Fix leak of call->extra_named_params on internal __call

Fixes GH-12835
Closes GH-12836

Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)

* fix segfault in `ZEND_BIND_STATIC`

In case a `ZEND_BIND_STATIC` is being executed, while

Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)

* fix segfault in `ZEND_BIND_STATIC`

In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full,
the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as
the opline might be a dangling pointer.

* add missing test

* `assert()`ing seems easier than trying to make the compiler to not optimize

* moved from function call to INI setting, so we can use this in other places as well

* make `assert()` work no NDEBUG builds

* document magic number

* fix segfault in `ZEND_FUNC_GET_ARGS`

In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is
full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash,
as the opline might be a dangling pointer.

---------

Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>

show more ...

Fix use-after-free of name in var-var with malicious error handler

Fixes oss-fuzz #54325
Closes GH-12732

Fix inference of COPY_TMP

Since GH-11592 COPY_TMP may receive and thus define references. Unfortunately,
the name COPY_TMP is no longer accurate.

Closes GH-12619

Fix OP1 leak in error path of post inc/dec

Fixes oss-fuzz #63802
Closes GH-12599

Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)

Assert ptr_ptr value of TMP|CONST isn't used (#11865)

We require valid code for compilation to succeed, but these paths should always
be guarded by OPx_TYPE checks and never execute. Add

Assert ptr_ptr value of TMP|CONST isn't used (#11865)

We require valid code for compilation to succeed, but these paths should always
be guarded by OPx_TYPE checks and never execute. Add an assertion to verify.

show more ...

Add typed specialization for ZEND_COUNT (#11825)

Zend: Fix memory leak in ++/-- when overloading fetch access

Closes GH-11859

Fix OSS Fuzz #60734: use-after-free visible in ASAN build

Deprecate calling get_class() and get_parent_class() without arguments

Revert "Remove name field from the zend_constant struct (#10954)"

This reverts commit f42992f580343931434dff2e4b2042ff945b48a1.

Closes GH-11604

[RFC] Path to Saner Increment/Decrement operators (#10358)

* Add behavioural tests for incdec operators

* Add support to ++/-- for objects castable to _IS_NUMBER

* Add str_

[RFC] Path to Saner Increment/Decrement operators (#10358)

* Add behavioural tests for incdec operators

* Add support to ++/-- for objects castable to _IS_NUMBER

* Add str_increment() function

* Add str_decrement() function

RFC: https://wiki.php.net/rfc/saner-inc-dec-operators

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
Co-authored-by: Arnaud Le Blanc <arnaud.lb@gmail.com>

show more ...

Add support for deprecating class constants

Revert "Revert "Remove name field from the zend_constant struct (#10954)""

This reverts commit 9f4bd3040d2809f209d73f696b21302f311665b7.

Revert "Remove name field from the zend_constant struct (#10954)"

This reverts commit f42992f580343931434dff2e4b2042ff945b48a1.

Fix GH-11423

Keep consistent EG(current_execute_data) after return from generator (#11380)

Use common function for TypeError on illegal offset access (#10544)

This merges all usages of emitting an offset TypeError into a new ZEND_API function
zend_illegal_container_offset(cons

Use common function for TypeError on illegal offset access (#10544)

This merges all usages of emitting an offset TypeError into a new ZEND_API function
zend_illegal_container_offset(const zend_string* container, const zval *offset, int type);

Where the container should represent the type on which the access is attempted (e.g. string, array)
The offset zval that is used, where the error message will display its type
The type of access, which should be a BP_VAR_* constant, to get special message for isset/empty/unset

show more ...

Allow arbitrary expressions in static variable initializer

Closes GH-9301

Typed class constants (#10444)

RFC: https://wiki.php.net/rfc/typed_class_constants

Co-Authored-By: Ben <7127204+moliata@users.noreply.github.com>
Co-Authored-By: Bob Weinand <31

Typed class constants (#10444)

RFC: https://wiki.php.net/rfc/typed_class_constants

Co-Authored-By: Ben <7127204+moliata@users.noreply.github.com>
Co-Authored-By: Bob Weinand <3154871+bwoebi@users.noreply.github.com>
Co-Authored-By: Ilija Tovilo <ilija.tovilo@me.com>

show more ...

Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)

Fix GH-11016: Heap buffer overflow in ZEND_ADD_ARRAY_UNPACK_SPEC_HANDLER (#11021)

Not enough space was reserved for the packed resulting array because of
some confusion in the meaning of

Fix GH-11016: Heap buffer overflow in ZEND_ADD_ARRAY_UNPACK_SPEC_HANDLER (#11021)

Not enough space was reserved for the packed resulting array because of
some confusion in the meaning of nr of used slots vs nr of elements.

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>

show more ...

Add GC_DTOR/GC_DTOR_NO_REF macros

Delay destructor for zend_std_write_property

Delay freeing of overwritten values in assignments

Fixes GH-10168