Fix crash when memory limit is exceeded during generator initialization

Fix memory leak

Fixes oss-fuzz #51622

Fix GH-9323: crash when the VM enters userspace code via the GC

Closes GH-9323

JIT: Fix array clobbering by user error handler

Fixes oss-fuzz #46336

Fix memory leak

Fixes oss-fuzz #44222

Combine ADDREF/DELREF

Fix array clobering by user error handler

Fixes oss-fuzz #42234

Fix array object clobbering by user error handler

Fixes oss-fuss #41605 and #41610

Fix clobering of operand by error handler in assignment to string offset

In some cases new code requires two reallocations insead of one.

Fixes oss-fuzz #31716, #36196, #39739 and #

Fix clobering of operand by error handler in assignment to string offset

In some cases new code requires two reallocations insead of one.

Fixes oss-fuzz #31716, #36196, #39739 and #40002

show more ...

Fixed bug #81631

We need to save the opline before fetching the operand, as it may
throw an undef var warning.

Partially fix handling of exceptions thrown in interrupt handlers

Fix finally exception chaining on recursion

In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should on

Fix finally exception chaining on recursion

In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should only update ex if we update EG(exception).

Fixes oss-fuzz #40464.

show more ...

Don't free FETCH_W operand if GLOBAL_LOCK

The error path performed the free unconditionally, while we should
not do it for GLOBAL_LOCK.

Fixes oss-fuzz #39868.

Fix duplicate undef warning in assign_dim_op

In case of auto-vivification we were fetching dim twice and as
such also emitting the undef var warning twice.

Create reference wrappers in SEND_UNPACK if necessary

Even if we can't actually pass by reference, we still need to
create the REFERENCE wrapper to satisfy the calling convention.
Th

Create reference wrappers in SEND_UNPACK if necessary

Even if we can't actually pass by reference, we still need to
create the REFERENCE wrapper to satisfy the calling convention.
The particular test case would crash with JIT, because the existence
of the reference was assumed.

Fixes oss-fuzz #39440.

show more ...

Handle throwing destructor in BIND_STATIC

Fixes oss-fuzz #39406.

Fix SEND_USER with ref arg

Even though the input is not a reference (or not treated as such),
we still need to create a reference to satisfy the function
signature. Various code reli

Fix SEND_USER with ref arg

Even though the input is not a reference (or not treated as such),
we still need to create a reference to satisfy the function
signature. Various code relies on reference arguments actually
being references. In this particular case, it would result in
a JIT crash.

The zend_call_function() implementation already handled this
correctly.

show more ...

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare cas

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow.

Closes GH-7381.

show more ...

Fix parameter name in count() error message

This parameter has been renamed to $value.

Fix parameter name in call_user_func() error message

This parameter name has been changed to $callback.

Drop incorrect cache_slot optimization for typed properties

For a particular assignment, a non-coerced constant assignment
value will remain valid. However, opcache merges cache slots fo

Drop incorrect cache_slot optimization for typed properties

For a particular assignment, a non-coerced constant assignment
value will remain valid. However, opcache merges cache slots for
all identical property references, which means that this
optimization also disables property type checks for all other
operands on the property that occur in the same functions.

This could be addressed by blocking cache slot merging in opcache,
but I prefer dropping it entirely instead. It does not seem
important enough to warrant doing that.

show more ...

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29899.

show more ...

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check tha

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check that makes this easier to
catch.

show more ...

Allow observer handlers disabling optimization in RETURN opcode handler, that may cause loss value of returned local variable.

Fix VAR return type verification

We should also set retval_ref when de-indirecting. Otherwise the
retval_ref != retval_ptr comparison below may incorrect assume
that we're returning

Fix VAR return type verification

We should also set retval_ref when de-indirecting. Otherwise the
retval_ref != retval_ptr comparison below may incorrect assume
that we're returning a reference.

I don't have a reliable reproducer for this issue, but it sometimes
appears in certain configurations in arrow_functions/007.phpt in
conjunction with other changes.

show more ...