Unary minus const expression consistency

- of 0.0 should result in -0.0

Closes GH-10978

[skip ci] Fix PHP 8.2.5 release date in NEWS

Handle indirect zvals and use up-to-date properties in SplFixedArray::__serialize

Closes GH-10925.

[ci skip] NEWS

Fix bug #80602: Segfault when using DOMChildNode::before()

This furthermore fixes the logic error explained in
https://github.com/php/php-src/pull/8729#issuecomment-1161737132

C

Fix bug #80602: Segfault when using DOMChildNode::before()

This furthermore fixes the logic error explained in
https://github.com/php/php-src/pull/8729#issuecomment-1161737132

Closes GH-10682.

show more ...

Fix GH-10406: feof() behavior change for UNIX based socket resources

This change restores the old behaviour for the server socket streams
that don't support IO. This is now stored in the

Fix GH-10406: feof() behavior change for UNIX based socket resources

This change restores the old behaviour for the server socket streams
that don't support IO. This is now stored in the stream flags so it can
be later used to do some other decisions and possibly introduce some
better error reporting.

Closes GH-10877

show more ...

Fix undefined behaviour in unpack()

atoi()'s return value is actually undefined when an underflow or
overflow occurs. For example on 32-bit on my system the overflow test
which input

Fix undefined behaviour in unpack()

atoi()'s return value is actually undefined when an underflow or
overflow occurs. For example on 32-bit on my system the overflow test
which inputs "h2147483648" results in repetitions==2147483647 and on
64-bit this gives repetitions==-2147483648. The reason the test works on
32-bit is because there's a second undefined behaviour problem:
in case 'h' when repetitions==2147483647, we add 1 and divide by 2.
This is signed-wrap undefined behaviour and accidentally triggers the
overflow check like we wanted to.

Avoid all this trouble and use strtol with explicit error checking.

This also fixes a semantic bug where repetitions==INT_MAX would result
in the overflow check to trigger, even though there is no overflow.

Closes GH-10943.

show more ...

ext/intl IntlChar::enumCharNames changes the signature to void.

Close GH-10904

ext/imap/config.m4: -Werror=implicit-function-declaration compatibility.

The recent clang-16 throws errors for implicitly defined functions by
default. In many ./configure tests, an unde

ext/imap/config.m4: -Werror=implicit-function-declaration compatibility.

The recent clang-16 throws errors for implicitly defined functions by
default. In many ./configure tests, an undefined function (which is
"implicitly defined" when you try to call it) is undefined because it
really does not exist. But in one case, utf8_to_mutf7() is undefined
because we forgot to include the header that defines it.

This commit updates the test for utf8_to_mutf7:

* We now include the header (c-client.h) that defines it.
* A "checking... yes/no" message was added to the test.
* The test was switched from PHP_IMAP_TEST_BUILD to AC_COMPILE_IFELSE.
This was the easiest way to avoid a return-type mismatch that runs
afoul of -Werror=implicit-int.
* CPPFLAGS is temporarily amended with the -I flag needed to find
c-client.h.

Fixes GH-10947.

Closes GH-10948

Signed-off-by: George Peter Banyard <girgias@php.net>

show more ...

ext/intl: breakiterator::setText returns false on failure.

Close GH-10820

ext/posix: proposing posix_eaccess. unlike access, it is not standard but available in enough platforms ; on linux it's euidaccess in reality eaccess being 'just' an alias. key difference is eaccess

ext/posix: proposing posix_eaccess. unlike access, it is not standard but available in enough platforms ; on linux it's euidaccess in reality eaccess being 'just' an alias. key difference is eaccess checks the effective user id instead.

Close GH-10917

show more ...

Reset EG(trampoline).op_array.last_var that FFI may modify

Closes GH-10916

Revert "Handle indirect zvals in SplFixedArray::__serialize"

This reverts commit e6989382296250b1983422c0b8730cd773f26ea7.

Handle indirect zvals in SplFixedArray::__serialize

Closes GH-10925.

Fix GH-10908: Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland

The alignment of sqldata is in most cases only the basic alignment,
so the code type-puns it to a

Fix GH-10908: Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland

The alignment of sqldata is in most cases only the basic alignment,
so the code type-puns it to a larger type, it *can* crash due to the
misaligned access. This is only an issue for types > 4 bytes because
every sensible system requires an alignment of at least 4 bytes for
allocated data.

Even though this patch uses memcpy, the compiler is smart enough to
optimise it to something more efficient, especially on x86.
This is just the usual approach to solve these alignment problems.

Actually, unaligned memory access is undefined behaviour, so even on x86
platforms, where the bug doesn't cause a crash, this can be problematic.
Furthermore, even though the issue talks about a 64-bit kernel and
32-bit userspace, this doesn't necessarily need to be the case to
trigger this crash.

Test was Co-authored-by: rvk01

Closes GH-10920.

show more ...

Improve the warning message for unpack() in case not enough values were provided (#10949)

Disallow parent dir components (..) in open_basedir() at runtime

Fix GH-10469
Closes GH-10913

Fix buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure

Fixes oss-fuzz #57392
Closes GH-10923

[skip ci] Add NEWS entry

Update NEWS and UPGRADING to reflect changes in 0ce755be26

Fix GH-10907: Unable to serialize processed SplFixedArrays in PHP 8.2.4

The properties table can also contain numeric entries after a rebuild of
the table based on the array. Since the a

Fix GH-10907: Unable to serialize processed SplFixedArrays in PHP 8.2.4

The properties table can also contain numeric entries after a rebuild of
the table based on the array. Since the array can only contain numeric
entries, and the properties table can contain a mix of both, we'll add
the numeric entries from the array and only the string entries from the
properties table. To implement this we simply check if the key from the
properties table is a string.

Closes GH-10921.

show more ...

Fix GH-8979: Possible Memory Leak with SSL-enabled MySQL connections

The stream context inside `mysqlnd_vio::enable_ssl()` is leaking.
In particular: when `php_stream_context_set()` get

Fix GH-8979: Possible Memory Leak with SSL-enabled MySQL connections

The stream context inside `mysqlnd_vio::enable_ssl()` is leaking.
In particular: when `php_stream_context_set()` get called the refcount
of `context` is increased by 1, which means that `context` will now
have a refcount of 2. Later on we remove the context from the stream
by calling `php_stream_context_set(stream, NULL)` but that leaves our
`context` with a refcount of 1, and therefore it's never destroyed.
In my test case this yielded a leak of 1456 bytes per connection
(but could be more depending on your settings ofc).

Annoyingly, Valgrind doesn't find it because the context is still
in the `EG(regular_list)` and will thus be destroyed at the end of
the request. However, I still think this bug needs to be fixed because
as the users in the issue report already mentioned:
there can be long-running PHP scripts.

Fix it by decreasing the refcount to transfer the ownership.

Closes GH-10909.

show more ...

Fix GH-10583: DateTime modify with tz pattern should not update linked timezone

Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB

The char arrays were too small for a long on 64-bit systems, which
resulted in cutting off the string at the end with a

Fix GH-10521: ftp_get/ftp_nb_get resumepos offset is maximum 10GB

The char arrays were too small for a long on 64-bit systems, which
resulted in cutting off the string at the end with a NUL byte. Use a
size of MAX_LENGTH_OF_LONG to fix this issue instead of a fixed size
of 11 chars.

Closes GH-10525.

show more ...

Fix GH-10052: Browscap crashes PHP 8.1.12 on request shutdown (apache2)

get_browser() implements a lazy parse system for the browscap
INI configuration. There are two possible moments wh

Fix GH-10052: Browscap crashes PHP 8.1.12 on request shutdown (apache2)

get_browser() implements a lazy parse system for the browscap
INI configuration. There are two possible moments when a browscap
configuration can be loaded: during module startup or during request.
In case of module startup, the strings are persistent strings, while for
the request they are not.

The INI parser must therefore know whether to create persistent or
non-persistent strings. It does this by looking at
CG(ini_parser_unbuffered_errors). If that value is 1 it's persistent,
otherwise non-persistent. Note that this also controls how the errors
are reported: if it's 1 then the errors are sent to stderr, otherwise we
get E_WARNINGs.

Currently, a hardcoded value of 1 is always used for that CG value in
browscap_read_file(). This means we'll always create persistent strings
*and* we'll not report parse errors correctly as E_WARNINGs.
We fix both the crash and the lack of warnings by passing the value of
persistent instead of a hardcoded 1.

This is also in line with how other INI parsing code is called in
ext/standard: they also make sure that during request a value of 0 is
passed.

Closes GH-10883.

show more ...