Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare cas

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow.

Closes GH-7381.

show more ...

Revert "Fix #73122: Integer Overflow when concatenating strings"

This reverts commit f1ce8d5f5839cb2069ea37ff424fb96b8cd6932d, which has
been accidentially pushed.

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare cas

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow. Since the recent fix for bug #74960 still doesn't catch all
possible overflows, we fix that right away.

show more ...

Drop incorrect cache_slot optimization for typed properties

For a particular assignment, a non-coerced constant assignment
value will remain valid. However, opcache merges cache slots fo

Drop incorrect cache_slot optimization for typed properties

For a particular assignment, a non-coerced constant assignment
value will remain valid. However, opcache merges cache slots for
all identical property references, which means that this
optimization also disables property type checks for all other
operands on the property that occur in the same functions.

This could be addressed by blocking cache slot merging in opcache,
but I prefer dropping it entirely instead. It does not seem
important enough to warrant doing that.

show more ...

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29899.

show more ...

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check tha

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check that makes this easier to
catch.

show more ...

Avoid non-object in FE_FREE

Even if the properties HT is empty, make sure we still leave an
object in the FE_RESET result, so our type inference results
stay correct.

Fixed bug #80186

Early exit in FE_RESET if get_properties() returns empty array,
as we cannot add HT iterators to zend_empty_array.

Fixed bug #80049

Type checking may convert to refcounted values, so force freeing
of extra args.

Fix memory leak when yielding from non-iterable

Fix refcounting

Fix #79979: passing value to by-ref param via CUFA crashes

If a by-val send is not allowed, we must not do so. Instead we wrap
the value in a temporary reference.

Closes GH-6000

Fixed bug #79947

Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow()
slow path, so it can be used by the other error path as well. This
makes ASSIGN_DIM_OP struc

Fixed bug #79947

Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow()
slow path, so it can be used by the other error path as well. This
makes ASSIGN_DIM_OP structurally more similar to ASSIGN_DIM.

show more ...

Switch back to FREE_UNFETCHED_OP_DATA

Some of the code paths leading to this do not fetch op data.
Hopefully this fixes the release build failure.

Fix bug #79599 in a different way

Move the emission of the undefined variable notice before the
array separation.

Respect typed references in catch assignment

I decided to null out EG(exception) early here, which means only
the exception from the dtor / ref assign is preserved, and the
previous

Respect typed references in catch assignment

I decided to null out EG(exception) early here, which means only
the exception from the dtor / ref assign is preserved, and the
previous exception is not chained in. This is more robust, and
I don't think this situation is common enough to be bothered about
the precise behavior.

show more ...

zend_timeout() may access EX(opline)

Check asserts early

Avoid "Anonymous class wasn't preloaded" error by lazely loading of not preloaded part of a preloaded script

Fixed bug #79357

Peculiarly, for once the cause was not SOAPs "interesting" error
handling, but a bug in the call trampoline for internal functions...

Make opcodes to return de-refereced values of typed references (in the same was as for non-typed)

Apply tidy formatting

Mostly reindent PHP scripts to spaces.

Fix bug #76047

Unlink the current stack frame before freeing CVs or extra args.
This means it will no longer show up in back traces that are
generated during CV destruction.

Fix bug #76047

Unlink the current stack frame before freeing CVs or extra args.
This means it will no longer show up in back traces that are
generated during CV destruction.

We already did this prior to destructing the object/closure,
presumably for the same reason.

show more ...

Fixed bug #79094 (Crashing when running recursion function)

Fix early free of assign_obj op_data

We need to make sure that op_data is only freed after populating
result, as op_data may be the only thing holding the value in the
case of an ove

Fix early free of assign_obj op_data

We need to make sure that op_data is only freed after populating
result, as op_data may be the only thing holding the value in the
case of an overloaded assignment.

This reverts the code to how it looked like in 7.3.

show more ...