900f0cab | 24-Oct-2023 |
icy17 <1061499390@qq.com> |
Fix null pointer dereferences in case of allocation failure Closes GH-12506. |
aa45df48 | 24-Oct-2023 |
Dmitry Stogov |
Fixed incorrect type inference |
76c41d27 | 24-Oct-2023 |
Dmitry Stogov |
Fixed GH-12482: Abortion with tracing JIT |
e270ee30 | 23-Oct-2023 |
Dmitry Stogov |
memory_consumption must be page aligned |
e0ca4dca | 23-Oct-2023 |
Dmitry Stogov |
Fixed GH-12494: Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault withJIT + --repeat 2 |
52aa0d9e | 23-Sep-2023 |
Jakub Zelenka |
Fix bug #75708: getimagesize with "&$imageinfo" fails on StreamWrappers Closes GH-12444 |
83a242ec | 21-Oct-2023 |
Jakub Zelenka |
Fix GH-12489: Missing sigbio creation checking in openssl_cms_verify Closes GH-12490 |
01d61605 | 19-Oct-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix segfault and assertion failure with refcounted props and arrays Closes GH-12478. |
abf562c4 | 19-Oct-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix incorrect uri check in SOAP caching If i == 0 then the check will compare 0 bytes. We are supposed to check if the uri is identical. Closes GH-12479. |
43e63168 | 18-Oct-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix bug #66150: SOAP WSDL cache race condition causes Segmentation Fault When we have two processes both trying to cache a WSDL, they might start writing the data to the same temporary f
Fix bug #66150: SOAP WSDL cache race condition causes Segmentation Fault When we have two processes both trying to cache a WSDL, they might start writing the data to the same temporary file, causing file corruption due to the race condition. Fix this by creating a temporary file first, and then moving it to the final location. If moving fails then we know another process finished caching first. This also fixes #67617 as a consequence of its implementation. Closes GH-12469.
show more ...
|
af3d2f7e | 18-Oct-2023 |
Ilija Tovilo |
Fix double-free of doc_comment when overriding static property via trait When redeclaring an overridden static property with a trait we're removing the property from the class. However,
Fix double-free of doc_comment when overriding static property via trait When redeclaring an overridden static property with a trait we're removing the property from the class. However, because the property itself does not belong to the class we must not free its associated data. This issue is exposed by 9a250cc9d6 in PHP 8.3+ because duplicate static properties in traits are no longer skipped, but redeclared. Fixes GH-12468
show more ...
|
07d81592 | 17-Oct-2023 |
Ilija Tovilo |
Avoid JIT warning with opcache.jit_buffer_size=0 Closes GH-12460 |
89eb1c64 | 16-Oct-2023 |
Dmitry Stogov |
Fixed GH-11917: primitives seem to be passed via reference instead of by value under some conditions when JIT is enabled on windows (#12451) |
dabced0f | 16-Oct-2023 |
Dmitry Stogov |
Fixed GH-12428: Assertion with function/tracing JIT |
68aa7931 | 14-Oct-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Add missing module dependency for xsl This module cannot work without the DOM extension. Closes GH-12441. |
0217be4d | 22-Sep-2023 |
Jakub Zelenka |
Fix GH-12232: FPM: segfault dynamically loading extension without opcache Also fixes incorrect assertion in ini init that php_dl is always temporary. Closes GH-12277 |
d7de0cec | 11-Oct-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix registerNodeClass with abstract class crashing This always results in a segfault when trying to instantiate, so this never worked. At least throw an error instead of segfaulting to p
Fix registerNodeClass with abstract class crashing This always results in a segfault when trying to instantiate, so this never worked. At least throw an error instead of segfaulting to prevent developers from being confused. Closes GH-12420.
show more ...
|
734afa0b | 13-Oct-2023 |
Ilija Tovilo |
Fix JIT on nightly The JIT was accidentally disabled in nightly on lower branches because jit_buffer_size woudln't be passed from nightly.yml on master anymore. |
4332546b | 10-Oct-2023 |
Ilija Tovilo |
Move ARM build to CircleCI Closes GH-12415 |
7e4a3236 | 10-Oct-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12392: Segmentation fault on SoapClient::__getTypes There are two issues: - UAF because the hashmap resized while being iterated over, yet the local variables used internall
Fix GH-12392: Segmentation fault on SoapClient::__getTypes There are two issues: - UAF because the hashmap resized while being iterated over, yet the local variables used internally in the macros are not updated. - The hashmap being iterated over is modified: entries are deleted after other entries have been added. This causes the deletion to fail sometimes because indices of buckets have shifted. Fix it by using a while loop iteration and HashPosition position tracker instead. Issue exists on PHP 8.1 too, but is much harder to trigger. The test file reproduces the issue reliably on PHP 8.2 and up. Closes GH-12409.
show more ...
|
71f14510 | 09-Oct-2023 |
Daniil Gentili |
Fix GH-11121: ReflectionFiber segfault Closes GH-12391. Co-authored-by: Aaron Piotrowski <aaron@trowski.com> |
1f4159e5 | 11-Oct-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
[ci skip] NEWS Entry for 90f2e7607a. |
71774611 | 10-Oct-2023 |
Daniil Gentili |
Report warning if JIT cannot be enabled Closes GH-12404 |
90f2e760 | 11-Oct-2023 |
Sergei Turchanov |
Reset inheritance_cache pointer of zend_class_entry upon serialization (#12401) to opcache filecache. Usually, when a class is being loaded, a dependency tracking is performed after the
Reset inheritance_cache pointer of zend_class_entry upon serialization (#12401) to opcache filecache. Usually, when a class is being loaded, a dependency tracking is performed after the call to zend_file_cache_script_store. But sometimes, when opcache cache is empty and there are many simultaneous outstanding requests for compilation, some classes do have their inheritance_cache initialized before the call to zend_file_cache_script_store, and in that case this pointer is serialized as-is. And when such a class is loaded from opcache filecache this pointer also loaded as-is, and now it points to some random location in memory. This causes segfaults occuring when traversing inheritance_cache of such classes. We need to reset inheritance_cache pointer of zend_class_entry upon serialization. This should have been done anyway since it is a sensible strategy to sanitize any memory pointer upon serialization (either by calling SERIALIZE_x macros or setting to NULL or any other deterministic value).
show more ...
|
be64db59 | 10-Oct-2023 |
Patrick Allaert |
PHP-8.1 is now for PHP 8.1.26-dev |