#
10f5a06d |
| 12-Sep-2023 |
Max Semenik |
Fix GH-12186: segfault copying/cloning a finalized HashContext Closes GH-12186. Closes GH-12187.
|
#
747335f1 |
| 11-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-12170: Can't use xpath with comments in SimpleXML Closes GH-12177.
|
#
d0b76d7b |
| 14-Sep-2023 |
Ilija Tovilo |
[skip ci] Fix NEWS entry
|
#
c2fb10d2 |
| 13-Sep-2023 |
Ilija Tovilo |
Fix filter_var with callback and explicit REQUIRE_SCALAR For some reason, FILTER_CALLBACK disables the FILTER_REQUIRE_SCALAR flag that is normally set by default. While surprising, this
Fix filter_var with callback and explicit REQUIRE_SCALAR For some reason, FILTER_CALLBACK disables the FILTER_REQUIRE_SCALAR flag that is normally set by default. While surprising, this is not something we can change. However, even specifying FILTER_REQUIRE_SCALAR explicitly does not corrently set this flag. This is because FILTER_CALLBACK zeroes the flags after they have been populated from the parameters. We reverse the checks to make explicitly specifying the flag behave as expected. Closes GH-12203
show more ...
|
#
c1cf0026 |
| 12-Sep-2023 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.25-dev
|
#
107443b3 |
| 09-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix #52751: XPath processing-instruction() function is not supported. Closes GH-12165.
|
#
07a9d2fb |
| 08-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11878: SQLite3 callback functions cause a memory leak with a callable array In this test file, the free_obj handler is called with a refcount of 2, caused by the fact we do a GC_A
Fix GH-11878: SQLite3 callback functions cause a memory leak with a callable array In this test file, the free_obj handler is called with a refcount of 2, caused by the fact we do a GC_ADDREF() to increase its refcount while its refcount is still 1 because the Foo object hasn't been destroyed yet (due to the cycle caused by the sqlite function callback). Solve this by introducing a get_gc handler. Closes GH-11881.
show more ...
|
#
748adf18 |
| 06-Sep-2023 |
Ilija Tovilo |
Fix zend_separate_if_call_and_write for FUNC_ARGs Fixes GH-12102 Closees GH-12140
|
#
5a2b2516 |
| 31-Aug-2023 |
Calvin Buckley |
Fix persistent procedural ODBC connections not getting closed Like oci8, procedural ODBC uses an apply function on the hash list to enumerate persistent connections and close the specifi
Fix persistent procedural ODBC connections not getting closed Like oci8, procedural ODBC uses an apply function on the hash list to enumerate persistent connections and close the specific one. However, this function take zvals, not resources. However, it was getting casted as such, causing it to interpret the pointer incorrectly. This could have caused other issues, but mostly manifested as failing to close the connection even fi it matched. The function now takes a zval and gets the resource from that. In addition, it also removes the cast of the function pointer and moves casting to the function body, to avoid possible confusion like this in refactors again. It also cleans up style and uses constants in the function body. Closes GH-12132 Signed-off-by: George Peter Banyard <girgias@php.net>
show more ...
|
#
da7a66d6 |
| 27-Aug-2023 |
ju1ius |
Prevents double call to internal iterator rewind handler Closes GH-12060 Signed-off-by: George Peter Banyard <girgias@php.net>
|
#
af2110e6 |
| 29-Aug-2023 |
Ilija Tovilo |
Fix freeing of incompletely initialized closures Addref to relevant fields before allocating any memory. Also only set/remove the ZEND_ACC_HEAP_RT_CACHE flag after allocating memory.
Fix freeing of incompletely initialized closures Addref to relevant fields before allocating any memory. Also only set/remove the ZEND_ACC_HEAP_RT_CACHE flag after allocating memory. Fixes GH-12073 Closes GH-12074
show more ...
|
#
a579fa80 |
| 02-Sep-2023 |
George Peter Banyard |
Fixed bug GH-12020: intl_get_error_message() broken after MessageFormatter::formatMessage() fails Passing NULL as the pointer to intl_error* will use the global error stack. This is what
Fixed bug GH-12020: intl_get_error_message() broken after MessageFormatter::formatMessage() fails Passing NULL as the pointer to intl_error* will use the global error stack. This is what we need to do instead of pushing it onto the temporary format object that is released.
show more ...
|
#
a022ec53 |
| 31-Aug-2023 |
Calvin Buckley |
Fix memory leak with failed SQLPrepare Closes GH-12095 Signed-off-by: George Peter Banyard <girgias@php.net>
|
#
1cdcbc05 |
| 30-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11972: RecursiveCallbackFilterIterator regression in 8.1.18 When you do an assignment between two zvals (no, not zval*), you copy all fields. This includes the additional u2 data.
Fix GH-11972: RecursiveCallbackFilterIterator regression in 8.1.18 When you do an assignment between two zvals (no, not zval*), you copy all fields. This includes the additional u2 data. So that means for example the Z_NEXT index gets copied, which in some cases can therefore cause a cycle in zend_hash lookups. Instead of doing an assignment, we should be doing a ZVAL_COPY (or ZVAL_COPY_VALUE for non-refcounting cases). This avoids copying u2. Closes GH-12086.
show more ...
|
#
bf3fb4e5 |
| 28-Aug-2023 |
Jeremie Courreges-Anglas |
On riscv64 require libatomic if actually needed clang and newer gcc releases support byte-sized atomic accesses on riscv64 through inline builtins. In both cases the hard dependency on
On riscv64 require libatomic if actually needed clang and newer gcc releases support byte-sized atomic accesses on riscv64 through inline builtins. In both cases the hard dependency on libatomic added by GH-11321 isn't useful. Stop using AC_CHECK_LIB() which is too naive to notice that libatomic isn't needed. Instead, PHP_CHECK_FUNC() will retry the check with -latomic if required. Closes GH-11790
show more ...
|
#
20ac42e1 |
| 19-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix memory leak when setting an invalid DOMDocument encoding Because the failure path did not release the string, there was a memory leak. As the only valid types for this function a
Fix memory leak when setting an invalid DOMDocument encoding Because the failure path did not release the string, there was a memory leak. As the only valid types for this function are IS_NULL and IS_STRING, we and IS_NULL is always rejected in practice, solve the issue by not using a function that increments the refcount in the first place. Closes GH-12002.
show more ...
|
#
fc8d5c72 |
| 19-Aug-2023 |
David Carlier |
ext/iconv: fix build for netbsd. NetBSD still adopts the old iconv signature for buffer inputs. The next release will too so we can assume it will remain that way for a while.
ext/iconv: fix build for netbsd. NetBSD still adopts the old iconv signature for buffer inputs. The next release will too so we can assume it will remain that way for a while. Close GH-12001
show more ...
|
#
f78d1d0d |
| 12-Aug-2023 |
Ilija Tovilo |
Fix segfault in format_default_value due to unexpected enum/object Evaluating constants at comptime can result in arrays that contain objects. This is problematic for printing the defaul
Fix segfault in format_default_value due to unexpected enum/object Evaluating constants at comptime can result in arrays that contain objects. This is problematic for printing the default value of constant ASTs containing objects, because we don't actually know what the constructor arguments were. Avoid this by not propagating array constants. Fixes GH-11937 Closes GH-11947
show more ...
|
#
c1103a97 |
| 24-Mar-2023 |
Kamil Tekiela |
Fix implicit/explicit port in mysqlnd
|
#
6e3f93f2 |
| 15-Aug-2023 |
Patrick Allaert |
PHP-8.1 is now for PHP 8.1.24-dev
|
#
b71c6b2c |
| 13-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix #81992: SplFixedArray::setSize() causes use-after-free Upon resizing, the elements are destroyed from lower index to higher index. When an element refers to an object with a destruct
Fix #81992: SplFixedArray::setSize() causes use-after-free Upon resizing, the elements are destroyed from lower index to higher index. When an element refers to an object with a destructor, it can refer to a lower (i.e. already destroyed) element, causing a uaf. Set refcounted zvals to NULL after destroying them to avoid a uaf. Closes GH-11959.
show more ...
|
#
0d922aa5 |
| 09-Aug-2023 |
Kamil Tekiela |
Fix error checking in mysqlnd Closes GH-11925
|
#
4833b848 |
| 09-Aug-2023 |
Derick Rethans |
Fix GH-11416: Crash with DatePeriod when uninitialised objects are passed in
|
#
d19e4da1 |
| 07-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix segfault when DOMParentNode::prepend() is called when the child disappears Closes GH-11906.
|
#
cbfd7376 |
| 04-Aug-2023 |
Athos Ribeiro |
Fix off-by-one bug when truncating tempnam prefix The tempnam documentation currently states that "Only the first 63 characters of the prefix are used, the rest are ignored". However whe
Fix off-by-one bug when truncating tempnam prefix The tempnam documentation currently states that "Only the first 63 characters of the prefix are used, the rest are ignored". However when the prefix is 64 characters-long, the current implementation fails to strip the last character, diverging from the documented behavior. This patch fixes the implementation so it matches the documented behavior for that specific case where the prefix is 64 characters long. Closes GH-11870 Signed-off-by: George Peter Banyard <girgias@php.net>
show more ...
|