#
f203edd3 |
| 30-Nov-2023 |
Ilija Tovilo |
Fix leak of call->extra_named_params on internal __call Fixes GH-12835 Closes GH-12836 |
#
50ccea31 |
| 24-Nov-2023 |
Bob Weinand |
Merge branch 'PHP-8.1' into PHP-8.2
|
#
8d2df86b |
| 24-Nov-2023 |
Florian Engelhardt |
Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768) * fix segfault in `ZEND_BIND_STATIC` In case a `ZEND_BIND_STATIC` is being executed, while
Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768) * fix segfault in `ZEND_BIND_STATIC` In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full, the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as the opline might be a dangling pointer. * add missing test * `assert()`ing seems easier than trying to make the compiler to not optimize * moved from function call to INI setting, so we can use this in other places as well * make `assert()` work no NDEBUG builds * document magic number * fix segfault in `ZEND_FUNC_GET_ARGS` In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash, as the opline might be a dangling pointer. --------- Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>
show more ...
|
#
1fdcfa4e |
| 20-Nov-2023 |
Ilija Tovilo |
Fix use-after-free of name in var-var with malicious error handler Fixes oss-fuzz #54325 Closes GH-12732 |
#
ea52706a |
| 20-Nov-2023 |
Ilija Tovilo |
Fix use-after-free of name in var-var with malicious error handler Fixes oss-fuzz #54325 Closes GH-12732 |
#
ab6d564a |
| 05-Sep-2023 |
Dmitry Stogov |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)
|
#
f1f608bf |
| 05-Sep-2023 |
Dmitry Stogov |
Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash) |
#
42619b23 |
| 08-Jun-2023 |
Dmitry Stogov |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: Keep consistent EG(current_execute_data) after return from generator (#11380)
|
#
06d68738 |
| 08-Jun-2023 |
Dmitry Stogov |
Keep consistent EG(current_execute_data) after return from generator (#11380) |
#
e14ac1ca |
| 10-Apr-2023 |
Dmitry Stogov |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
|
#
0c65b396 |
| 10-Apr-2023 |
Dmitry Stogov |
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048) |
#
e223bf20 |
| 10-Mar-2023 |
Kamil Tekiela |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: Fix strlen error message param name
|
#
1be99fae |
| 04-Mar-2023 |
Kamil Tekiela |
Fix strlen error message param name |
#
81f3fcd5 |
| 16-Feb-2023 |
Ilija Tovilo |
Revert "Remove useless UNEXPECTED around RETURN_VALUE_USED in specialized RETVAL handler" This reverts commit 5b801612cb33d238a5dafbe04374dadc6e3a9f35. |
#
efb9181a |
| 16-Feb-2023 |
Ilija Tovilo |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"
|
#
7b68ff46 |
| 16-Feb-2023 |
Ilija Tovilo |
Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv" This reverts commit 71ddede5655fe654002ae18af6a18e033f717287. |
#
972a5a02 |
| 08-Feb-2023 |
Ilija Tovilo |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: Fix GH-10168: heap-buffer-overflow at zval_undefined_cv
|
#
71ddede5 |
| 06-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv The problem is that we're using the variable_ptr in the opcode handler *after* it has already been destroyed. The solution is to c
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv The problem is that we're using the variable_ptr in the opcode handler *after* it has already been destroyed. The solution is to create a specialised version of zend_assign_to_variable which takes in two destination zval pointers. Closes GH-10524
show more ...
|
#
c2e77f9c |
| 20-Jan-2023 |
Arnaud Le Blanc |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: [ci skip] NEWS Fix GH-10248: Assertion `!(zval_get_type(&(*(property))) == 10)' failed.
|
#
66605994 |
| 18-Jan-2023 |
Christoph M. Becker |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: Fix incorrect check condition in ZEND_YIELD
|
#
b5e9bf77 |
| 15-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix incorrect check condition in ZEND_YIELD The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always returned false, because `UNEXPECTED(expression)` always returns 0 or 1. M
Fix incorrect check condition in ZEND_YIELD The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always returned false, because `UNEXPECTED(expression)` always returns 0 or 1. Move the parens so the comparison is executed properly. Closes GH-10332.
show more ...
|
#
9529b891 |
| 23-Dec-2022 |
Derick Rethans |
Merge branch 'PHP-8.1' into PHP-8.2
|
#
233ffccc |
| 12-Dec-2022 |
Derick Rethans |
Fix GH-10072: PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code |
#
05b63b15 |
| 07-Nov-2022 |
Dmitry Stogov |
Don't check "fake" closures (fix assertion) Fixes oss-fuzz #53078 |
#
cfd5fb98 |
| 22-Oct-2022 |
Arnaud Le Blanc |
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: [ci skip] NEWS [ci skip] NEWS Fix compilation warning Fix crash when memory limit is exceeded during generator initiali
Merge branch 'PHP-8.1' into PHP-8.2 * PHP-8.1: [ci skip] NEWS [ci skip] NEWS Fix compilation warning Fix crash when memory limit is exceeded during generator initialization
show more ...
|