Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)

* fix segfault in `ZEND_BIND_STATIC`

In case a `ZEND_BIND_STATIC` is being executed, while

Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)

* fix segfault in `ZEND_BIND_STATIC`

In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full,
the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as
the opline might be a dangling pointer.

* add missing test

* `assert()`ing seems easier than trying to make the compiler to not optimize

* moved from function call to INI setting, so we can use this in other places as well

* make `assert()` work no NDEBUG builds

* document magic number

* fix segfault in `ZEND_FUNC_GET_ARGS`

In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is
full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash,
as the opline might be a dangling pointer.

---------

Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>

show more ...

Fix use-after-free of name in var-var with malicious error handler

Fixes oss-fuzz #54325
Closes GH-12732

Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)

Keep consistent EG(current_execute_data) after return from generator (#11380)

Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)

Fix strlen error message param name

Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"

This reverts commit 71ddede5655fe654002ae18af6a18e033f717287.

Fix GH-10168: heap-buffer-overflow at zval_undefined_cv

The problem is that we're using the variable_ptr in the opcode handler
*after* it has already been destroyed. The solution is to c

Fix GH-10168: heap-buffer-overflow at zval_undefined_cv

The problem is that we're using the variable_ptr in the opcode handler
*after* it has already been destroyed. The solution is to create a
specialised version of zend_assign_to_variable which takes in two
destination zval pointers.

Closes GH-10524

show more ...

Fix incorrect check condition in ZEND_YIELD

The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always
returned false, because `UNEXPECTED(expression)` always returns 0 or 1.
M

Fix incorrect check condition in ZEND_YIELD

The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always
returned false, because `UNEXPECTED(expression)` always returns 0 or 1.
Move the parens so the comparison is executed properly.

Closes GH-10332.

show more ...

Fix GH-10072: PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code

Fix crash when memory limit is exceeded during generator initialization

Fix memory leak

Fixes oss-fuzz #51622

Fix memory leak

Fixes oss-fuzz #51622

Fix GH-9323: crash when the VM enters userspace code via the GC

Closes GH-9323

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
JIT: Fix array clobbering by user error handler

JIT: Fix array clobbering by user error handler

Fixes oss-fuzz #46336

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix memory leak

Fix memory leak

Fixes oss-fuzz #44222

Fix array clobbering by user error handler

Fixes oss-fuzz #42363

Move common code into helper

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Combine ADDREF/DELREF

Combine ADDREF/DELREF

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix array clobering by user error handler

Fix array clobering by user error handler

Fixes oss-fuzz #42234

Separate "cold" code