Make null byte error a ValueError

Currently we treat paths with null bytes as a TypeError, which is
incorrect, and rather inconsistent, as we treat empty paths as
ValueError. We do this because the error is generated by zpp and
it's easier to always throw TypeError there.

This changes the zpp implementation to throw a TypeError only if
the type is actually wrong and throw ValueError for null bytes.
The error message is also split accordingly, to be more precise.

Closes GH-6094.

Author: nikic

Zend/zend_API.c

@@ -254,6 +254,12 @@ ZEND_API ZEND_COLD void ZEND_FASTCALL zend_wrong_parameter_type_error(uint32_t n
 		return;
 	}
 
+	if ((expected_type == Z_EXPECTED_PATH || expected_type == Z_EXPECTED_PATH_OR_NULL)
+			&& Z_TYPE_P(arg) == IS_STRING) {
+		zend_argument_value_error(num, "must not contain any null bytes");
+		return;
+	}
+
 	zend_argument_type_error(num, "must be %s, %s given", expected_error[expected_type], zend_zval_type_name(arg));
 }
 /* }}} */
@@ -668,10 +674,12 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				char **p = va_arg(*va, char **);
 				size_t *pl = va_arg(*va, size_t *);
 				if (!zend_parse_arg_path(arg, p, pl, check_null)) {
-					zend_spprintf(error, 0, "a valid path%s, %s given",
-						check_null ? " or null" : "", zend_zval_type_name(arg)
-					);
-					return "";
+					if (Z_TYPE_P(arg) == IS_STRING) {
+						zend_spprintf(error, 0, "must not contain any null bytes");
+						return "";
+					} else {
+						return check_null ? "?string" : "string";
+					}
 				}
 			}
 			break;
@@ -680,10 +688,12 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 			{
 				zend_string **str = va_arg(*va, zend_string **);
 				if (!zend_parse_arg_path_str(arg, str, check_null)) {
-					zend_spprintf(error, 0, "a valid path%s, %s given",
-						check_null ? " or null" : "", zend_zval_type_name(arg)
-					);
-					return "";
+					if (Z_TYPE_P(arg) == IS_STRING) {
+						zend_spprintf(error, 0, "must not contain any null bytes");
+						return "";
+					} else {
+						return check_null ? "?string" : "string";
+					}
 				}
 			}
 			break;
@@ -762,7 +772,7 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				if (!zend_parse_arg_object(arg, p, ce, check_null)) {
 					if (ce) {
 						if (check_null) {
-							zend_spprintf(error, 0, "of type ?%s, %s given", ZSTR_VAL(ce->name), zend_zval_type_name(arg));
+							zend_spprintf(error, 0, "must be of type ?%s, %s given", ZSTR_VAL(ce->name), zend_zval_type_name(arg));
 							return "";
 						} else {
 							return ZSTR_VAL(ce->name);
@@ -795,14 +805,14 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				}
 				if (ce_base) {
 					if ((!*pce || !instanceof_function(*pce, ce_base))) {
-						zend_spprintf(error, 0, "a class name derived from %s%s, %s given",
+						zend_spprintf(error, 0, "must be a class name derived from %s%s, %s given",
 							ZSTR_VAL(ce_base->name), check_null ? " or null" : "", Z_STRVAL_P(arg));
 						*pce = NULL;
 						return "";
 					}
 				}
 				if (!*pce) {
-					zend_spprintf(error, 0, "a valid class name%s, %s given",
+					zend_spprintf(error, 0, "must be a valid class name%s, %s given",
 						check_null ? " or null" : "", Z_STRVAL_P(arg));
 					return "";
 				}
@@ -833,7 +843,7 @@ static const char *zend_parse_arg_impl(zval *arg, va_list *va, const char **spec
 				}
 
 				if (is_callable_error) {
-					zend_spprintf(error, 0, "a valid callback%s, %s", check_null ? " or null" : "", is_callable_error);
+					zend_spprintf(error, 0, "must be a valid callback%s, %s", check_null ? " or null" : "", is_callable_error);
 					efree(is_callable_error);
 					return "";
 				} else {
@@ -874,7 +884,11 @@ static zend_result zend_parse_arg(uint32_t arg_num, zval *arg, va_list *va, cons
 		}
 		if (!(flags & ZEND_PARSE_PARAMS_QUIET) && (*expected_type || error)) {
 			if (error) {
-				zend_argument_type_error(arg_num, "must be %s", error);
+				if (strcmp(error, "must not contain any null bytes") == 0) {
+					zend_argument_value_error(arg_num, "%s", error);
+				} else {
+					zend_argument_type_error(arg_num, "%s", error);
+				}
 				efree(error);
 			} else {
 				zend_argument_type_error(arg_num, "must be of type %s, %s given", expected_type, zend_zval_type_name(arg));

Zend/zend_API.h

@@ -1215,8 +1215,8 @@ static zend_always_inline zval *zend_try_array_init(zval *zv)
 	_(Z_EXPECTED_FUNC_OR_NULL,		"a valid callback or null") \
 	_(Z_EXPECTED_RESOURCE,			"of type resource") \
 	_(Z_EXPECTED_RESOURCE_OR_NULL,	"of type resource or null") \
-	_(Z_EXPECTED_PATH,				"a valid path") \
-	_(Z_EXPECTED_PATH_OR_NULL,		"a valid path or null") \
+	_(Z_EXPECTED_PATH,				"of type string") \
+	_(Z_EXPECTED_PATH_OR_NULL,		"of type ?string") \
 	_(Z_EXPECTED_OBJECT,			"of type object") \
 	_(Z_EXPECTED_OBJECT_OR_NULL,	"of type ?object") \
 	_(Z_EXPECTED_DOUBLE,			"of type float") \

ext/curl/interface.c

@@ -102,7 +102,7 @@ static int php_curl_option_str(php_curl *ch, zend_long option, const char *str,
 	CURLcode error = CURLE_OK;
 
 	if (strlen(str) != len) {
-		zend_type_error("%s(): cURL option cannot contain any null-bytes", get_active_function_name());
+		zend_value_error("%s(): cURL option must not contain any null bytes", get_active_function_name());
 		return FAILURE;
 	}
 

ext/curl/tests/bug68089.phpt

@@ -12,12 +12,12 @@ $ch = curl_init();
 
 try {
     curl_setopt($ch, CURLOPT_URL, $url);
-} catch (TypeError $exception) {
+} catch (ValueError $exception) {
     echo $exception->getMessage() . "\n";
 }
 
 ?>
 Done
 --EXPECT--
-curl_setopt(): cURL option cannot contain any null-bytes
+curl_setopt(): cURL option must not contain any null bytes
 Done

ext/exif/exif.c

@@ -4541,7 +4541,7 @@ PHP_FUNCTION(exif_read_data)
 		}
 
 		if (CHECK_NULL_PATH(Z_STRVAL_P(stream), Z_STRLEN_P(stream))) {
-			zend_argument_type_error(1, "cannot contain any null-bytes");
+			zend_argument_value_error(1, "must not contain any null bytes");
 			RETURN_THROWS();
 		}
 
@@ -4718,7 +4718,7 @@ PHP_FUNCTION(exif_thumbnail)
 		}
 
 		if (CHECK_NULL_PATH(Z_STRVAL_P(stream), Z_STRLEN_P(stream))) {
-			zend_argument_type_error(1, "cannot contain any null-bytes");
+			zend_argument_value_error(1, "must not contain any null bytes");
 			RETURN_THROWS();
 		}
 

ext/exif/tests/filename_empty.phpt

@@ -17,19 +17,19 @@ try {
 
 try {
     exif_read_data("foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 
 try {
     exif_thumbnail("foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 
 ?>
 --EXPECT--
 exif_read_data(): Argument #1 ($filename) cannot be empty
 exif_thumbnail(): Argument #1 ($filename) cannot be empty
-exif_read_data(): Argument #1 ($filename) cannot contain any null-bytes
-exif_thumbnail(): Argument #1 ($filename) cannot contain any null-bytes
+exif_read_data(): Argument #1 ($filename) must not contain any null bytes
+exif_thumbnail(): Argument #1 ($filename) must not contain any null bytes

ext/fileinfo/tests/finfo_open_001.phpt

@@ -7,7 +7,7 @@ finfo_open(): Testing magic_file names
 
 try {
     var_dump(finfo_open(FILEINFO_MIME, "\0"));
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 
@@ -19,7 +19,7 @@ var_dump(finfo_open(FILEINFO_MIME, '/foo/bar/inexistent'));
 
 ?>
 --EXPECTF--
-finfo_open(): Argument #2 ($arg) must be a valid path, string given
+finfo_open(): Argument #2 ($arg) must not contain any null bytes
 resource(%d) of type (file_info)
 resource(%d) of type (file_info)
 

ext/gd/tests/imagegd2_nullbyte_injection.phpt

@@ -9,9 +9,9 @@ Testing null byte injection in imagegd2
 $image = imagecreate(1,1);// 1px image
 try {
     imagegd($image, "./foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 ?>
 --EXPECT--
-imagegd(): Argument #2 ($to) must be a valid path, string given
+imagegd(): Argument #2 ($to) must not contain any null bytes

ext/gd/tests/imagegd_nullbyte_injection.phpt

@@ -9,9 +9,9 @@ Testing null byte injection in imagegd
 $image = imagecreate(1,1);// 1px image
 try {
     imagegd($image, "./foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 ?>
 --EXPECT--
-imagegd(): Argument #2 ($to) must be a valid path, string given
+imagegd(): Argument #2 ($to) must not contain any null bytes

ext/gd/tests/imagexbm_nullbyte_injection.phpt

@@ -9,9 +9,9 @@ if(!extension_loaded('gd')) die('skip gd extension not available');
 $image = imagecreate(1,1);// 1px image
 try {
     imagexbm($image, "./foo\0bar");
-} catch (TypeError $e) {
+} catch (ValueError $e) {
     echo $e->getMessage(), "\n";
 }
 ?>
 --EXPECT--
-imagexbm(): Argument #2 ($filename) must be a valid path or null, string given
+imagexbm(): Argument #2 ($filename) must not contain any null bytes