| #
19bba837 |
| 28-Sep-2024 |
Gina Peter Banyard |
ext/ldap: Fix GH-16101 (Segfaults in php_ldap_do_search() when LDAPs is not a list)
Closes GH-16102
|
| #
dce0d976 |
| 25-Sep-2024 |
Jakub Zelenka |
Fix stub for openssl_csr_new
|
| #
706bcdbc |
| 18-Sep-2024 |
Ilija Tovilo |
Fix printing backtrace of fake generator frame
Fixes GH-15851
Closes GH-15952
|
| #
15a0c3a9 |
| 18-Sep-2024 |
Ilija Tovilo |
Fix failed assertion when promoting Serialize deprecation to exception
Fixes GH-15907
Closes GH-15951
|
| #
fcbcf2f2 |
| 26-Sep-2024 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.31-dev
|
| #
d5035a70 |
| 23-Sep-2024 |
Jakub Zelenka |
[skip ci] Fix typo in NEWS
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
| #
8d87bc3e |
| 23-Sep-2024 |
Jakub Zelenka |
Update NEWS with security fixes info
|
| #
87d59d7f |
| 16-Sep-2024 |
Christoph M. Becker |
Fix GH-15905: Assertion failure for TRACK_VARS_SERVER
When the superglobals are eagerly initialized, but "S" is not contained
in `variables_order`, `TRACK_VARS_SERVER` is created as empt
Fix GH-15905: Assertion failure for TRACK_VARS_SERVER
When the superglobals are eagerly initialized, but "S" is not contained
in `variables_order`, `TRACK_VARS_SERVER` is created as empty array
with refcount > 1. Since this hash table may later be modified, a flag
is set which allows such COW violations for assertions. However, when
`register_argc_argv` is on, the so far uninitialized hash table is
updated with `argv`, what causes the hash table to be initialized, what
drops the allow-COW-violations flag. The following update with `argc`
then triggers a refcount violation assertion.
Since we consider `HT_ALLOW_COW_VIOLATION` a hack, we do not want to
keep the flag during hash table initialization, so we initialize the
hash table right away after creation for this code path.
Closes GH-15930.
show more ...
|
| #
f4c45ee3 |
| 25-Sep-2024 |
Gina Peter Banyard |
ext/ldap: Fix GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch())
We check that the "attrib" and "modtype" keys are present in each array.
If not we throw a ValueErro
ext/ldap: Fix GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch())
We check that the "attrib" and "modtype" keys are present in each array.
If not we throw a ValueError, in line with what other validation failure cases do.
Closes GH-16057
show more ...
|
| #
fdd6ba62 |
| 25-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16054: Segmentation fault when resizing hash table iterator list while adding
zend_array_dup_ht_iterators() loops over the hash table iterators and
can call zend_hash_iterator_add
Fix GH-16054: Segmentation fault when resizing hash table iterator list while adding
zend_array_dup_ht_iterators() loops over the hash table iterators and
can call zend_hash_iterator_add(). zend_hash_iterator_add() can resize
the array causing a crash in zend_array_dup_ht_iterators().
We solve this by refetching the iter pointer after an add happened.
Closes GH-16060.
show more ...
|
| #
043b9e1f |
| 25-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c
dom_object_get_node() can fail if we don't have a user object
associated.
Closes GH-16056.
|
| #
81916758 |
| 23-Sep-2024 |
Christoph M. Becker |
Fix GH-15980: Signed integer overflow in main/streams/streams.c
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX`
Fix GH-15980: Signed integer overflow in main/streams/streams.c
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the
largest value of `zend_off_t` on all platforms). Of course, that seek
may fail, but even if it succeeds, the stream is no longer readable,
but that matches the current behavior for offsets near `ZEND_LONG_MAX`.
Closes GH-15989.
show more ...
|
| #
ee95ee72 |
| 22-Sep-2024 |
Christoph M. Becker |
Revert "Fix GH-15980: Signed integer overflow in main/streams/streams.c"
This reverts commit 6a04c79e41bcdb8f8a62270b7d25f82698b9c5f0, since the
new test case apparently fails on 64bit L
Revert "Fix GH-15980: Signed integer overflow in main/streams/streams.c"
This reverts commit 6a04c79e41bcdb8f8a62270b7d25f82698b9c5f0, since the
new test case apparently fails on 64bit Linux, so this needs closer
investigation.
show more ...
|
| #
6a04c79e |
| 22-Sep-2024 |
Christoph M. Becker |
Fix GH-15980: Signed integer overflow in main/streams/streams.c
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX`
Fix GH-15980: Signed integer overflow in main/streams/streams.c
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the
largest value of `zend_off_t` on all platforms). Of course, after such
a seek a stream is no longer readable, but that matches the current
behavior for offsets near `ZEND_LONG_MAX`.
Closes GH-15989.
show more ...
|
| #
5bcbe8a3 |
| 21-Sep-2024 |
Christoph M. Becker |
Fix minimal Windows version
As of PHP 8.3.0, Windows 8/Server 2012 are the minimum requirement.
However, PR #9104 only updated `_WIN32_WINNT`, but not `WINVER`[1],
`NTDDI_VERSION`[2]
Fix minimal Windows version
As of PHP 8.3.0, Windows 8/Server 2012 are the minimum requirement.
However, PR #9104 only updated `_WIN32_WINNT`, but not `WINVER`[1],
`NTDDI_VERSION`[2] nor the manifest[3].
[1] <https://learn.microsoft.com/en-us/windows/win32/winprog/using-the-windows-headers>
[2] <https://learn.microsoft.com/en-us/windows/win32/winprog/using-the-windows-headers>
[3] <https://learn.microsoft.com/en-us/windows/win32/sbscs/application-manifests>
Closes GH-15975.
show more ...
|
| #
f303840a |
| 22-Sep-2024 |
Christoph M. Becker |
Prevent closing of unrelated handles
If our `shmget()` fails for certain reasons, the segment handle is
closed. However, the handle might be reused by Windows, and as such we
must n
Prevent closing of unrelated handles
If our `shmget()` fails for certain reasons, the segment handle is
closed. However, the handle might be reused by Windows, and as such we
must not close it again when shutting down the TSRM.
Closes GH-15984.
show more ...
|
| #
018c0b3d |
| 16-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15908 and GH-15026: leak / assertion failure in streams.c
This was first reported as a leak in GH-15026, but was mistakingly
believed to be a false positive. Then an assertion was
Fix GH-15908 and GH-15026: leak / assertion failure in streams.c
This was first reported as a leak in GH-15026, but was mistakingly
believed to be a false positive. Then an assertion was added and it got
triggered in GH-15908. This fixes the leak. Upon merging into master the
assertion should be removed as well.
Closes GH-15924.
show more ...
|
| #
9774cedb |
| 18-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15918: Assertion failure in ext/spl/spl_fixedarray.c
SplFixedArray should've never get supported in ArrayObject because it's
overloaded, and so that breaks assumptions. This regre
Fix GH-15918: Assertion failure in ext/spl/spl_fixedarray.c
SplFixedArray should've never get supported in ArrayObject because it's
overloaded, and so that breaks assumptions. This regressed in c4ecd82f.
Closes GH-15947.
show more ...
|
| #
422aa17b |
| 18-Sep-2024 |
Christoph M. Becker |
Fix GH-15901: phpdbg: Assertion failure on `i funcs`
New hash tables are not automatically packed, so we must not treat them
as such. Therefore we guard the foreach appropriately.
Fix GH-15901: phpdbg: Assertion failure on `i funcs`
New hash tables are not automatically packed, so we must not treat them
as such. Therefore we guard the foreach appropriately.
Closes GH-15929.
show more ...
|
| #
25289dd0 |
| 08-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15711: SoapClient can't convert BackedEnum to scalar value
Allow SoapClient to use the backing value during response serialization.
Closes GH-15803.
|
| #
ac8db365 |
| 13-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15868: Assertion failure in xml_parse_into_struct after exception
Upon unwinding from an exception, the parser state is not stable, we
should not continue updating the values if a
Fix GH-15868: Assertion failure in xml_parse_into_struct after exception
Upon unwinding from an exception, the parser state is not stable, we
should not continue updating the values if an exception was thrown.
Closes GH-15879.
show more ...
|
| #
503d9145 |
| 02-Sep-2024 |
David Carlier |
Fix GH-15712: overflow on float print with precision ini large value.
When allocating enough room for floats, the allocator used overflows with
large ndigits/EG(precision) value which us
Fix GH-15712: overflow on float print with precision ini large value.
When allocating enough room for floats, the allocator used overflows with
large ndigits/EG(precision) value which used an signed integer to
increase the size of thebuffer.
Testing with the zend operator directly is enough to trigger
the issue rather than higher level math interface.
close GH-15715
show more ...
|
| #
791a6ef1 |
| 28-Aug-2024 |
David Carlier |
Fix GH-15613: unpack on format hex strings repeater value.
close GH-15615
|
| #
b5834c12 |
| 11-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15837: Segmentation fault in ext/simplexml/simplexml.c
We should check if the iterator data is still valid, because if it
isn't, then the type info is UNDEF, but the pointer value
Fix GH-15837: Segmentation fault in ext/simplexml/simplexml.c
We should check if the iterator data is still valid, because if it
isn't, then the type info is UNDEF, but the pointer value may be
dangling.
Closes GH-15841.
show more ...
|
| #
8a8859bc |
| 11-Sep-2024 |
Derick Rethans |
Fixed regression: Using more than one sign is now OK again when using modify()
|
