Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare cas

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow.

Closes GH-7381.

show more ...

Drop incorrect cache_slot optimization for typed properties

For a particular assignment, a non-coerced constant assignment
value will remain valid. However, opcache merges cache slots fo

Drop incorrect cache_slot optimization for typed properties

For a particular assignment, a non-coerced constant assignment
value will remain valid. However, opcache merges cache slots for
all identical property references, which means that this
optimization also disables property type checks for all other
operands on the property that occur in the same functions.

This could be addressed by blocking cache slot merging in opcache,
but I prefer dropping it entirely instead. It does not seem
important enough to warrant doing that.

show more ...

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29899.

show more ...

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check tha

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check that makes this easier to
catch.

show more ...

Avoid non-object in FE_FREE

Even if the properties HT is empty, make sure we still leave an
object in the FE_RESET result, so our type inference results
stay correct.

Fixed bug #80186

Early exit in FE_RESET if get_properties() returns empty array,
as we cannot add HT iterators to zend_empty_array.

Fixed bug #80049

Type checking may convert to refcounted values, so force freeing
of extra args.

Fix memory leak when yielding from non-iterable

Fix refcounting

Fix #79979: passing value to by-ref param via CUFA crashes

If a by-val send is not allowed, we must not do so. Instead we wrap
the value in a temporary reference.

Closes GH-6000

Fixed bug #79947

Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow()
slow path, so it can be used by the other error path as well. This
makes ASSIGN_DIM_OP struc

Fixed bug #79947

Move the FREE_OP for op_data out of the zend_binary_assign_op_dim_slow()
slow path, so it can be used by the other error path as well. This
makes ASSIGN_DIM_OP structurally more similar to ASSIGN_DIM.

show more ...

Switch back to FREE_UNFETCHED_OP_DATA

Some of the code paths leading to this do not fetch op data.
Hopefully this fixes the release build failure.

Fix bug #79599 in a different way

Move the emission of the undefined variable notice before the
array separation.

Fix several mostly Windows related phpdbg bugs

* Properly initialize PHPDBG_G(watch_tmp)

Otherwise that may cause segfaults in ZTS builds.

* Deactivate potentially remain

Fix several mostly Windows related phpdbg bugs

* Properly initialize PHPDBG_G(watch_tmp)

Otherwise that may cause segfaults in ZTS builds.

* Deactivate potentially remaining watchpoints after REPL

Otherwise the memory could still be protected, resulting in segfaults
during shutdown.

* NULL zend_handlers_table after freeing

As of commit 4130fe4[1], the `zend_handlers_table` is explicitly
freed in the `zend_vm_dtor()`. Since phpdbg (and maybe some other
SAPIs) may restart the engine afterwards, we have to make sure that
the table is also NULLed.

* Only set context option if there is a context

In other words, we must not follow the null pointer.

* Cater to file handles without attached console

File handles do not necessarily have an attached console (for
instance, pipes do not), in which case `GetConsoleScreenBufferInfo()`
fails. In this case we set a default value (`40`) for lines like on
other systems.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=4130fe437a5db7ead1444d3748bd0fbad9829cb2>

show more ...

Respect typed references in catch assignment

I decided to null out EG(exception) early here, which means only
the exception from the dtor / ref assign is preserved, and the
previous

Respect typed references in catch assignment

I decided to null out EG(exception) early here, which means only
the exception from the dtor / ref assign is preserved, and the
previous exception is not chained in. This is more robust, and
I don't think this situation is common enough to be bothered about
the precise behavior.

show more ...

zend_timeout() may access EX(opline)

Check asserts early

Avoid "Anonymous class wasn't preloaded" error by lazely loading of not preloaded part of a preloaded script

Fixed bug #79357

Peculiarly, for once the cause was not SOAPs "interesting" error
handling, but a bug in the call trampoline for internal functions...

Make opcodes to return de-refereced values of typed references (in the same was as for non-typed)

Fix bug #76047

Unlink the current stack frame before freeing CVs or extra args.
This means it will no longer show up in back traces that are
generated during CV destruction.

Fix bug #76047

Unlink the current stack frame before freeing CVs or extra args.
This means it will no longer show up in back traces that are
generated during CV destruction.

We already did this prior to destructing the object/closure,
presumably for the same reason.

show more ...

Fixed bug #79094 (Crashing when running recursion function)

Make MSVCRT memory leak checking usable for the test suite

While basic support for MSVCRT debugging has been added long
ago[1], the leak checking is not usable for the test suite, becaus

Make MSVCRT memory leak checking usable for the test suite

While basic support for MSVCRT debugging has been added long
ago[1], the leak checking is not usable for the test suite, because we
are no longer calling `xmlCleanupParser()` on RSHUTDOWN of
ext/libxml[2], and therefore a few bogus leaks are reported whenever
ext/libxml is unloaded.

We therefore ignore memory leaks for this case. We introduce
`ZEND_IGNORE_LEAKS_BEGIN()` and `ZEND_IGNORE_LEAKS_END()` to keep
those ignores better readable, and also because these *might* be
useful for other leak checkers as well.

We also explicitly free the `zend_handlers_table` and the `p5s` to
avoid spurious leak reports.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=d756e1db2324c1f4ab6f9b52e329959ce6a02bc3>
[2] <http://git.php.net/?p=php-src.git;a=commit;h=8742276eb3905eb97a585417000c7b8df85006d4>

show more ...

Fix early free of assign_obj op_data

We need to make sure that op_data is only freed after populating
result, as op_data may be the only thing holding the value in the
case of an ove

Fix early free of assign_obj op_data

We need to make sure that op_data is only freed after populating
result, as op_data may be the only thing holding the value in the
case of an overloaded assignment.

This reverts the code to how it looked like in 7.3.

show more ...

Fixed bug #78999 (Cycle leak when using function result as temporary)