Fix GH-10885: Leaking stream_socket_server context

`php_stream_context_set` already increases the refcount.

Closes GH-10886

Fix GH-10755: Memory leak in phar_rename_archive()

In phar_renmae_archive() context, added one reference but immediately
destroyed another, so do not need to increase refcount. With remo

Fix GH-10755: Memory leak in phar_rename_archive()

In phar_renmae_archive() context, added one reference but immediately
destroyed another, so do not need to increase refcount. With removal of
refcount++ line, PHP/Zend no longer reports memory leak.
Updated bug69958.phpt test file accordingly.

Closes GH-10856

show more ...

Fix bug #74129: Incorrect SCRIPT_NAME with apache ProxyPassMatch

This happens when there are spaces are in the path info. The reason is
that Apache decodes the path info part in the SCRI

Fix bug #74129: Incorrect SCRIPT_NAME with apache ProxyPassMatch

This happens when there are spaces are in the path info. The reason is
that Apache decodes the path info part in the SCRIPT_NAME as per CGI
RFC. FPM tries to strip path info from the SCRIPT_NAME but the
comparison is done against SCRIPT_FILENAME which is not decoded. For
that to work we have to decode it before comparison if there is any
encoded character.

Closes GH-10869

show more ...

Fix NUL byte in exception string terminating Exception::__toString()

Fixes GH-10810
Closes GH-10873

Destroy file_handle in fpm_main

If it's not in the CG(open_files) list, we need to destroy the file
handle ourselves.

Co-authored-by: Jakub Zelenka <bukka@php.net>

Clos

Destroy file_handle in fpm_main

If it's not in the CG(open_files) list, we need to destroy the file
handle ourselves.

Co-authored-by: Jakub Zelenka <bukka@php.net>

Closes GH-10707.

show more ...

Fix GH-8789 and GH-10015: Fix ZTS zend signal crashes due to NULL globals

Fixes GH-8789.
Fixes GH-10015.

This is one small part of the underlying bug for GH-10737, as in my

Fix GH-8789 and GH-10015: Fix ZTS zend signal crashes due to NULL globals

Fixes GH-8789.
Fixes GH-10015.

This is one small part of the underlying bug for GH-10737, as in my
attempts to reproduce the issue I constantly hit this crash easily.
(The fix for the other underlying issue for that bug will follow soon.)

It's possible that a signal arrives at a thread that never handled a PHP
request before. This causes the signal globals to dereference a NULL
pointer because the TSRM pointers for the thread aren't set up to point
to the thread resources yet.

PR GH-9766 previously fixed this for master by ignoring the signal if
the thread didn't handle a PHP request yet. While this fixes the crash
bug, I think the solution is suboptimal for 3 reasons:

1) The signal is ignored and a message is printed saying there is a bug.
However, this is not a bug at all. For example in Apache, the signal
set up happens on child process creation, and the thread resource
creation happens lazily when the first request is handled by the
thread. Hence, the fact that the thread resources aren't set up yet
is not actually buggy behaviour.

2) I believe since it was believed to be buggy behaviour, that fix was
only applied to master, so 8.1 & 8.2 keep on crashing.

3) We can do better than ignoring the signal. By just acting in the
same way as if the signals aren't active. This means we need to
take the same path as if the TSRM had already shut down.

Closes GH-10861.

show more ...

ext/psql: pg_meta_data, extended mode, fix typo for pseudo typtype.

Closes GH-10865.

Remove CTE flag from array_diff_ukey(), which was added by mistake

This was accidentally added in GH-7780, but since it takes a callable
argument, this flag is useless on this function.

Remove CTE flag from array_diff_ukey(), which was added by mistake

This was accidentally added in GH-7780, but since it takes a callable
argument, this flag is useless on this function.

Closes GH-10859.

show more ...

Fix missing and inconsistent error check on SQLAllocHandle

* Missing check: SQLAllocHandle() for the environment wasn't checked in
pdo_odbc_handle_factory(). Add a check similar to the

Fix missing and inconsistent error check on SQLAllocHandle

* Missing check: SQLAllocHandle() for the environment wasn't checked in
pdo_odbc_handle_factory(). Add a check similar to the other ones for
SQLAllocHandle().
* Inconsistent check: one of the SQLAllocHandle() calls wasn't checked
for SQL_SUCCESS_WITH_INFO. However, looking at the other uses and the
documentation we should probably check this as well.

Furthermore, since there was a mix of "SQLAllocHandle: reason" and
"SQLAllocHandle (reason)" in the error reporting, I made them
consistently use the first option as that seems to be the most used for
error reporting in this file.

Closes GH-10740.

show more ...

ext/mysqli/pgsql: mysqli_fetch_object/pgsql_fetch_object raises ValueError on constructor args error.

Closes GH-10832.

Fix GH-10611: fpm_env_init_main leaks environ

Closes GH-10618.

Fix GH-10801: Named arguments in CTE functions cause a segfault

Fixes GH-10801

Named arguments are not supported by the constant evaluation routine, in
the sense that they are i

Fix GH-10801: Named arguments in CTE functions cause a segfault

Fixes GH-10801

Named arguments are not supported by the constant evaluation routine, in
the sense that they are ignored. This causes two issues:
- It causes a crash because not all oplines belonging to the call are
removed, which results in SEND_VA{L,R} which should've been removed.
- It causes semantic issues (demonstrated in the test case).

This case never worked anyway, leading to crashes or incorrect behaviour,
so just prevent CTE of calls with named parameters for now.
We can choose to support it later, but introducing support for this in
a stable branch seems too dangerous.

This patch does not change the removal of SEND_* opcodes in remove_call
because the crash bug can't be triggered anymore with this patch as
there are no named parameters anymore and no variadic CTE functions
exist.

Closes GH-10811.

show more ...

feat: enable Zend Max Execution Timers by default in 8.3 (#10778)

Fix GH-10747: Private and protected properties in serialized Date* objects throw

Fix GH-10519: Array Data Address Reference Issue

We need to carry around a reference to the underlying Bucket to be able to modify it by reference.

Closes GH-10749

Signed-o

Fix GH-10519: Array Data Address Reference Issue

We need to carry around a reference to the underlying Bucket to be able to modify it by reference.

Closes GH-10749

Signed-off-by: George Peter Banyard <girgias@php.net>

show more ...

ext/intl: dateformatter settimezone changes on success, returning true like setcalendar.

Closes GH-10790

Re-add some CTE functions that were removed from being CTE by a mistake

These functions were accidentally removed from being CTE in GH-7780.
This patch brings them back.

Closes

Re-add some CTE functions that were removed from being CTE by a mistake

These functions were accidentally removed from being CTE in GH-7780.
This patch brings them back.

Closes GH-10768.

show more ...

Fix GH-8065: opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context

Disable opcache.consistency_checks.

This feature does not work right now and leads to mem

Fix GH-8065: opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context

Disable opcache.consistency_checks.

This feature does not work right now and leads to memory leaks and other
problems. For analysis and discussion see GH-8065. In GH-10624 it was
decided to disable the feature to prevent problems for end users.
If end users which to get some consistency guarantees, they can rely on
opcache.protect_memory.

Closes GH-10798.

show more ...

Fix GH-8646: Memory leak PHP FPM 8.1

Fixes GH-8646
See https://github.com/php/php-src/issues/8646 for thorough discussion.

Interned strings that hold class entries can get a cor

Fix GH-8646: Memory leak PHP FPM 8.1

Fixes GH-8646
See https://github.com/php/php-src/issues/8646 for thorough discussion.

Interned strings that hold class entries can get a corresponding slot in map_ptr for the CE cache.
map_ptr works like a bump allocator: there is a counter which increases to allocate the next slot in the map.

For class name strings in non-opcache we have:
- on startup: permanent + interned
- on request: interned
For class name strings in opcache we have:
- on startup: permanent + interned
- on request: either not interned at all, which we can ignore because they won't get a CE cache entry
or they were already permanent + interned
or we get a new permanent + interned string in the opcache persistence code

Notice that the map_ptr layout always has the permanent strings first, and the request strings after.
In non-opcache, a request string may get a slot in map_ptr, and that interned request string
gets destroyed at the end of the request. The corresponding map_ptr slot can thereafter never be used again.
This causes map_ptr to keep reallocating to larger and larger sizes.

We solve it as follows:
We can check whether we had any interned request strings, which only happens in non-opcache.
If we have any, we reset map_ptr to the last permanent string.
We can't lose any permanent strings because of map_ptr's layout.

Closes GH-10783.

show more ...

Revert "Throw on negative setcookie expiration timestamp"

This reverts commit 82dfd93b9dda35adf79a880906e631104e12ef53.

Fix GH-10709: UAF in recursive AST evaluation

Fixes https://oss-fuzz.com/testcase-detail/6445949468934144
Closes GH-10718

Throw on negative setcookie expiration timestamp

Fixes GH-10765

Add missing error check on PEM_write_bio_PKCS7()

Closes GH-10752.

Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit()

The first one returns NULL on error, and the second one returns 0 on
error. These weren't checked.

Closes GH

Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit()

The first one returns NULL on error, and the second one returns 0 on
error. These weren't checked.

Closes GH-10762.

show more ...

Fix GH-10766: PharData archive created with Phar::Zip format does not keep files metadata (datetime)

Due to an incorrect check, the datetime was never actually set.
To test this we need

Fix GH-10766: PharData archive created with Phar::Zip format does not keep files metadata (datetime)

Due to an incorrect check, the datetime was never actually set.
To test this we need to write the file using phar, but read the file
using a different method to not get a cached, or a value that's been
transformed twice and is therefore accidentally correct.

Closes GH-10769

show more ...