#
748adf18 |
| 06-Sep-2023 |
Ilija Tovilo |
Fix zend_separate_if_call_and_write for FUNC_ARGs Fixes GH-12102 Closees GH-12140
|
#
dd01c74a |
| 17-Aug-2023 |
Ilija Tovilo |
Remove redundant condition Never refactor code just before pushing
|
#
f78d1d0d |
| 12-Aug-2023 |
Ilija Tovilo |
Fix segfault in format_default_value due to unexpected enum/object Evaluating constants at comptime can result in arrays that contain objects. This is problematic for printing the defaul
Fix segfault in format_default_value due to unexpected enum/object Evaluating constants at comptime can result in arrays that contain objects. This is problematic for printing the default value of constant ASTs containing objects, because we don't actually know what the constructor arguments were. Avoid this by not propagating array constants. Fixes GH-11937 Closes GH-11947
show more ...
|
#
b1b7c61a |
| 12-Jul-2023 |
Ilija Tovilo |
Always memoize assert Closes GH-11686
|
#
84a2e480 |
| 03-Jul-2023 |
Ilija Tovilo |
Fix use-of-uninitialized-value with ??= on assert Normally, PHP evaluates all expressions in offsets (property or array), as well as the right hand side of assignments before actually fe
Fix use-of-uninitialized-value with ??= on assert Normally, PHP evaluates all expressions in offsets (property or array), as well as the right hand side of assignments before actually fetching the offsets. This is well explained in this blog post. https://www.npopov.com/2017/04/14/PHP-7-Virtual-machine.html#writes-and-memory-safety For ??= we have a bit of a problem in that the rhs must only be evaluated if the lhs is null or undefined. Thus, we have to first compile the lhs with BP_VAR_IS, conditionally run the rhs and then re-fetch the lhs with BP_VAR_W to to make sure the offsets are valid if they have been invalidated. However, we don't want to just re-evaluate the entire lhs because it may contain side-effects, as in $array[$x++] ??= 42;. In this case, we don't want to re-evaluate $x++ because it would result in writing to a different offset than was previously tested. The same goes for function calls, like $array[foo()] ??= 42;, where the second call to foo() might result in a different value. PHP behaves correctly in these cases. This is implemented by memoizing sub-expressions in the lhs of ??= and reusing them when compiling the lhs for the second time. This is done for any expression that isn't a variable, i.e. anything that can (potentially) be written to. Unfortunately, this also means that function calls are considered writable due to their return-by-reference semantics, and will thus not be memoized. The expression foo()['bar'] ??= 42; will invoke foo() twice. Even worse, foo(bar()) ??= 42; will call both foo() and bar() twice, but foo(bar() + 1) ??= 42; will only call foo() twice. This is likely not by design, and was just overlooked in the implementation. The RFC does not specify how function calls in the lhs of the coalesce assignment behaves. This should probably be improved in the future. Now, the problem this commit actually fixes is that ??= may memoize expressions inside assert() function calls that may not actually execute. This is not only an issue when using the VAR in the second expression (which would usually also be skipped) but also when freeing the VAR. For this reason, it is not safe to memoize assert() sub-expressions. There are two possible solutions: 1. Don't memoize any sub-expressions of assert(), meaning they will execute twice. 2. Throw a compile error. Option 2 is not quite simple, because we can't disallow all memoization inside assert(), as that would break assertions like assert($array[foo()] ??= 'bar');. Code like this is highly unlikely (and dubious) but possible. In this case, we would need to make sure that a memoized value could not be used across the assert boundary it was created in. The complexity for this is not worthwhile. So we opt for option 1 and disable memoization immediately inside assert(). Fixes GH-11580 Closes GH-11581
show more ...
|
#
dc73b73f |
| 26-Jun-2023 |
Ilija Tovilo |
Fix mis-compilation of by-reference nullsafe operator Fixes oss-fuzz #60011 Closes GH-11540 Co-authored-by: Dmitry Stogov <dmitry@zend.com> Co-authored-by: Niels Dossche <77
Fix mis-compilation of by-reference nullsafe operator Fixes oss-fuzz #60011 Closes GH-11540 Co-authored-by: Dmitry Stogov <dmitry@zend.com> Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
show more ...
|
#
cf9b030a |
| 01-Apr-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-8841: php-cli core dump calling a badly formed function It's actually not php-cli specific, nor SAPI specific. We should delay the registration of the function into the function t
Fix GH-8841: php-cli core dump calling a badly formed function It's actually not php-cli specific, nor SAPI specific. We should delay the registration of the function into the function table until after the compilation was successful, otherwise the function is mistakingly registered and a NULL dereference will happen when trying to call it. I based my test of Nikita's test, so credits to him for the test: https://github.com/php/php-src/pull/8933#issuecomment-1259881008 Closes GH-10989.
show more ...
|
#
b9a5bfc3 |
| 12-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10570: Assertion `(key)->h != 0 && "Hash must be known"' failed. Fixes GH-10570, see GH-10570 for analysis. Closes GH-10572
|
#
d5373eac |
| 02-Sep-2022 |
Ilija Tovilo |
Fix lsp error in eval'd code referring to incorrect class for static type Fixes GH-9407 Closes GH-9471
|
#
2cfb028e |
| 01-Sep-2022 |
Ilija Tovilo |
Fix class name FQN when AST dumping new and class const Fixes GH-9447 Closes GH-9462
|
#
73c2d79f |
| 22-Aug-2022 |
Dmitry Stogov |
Fix memory leaks Fixes oss-fuzz #50078
|
Revision tags: php-8.1.7RC1 |
|
#
9a195054 |
| 20-May-2022 |
Derick Rethans |
Merge branch 'PHP-8.0' into PHP-8.1
|
#
c06e1abb |
| 17-May-2022 |
Derick Rethans |
Emit EXT_STMT for each 'elseif' clause |
Revision tags: php-8.1.4RC1, php-8.1.3, php-8.1.2RC1 |
|
#
7e080183 |
| 09-Dec-2021 |
Dmitry Stogov |
Fix crush after compilation of nullsafe operator introduced in 307e476e86e19135976ba7e686558de68dbb9b29 Now we flush only delayed opcodes realted to this nullsafe operator. Fixes os
Fix crush after compilation of nullsafe operator introduced in 307e476e86e19135976ba7e686558de68dbb9b29 Now we flush only delayed opcodes realted to this nullsafe operator. Fixes oss-fuzz #42152
show more ...
|
#
b991ce9c |
| 05-Dec-2021 |
Ilija Tovilo |
Improve final/abstract methods in interfaces error messages Closes #81683 Closes GH-7722 |
#
dab6226c |
| 04-Dec-2021 |
Ilija Tovilo |
Fix invalid opcode for ??= on $GLOBALS Closes #81684 Closes GH-7717 |
#
307e476e |
| 04-Dec-2021 |
Dmitry Stogov |
Fixed bug #81216 (Nullsafe operator leaks dynamic property name) Fixes oss-fuzz #38542 |
Revision tags: php-8.1.0, php-7.3.33 |
|
#
4df15e82 |
| 11-Nov-2021 |
Nikita Popov |
Allow constant folding bw_not on string This will not actually error. |
#
4bdb2718 |
| 05-Nov-2021 |
Nikita Popov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Don't implement Stringable on traits
|
#
d478ae73 |
| 05-Nov-2021 |
Nikita Popov |
Don't implement Stringable on traits Traits do not support interfaces, so we should not implement Stringable on them. Also check the __toString() return type in the same way oth
Don't implement Stringable on traits Traits do not support interfaces, so we should not implement Stringable on them. Also check the __toString() return type in the same way other magic methods do, otherwise we would now miss the check in the trait case.
show more ...
|
#
55aadc64 |
| 01-Nov-2021 |
Nikita Popov |
Fix self-assign evaluation order for ASSIGN_DIM_OP For $ary[idx] op= $ary we should evaluate the RHS operand first, otherwise we may create a reference-free recursive array. Use the
Fix self-assign evaluation order for ASSIGN_DIM_OP For $ary[idx] op= $ary we should evaluate the RHS operand first, otherwise we may create a reference-free recursive array. Use the same handling we do for the normal $ary[idx] = $ary case. Fixes oss-fuzz #40287.
show more ...
|
Revision tags: php-7.3.32 |
|
#
f555544f |
| 12-Oct-2021 |
Nikita Popov |
Fix incorrect access of AST_UNPACK list_is_keyed() did not take into account that there may be AST_UNPACK elements. These would error lateron anyway, but still produce an invalid acc
Fix incorrect access of AST_UNPACK list_is_keyed() did not take into account that there may be AST_UNPACK elements. These would error lateron anyway, but still produce an invalid access here.
show more ...
|
#
80aaeb96 |
| 05-Oct-2021 |
Dmitry Stogov |
Fixed assign coalesce. "$a[0] ??= $a" should evaluate the right $a first. |
#
69fb20f1 |
| 05-Oct-2021 |
Dmitry Stogov |
Fixed assign coalesce. "$a[0] ??= $a" should evaluate the right $a first. |
#
c8fa4770 |
| 29-Sep-2021 |
Nikita Popov |
Convert exception during delayed autoload to fatal error Same as with other exceptions during inheritance, convert those thrown during delayed class loading into fatal errors. We can't
Convert exception during delayed autoload to fatal error Same as with other exceptions during inheritance, convert those thrown during delayed class loading into fatal errors. We can't properly deal with such exceptions, as inheritance cannot be gracefully aborted at this point. Fixes oss-fuzz #39405.
show more ...
|