#
2e9e706a |
| 02-Sep-2020 |
Nikita Popov |
Fix throwing of yield from related exceptions into generator Use the general zend_generator_throw_exception() helper for this. Otherwise we don't handle the off-by-one opline correctly (
Fix throwing of yield from related exceptions into generator Use the general zend_generator_throw_exception() helper for this. Otherwise we don't handle the off-by-one opline correctly (should we maybe just stop doing that?) This is a followup to ad750c3bb6e7b48384c6265eb9d3bcf5b4000652, which fixed a different yield from exception handling problem that happened to show up in the same test case from oss-fuzz #25321. Now both issues should be fixed.
show more ...
|
#
ad750c3b |
| 31-Aug-2020 |
Nikita Popov |
Fix handling of exception if valid() during yield from Fixes oss-fuzz #25296.
|
#
187a72d5 |
| 30-Jun-2020 |
Nikita Popov |
Remove bogus generator iterator dtor Fixes a use-after-free encountered in Symfony's SecurityBundle. I don't have a reproducer for this, and believe the issue can only occur if we le
Remove bogus generator iterator dtor Fixes a use-after-free encountered in Symfony's SecurityBundle. I don't have a reproducer for this, and believe the issue can only occur if we leak an iterator (the leak is a separate issue). We should not free the generator iterator here, because we do not own it. The code that fetched the iterator is responsible for releasing it. In the rare case where we do hit this code-path, we cause a use-after-free.
show more ...
|
#
897d99c7 |
| 18-Dec-2019 |
Nikita Popov |
Rethrow generator exception even without active stack frame Finally blocks in generators may be invoked during shutdown, in which case we don't have a stack frame. Similar to what ze
Rethrow generator exception even without active stack frame Finally blocks in generators may be invoked during shutdown, in which case we don't have a stack frame. Similar to what zend_call_function does, we still need to rethrow these exceptions, otherwise they will be hidden (and leak).
show more ...
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5 |
|
#
16c49108 |
| 28-Oct-2019 |
Nikita Popov |
Fix bug #78752 NULL out the execute_data before destroying it, otherwise GC may trigger while the execute_data is partially destroyed, resulting in double-frees. The handlin
Fix bug #78752 NULL out the execute_data before destroying it, otherwise GC may trigger while the execute_data is partially destroyed, resulting in double-frees. The handling of call stack unfreezing is a bit awkward because it's a ZEND_API function, so we can't change the signature.
show more ...
|
Revision tags: php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4 |
|
#
fcabe7e5 |
| 14-Aug-2019 |
Nikita Popov |
Fixed bug #78412 $this should only be included in the generator GC buffer, if it will be released on destruction.
|
Revision tags: php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16 |
|
#
4dc0662e |
| 01-Mar-2019 |
Nikita Popov |
Check for NULL GC type in objects_store_del This might happen if OBJ_RELEASE is used on an object that was already released by GC. Specific cases of this issue were previously fixed in
Check for NULL GC type in objects_store_del This might happen if OBJ_RELEASE is used on an object that was already released by GC. Specific cases of this issue were previously fixed in ffaee27478a9cb338e40edeb5acf233f9cb67111 and 72104d2b6ecbbabd18de15f10739be5ce3dc9ce0, however the issue still affects 3rd-party extensions using OBJ_RELEASE. The whole GC type NULL + OBJ_IS_VALID + IS_FREE_CALLED system seems overly complicated and can probably be simplified in 7.4.
show more ...
|
Revision tags: php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14, php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3 |
|
#
83e2b9e2 |
| 28-Sep-2018 |
Nikita Popov |
Fixed bug #76946
|
Revision tags: php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3 |
|
#
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last use
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last user who changed it. In Git this functionality is different and can be done with Git attribute ident. These need to be defined manually for each file in the .gitattributes file and are afterwards replaced with 40-character hexadecimal blob object name which is based only on the particular file contents. This patch simplifies handling of $Id$ keywords by removing them since they are not used anymore.
show more ...
|
#
7d4e18b0 |
| 12-Jul-2018 |
Dmitry Stogov |
Improved user iterator implementation to reduce zend_class_entry memory consumption and avoid race condition during resolving/caching of user iterator functions of internal classes in ZTS build.
|
#
67b4c337 |
| 09-Jul-2018 |
Dmitry Stogov |
Uze ZVAL_COPY_DEREF() instead of ZVAL_DEREF() and ZVAL_COPY()
|
Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7 |
|
#
72104d2b |
| 12-Jun-2018 |
Xinchen Hui |
supplemental fix for bug #76427 there are two parts to make this problem visible , the first is our new gc new freeing zvals in an opposite direction(compare to 7.2) the second is ze
supplemental fix for bug #76427 there are two parts to make this problem visible , the first is our new gc new freeing zvals in an opposite direction(compare to 7.2) the second is zend_object_store_del doesn't check IS_VALID since 7.3 (using assertion instead)
show more ...
|
#
ffaee274 |
| 11-Jun-2018 |
Xinchen Hui |
Fixed bug #76427 (Segfault in zend_objects_store_put)
|
Revision tags: php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1 |
|
#
f2b4ec4b |
| 31-May-2018 |
Dmitry Stogov |
Export standard object handlers, to avoid indirect access
|
Revision tags: php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28 |
|
#
701437a9 |
| 25-Feb-2018 |
Gabriel Caruso |
Remove return types from some magic method in protos __construct, __destruct, __wakeup does not have return types defined.
|
Revision tags: php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2 |
|
#
5e8aa036 |
| 23-Jan-2018 |
Dmitry Stogov |
Access extra data stored in zval through macros
|
Revision tags: php-7.1.14RC1, php-7.2.2RC1 |
|
#
d6881293 |
| 16-Jan-2018 |
Dmitry Stogov |
Removed recursive call
|
#
8c07170d |
| 13-Jan-2018 |
Nikita Popov |
Fix generator GC if yield from parent chain does not reach root Parents may be unlinked while another generator sharing part of the chain is running. As such, we cannot assume that the p
Fix generator GC if yield from parent chain does not reach root Parents may be unlinked while another generator sharing part of the chain is running. As such, we cannot assume that the parent chain goes all the way to the root. Instead walk backwards from root to leaf, like we also do during destruction.
show more ...
|
#
cab0a814 |
| 12-Jan-2018 |
Nikita Popov |
Try to fix yield from GC issues Make sure we always update root and parent references before releasing the old root object. This fixes some crashes under aggressive cycle collec
Try to fix yield from GC issues Make sure we always update root and parent references before releasing the old root object. This fixes some crashes under aggressive cycle collection, so hopefully this will also fix bug #75351.
show more ...
|
#
420d11e8 |
| 12-Jan-2018 |
Nikita Popov |
Fixed bug #75396 Do not run finally blocks in generators on unclean shutdown (e.g. caused by exit). This is consistent with how finally blocks outside of generators behave.
|
#
5fef837c |
| 09-Jan-2018 |
Nikita Popov |
Simplify non-linear generator yield from tree Remove special handling for 2-4 children. Now the three possible cases are no children, one child, or many children (HT). The non-l
Simplify non-linear generator yield from tree Remove special handling for 2-4 children. Now the three possible cases are no children, one child, or many children (HT). The non-linear (many children) case is extremely rare, so there is no point in trying to optimize it.
show more ...
|
#
27f09efa |
| 12-Jan-2018 |
Nikita Popov |
Avoid duplicate addition of generators in yield from tree
|
#
12c386f5 |
| 11-Jan-2018 |
Dmitry Stogov |
Use ZEND_CLOSURE_OBJECT() macro to resolve closure op_array to closure object through address calculation, instead of op_array->prototype reuse. (reapply 781e1573afdc7c336b3577ceabc9c65cafea17e8, now
Use ZEND_CLOSURE_OBJECT() macro to resolve closure op_array to closure object through address calculation, instead of op_array->prototype reuse. (reapply 781e1573afdc7c336b3577ceabc9c65cafea17e8, now it should be OK).
show more ...
|
#
6ba10a03 |
| 11-Jan-2018 |
Dmitry Stogov |
Revert "Use ZEND_CLOSURE_OBJECT() macro to resolve closure op_array to closure object through address calculation, instead of op_array->prototype reuse." (this patch is incomplete or wrong)
Revert "Use ZEND_CLOSURE_OBJECT() macro to resolve closure op_array to closure object through address calculation, instead of op_array->prototype reuse." (this patch is incomplete or wrong) This reverts commit 781e1573afdc7c336b3577ceabc9c65cafea17e8.
show more ...
|
#
781e1573 |
| 11-Jan-2018 |
Dmitry Stogov |
Use ZEND_CLOSURE_OBJECT() macro to resolve closure op_array to closure object through address calculation, instead of op_array->prototype reuse.
|