a06eed0c | 10-Aug-2020 |
Nikita Popov |
Fix bug #79944 Only return true from dns_get_mx if we actually found any MX record. |
0af3f493 | 10-Aug-2020 |
Christoph M. Becker |
Fix #79922: Crash after multiple calls to xml_parser_free() We must not call `zend_list_delete()` in resource closer functions exposed to userland, because decreasing the refcount there
Fix #79922: Crash after multiple calls to xml_parser_free() We must not call `zend_list_delete()` in resource closer functions exposed to userland, because decreasing the refcount there leads to use-after-free scenarios. In this case, commit 4a42fbb worked for typical use-cases where `xml_parser_free()` has been called exactly once for the resource, because there is an internal zval (`->index`) referencing the same resource which already increased the refcount by one. However, when `xml_parser_free()` is called multiple times on the same XML parser resource, the resource would be freed prematurely. Instead we forcefully close the resource in `xml_parser_free()`. We also could decrease the refcount of the resource there, but that would require to call `xml_parser_free()` which is somewhat uncommon, and would be particularly bad wrt. PHP 8 where that function is a NOP, and as such doesn't have to be called. So we do no longer increase the refcount of the resource when copying it to the internal zval, and let the usualy refcounting semantics take care of the resource destruction. [1] <http://git.php.net/?p=php-src.git;a=commit;h=4a42fbbbc73aad7427aef5c89974d1833636e082>
show more ...
|
5be67026 | 05-Aug-2020 |
Florian Engelhardt |
Fix bug #70574: Move files to proper locale dir Closes GH-5940. |
06ade155 | 05-Aug-2020 |
Pieter van den Ham |
Fix #79934: CRLF-only line in heredoc causes parsing error Fixes the function `next_newline()` in zend_language_scanner.l. The function now correctly returns a newline_len of 2 for "\r\n
Fix #79934: CRLF-only line in heredoc causes parsing error Fixes the function `next_newline()` in zend_language_scanner.l. The function now correctly returns a newline_len of 2 for "\r\n". Closes GH-5944.
show more ...
|
6a1bd57d | 05-Aug-2020 |
Nikita Popov |
Fix memory leak on socket_sendmsg() / socket_recvmsg() error |
da786a22 | 05-Aug-2020 |
Nikita Popov |
Fixed bug #79930 We're inserting src_zval, so that's what we should addref. |
12db8b90 | 05-Aug-2020 |
David Carlier |
Fix iov_base pointer type for illumos These systems has two versions of the iovec interface dependent on compiler flags passed, the legacy version causing little build issue. Cl
Fix iov_base pointer type for illumos These systems has two versions of the iovec interface dependent on compiler flags passed, the legacy version causing little build issue. Closes GH-5939.
show more ...
|
c4677af6 | 04-Aug-2020 |
Christoph M. Becker |
[ci skip] Fix 7.3.21 release date |
f3a43e85 | 02-Aug-2020 |
Graham Campbell |
Removed space from bug55086.phpt Closes GH-5923. |
fdf6b0fe | 01-Aug-2020 |
Santiago M. Mola |
set -ex on travis/compile.sh -e to fail early: ./configure may fail and further errors from make bury the original problem in the logs. -x for easier debugging |
17d64af1 | 03-Aug-2020 |
Christoph M. Becker |
[ci skip] Add missing NEWS entries |
5b29af5c | 03-Aug-2020 |
Stanislav Malyshev |
Merge branch 'PHP-7.2' into PHP-7.3 * PHP-7.2: Fix #79877: getimagesize function silently truncates after a null byte Fix #79797: Use of freed hash key in the phar_parse_zipfile
Merge branch 'PHP-7.2' into PHP-7.3 * PHP-7.2: Fix #79877: getimagesize function silently truncates after a null byte Fix #79797: Use of freed hash key in the phar_parse_zipfile function
show more ...
|
ff577b04 | 21-Jul-2020 |
Christoph M. Becker |
Fix #79877: getimagesize function silently truncates after a null byte We have to check for NUL bytes if `getimagesize()` has been called. |
7355ab81 | 14-Jul-2020 |
Christoph M. Becker |
Fix #79797: Use of freed hash key in the phar_parse_zipfile function We must not use heap memory after we freed it. |
1e0bc6e3 | 31-Jul-2020 |
Christoph M. Becker |
Fix #79919: Stack use-after-scope in define() Instead of the temporary `rv`, we use the `val_free` which is there for this purpose. |
d95c5383 | 29-Jul-2020 |
Christoph M. Becker |
Amendment to OPcache base file removal We fix the erroneous segment size. We also keep the segment pointer at the allocated address, but increase the position instead. |
57ad5b34 | 29-Jul-2020 |
Nikita Popov |
Consider op1 literal of FETCH_OBJ_R FETCH_OBJ_R may have an op1 CONST operand, even though it will always error. We should take this into account when compacting literals. |
99c48a24 | 29-Jul-2020 |
Nikita Popov |
Fix test |
e767ca60 | 24-Jul-2020 |
Santiago M. Mola |
Fix #79895: support = in PHP_CHECK_GCC_ARG m4 macro Closes GH-5890. |
0b8c83f5 | 29-Jul-2020 |
twosee |
Handle bindto error Closes GH-5903. |
9a744c66 | 28-Jul-2020 |
Christoph M. Becker |
Fix #73060: php failed with error after temp folder cleaned up Instead of storing the mapping base address and the address of `execute_ex()` in a separate file in the temporary folder, w
Fix #73060: php failed with error after temp folder cleaned up Instead of storing the mapping base address and the address of `execute_ex()` in a separate file in the temporary folder, we store them right at the beginning of the memory mapping.
show more ...
|
c756f82c | 28-Jul-2020 |
Christoph M. Becker |
Fix #79806: realpath() erroneously resolves link to link After resolving reparse points, the path still may be a reparse point; in that case we have to resolve that reparse point as well. |
efe6d96b | 10-Jul-2020 |
Paweł Tomulik |
fix memory leaks in ext/ldap/ldap.c |
1aeff522 | 27-Jul-2020 |
Christoph M. Becker |
Revert "Fix #79806: realpath() erroneously resolves link to link" This reverts commit d5b59b4303642adac91df2c93969a72bc0f5fa7d. |
d5b59b43 | 15-Jul-2020 |
Christoph M. Becker |
Fix #79806: realpath() erroneously resolves link to link After resolving reparse points, the path still may be a reparse point; in that case we have to resolve that reparse point as well. |