#
0b7dffb4 |
| 17-Aug-2021 |
Christoph M. Becker |
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare cas
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare case of an overflow. Closes GH-7381.
show more ...
|
#
ba8bcf39 |
| 14-Jul-2021 |
Nikita Popov |
Drop incorrect cache_slot optimization for typed properties For a particular assignment, a non-coerced constant assignment value will remain valid. However, opcache merges cache slots fo
Drop incorrect cache_slot optimization for typed properties For a particular assignment, a non-coerced constant assignment value will remain valid. However, opcache merges cache slots for all identical property references, which means that this optimization also disables property type checks for all other operands on the property that occur in the same functions. This could be addressed by blocking cache slot merging in opcache, but I prefer dropping it entirely instead. It does not seem important enough to warrant doing that.
show more ...
|
#
96bf925c |
| 02-Jul-2021 |
Nikita Popov |
Fix return value of wrong fucntion by-ref assign We should be using the result of zend_assign_to_variable() here, which will deref prior to potential freeing. Fixes oss-fuzz #29
Fix return value of wrong fucntion by-ref assign We should be using the result of zend_assign_to_variable() here, which will deref prior to potential freeing. Fixes oss-fuzz #29899.
show more ...
|
#
6dd85f83 |
| 22-Feb-2021 |
Nikita Popov |
Fixed bug #80781 zend_find_array_dim_slow() may throw, make sure to handle this. This backports the code we already use for this on PHP-8.0, and also backports an exception check tha
Fixed bug #80781 zend_find_array_dim_slow() may throw, make sure to handle this. This backports the code we already use for this on PHP-8.0, and also backports an exception check that makes this easier to catch.
show more ...
|
#
304141e8 |
| 12-Oct-2020 |
Nikita Popov |
Avoid non-object in FE_FREE Even if the properties HT is empty, make sure we still leave an object in the FE_RESET result, so our type inference results stay correct.
|
#
15443f8a |
| 09-Oct-2020 |
Nikita Popov |
Fixed bug #80186 Early exit in FE_RESET if get_properties() returns empty array, as we cannot add HT iterators to zend_empty_array.
|
#
46a49be6 |
| 03-Sep-2020 |
Nikita Popov |
Fixed bug #80049 Type checking may convert to refcounted values, so force freeing of extra args.
|
#
d179e34e |
| 26-Aug-2020 |
Nikita Popov |
Fix memory leak when yielding from non-iterable
|
#
bb54694f |
| 24-Aug-2020 |
Nikita Popov |
Fix refcounting
|
#
6b6c2c00 |
| 24-Aug-2020 |
Christoph M. Becker |
Fix #79979: passing value to by-ref param via CUFA crashes If a by-val send is not allowed, we must not do so. Instead we wrap the value in a temporary reference. Closes GH-6000
|
#
2d087210 |
| 10-Aug-2020 |
Nikita Popov |
Fixed bug #79947 Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow() slow path, so it can be used by the other error path as well. This makes ASSIGN_DIM_OP struc
Fixed bug #79947 Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow() slow path, so it can be used by the other error path as well. This makes ASSIGN_DIM_OP structurally more similar to ASSIGN_DIM.
show more ...
|
#
8318379d |
| 09-Jul-2020 |
Nikita Popov |
Switch back to FREE_UNFETCHED_OP_DATA Some of the code paths leading to this do not fetch op data. Hopefully this fixes the release build failure.
|
#
5795dfda |
| 09-Jul-2020 |
Nikita Popov |
Fix bug #79599 in a different way Move the emission of the undefined variable notice before the array separation.
|
#
8483a21f |
| 25-May-2020 |
Christoph M. Becker |
Fix several mostly Windows related phpdbg bugs * Properly initialize PHPDBG_G(watch_tmp) Otherwise that may cause segfaults in ZTS builds. * Deactivate potentially remain
Fix several mostly Windows related phpdbg bugs * Properly initialize PHPDBG_G(watch_tmp) Otherwise that may cause segfaults in ZTS builds. * Deactivate potentially remaining watchpoints after REPL Otherwise the memory could still be protected, resulting in segfaults during shutdown. * NULL zend_handlers_table after freeing As of commit 4130fe4[1], the `zend_handlers_table` is explicitly freed in the `zend_vm_dtor()`. Since phpdbg (and maybe some other SAPIs) may restart the engine afterwards, we have to make sure that the table is also NULLed. * Only set context option if there is a context In other words, we must not follow the null pointer. * Cater to file handles without attached console File handles do not necessarily have an attached console (for instance, pipes do not), in which case `GetConsoleScreenBufferInfo()` fails. In this case we set a default value (`40`) for lines like on other systems. [1] <http://git.php.net/?p=php-src.git;a=commit;h=4130fe437a5db7ead1444d3748bd0fbad9829cb2>
show more ...
|
#
4a08ca12 |
| 26-May-2020 |
Nikita Popov |
Respect typed references in catch assignment I decided to null out EG(exception) early here, which means only the exception from the dtor / ref assign is preserved, and the previous
Respect typed references in catch assignment I decided to null out EG(exception) early here, which means only the exception from the dtor / ref assign is preserved, and the previous exception is not chained in. This is more robust, and I don't think this situation is common enough to be bothered about the precise behavior.
show more ...
|
#
d31ccb5f |
| 17-Apr-2020 |
Dmitry Stogov |
zend_timeout() may access EX(opline)
|
#
c5159b38 |
| 12-Mar-2020 |
Dmitry Stogov |
Check asserts early
|
#
2dddab01 |
| 12-Mar-2020 |
Dmitry Stogov |
Avoid "Anonymous class wasn't preloaded" error by lazely loading of not preloaded part of a preloaded script
|
#
760faa12 |
| 09-Mar-2020 |
Nikita Popov |
Fixed bug #79357 Peculiarly, for once the cause was not SOAPs "interesting" error handling, but a bug in the call trampoline for internal functions...
|
#
5d0ef4c2 |
| 06-Feb-2020 |
Dmitry Stogov |
Make opcodes to return de-refereced values of typed references (in the same was as for non-typed)
|
#
ef1e4891 |
| 31-Jan-2020 |
Nikita Popov |
Fix bug #76047 Unlink the current stack frame before freeing CVs or extra args. This means it will no longer show up in back traces that are generated during CV destruction.
Fix bug #76047 Unlink the current stack frame before freeing CVs or extra args. This means it will no longer show up in back traces that are generated during CV destruction. We already did this prior to destructing the object/closure, presumably for the same reason.
show more ...
|
#
db7193f3 |
| 31-Jan-2020 |
Dmitry Stogov |
Fixed bug #79094 (Crashing when running recursion function)
|
#
4130fe43 |
| 15-Jan-2020 |
Christoph M. Becker |
Make MSVCRT memory leak checking usable for the test suite While basic support for MSVCRT debugging has been added long ago[1], the leak checking is not usable for the test suite, becaus
Make MSVCRT memory leak checking usable for the test suite While basic support for MSVCRT debugging has been added long ago[1], the leak checking is not usable for the test suite, because we are no longer calling `xmlCleanupParser()` on RSHUTDOWN of ext/libxml[2], and therefore a few bogus leaks are reported whenever ext/libxml is unloaded. We therefore ignore memory leaks for this case. We introduce `ZEND_IGNORE_LEAKS_BEGIN()` and `ZEND_IGNORE_LEAKS_END()` to keep those ignores better readable, and also because these *might* be useful for other leak checkers as well. We also explicitly free the `zend_handlers_table` and the `p5s` to avoid spurious leak reports. [1] <http://git.php.net/?p=php-src.git;a=commit;h=d756e1db2324c1f4ab6f9b52e329959ce6a02bc3> [2] <http://git.php.net/?p=php-src.git;a=commit;h=8742276eb3905eb97a585417000c7b8df85006d4>
show more ...
|
#
885b3451 |
| 20-Dec-2019 |
Nikita Popov |
Fix early free of assign_obj op_data We need to make sure that op_data is only freed after populating result, as op_data may be the only thing holding the value in the case of an ove
Fix early free of assign_obj op_data We need to make sure that op_data is only freed after populating result, as op_data may be the only thing holding the value in the case of an overloaded assignment. This reverts the code to how it looked like in 7.3.
show more ...
|
#
eb846939 |
| 19-Dec-2019 |
Dmitry Stogov |
Fixed bug #78999 (Cycle leak when using function result as temporary)
|