Fixing test fails, no large changes mostly invalid frees and off-by-ones

Sean-Der · Sean-Der · commit cbdf65a765cf · 2015-09-06T20:52:03.000Z
diff --git a/library.c b/library.c
@@ -1220,7 +1220,7 @@ static void array_zip_values_and_scores(RedisSock *redis_sock, zval *z_tab,
         unsigned long idx;
         zval *z_key_p, *z_value_p;
 
-        zend_hash_get_current_key_ex(keytable, &tablekey, &idx, 0);
+        zend_hash_get_current_key(keytable, &tablekey, &idx);
         if((z_key_p = zend_hash_get_current_data(keytable)) == NULL) {
             continue;   /* this should never happen, according to the PHP people. */
         }
@@ -1234,7 +1234,7 @@ static void array_zip_values_and_scores(RedisSock *redis_sock, zval *z_tab,
         zend_hash_move_forward(keytable);
 
         /* fetch again */
-        zend_hash_get_current_key_ex(keytable, &tablekey, &idx, 0);
+        zend_hash_get_current_key(keytable, &tablekey, &idx);
         if((z_value_p = zend_hash_get_current_data(keytable)) == NULL) {
             continue;   /* this should never happen, according to the PHP people. */
         }
@@ -1244,13 +1244,13 @@ static void array_zip_values_and_scores(RedisSock *redis_sock, zval *z_tab,
 
         /* Decode the score depending on flag */
         if (decode == SCORE_DECODE_INT && Z_STRLEN_P(z_value_p) > 0) {
-            add_assoc_long_ex(&z_ret, hkey, 1+hkey_len, atoi(hval+1));
+            add_assoc_long_ex(&z_ret, hkey, hkey_len, atoi(hval+1));
         } else if (decode == SCORE_DECODE_DOUBLE) {
-            add_assoc_double_ex(&z_ret, hkey, 1+hkey_len, atof(hval));
+            add_assoc_double_ex(&z_ret, hkey, hkey_len, atof(hval));
         } else {
             zval z;
 			ZVAL_DUP(&z, z_value_p);
-            add_assoc_zval_ex(&z_ret, hkey, 1+hkey_len, &z);
+            add_assoc_zval_ex(&z_ret, hkey, hkey_len, &z);
         }
     }
 
@@ -1391,12 +1391,12 @@ PHP_REDIS_API void redis_string_response(INTERNAL_FUNCTION_PARAMETERS, RedisSock
         RETURN_FALSE;
     }
     IF_MULTI_OR_PIPELINE() {
-        zval *z = NULL;
-        if(redis_unserialize(redis_sock, response, response_len,
-                             &z TSRMLS_CC) == 1)
+        zval z, *z_p;
+		z_p = &z;
+        if(redis_unserialize(redis_sock, response, response_len, &z_p) == 1)
         {
             efree(response);
-            add_next_index_zval(z_tab, z);
+            add_next_index_zval(z_tab, z_p);
         } else {
             add_next_index_stringl(z_tab, response, response_len);
         }
@@ -1432,9 +1432,8 @@ redis_ping_response(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     IF_MULTI_OR_PIPELINE() {
         add_next_index_stringl(z_tab, response, response_len);
     } else {
-        RETURN_STRINGL(response, response_len);
+        RETURN_STRING(response);
     }
-	efree(response);
 }
 
 /* Response for DEBUG object which is a formatted single line reply */
@@ -1852,7 +1851,8 @@ redis_mbulk_reply_loop(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     while(count > 0) {
         line = redis_sock_read(redis_sock, &len TSRMLS_CC);
         if (line != NULL) {
-            zval *z = NULL;
+            zval z, *z_p;
+			z_p = &z;
             int unwrap;
 
             /* We will attempt unserialization, if we're unserializing everything,
@@ -1862,9 +1862,9 @@ redis_mbulk_reply_loop(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
                 (unserialize == UNSERIALIZE_KEYS && count % 2 == 0) ||
                 (unserialize == UNSERIALIZE_VALS && count % 2 != 0);
 
-            if (unwrap && redis_unserialize(redis_sock, line, len, &z TSRMLS_CC)) {
+            if (unwrap && redis_unserialize(redis_sock, line, len, &z_p TSRMLS_CC)) {
                 efree(line);
-                add_next_index_zval(z_tab, z);
+                add_next_index_zval(z_tab, z_p);
             } else {
                 add_next_index_stringl(z_tab, line, len);
             }
@@ -1885,7 +1885,7 @@ PHP_REDIS_API int redis_mbulk_reply_assoc(INTERNAL_FUNCTION_PARAMETERS, RedisSoc
     int i, numElems;
     zval z_multi_result;
 
-    zval **z_keys = ctx;
+    zval *z_keys = ctx;
 
     if(-1 == redis_check_eof(redis_sock, 0 TSRMLS_CC)) {
         return -1;
@@ -1914,19 +1914,19 @@ PHP_REDIS_API int redis_mbulk_reply_assoc(INTERNAL_FUNCTION_PARAMETERS, RedisSoc
     for(i = 0; i < numElems; ++i) {
         response = redis_sock_read(redis_sock, &response_len TSRMLS_CC);
         if(response != NULL) {
-            zval *z = NULL;
-            if(redis_unserialize(redis_sock, response, response_len, &z TSRMLS_CC) == 1) {
+            zval z, *z_p;
+			z_p = &z;
+            if(redis_unserialize(redis_sock, response, response_len, &z_p) == 1) {
                 efree(response);
-                add_assoc_zval_ex(&z_multi_result, Z_STRVAL_P(z_keys[i]), 1+Z_STRLEN_P(z_keys[i]), z);
+                add_assoc_zval_ex(&z_multi_result, Z_STRVAL(z_keys[i]), Z_STRLEN(z_keys[i]), z_p);
             } else {
-                add_assoc_stringl_ex(&z_multi_result, Z_STRVAL_P(z_keys[i]), 1+Z_STRLEN_P(z_keys[i]), response, response_len);
+                add_assoc_stringl_ex(&z_multi_result, Z_STRVAL(z_keys[i]), Z_STRLEN(z_keys[i]), response, response_len);
             }
         } else {
-            add_assoc_bool_ex(&z_multi_result, Z_STRVAL_P(z_keys[i]), 1+Z_STRLEN_P(z_keys[i]), 0);
+            add_assoc_bool_ex(&z_multi_result, Z_STRVAL(z_keys[i]), Z_STRLEN(z_keys[i]), 0);
         }
-    zval_dtor(z_keys[i]);
-    efree(z_keys[i]);
-    }
+		zval_dtor(&z_keys[i]);
+	}
     efree(z_keys);
 
     IF_MULTI_OR_PIPELINE() {
@@ -2018,7 +2018,7 @@ redis_serialize(RedisSock *redis_sock, zval *z, char **val, int *val_len
             convert_to_string(&z_copy);
             *val = Z_STRVAL_P(&z_copy);
             *val_len = Z_STRLEN_P(&z_copy);
-            return 1;
+            return 0;
 
         case REDIS_SERIALIZER_PHP:
 
@@ -2028,14 +2028,14 @@ redis_serialize(RedisSock *redis_sock, zval *z, char **val, int *val_len
             *val_len = sstr.s->len;
             PHP_VAR_SERIALIZE_DESTROY(ht);
 
-            return 1;
+            return 0;
 
         case REDIS_SERIALIZER_IGBINARY:
 #ifdef HAVE_REDIS_IGBINARY
             if(igbinary_serialize(&val8, (size_t *)&sz, z TSRMLS_CC) == 0) {
                 *val = (char*)val8;
                 *val_len = (int)sz;
-                return 1;
+                return 0;
             }
 #endif
             return 0;
@@ -2056,16 +2056,7 @@ redis_unserialize(RedisSock* redis_sock, const char *val, int val_len,
             return 0;
 
         case REDIS_SERIALIZER_PHP:
-            if(!*return_value) {
-				// TODO Sean-Der, heap allocation
-                //MAKE_STD_ZVAL(*return_value);
-                rv_free = 1;
-            }
-#if ZEND_MODULE_API_NO >= 20100000
             PHP_VAR_UNSERIALIZE_INIT(var_hash);
-#else
-            memset(&var_hash, 0, sizeof(var_hash));
-#endif
             if(!php_var_unserialize(*return_value, (const unsigned char**)&val,
                     (const unsigned char*)val + val_len, &var_hash TSRMLS_CC)) {
                 if(rv_free==1) efree(*return_value);
@@ -2356,7 +2347,6 @@ redis_read_variant_reply(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
 		/* Set our return value */
 		ZVAL_DUP(return_value, z_ret_p);
 		zval_dtor(z_ret_p);
-		efree(z_ret_p);
 	}
 
 	/* Success */
diff --git a/redis.c b/redis.c
@@ -993,6 +993,7 @@ PHP_METHOD(Redis, getMultiple)
         char *key;
         int key_len, key_free;
         zval z_tmp;
+		ZVAL_UNDEF(&z_tmp);
 
         /* If the key isn't a string, turn it into one */
         if(Z_TYPE_P(z_ele) == IS_STRING) {
@@ -1001,6 +1002,7 @@ PHP_METHOD(Redis, getMultiple)
         } else {
             ZVAL_DUP(&z_tmp, z_ele);
 
+			convert_to_string(&z_tmp);
             key = Z_STRVAL(z_tmp);
             key_len = Z_STRLEN(z_tmp);
         }
@@ -1859,7 +1861,7 @@ generic_mset(INTERNAL_FUNCTION_PARAMETERS, char *kw, ResultCallback fun) {
             int val_free, key_free;
             char buf[32];
 
-            type = zend_hash_get_current_key_ex(keytable, &key_zstr, &idx, 0);
+            type = zend_hash_get_current_key(keytable, &key_zstr, &idx);
             if((z_value_p = zend_hash_get_current_data(keytable)) == NULL)
             {
                 /* Should never happen, according to the PHP people */
@@ -1873,12 +1875,14 @@ generic_mset(INTERNAL_FUNCTION_PARAMETERS, char *kw, ResultCallback fun) {
                 // Create string representation of our index
                 key_len = snprintf(buf, sizeof(buf), "%ld", (long)idx);
                 key = (char*)buf;
-            } else if(key_len > 0) {
-                // When not an integer key, the length will include the \0
-                key_len--;
             } else {
                 key_len = key_zstr->len;
                 key = key_zstr->val;
+
+				// When not an integer key, the length will include the \0
+				if (key_len > 0) {
+					key_len--;
+				}
             }
 
             if(step == 0)
@@ -2950,6 +2954,7 @@ redis_build_pubsub_cmd(RedisSock *redis_sock, char **ret, PUBSUB_TYPE type,
             char *key;
             int key_len, key_free;
             zval z_tmp;
+			ZVAL_UNDEF(&z_tmp);
 
             if(Z_TYPE_P(z_ele) == IS_STRING) {
                 key = Z_STRVAL_P(z_ele);
diff --git a/redis_array.c b/redis_array.c
@@ -993,7 +993,7 @@ PHP_METHOD(RedisArray, mset)
         }
 
 		/* Grab our key */
-	    type = zend_hash_get_current_key_ex(h_keys, &key_zstr, &idx, 0);
+	    type = zend_hash_get_current_key(h_keys, &key_zstr, &idx);
 
 	    /* If the key isn't a string, make a string representation of it */
 	    if(type != HASH_KEY_IS_STRING) {
diff --git a/redis_array_impl.c b/redis_array_impl.c
@@ -854,7 +854,7 @@ ra_move_zset(const char *key, int key_len, zval *z_from, zval *z_to, long ttl TS
 		ZVAL_DOUBLE(z_zadd_args[i], Z_DVAL_P(z_score_p));
 
 		/* add value */
-		switch (zend_hash_get_current_key_ex(h_zset_vals, &val, &idx, 0)) {
+		switch (zend_hash_get_current_key(h_zset_vals, &val, &idx)) {
 			case HASH_KEY_IS_STRING:
 				ZVAL_STRINGL(z_zadd_args[i+1], val->val, val->len - 1); /* we have to remove 1 because it is an array key. */
 				break;
diff --git a/redis_commands.c b/redis_commands.c
@@ -591,7 +591,7 @@ int redis_zinter_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     HashPosition ptr;
     smart_string cmdstr = {0};
     int argc = 2, keys_count;
-    size_t agg_op_len, key_len;
+    size_t agg_op_len = 0, key_len = 0;
 
     // Parse args
     if(zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "sa|a!s", &key,
@@ -659,6 +659,7 @@ int redis_zinter_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
         char *key;
         int key_free, key_len;
         zval z_tmp;
+        ZVAL_UNDEF(&z_tmp);
 
         if(Z_TYPE_P(z_ele) == IS_STRING) {
             key = Z_STRVAL_P(z_ele);
@@ -968,7 +969,7 @@ int redis_key_varval_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     }
 
     // Make sure we at least have a key, and we can get other args
-    z_args = emalloc(argc * sizeof(zval*));
+    z_args = (zval *) safe_emalloc(sizeof(zval), argc, 0);
     if(zend_get_parameters_array(ht, argc, z_args) == FAILURE) {
         efree(z_args);
         return FAILURE;
@@ -994,7 +995,7 @@ int redis_key_varval_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     for(i=1;i<argc;i++) {
         arg_free = redis_serialize(redis_sock, &z_args[i], &arg, &arg_len TSRMLS_CC);
         redis_cmd_append_sstr(&cmdstr, arg, arg_len);
-        if(arg_free) efree(arg);
+        //if(arg_free) efree(arg);
     }
 
     // Push out values
@@ -1077,7 +1078,7 @@ static int gen_varkey_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     }
 
     // Allocate args
-    z_args = emalloc(argc * sizeof(zval *));
+    z_args = (zval *) safe_emalloc(sizeof(zval), argc, 0);
     if(zend_get_parameters_array(ht, argc, z_args)==FAILURE) {
         efree(z_args);
         return FAILURE;
@@ -1231,7 +1232,7 @@ int redis_set_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
             zend_hash_move_forward(kt))
         {
             // Grab key and value
-            type = zend_hash_get_current_key_ex(kt, &k, &idx, 0);
+            type = zend_hash_get_current_key(kt, &k, &idx);
             v = zend_hash_get_current_data(kt);
 
             /* Detect PX or EX argument and validate timeout */
@@ -1248,7 +1249,7 @@ int redis_set_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
 
                 /* Expiry can't be set < 1 */
                 if (expire < 1) return FAILURE;
-            } else if (Z_TYPE_P(v) == IS_STRING && IS_EX_PX_ARG(k->val)) {
+            } else if (Z_TYPE_P(v) == IS_STRING && k != NULL && IS_EX_PX_ARG(k->val)) {
                 set_type = Z_STRVAL_P(v);
             }
         }
@@ -1475,7 +1476,7 @@ int redis_hmget_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
                     char **cmd, int *cmd_len, short *slot, void **ctx)
 {
     char *key;
-    zval *z_arr, *z_mem, **z_mems;
+    zval *z_arr, *z_mem, *z_mems;
     int i, count, valid=0, key_free;
     size_t key_len;
     HashTable *ht_arr;
@@ -1501,7 +1502,7 @@ int redis_hmget_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     key_free = redis_key_prefix(redis_sock, &key, (int *) &key_len);
 
     // Allocate memory for mems+1 so we can have a sentinel
-    z_mems = ecalloc(count+1, sizeof(zval*));
+	z_mems = (zval *) safe_emalloc(sizeof(zval), count + 1, 0);
 
     // Iterate over our member array
     for(zend_hash_internal_pointer_reset_ex(ht_arr, &ptr);
@@ -1513,8 +1514,8 @@ int redis_hmget_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
             || Z_TYPE_P(z_mem) == IS_LONG)
         {
             // Copy into our member array
-            ZVAL_DUP(z_mems[valid], z_mem);
-            convert_to_string(z_mems[valid]);
+            ZVAL_DUP(&z_mems[valid], z_mem);
+            convert_to_string(&z_mems[valid]);
 
             // Increment the member count to actually send
             valid++;
@@ -1530,15 +1531,15 @@ int redis_hmget_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
 
     // Sentinel so we can free this even if it's used and then we discard
     // the transaction manually or there is a transaction failure
-    z_mems[valid] = NULL;
+	ZVAL_UNDEF(&z_mems[valid]);
 
     // Start command construction
     redis_cmd_init_sstr(&cmdstr, valid+1, "HMGET", sizeof("HMGET")-1);
     redis_cmd_append_sstr(&cmdstr, key, key_len);
 
     // Iterate over members, appending as arguments
     for(i=0;i<valid;i++) {
-        redis_cmd_append_sstr(&cmdstr, Z_STRVAL_P(z_mems[i]), Z_STRLEN_P(z_mems[i]));
+        redis_cmd_append_sstr(&cmdstr, Z_STRVAL(z_mems[i]), Z_STRLEN(z_mems[i]));
     }
 
     // Set our slot
@@ -2569,7 +2570,7 @@ int redis_hdel_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     }
 
     // Grab arguments as an array
-    z_args = emalloc(argc * sizeof(zval*));
+	z_args = (zval *) safe_emalloc(sizeof(zval), argc, 0);
     if(zend_get_parameters_array(ht, argc, z_args)==FAILURE) {
         efree(z_args);
         return FAILURE;
@@ -2618,7 +2619,7 @@ int redis_zadd_cmd(INTERNAL_FUNCTION_PARAMETERS, RedisSock *redis_sock,
     int argc = ZEND_NUM_ARGS(), i;
     smart_string cmdstr = {0};
 
-    z_args = emalloc(argc * sizeof(zval*));
+    z_args = (zval *) safe_emalloc(sizeof(zval), argc, 0);
     if(zend_get_parameters_array(ht, argc, z_args)==FAILURE) {
         efree(z_args);
         return FAILURE;
@@ -3022,8 +3023,9 @@ void redis_unserialize_handler(INTERNAL_FUNCTION_PARAMETERS,
 
     // We only need to attempt unserialization if we have a serializer running
     if(redis_sock->serializer != REDIS_SERIALIZER_NONE) {
-        zval *z_ret = NULL;
-        if(redis_unserialize(redis_sock, value, value_len, &z_ret
+        zval z_ret, *z_ret_p;
+		z_ret_p = &z_ret;
+        if(redis_unserialize(redis_sock, value, value_len, &z_ret_p
                              TSRMLS_CC) == 0)
         {
             // Badly formed input, throw an execption
@@ -3032,7 +3034,7 @@ void redis_unserialize_handler(INTERNAL_FUNCTION_PARAMETERS,
                 0 TSRMLS_CC);
             RETURN_FALSE;
         }
-        RETURN_ZVAL(z_ret, 0, 1);
+        RETURN_ZVAL(z_ret_p, 0, 1);
     } else {
         // Just return the value that was passed to us
         RETURN_STRINGL(value, value_len);

Original file line number	Diff line number	Diff line change
`@@ -993,7 +993,7 @@ PHP_METHOD(RedisArray, mset)`
`993`	`993`	`}`
`994`	`994`
`995`	`995`	`/* Grab our key */`
`996`		`- type = zend_hash_get_current_key_ex(h_keys, &key_zstr, &idx, 0);`
	`996`	`+ type = zend_hash_get_current_key(h_keys, &key_zstr, &idx);`
`997`	`997`
`998`	`998`	`/* If the key isn't a string, make a string representation of it */`
`999`	`999`	`if(type != HASH_KEY_IS_STRING) {`