Fix null pointer dereferences in case of allocation failure

Closes GH-12506.

Fixed incorrect type inference

Fixed GH-12482: Abortion with tracing JIT

memory_consumption must be page aligned

Fixed GH-12494: Zend/tests/arginfo_zpp_mismatch.phpt causes a segfault withJIT + --repeat 2

Fix bug #75708: getimagesize with "&$imageinfo" fails on StreamWrappers

Closes GH-12444

Fix GH-12489: Missing sigbio creation checking in openssl_cms_verify

Closes GH-12490

Fix segfault and assertion failure with refcounted props and arrays

Closes GH-12478.

Fix incorrect uri check in SOAP caching

If i == 0 then the check will compare 0 bytes.
We are supposed to check if the uri is identical.

Closes GH-12479.

Fix bug #66150: SOAP WSDL cache race condition causes Segmentation Fault

When we have two processes both trying to cache a WSDL, they might start
writing the data to the same temporary f

Fix bug #66150: SOAP WSDL cache race condition causes Segmentation Fault

When we have two processes both trying to cache a WSDL, they might start
writing the data to the same temporary file, causing file corruption due
to the race condition. Fix this by creating a temporary file first, and
then moving it to the final location. If moving fails then we know
another process finished caching first.

This also fixes #67617 as a consequence of its implementation.

Closes GH-12469.

show more ...

Fix double-free of doc_comment when overriding static property via trait

When redeclaring an overridden static property with a trait we're removing the
property from the class. However,

Fix double-free of doc_comment when overriding static property via trait

When redeclaring an overridden static property with a trait we're removing the
property from the class. However, because the property itself does not belong to
the class we must not free its associated data.

This issue is exposed by 9a250cc9d6 in PHP 8.3+ because duplicate static
properties in traits are no longer skipped, but redeclared.

Fixes GH-12468

show more ...

Avoid JIT warning with opcache.jit_buffer_size=0

Closes GH-12460

Fixed GH-11917: primitives seem to be passed via reference instead of by value under some conditions when JIT is enabled on windows (#12451)

Fixed GH-12428: Assertion with function/tracing JIT

Add missing module dependency for xsl

This module cannot work without the DOM extension.

Closes GH-12441.

Fix GH-12232: FPM: segfault dynamically loading extension without opcache

Also fixes incorrect assertion in ini init that php_dl is always
temporary.

Closes GH-12277

Fix registerNodeClass with abstract class crashing

This always results in a segfault when trying to instantiate, so this never
worked. At least throw an error instead of segfaulting to p

Fix registerNodeClass with abstract class crashing

This always results in a segfault when trying to instantiate, so this never
worked. At least throw an error instead of segfaulting to prevent developers
from being confused.

Closes GH-12420.

show more ...

Fix JIT on nightly

The JIT was accidentally disabled in nightly on lower branches because
jit_buffer_size woudln't be passed from nightly.yml on master anymore.

Move ARM build to CircleCI

Closes GH-12415

Fix GH-12392: Segmentation fault on SoapClient::__getTypes

There are two issues:
- UAF because the hashmap resized while being iterated over, yet the local
variables used internall

Fix GH-12392: Segmentation fault on SoapClient::__getTypes

There are two issues:
- UAF because the hashmap resized while being iterated over, yet the local
variables used internally in the macros are not updated.
- The hashmap being iterated over is modified: entries are deleted after
other entries have been added. This causes the deletion to fail sometimes
because indices of buckets have shifted.

Fix it by using a while loop iteration and HashPosition position tracker
instead.
Issue exists on PHP 8.1 too, but is much harder to trigger.
The test file reproduces the issue reliably on PHP 8.2 and up.

Closes GH-12409.

show more ...

Fix GH-11121: ReflectionFiber segfault

Closes GH-12391.

Co-authored-by: Aaron Piotrowski <aaron@trowski.com>

[ci skip] NEWS

Entry for 90f2e7607a.

Report warning if JIT cannot be enabled

Closes GH-12404

Reset inheritance_cache pointer of zend_class_entry upon serialization (#12401)

to opcache filecache. Usually, when a class is being loaded, a dependency
tracking is performed after the

Reset inheritance_cache pointer of zend_class_entry upon serialization (#12401)

to opcache filecache. Usually, when a class is being loaded, a dependency
tracking is performed after the call to zend_file_cache_script_store.
But sometimes, when opcache cache is empty and there are many simultaneous
outstanding requests for compilation, some classes do have their
inheritance_cache initialized before the call to zend_file_cache_script_store,
and in that case this pointer is serialized as-is. And when such a class
is loaded from opcache filecache this pointer also loaded as-is, and now
it points to some random location in memory. This causes segfaults occuring
when traversing inheritance_cache of such classes.

We need to reset inheritance_cache pointer of zend_class_entry
upon serialization. This should have been done anyway since it is a sensible
strategy to sanitize any memory pointer upon serialization (either by calling
SERIALIZE_x macros or setting to NULL or any other deterministic value).

show more ...

PHP-8.1 is now for PHP 8.1.26-dev