From bb36b37f2cdba64fbe795703dc106ee1dd415ed8 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@fedoraproject.org>
Date: Sep 25 2012 06:58:08 +0000
Subject: switch back to previous patch


---

diff --git a/php-pecl-memcache-3.0.5-get-mem-corrupt.patch b/php-pecl-memcache-3.0.5-get-mem-corrupt.patch
new file mode 100644
index 0000000..0b7c66c
--- /dev/null
+++ b/php-pecl-memcache-3.0.5-get-mem-corrupt.patch
@@ -0,0 +1,89 @@
+From 6e09e8db8d36de6a5020f5d517f62a8c16af8222 Mon Sep 17 00:00:00 2001
+From: "Vojtech Vitek (V-Teq)" <vvitek@redhat.com>
+Date: Mon, 17 Oct 2011 16:17:51 +0200
+Subject: [PATCH] fix get/unserialize memory corruption
+
+Possible memory corruption (and segfault) after unserialising objects:
+<?php
+$obj = new StdClass;
+$obj->obj = $obj;
+$memcache = new Memcache;
+$memcache->connect('127.0.0.1', 11211);
+$memcache->set('x', $obj, false, 300);
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+$x = $memcache->get('x');
+
+Patch by Paul Clifford.
+
+---
+ memcache-3.0.5/memcache_pool.c |   15 +++++++--------
+ 1 files changed, 7 insertions(+), 8 deletions(-)
+
+diff --git memcache-3.0.5/memcache_pool.c memcache-3.0.5/memcache_pool.c
+index 420a773..e89ebce 100644
+--- memcache-3.0.5/memcache_pool.c
++++ memcache-3.0.5/memcache_pool.c
+@@ -422,8 +422,8 @@ int mmc_unpack_value(
+ 	char *data = NULL;
+ 	unsigned long data_len;
+ 
+-	zval value;
+-	INIT_ZVAL(value);
++	zval *object;
++	ALLOC_INIT_ZVAL(object);
+ 
+ 	if (flags & MMC_COMPRESSED) {
+ 		if (mmc_uncompress(buffer->value.c, bytes, &data, &data_len) != MMC_OK) {
+@@ -439,7 +439,6 @@ int mmc_unpack_value(
+ 	if (flags & MMC_SERIALIZED) {
+ 		php_unserialize_data_t var_hash;
+ 		const unsigned char *p = (unsigned char *)data;
+-		zval *object = &value;
+ 
+ 		char key_tmp[MMC_MAX_KEY_LEN + 1];
+ 		mmc_request_value_handler value_handler;
+@@ -495,7 +494,7 @@ int mmc_unpack_value(
+ 				long val;
+ 				data[data_len] = '\0';
+ 				val = strtol(data, NULL, 10);
+-				ZVAL_LONG(&value, val);
++				ZVAL_LONG(object, val);
+ 				break;
+ 			}
+ 
+@@ -503,17 +502,17 @@ int mmc_unpack_value(
+ 				double val = 0;
+ 				data[data_len] = '\0';
+ 				sscanf(data, "%lg", &val);
+-				ZVAL_DOUBLE(&value, val);
++				ZVAL_DOUBLE(object, val);
+ 				break;
+ 			}
+ 
+ 			case MMC_TYPE_BOOL:
+-				ZVAL_BOOL(&value, data_len == 1 && data[0] == '1');
++				ZVAL_BOOL(object, data_len == 1 && data[0] == '1');
+ 				break;
+ 
+ 			default:
+ 				data[data_len] = '\0';
+-				ZVAL_STRINGL(&value, data, data_len, 0);
++				ZVAL_STRINGL(object, data, data_len, 0);
+ 
+ 				if (!(flags & MMC_COMPRESSED)) {
+ 					/* release buffer because it's now owned by the zval */
+@@ -522,7 +521,7 @@ int mmc_unpack_value(
+ 		}
+ 
+ 		/* delegate to value handler */
+-		return request->value_handler(key, key_len, &value, flags, cas, request->value_handler_param TSRMLS_CC);
++		return request->value_handler(key, key_len, object, flags, cas, request->value_handler_param TSRMLS_CC);
+ 	}
+ }
+ /* }}}*/
+-- 
+1.7.6.2
+
diff --git a/php-pecl-memcache-3.0.7-get-mem-corrupt.patch b/php-pecl-memcache-3.0.7-get-mem-corrupt.patch
deleted file mode 100644
index 109d38e..0000000
--- a/php-pecl-memcache-3.0.7-get-mem-corrupt.patch
+++ /dev/null
@@ -1,88 +0,0 @@
---- pecl/memcache/branches/NON_BLOCKING_IO/memcache_pool.c	2012/09/23 07:13:18	327753
-+++ pecl/memcache/branches/NON_BLOCKING_IO/memcache_pool.c	2012/09/23 08:29:10	327754
-@@ -426,13 +426,15 @@
- {
- 	char *data = NULL;
- 	unsigned long data_len;
-+	int rv;
- 
--	zval value;
--	INIT_ZVAL(value);
-+	zval *object;
-+	ALLOC_INIT_ZVAL(object);
- 
- 	if (flags & MMC_COMPRESSED) {
- 		if (mmc_uncompress(buffer->value.c, bytes, &data, &data_len) != MMC_OK) {
- 			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Failed to uncompress data");
-+			zval_ptr_dtor(&object);
- 			return MMC_REQUEST_DONE;
- 		}
- 	}
-@@ -444,7 +446,6 @@
- 	if (flags & MMC_SERIALIZED) {
- 		php_unserialize_data_t var_hash;
- 		const unsigned char *p = (unsigned char *)data;
--		zval *object = &value;
- 
- 		char key_tmp[MMC_MAX_KEY_LEN + 1];
- 		mmc_request_value_handler value_handler;
-@@ -476,6 +477,7 @@
- 			}
- 
- 			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Failed to unserialize data");
-+			zval_ptr_dtor(&object);
- 			return MMC_REQUEST_DONE;
- 		}
- 
-@@ -492,7 +494,9 @@
- 		}
- 
- 		/* delegate to value handler */
--		return value_handler(key_tmp, key_len, object, flags, cas, value_handler_param TSRMLS_CC);
-+		rv = value_handler(key_tmp, key_len, object, flags, cas, value_handler_param TSRMLS_CC);
-+		zval_ptr_dtor(&object);
-+		return rv;
- 	}
- 	else {
- 		switch (flags & 0x0f00) {
-@@ -500,7 +504,7 @@
- 				long val;
- 				data[data_len] = '\0';
- 				val = strtol(data, NULL, 10);
--				ZVAL_LONG(&value, val);
-+				ZVAL_LONG(object, val);
- 				break;
- 			}
- 
-@@ -508,17 +512,17 @@
- 				double val = 0;
- 				data[data_len] = '\0';
- 				sscanf(data, "%lg", &val);
--				ZVAL_DOUBLE(&value, val);
-+				ZVAL_DOUBLE(object, val);
- 				break;
- 			}
- 
- 			case MMC_TYPE_BOOL:
--				ZVAL_BOOL(&value, data_len == 1 && data[0] == '1');
-+				ZVAL_BOOL(object, data_len == 1 && data[0] == '1');
- 				break;
- 
- 			default:
- 				data[data_len] = '\0';
--				ZVAL_STRINGL(&value, data, data_len, 0);
-+				ZVAL_STRINGL(object, data, data_len, 0);
- 
- 				if (!(flags & MMC_COMPRESSED)) {
- 					/* release buffer because it's now owned by the zval */
-@@ -527,7 +531,9 @@
- 		}
- 
- 		/* delegate to value handler */
--		return request->value_handler(key, key_len, &value, flags, cas, request->value_handler_param TSRMLS_CC);
-+		rv = request->value_handler(key, key_len, object, flags, cas, request->value_handler_param TSRMLS_CC);
-+		zval_ptr_dtor(&object);
-+		return rv;
- 	}
- }
- /* }}}*/
diff --git a/php-pecl-memcache.spec b/php-pecl-memcache.spec
index af229f4..68b31bc 100644
--- a/php-pecl-memcache.spec
+++ b/php-pecl-memcache.spec
@@ -5,7 +5,7 @@
 Summary:      Extension to work with the Memcached caching daemon
 Name:         php-pecl-memcache
 Version:      3.0.7
-Release:      2%{?dist}
+Release:      3%{?dist}
 License:      PHP
 Group:        Development/Languages
 URL:          http://pecl.php.net/package/%{pecl_name}
@@ -17,7 +17,7 @@ Source3:      LICENSE
 
 # https://bugs.php.net/63142
 # http://svn.php.net/viewvc/pecl/memcache/branches/NON_BLOCKING_IO/memcache_pool.c?r1=327754&r2=327753&pathrev=327754
-Patch2:       php-pecl-memcache-3.0.7-get-mem-corrupt.patch
+Patch2:       php-pecl-memcache-3.0.5-get-mem-corrupt.patch
 
 BuildRequires: php-devel, php-pear, zlib-devel
 
@@ -49,7 +49,7 @@ Memcache can be used as a PHP session handler.
 %setup -c -q
 
 pushd %{pecl_name}-%{version}
-%patch2 -p4 -b .get-mem-corrupt.patch
+%patch2 -p1 -b .get-mem-corrupt.patch
 
 # Chech version as upstream often forget to update this
 extver=$(sed -n '/#define PHP_MEMCACHE_VERSION/{s/.* "//;s/".*$//;p}' php_memcache.h)
@@ -149,6 +149,10 @@ fi
 
 
 %changelog
+* Tue Sep 25 2012 Remi Collet <remi@fedoraproject.org> - 3.0.7-3
+- switch back to previous patch as possible memleak
+  more acceptable than certain segfault
+
 * Sun Sep 23 2012 Remi Collet <remi@fedoraproject.org> - 3.0.7-2
 - use upstream patch instead of our (memleak)