#
8d2df86b |
| 24-Nov-2023 |
Florian Engelhardt |
Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768) * fix segfault in `ZEND_BIND_STATIC` In case a `ZEND_BIND_STATIC` is being executed, while
Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768) * fix segfault in `ZEND_BIND_STATIC` In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full, the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as the opline might be a dangling pointer. * add missing test * `assert()`ing seems easier than trying to make the compiler to not optimize * moved from function call to INI setting, so we can use this in other places as well * make `assert()` work no NDEBUG builds * document magic number * fix segfault in `ZEND_FUNC_GET_ARGS` In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash, as the opline might be a dangling pointer. --------- Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>
show more ...
|
#
1fdcfa4e |
| 20-Nov-2023 |
Ilija Tovilo |
Fix use-after-free of name in var-var with malicious error handler Fixes oss-fuzz #54325 Closes GH-12732
|
#
f1f608bf |
| 05-Sep-2023 |
Dmitry Stogov |
Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)
|
#
06d68738 |
| 08-Jun-2023 |
Dmitry Stogov |
Keep consistent EG(current_execute_data) after return from generator (#11380)
|
#
0c65b396 |
| 10-Apr-2023 |
Dmitry Stogov |
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
|
#
1be99fae |
| 04-Mar-2023 |
Kamil Tekiela |
Fix strlen error message param name
|
#
7b68ff46 |
| 16-Feb-2023 |
Ilija Tovilo |
Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv" This reverts commit 71ddede5655fe654002ae18af6a18e033f717287.
|
#
71ddede5 |
| 06-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv The problem is that we're using the variable_ptr in the opcode handler *after* it has already been destroyed. The solution is to c
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv The problem is that we're using the variable_ptr in the opcode handler *after* it has already been destroyed. The solution is to create a specialised version of zend_assign_to_variable which takes in two destination zval pointers. Closes GH-10524
show more ...
|
#
b5e9bf77 |
| 15-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix incorrect check condition in ZEND_YIELD The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always returned false, because `UNEXPECTED(expression)` always returns 0 or 1. M
Fix incorrect check condition in ZEND_YIELD The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always returned false, because `UNEXPECTED(expression)` always returns 0 or 1. Move the parens so the comparison is executed properly. Closes GH-10332.
show more ...
|
#
233ffccc |
| 12-Dec-2022 |
Derick Rethans |
Fix GH-10072: PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code
|
#
26c7c82d |
| 21-Oct-2022 |
Arnaud Le Blanc |
Fix crash when memory limit is exceeded during generator initialization
|
#
c083efb7 |
| 26-Sep-2022 |
Dmitry Stogov |
Fix memory leak Fixes oss-fuzz #51622
|
#
8258b773 |
| 26-Sep-2022 |
Dmitry Stogov |
Fix memory leak Fixes oss-fuzz #51622
|
#
ba029fce |
| 19-Aug-2022 |
Tim Starling |
Fix GH-9323: crash when the VM enters userspace code via the GC Closes GH-9323
|
Revision tags: php-8.1.7RC1 |
|
#
4f18dbeb |
| 04-Apr-2022 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: JIT: Fix array clobbering by user error handler
|
#
c489e360 |
| 04-Apr-2022 |
Dmitry Stogov |
JIT: Fix array clobbering by user error handler Fixes oss-fuzz #46336 |
Revision tags: php-8.1.4RC1, php-8.1.3 |
|
#
8e2406c5 |
| 01-Feb-2022 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix memory leak
|
#
a60a9b4a |
| 01-Feb-2022 |
Dmitry Stogov |
Fix memory leak Fixes oss-fuzz #44222 |
Revision tags: php-8.1.2RC1 |
|
#
75b29739 |
| 15-Dec-2021 |
Dmitry Stogov |
Fix array clobbering by user error handler Fixes oss-fuzz #42363 |
#
b16fc350 |
| 14-Dec-2021 |
Dmitry Stogov |
Move common code into helper |
#
1e56b647 |
| 13-Dec-2021 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Combine ADDREF/DELREF
|
#
c787f42c |
| 13-Dec-2021 |
Dmitry Stogov |
Combine ADDREF/DELREF |
#
76075823 |
| 13-Dec-2021 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix array clobering by user error handler
|
#
cbc0b1af |
| 13-Dec-2021 |
Dmitry Stogov |
Fix array clobering by user error handler Fixes oss-fuzz #42234 |
#
08f1d470 |
| 07-Dec-2021 |
Dmitry Stogov |
Separate "cold" code |