Fix handling of exception if valid() during yield from

Fixes oss-fuzz #25296.

Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get

Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
bug reports of it being exceeded. I think the intention behind this
limit was to prevent recursion stack overflow, and for that we only
need to check actual recursive usage. I've implemented that here,
and dropped the nesting limit down to a smaller value
(which still passes our tests).

However, it seems that we do also need to have a total limit on
the number of tags, as we don't catch some instances of infinite
looping otherwise. Add this as a separate limit with a higher
value, that should hopefully be sufficient.

This is expected to fix a number of bugs:

https://bugs.php.net/bug.php?id=78083
https://bugs.php.net/bug.php?id=78701
https://bugs.php.net/bug.php?id=79907
https://bugs.php.net/bug.php?id=80016

show more ...

Improve error_handing replacement functions

We explicitly skip calls to user_error_handler in EH_THROW mode

Closes GH-6050.

Require non-negative length in stream_get_contents()

If the length is not -1, require it to be non-negative.

Using such lengths doesn't make sense (as only -1 is special-case
to

Require non-negative length in stream_get_contents()

If the length is not -1, require it to be non-negative.

Using such lengths doesn't make sense (as only -1 is special-case
to read in chunks, anything else will end up doing a huge upfront
allocation) and can lead to string allocation overflow.

A similar check is already in place for file_get_contents(). That
one does not allow -1 (and uses null instead), but this function
is explicitly specified to accept -1, so stick to that behavior.

show more ...

Fix com_safearray_proxy related memory management issues

Separate COM::__construct()s $server_name array

This may otherwise be modified.

Fix #64130: COM obj parameters passed by reference are not updated

`ITypeInfo_GetIDsOfNames()` is supposed to fail with `E_NOTIMPL` for
out-of-process servers, thus we should not remove

Fix #64130: COM obj parameters passed by reference are not updated

`ITypeInfo_GetIDsOfNames()` is supposed to fail with `E_NOTIMPL` for
out-of-process servers, thus we should not remove the already available
typeinfo of the object in this case.

We also properly free the `byref_vals`.

show more ...

Fix memory leak when yielding from non-iterable

Avoid double-free

As of commit b2e3fd1[1] the `authid.User` is no longer newly allocated,
so we must not free it.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=b2e3fd1e691b1

Avoid double-free

As of commit b2e3fd1[1] the `authid.User` is no longer newly allocated,
so we must not free it.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=b2e3fd1e691b1dc82aaaf4150461db97bd5acf4a>

show more ...

Remove bogus REGISTER_LONG_CONSTANT

This shouldn't be in this function, probably a copy/paste mistake...

Fix potential integer overflow detected by oss-fuzz

We port the respective fix from upstream[1].

[1] <https://github.com/libgd/libgd/commit/9ed642764cf0b4585d135eb738812a43265cb2d3>

Fix #79986: str_ireplace bug with diacritics characters

`tolower()` returns an `int`, so we must not convert to `char` which
may be `signed` and as such may be subject to overflow (actua

Fix #79986: str_ireplace bug with diacritics characters

`tolower()` returns an `int`, so we must not convert to `char` which
may be `signed` and as such may be subject to overflow (actually,
implementation defined behavior).

Closes GH-6007

show more ...

Fix #80002: calc free space for new interned string is wrong

We need to calculate the free size in bytes.

Patch contributed by t-matsuno.

Closes GH-6024

Fix #80007: Potential type confusion in unixtojd() parameter parsing

Also it fixes test on 32-bit armv7 and x86
- Test unixtojd() function : error conditions [ext/calendar/tests/unixtojd

Fix #80007: Potential type confusion in unixtojd() parameter parsing

Also it fixes test on 32-bit armv7 and x86
- Test unixtojd() function : error conditions [ext/calendar/tests/unixtojd_error1.phpt]

Closes GH-6033

show more ...

Fix wrong datatype

ini_entry->modifiable is of type uint8_t and so should be the temp. variable. Especially important after 4b77a158.

Closes GH-6028

Fix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"

7.3.23 is next

Fix HTTP response status code

Null terminate the sodium_crypto_kx_keypair() result

Fix #64705 errorInfo property of PDOException is null when PDO::__construct() fails

PDO driver constructors are throwing PdoException without setting
errorInfo, so create a new reusable

Fix #64705 errorInfo property of PDOException is null when PDO::__construct() fails

PDO driver constructors are throwing PdoException without setting
errorInfo, so create a new reusable function that throws exceptions
for PDO and will also set the errorInfo. Use this function in
pdo_mysql, pdo_sqlite, and pdo_pgsql.

show more ...

Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big ref

Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big refactor and a gigantic lookup
table, this commit simply attempts to switch the
endianness and proceed when values are acceptable.

Closes GH-5849.

show more ...

Fix #48585: com_load_typelib holds reference, fails on second call

Whether the type library is cached is actually irrelevant here; what
matters is that the symbols are imported, and sinc

Fix #48585: com_load_typelib holds reference, fails on second call

Whether the type library is cached is actually irrelevant here; what
matters is that the symbols are imported, and since these are not
cached, we have to import them for every request. And we cannot cache
the symbols, because the import depends on the current codepage, but
the codepage is a `PHP_INI_ALL` setting.

show more ...

Fixed bug #79951

One branch did not release tmp_replace_entry_str.

Also reduce the scope of some variables.

Make sure string is NUL byte terminated.

Check the correct list

This was supposed to check mx_list, not weight_list... oops.