From c442a1f18e7f897a42dd8ac608a37958e6655a87 Mon Sep 17 00:00:00 2001
From: Ilija Tovilo <ilija.tovilo@me.com>
Date: Wed, 1 Mar 2023 02:19:29 +0100
Subject: [PATCH 1/3] Temporarily disable failing zlib tests on travis (#10738)

---
 ext/zlib/tests/gzcompress_basic1.phpt | 2 ++
 ext/zlib/tests/gzdeflate_basic1.phpt  | 2 ++
 ext/zlib/tests/gzencode_basic1.phpt   | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/ext/zlib/tests/gzcompress_basic1.phpt b/ext/zlib/tests/gzcompress_basic1.phpt
index ec5f554153dab..b5ad22341ed74 100644
--- a/ext/zlib/tests/gzcompress_basic1.phpt
+++ b/ext/zlib/tests/gzcompress_basic1.phpt
@@ -2,6 +2,8 @@
 Test gzcompress() function : basic functionality
 --EXTENSIONS--
 zlib
+--SKIPIF--
+<?php if (getenv('TRAVIS')) die('skip Currently fails on Travis'); ?>
 --FILE--
 <?php
 /*
diff --git a/ext/zlib/tests/gzdeflate_basic1.phpt b/ext/zlib/tests/gzdeflate_basic1.phpt
index 8c58dfa8ec075..73eb9af3a4b73 100644
--- a/ext/zlib/tests/gzdeflate_basic1.phpt
+++ b/ext/zlib/tests/gzdeflate_basic1.phpt
@@ -2,6 +2,8 @@
 Test gzdeflate() function : basic functionality
 --EXTENSIONS--
 zlib
+--SKIPIF--
+<?php if (getenv('TRAVIS')) die('skip Currently fails on Travis'); ?>
 --FILE--
 <?php
 /*
diff --git a/ext/zlib/tests/gzencode_basic1.phpt b/ext/zlib/tests/gzencode_basic1.phpt
index ecb42e98d6874..346c5b4aa8362 100644
--- a/ext/zlib/tests/gzencode_basic1.phpt
+++ b/ext/zlib/tests/gzencode_basic1.phpt
@@ -2,6 +2,8 @@
 Test gzencode() function : basic functionality
 --EXTENSIONS--
 zlib
+--SKIPIF--
+<?php if (getenv('TRAVIS')) die('skip Currently fails on Travis'); ?>
 --FILE--
 <?php
 /*

From 6734880ef5c7a949f66e5a4b0dd1983fb486c46a Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Thu, 16 Nov 2023 20:42:05 +0000
Subject: [PATCH 2/3] Fix bug #79945: Stream wrappers in imagecreatefrompng
 causes segfault

Closes GH-12696
---
 NEWS                       | 10 +++++++---
 ext/gd/tests/bug79945.phpt | 22 ++++++++++++++++++++++
 main/php_streams.h         |  3 +++
 main/streams/streams.c     |  9 +++++++--
 4 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100644 ext/gd/tests/bug79945.phpt

diff --git a/NEWS b/NEWS
index 1f09639a2f136..dff47b02fb671 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,10 @@ PHP                                                                        NEWS
 - PHPDBG:
   . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos)
 
+- SQLite3:
+  . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
+    (SakiTakamachi)
+
 - Standard:
   . Fix memory leak in syslog device handling. (danog)
   . Fixed bug GH-12621 (browscap segmentation fault when configured in the
@@ -18,9 +22,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-12655 (proc_open() does not take into account references
     in the descriptor array). (nielsdos)
 
-- SQLite3:
-  . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
-    (SakiTakamachi)
+- Streams:
+  . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
+    (Jakub Zelenka)
 
 - Zip:
   . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option
diff --git a/ext/gd/tests/bug79945.phpt b/ext/gd/tests/bug79945.phpt
new file mode 100644
index 0000000000000..b985ddd48be31
--- /dev/null
+++ b/ext/gd/tests/bug79945.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #79945 (using php wrappers in imagecreatefrompng causes segmentation fault)
+--EXTENSIONS--
+gd
+--SKIPIF--
+<?php
+set_error_handler(function($errno, $errstr) {
+    if (str_contains($errstr, 'Cannot cast a filtered stream on this system')) {
+        die('skip: fopencookie not support on this system');
+    }
+});
+imagecreatefrompng('php://filter/read=convert.base64-encode/resource=' . __DIR__ . '/test.png');
+restore_error_handler();
+?>
+--FILE--
+<?php
+imagecreatefrompng('php://filter/read=convert.base64-encode/resource=' . __DIR__ . '/test.png');
+?>
+--CLEAN--
+--EXPECTF--
+
+Warning: imagecreatefrompng(): "php://filter/read=convert.base64-encode/resource=%s" is not a valid PNG file in %s on line %d
diff --git a/main/php_streams.h b/main/php_streams.h
index e7cbc7369ed45..0837472d2f6b9 100644
--- a/main/php_streams.h
+++ b/main/php_streams.h
@@ -211,6 +211,9 @@ struct _php_stream  {
 	 * PHP_STREAM_FCLOSE_XXX as appropriate */
 	uint8_t fclose_stdiocast:2;
 
+	/* whether stdio cast flushing is in progress */
+	int8_t fclose_stdiocast_flush_in_progress:1;
+
 	char mode[16];			/* "rwb" etc. ala stdio */
 
 	uint32_t flags;	/* PHP_STREAM_FLAG_XXX */
diff --git a/main/streams/streams.c b/main/streams/streams.c
index 4cd211ad85fe5..e1399927b2783 100644
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -1294,8 +1294,13 @@ PHPAPI zend_off_t _php_stream_tell(php_stream *stream)
 PHPAPI int _php_stream_seek(php_stream *stream, zend_off_t offset, int whence)
 {
 	if (stream->fclose_stdiocast == PHP_STREAM_FCLOSE_FOPENCOOKIE) {
-		/* flush to commit data written to the fopencookie FILE* */
-		fflush(stream->stdiocast);
+		/* flush can call seek internally so we need to prevent an infinite loop */
+		if (!stream->fclose_stdiocast_flush_in_progress) {
+			stream->fclose_stdiocast_flush_in_progress = 1;
+			/* flush to commit data written to the fopencookie FILE* */
+			fflush(stream->stdiocast);
+			stream->fclose_stdiocast_flush_in_progress = 0;
+		}
 	}
 
 	/* handle the case where we are in the buffer */

From 4da89d86ec4f21a1c6933cd0cb57fc08e75b4f6a Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Fri, 17 Nov 2023 13:33:51 +0000
Subject: [PATCH 3/3] Fix stream fclose_stdiocast_flush_in_progress type

---
 main/php_streams.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main/php_streams.h b/main/php_streams.h
index 0837472d2f6b9..17161d70ad59a 100644
--- a/main/php_streams.h
+++ b/main/php_streams.h
@@ -212,7 +212,7 @@ struct _php_stream  {
 	uint8_t fclose_stdiocast:2;
 
 	/* whether stdio cast flushing is in progress */
-	int8_t fclose_stdiocast_flush_in_progress:1;
+	uint8_t fclose_stdiocast_flush_in_progress:1;
 
 	char mode[16];			/* "rwb" etc. ala stdio */