#
0b7dffb4 |
| 17-Aug-2021 |
Christoph M. Becker |
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare cas
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare case of an overflow. Closes GH-7381.
show more ...
|
#
f3c45c17 |
| 17-Aug-2021 |
Christoph M. Becker |
Revert "Fix #73122: Integer Overflow when concatenating strings" This reverts commit f1ce8d5f5839cb2069ea37ff424fb96b8cd6932d, which has been accidentially pushed.
|
#
f1ce8d5f |
| 17-Aug-2021 |
Christoph M. Becker |
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare cas
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare case of an overflow. Since the recent fix for bug #74960 still doesn't catch all possible overflows, we fix that right away.
show more ...
|
#
ba8bcf39 |
| 14-Jul-2021 |
Nikita Popov |
Drop incorrect cache_slot optimization for typed properties For a particular assignment, a non-coerced constant assignment value will remain valid. However, opcache merges cache slots fo
Drop incorrect cache_slot optimization for typed properties For a particular assignment, a non-coerced constant assignment value will remain valid. However, opcache merges cache slots for all identical property references, which means that this optimization also disables property type checks for all other operands on the property that occur in the same functions. This could be addressed by blocking cache slot merging in opcache, but I prefer dropping it entirely instead. It does not seem important enough to warrant doing that.
show more ...
|
#
96bf925c |
| 02-Jul-2021 |
Nikita Popov |
Fix return value of wrong fucntion by-ref assign We should be using the result of zend_assign_to_variable() here, which will deref prior to potential freeing. Fixes oss-fuzz #29
Fix return value of wrong fucntion by-ref assign We should be using the result of zend_assign_to_variable() here, which will deref prior to potential freeing. Fixes oss-fuzz #29899.
show more ...
|
#
6dd85f83 |
| 22-Feb-2021 |
Nikita Popov |
Fixed bug #80781 zend_find_array_dim_slow() may throw, make sure to handle this. This backports the code we already use for this on PHP-8.0, and also backports an exception check tha
Fixed bug #80781 zend_find_array_dim_slow() may throw, make sure to handle this. This backports the code we already use for this on PHP-8.0, and also backports an exception check that makes this easier to catch.
show more ...
|
#
304141e8 |
| 12-Oct-2020 |
Nikita Popov |
Avoid non-object in FE_FREE Even if the properties HT is empty, make sure we still leave an object in the FE_RESET result, so our type inference results stay correct.
|
#
15443f8a |
| 09-Oct-2020 |
Nikita Popov |
Fixed bug #80186 Early exit in FE_RESET if get_properties() returns empty array, as we cannot add HT iterators to zend_empty_array.
|
#
46a49be6 |
| 03-Sep-2020 |
Nikita Popov |
Fixed bug #80049 Type checking may convert to refcounted values, so force freeing of extra args.
|
#
d179e34e |
| 26-Aug-2020 |
Nikita Popov |
Fix memory leak when yielding from non-iterable
|
#
bb54694f |
| 24-Aug-2020 |
Nikita Popov |
Fix refcounting
|
#
6b6c2c00 |
| 24-Aug-2020 |
Christoph M. Becker |
Fix #79979: passing value to by-ref param via CUFA crashes If a by-val send is not allowed, we must not do so. Instead we wrap the value in a temporary reference. Closes GH-6000
|
#
2d087210 |
| 10-Aug-2020 |
Nikita Popov |
Fixed bug #79947 Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow() slow path, so it can be used by the other error path as well. This makes ASSIGN_DIM_OP struc
Fixed bug #79947 Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow() slow path, so it can be used by the other error path as well. This makes ASSIGN_DIM_OP structurally more similar to ASSIGN_DIM.
show more ...
|
#
8318379d |
| 09-Jul-2020 |
Nikita Popov |
Switch back to FREE_UNFETCHED_OP_DATA Some of the code paths leading to this do not fetch op data. Hopefully this fixes the release build failure.
|
#
5795dfda |
| 09-Jul-2020 |
Nikita Popov |
Fix bug #79599 in a different way Move the emission of the undefined variable notice before the array separation.
|
#
4a08ca12 |
| 26-May-2020 |
Nikita Popov |
Respect typed references in catch assignment I decided to null out EG(exception) early here, which means only the exception from the dtor / ref assign is preserved, and the previous
Respect typed references in catch assignment I decided to null out EG(exception) early here, which means only the exception from the dtor / ref assign is preserved, and the previous exception is not chained in. This is more robust, and I don't think this situation is common enough to be bothered about the precise behavior.
show more ...
|
#
d31ccb5f |
| 17-Apr-2020 |
Dmitry Stogov |
zend_timeout() may access EX(opline)
|
#
c5159b38 |
| 12-Mar-2020 |
Dmitry Stogov |
Check asserts early
|
#
2dddab01 |
| 12-Mar-2020 |
Dmitry Stogov |
Avoid "Anonymous class wasn't preloaded" error by lazely loading of not preloaded part of a preloaded script
|
#
760faa12 |
| 09-Mar-2020 |
Nikita Popov |
Fixed bug #79357 Peculiarly, for once the cause was not SOAPs "interesting" error handling, but a bug in the call trampoline for internal functions...
|
#
5d0ef4c2 |
| 06-Feb-2020 |
Dmitry Stogov |
Make opcodes to return de-refereced values of typed references (in the same was as for non-typed)
|
#
58b17906 |
| 03-Feb-2020 |
Nikita Popov |
Apply tidy formatting Mostly reindent PHP scripts to spaces.
|
#
ef1e4891 |
| 31-Jan-2020 |
Nikita Popov |
Fix bug #76047 Unlink the current stack frame before freeing CVs or extra args. This means it will no longer show up in back traces that are generated during CV destruction.
Fix bug #76047 Unlink the current stack frame before freeing CVs or extra args. This means it will no longer show up in back traces that are generated during CV destruction. We already did this prior to destructing the object/closure, presumably for the same reason.
show more ...
|
#
db7193f3 |
| 31-Jan-2020 |
Dmitry Stogov |
Fixed bug #79094 (Crashing when running recursion function)
|
#
885b3451 |
| 20-Dec-2019 |
Nikita Popov |
Fix early free of assign_obj op_data We need to make sure that op_data is only freed after populating result, as op_data may be the only thing holding the value in the case of an ove
Fix early free of assign_obj op_data We need to make sure that op_data is only freed after populating result, as op_data may be the only thing holding the value in the case of an overloaded assignment. This reverts the code to how it looked like in 7.3.
show more ...
|