The PHP 7.4 branch is for PHP 7.4.25 now

Fix #81407: shmop_open won't attach and causes php to crash

We need to allocate buffers for the file mapping names which are large
enough for all potential keys (`key_t` is defined as `i

Fix #81407: shmop_open won't attach and causes php to crash

We need to allocate buffers for the file mapping names which are large
enough for all potential keys (`key_t` is defined as `int` on Windows).

Regarding the test: it's probably never a good idea to use hard-coded
keys (should always use `ftok()` instead), but to reliably reproduce
this Windows specific issue we need to, and it shouldn't be an issue on
that OS.

Closes GH-7448.

show more ...

Fix #81400: Unterminated string in dns_get_record() results

If we assemble a zend_string manually, we need to end it with a NUL
byte ourselves.

We also fix the size calculation

Fix #81400: Unterminated string in dns_get_record() results

If we assemble a zend_string manually, we need to end it with a NUL
byte ourselves.

We also fix the size calculation for that zend_string; there is no need
for the extra byte for each part, and we don't have to multiply by two,
since we're using DnsQuery_A(), not DnsQuery_W () (in which case we
would have to do the character set conversion, anyway). This avoids
over-allocation, and the need to explicitly set the string length.

Finally, we use the proper access macro for zend_strings.

Closes GH-7427.

show more ...

Fix #53580: During resize gdImageCopyResampled cause colors change

We port the upstream fix[1], and also revert commit a3383ac3d7[2] which
is now obsolete, and also not part of libgd. E

Fix #53580: During resize gdImageCopyResampled cause colors change

We port the upstream fix[1], and also revert commit a3383ac3d7[2] which
is now obsolete, and also not part of libgd. Especially the change to
gd.png.c was at best a half-baked optimization.

[1] <https://github.com/libgd/libgd/commit/a24e96f01989bf9ca05a08d33862a08d6f4c4ed6>
[2] <https://github.com/php/php-src/commit/a3383ac3d7e21e54b1d7d89f308088d0692abc9f>

Closes GH-7402.

show more ...

Update NEWS

Fix #78819: Heap Overflow in msg_send

We need to use the proper type.

Closes GH-7386.

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare cas

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow.

Closes GH-7381.

show more ...

Fix #71542: disk_total_space does not work with relative paths

For ZTS builds, we need to expand the path given to `disk_free_space()`
and `disk_total_space()` to properly support the VC

Fix #71542: disk_total_space does not work with relative paths

For ZTS builds, we need to expand the path given to `disk_free_space()`
and `disk_total_space()` to properly support the VCWD.

Closes GH-7377.

show more ...

Fixed bug #81353

A user-defined error handler should not be invoked for preload
warnings. We are in a partially shut-down state at that point.

Fix #81351: xml_parse may fail, but has no error code

The fix for bug #73151[1] cured the symptoms, but not the root cause,
namely xmlParse() must not be called recursively. Since that

Fix #81351: xml_parse may fail, but has no error code

The fix for bug #73151[1] cured the symptoms, but not the root cause,
namely xmlParse() must not be called recursively. Since that bugfix
also messed up the error handling, we basically revert it (but also
simplify the return), and then prevent calling the parser recursively.

[1] <https://github.com/php/php-src/pull/2166/commits/f2a8a8c068995a5d780882c556cedd53bce3827d>

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

Closes GH-7363.

show more ...

Fix #81346: Non-seekable streams don't update position after write

The stream position is not related to the buffer, and needs to be
updated for non-seekable streams as well. The errone

Fix #81346: Non-seekable streams don't update position after write

The stream position is not related to the buffer, and needs to be
updated for non-seekable streams as well. The erroneous condition
around the position update is a relict of an old commit[1].

The unexpected test expectation is due to bug #81345.

[1] <https://github.com/php/php-src/commit/088e2692c3d1e680fd3d9306c4adb417e761acff>

Closes GH-7356.

show more ...

Fix #81302: Stream position after stream filter removed

When flushing the stream filters actually causes data to be written to
the stream, we need to update its position, because that is

Fix #81302: Stream position after stream filter removed

When flushing the stream filters actually causes data to be written to
the stream, we need to update its position, because that is not done by
the streams' write methods.

Closes GH-7354.

show more ...

Prepare for 7.4.24

Fix #74544: Integer overflow in mysqli_real_escape_string()

The patch has been provided by @johannes.

Closes GH-7353.

Fix #81327: Error build openssl extension on php 7.4.22

The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but t

Fix #81327: Error build openssl extension on php 7.4.22

The recent fix for bug 52093 is not compatible with LibreSSL ≥ 2.7.0,
which we recognize as mostly OpenSSL 1.1.0 compatible, but they still
do not support `ASN1_INTEGER_set_int64()`.

Closes GH-7339.

show more ...

Fix #51498: imagefilledellipse does not work for large circles

We backport the respective upstream fix[1].

[1] <https://github.com/libgd/libgd/commit/ace7fd88dc7571b3aa182f6b2604292

Fix #51498: imagefilledellipse does not work for large circles

We backport the respective upstream fix[1].

[1] <https://github.com/libgd/libgd/commit/ace7fd88dc7571b3aa182f6b2604292f8461a819>

Closes GH-7329.

show more ...

Fix #81305: Built-in Webserver Drops Requests With "Upgrade" Header

While our HTTP parser supports upgrade requests, the code using it does
not. Since upgrade requests are only valid fo

Fix #81305: Built-in Webserver Drops Requests With "Upgrade" Header

While our HTTP parser supports upgrade requests, the code using it does
not. Since upgrade requests are only valid for HTTP/1.1 and we neither
support any higher version, nor HTTPS yet, we do not exit early in case
of such requests, i.e. we ignore them, what is allowed by the specs.

We keep the supporting code in case we can meaningfully support upgrade
requests in the future.

Closes GH-7316.

show more ...

Fix #81252: PDO_ODBC doesn't account for SQL_NO_TOTAL

If `P->len` is negative (not only when it is `SQL_NULL_DATA`), we must
not go on, because the following code can't deal with that.

Fix #81252: PDO_ODBC doesn't account for SQL_NO_TOTAL

If `P->len` is negative (not only when it is `SQL_NULL_DATA`), we must
not go on, because the following code can't deal with that. This means
that the output parameter will be set to `NULL` without any indication
what went wrong, but it's still better than crashing.

Closes GH-7295.

show more ...

Fix #81294: Segfault when removing a filter

We need to call the proper method.

Closes GH-7308.

Fix #81283: shmop can't read beyond 2147483647 bytes

`start`, `count` and `shmop->size` are `zend_long`, so we must not
restrict to `INT_MAX`.

Closes GH-7301.

Fix bug #66719

While parent:: should inherit the called scope, it should only do
so if it is compatible. If there is no called scope, or it is not
a subtype of the scope, we should f

Fix bug #66719

While parent:: should inherit the called scope, it should only do
so if it is compatible. If there is no called scope, or it is not
a subtype of the scope, we should fall back to the scope.

show more ...

Fix #74960: Heap buffer overflow via str_repeat

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow, so callers may need to

Fix #74960: Heap buffer overflow via str_repeat

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow, so callers may need to
check that explicitly. To make that easy in a portable way, we
introduce `ZSTR_MAX_LEN`.

Closes GH-7294.

show more ...

Revert "Fix #79908: json_encode encodes negative zero as int"

This reverts commit 717f1ed5e4b4b2083907dd085e66b377edad24b7.

Fix #78238: BCMath returns "-0"

There is no negative zero in the decimal system, so we must suppress
the sign.

Closes GH-7250.

Fix bug #81265: getimagesize returns 0 for 256px ICO images

Set ICO height/width to 256 if 0.