| #
10f5a06d |
| 12-Sep-2023 |
Max Semenik |
Fix GH-12186: segfault copying/cloning a finalized HashContext
Closes GH-12186.
Closes GH-12187.
|
| #
747335f1 |
| 11-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12170: Can't use xpath with comments in SimpleXML
Closes GH-12177.
|
| #
d0b76d7b |
| 14-Sep-2023 |
Ilija Tovilo |
[skip ci] Fix NEWS entry
|
| #
c2fb10d2 |
| 13-Sep-2023 |
Ilija Tovilo |
Fix filter_var with callback and explicit REQUIRE_SCALAR
For some reason, FILTER_CALLBACK disables the FILTER_REQUIRE_SCALAR flag that is
normally set by default. While surprising, this
Fix filter_var with callback and explicit REQUIRE_SCALAR
For some reason, FILTER_CALLBACK disables the FILTER_REQUIRE_SCALAR flag that is
normally set by default. While surprising, this is not something we can change.
However, even specifying FILTER_REQUIRE_SCALAR explicitly does not corrently set
this flag. This is because FILTER_CALLBACK zeroes the flags after they have been
populated from the parameters.
We reverse the checks to make explicitly specifying the flag behave as expected.
Closes GH-12203
show more ...
|
| #
c1cf0026 |
| 12-Sep-2023 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.25-dev
|
| #
107443b3 |
| 09-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix #52751: XPath processing-instruction() function is not supported.
Closes GH-12165.
|
| #
07a9d2fb |
| 08-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11878: SQLite3 callback functions cause a memory leak with a callable array
In this test file, the free_obj handler is called with a refcount of 2,
caused by the fact we do a GC_A
Fix GH-11878: SQLite3 callback functions cause a memory leak with a callable array
In this test file, the free_obj handler is called with a refcount of 2,
caused by the fact we do a GC_ADDREF() to increase its refcount while
its refcount is still 1 because the Foo object hasn't been destroyed yet
(due to the cycle caused by the sqlite function callback).
Solve this by introducing a get_gc handler.
Closes GH-11881.
show more ...
|
| #
748adf18 |
| 06-Sep-2023 |
Ilija Tovilo |
Fix zend_separate_if_call_and_write for FUNC_ARGs
Fixes GH-12102
Closees GH-12140
|
| #
5a2b2516 |
| 31-Aug-2023 |
Calvin Buckley |
Fix persistent procedural ODBC connections not getting closed
Like oci8, procedural ODBC uses an apply function on the hash list to
enumerate persistent connections and close the specifi
Fix persistent procedural ODBC connections not getting closed
Like oci8, procedural ODBC uses an apply function on the hash list to
enumerate persistent connections and close the specific one. However,
this function take zvals, not resources. However, it was getting casted
as such, causing it to interpret the pointer incorrectly. This could
have caused other issues, but mostly manifested as failing to close the
connection even fi it matched.
The function now takes a zval and gets the resource from that. In
addition, it also removes the cast of the function pointer and moves
casting to the function body, to avoid possible confusion like this in
refactors again. It also cleans up style and uses constants in the
function body.
Closes GH-12132
Signed-off-by: George Peter Banyard <girgias@php.net>
show more ...
|
| #
da7a66d6 |
| 27-Aug-2023 |
ju1ius |
Prevents double call to internal iterator rewind handler
Closes GH-12060
Signed-off-by: George Peter Banyard <girgias@php.net>
|
| #
af2110e6 |
| 29-Aug-2023 |
Ilija Tovilo |
Fix freeing of incompletely initialized closures
Addref to relevant fields before allocating any memory. Also only set/remove the
ZEND_ACC_HEAP_RT_CACHE flag after allocating memory.
Fix freeing of incompletely initialized closures
Addref to relevant fields before allocating any memory. Also only set/remove the
ZEND_ACC_HEAP_RT_CACHE flag after allocating memory.
Fixes GH-12073
Closes GH-12074
show more ...
|
| #
a579fa80 |
| 02-Sep-2023 |
George Peter Banyard |
Fixed bug GH-12020: intl_get_error_message() broken after MessageFormatter::formatMessage() fails
Passing NULL as the pointer to intl_error* will use the global error stack.
This is what
Fixed bug GH-12020: intl_get_error_message() broken after MessageFormatter::formatMessage() fails
Passing NULL as the pointer to intl_error* will use the global error stack.
This is what we need to do instead of pushing it onto the temporary format object that is released.
show more ...
|
| #
a022ec53 |
| 31-Aug-2023 |
Calvin Buckley |
Fix memory leak with failed SQLPrepare
Closes GH-12095
Signed-off-by: George Peter Banyard <girgias@php.net>
|
| #
1cdcbc05 |
| 30-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11972: RecursiveCallbackFilterIterator regression in 8.1.18
When you do an assignment between two zvals (no, not zval*), you copy
all fields. This includes the additional u2 data.
Fix GH-11972: RecursiveCallbackFilterIterator regression in 8.1.18
When you do an assignment between two zvals (no, not zval*), you copy
all fields. This includes the additional u2 data. So that means for
example the Z_NEXT index gets copied, which in some cases can therefore
cause a cycle in zend_hash lookups.
Instead of doing an assignment, we should be doing a ZVAL_COPY (or
ZVAL_COPY_VALUE for non-refcounting cases). This avoids copying u2.
Closes GH-12086.
show more ...
|
| #
bf3fb4e5 |
| 28-Aug-2023 |
Jeremie Courreges-Anglas |
On riscv64 require libatomic if actually needed
clang and newer gcc releases support byte-sized atomic accesses on
riscv64 through inline builtins. In both cases the hard dependency on
On riscv64 require libatomic if actually needed
clang and newer gcc releases support byte-sized atomic accesses on
riscv64 through inline builtins. In both cases the hard dependency on
libatomic added by GH-11321 isn't useful.
Stop using AC_CHECK_LIB() which is too naive to notice that libatomic
isn't needed. Instead, PHP_CHECK_FUNC() will retry the check with -latomic
if required.
Closes GH-11790
show more ...
|
| #
20ac42e1 |
| 19-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix memory leak when setting an invalid DOMDocument encoding
Because the failure path did not release the string, there was a memory
leak.
As the only valid types for this function a
Fix memory leak when setting an invalid DOMDocument encoding
Because the failure path did not release the string, there was a memory
leak.
As the only valid types for this function are IS_NULL and IS_STRING, we
and IS_NULL is always rejected in practice, solve the issue by not using
a function that increments the refcount in the first place.
Closes GH-12002.
show more ...
|
| #
fc8d5c72 |
| 19-Aug-2023 |
David Carlier |
ext/iconv: fix build for netbsd.
NetBSD still adopts the old iconv signature for buffer inputs.
The next release will too so we can assume it will remain that way for
a while.
ext/iconv: fix build for netbsd.
NetBSD still adopts the old iconv signature for buffer inputs.
The next release will too so we can assume it will remain that way for
a while.
Close GH-12001
show more ...
|
| #
f78d1d0d |
| 12-Aug-2023 |
Ilija Tovilo |
Fix segfault in format_default_value due to unexpected enum/object
Evaluating constants at comptime can result in arrays that contain objects. This
is problematic for printing the defaul
Fix segfault in format_default_value due to unexpected enum/object
Evaluating constants at comptime can result in arrays that contain objects. This
is problematic for printing the default value of constant ASTs containing
objects, because we don't actually know what the constructor arguments were.
Avoid this by not propagating array constants.
Fixes GH-11937
Closes GH-11947
show more ...
|
| #
c1103a97 |
| 24-Mar-2023 |
Kamil Tekiela |
Fix implicit/explicit port in mysqlnd
|
| #
6e3f93f2 |
| 15-Aug-2023 |
Patrick Allaert |
PHP-8.1 is now for PHP 8.1.24-dev
|
| #
b71c6b2c |
| 13-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix #81992: SplFixedArray::setSize() causes use-after-free
Upon resizing, the elements are destroyed from lower index to higher
index. When an element refers to an object with a destruct
Fix #81992: SplFixedArray::setSize() causes use-after-free
Upon resizing, the elements are destroyed from lower index to higher
index. When an element refers to an object with a destructor, it can
refer to a lower (i.e. already destroyed) element, causing a uaf.
Set refcounted zvals to NULL after destroying them to avoid a uaf.
Closes GH-11959.
show more ...
|
| #
0d922aa5 |
| 09-Aug-2023 |
Kamil Tekiela |
Fix error checking in mysqlnd
Closes GH-11925
|
| #
4833b848 |
| 09-Aug-2023 |
Derick Rethans |
Fix GH-11416: Crash with DatePeriod when uninitialised objects are passed in
|
| #
d19e4da1 |
| 07-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix segfault when DOMParentNode::prepend() is called when the child disappears
Closes GH-11906.
|
| #
cbfd7376 |
| 04-Aug-2023 |
Athos Ribeiro |
Fix off-by-one bug when truncating tempnam prefix
The tempnam documentation currently states that "Only the first 63
characters of the prefix are used, the rest are ignored". However whe
Fix off-by-one bug when truncating tempnam prefix
The tempnam documentation currently states that "Only the first 63
characters of the prefix are used, the rest are ignored". However when
the prefix is 64 characters-long, the current implementation fails to
strip the last character, diverging from the documented behavior. This
patch fixes the implementation so it matches the documented behavior for
that specific case where the prefix is 64 characters long.
Closes GH-11870
Signed-off-by: George Peter Banyard <girgias@php.net>
show more ...
|
