string(10) "10.0.0.0/8"
 bool(false)
 bool(false)
 string(14) "168.254.0.0/16"
-bool(false)
-bool(false)
+string(11) "169.254.0.0"
+string(15) "169.254.255.255"
 string(13) "172.16.0.0/12"
 bool(false)
 bool(false)
@@ -97,44 +97,44 @@ string(9) "0.0.0.0/8"
 bool(false)
 bool(false)
 string(10) "10.0.0.0/8"
-bool(false)
-bool(false)
+string(8) "10.0.0.0"
+string(14) "10.255.255.255"
 string(12) "10.64.0.0/10"
-bool(false)
-bool(false)
+string(10) "100.64.0.0"
+string(15) "100.127.255.255"
 string(11) "127.0.0.0/8"
 bool(false)
 bool(false)
 string(14) "169.254.0.0/16"
 bool(false)
 bool(false)
 string(13) "172.16.0.0/12"
-bool(false)
-bool(false)
+string(10) "172.16.0.0"
+string(10) "172.31.0.0"
 string(12) "192.0.0.0/24"
-bool(false)
-bool(false)
+string(9) "192.0.0.0"
+string(11) "192.0.0.255"
 string(12) "192.0.0.0/29"
-bool(false)
-bool(false)
+string(9) "192.0.0.0"
+string(9) "192.0.0.7"
 string(12) "192.0.2.0/24"
-bool(false)
-bool(false)
+string(9) "192.0.2.0"
+string(11) "192.0.2.255"
 string(13) "198.18.0.0/15"
-bool(false)
-bool(false)
+string(10) "198.18.0.0"
+string(14) "198.19.255.255"
 string(15) "198.51.100.0/24"
-bool(false)
-bool(false)
+string(12) "198.51.100.0"
+string(14) "198.51.100.255"
 string(14) "192.88.99.0/24"
-bool(false)
-bool(false)
+string(11) "192.88.99.0"
+string(13) "192.88.99.255"
 string(14) "192.168.0.0/16"
-bool(false)
-bool(false)
+string(11) "192.168.0.0"
+string(15) "192.168.255.255"
 string(14) "203.0.113.0/24"
-bool(false)
-bool(false)
+string(11) "203.0.113.0"
+string(13) "203.0.113.255"
 string(11) "240.0.0.0/4"
-bool(false)
+string(9) "224.0.0.0"
 bool(false)