#
12844f96 |
| 25-Sep-2024 |
Ilija Tovilo |
Fix use-after-free of object released in hook Fixes GH-16040 Closes GH-16058
|
#
025ed70c |
| 10-Sep-2024 |
Ilija Tovilo |
Fix ReflectionProperty::isInitialized() for hooked props In zend_std_has_property with ZEND_PROPERTY_EXISTS, we'd just return true when no get hook was present. However, this function is
Fix ReflectionProperty::isInitialized() for hooked props In zend_std_has_property with ZEND_PROPERTY_EXISTS, we'd just return true when no get hook was present. However, this function is supposed to return false for uninitialized properties. PROPERTY_EXISTS is somewhat of a misnomer. Virtual properties continue to always return true, given there's no backing value to check. Fixes GH-15694 Closes GH-15822
show more ...
|
#
5ca4d882 |
| 01-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Remove redundant 'zobj->ce->__isset' check (#15699) This became unnecessary due to the addition of lazy objects that added the goto when '!zobj->ce->__isset' above.
|
#
58aa6fc8 |
| 19-May-2023 |
Arnaud Le Blanc |
Lazy objects RFC: https://wiki.php.net/rfc/lazy-objects Closes GH-15019
|
#
e12188fe |
| 29-Aug-2024 |
Ilija Tovilo |
Fix asymmetric visibility with set hook Fixes GH-15644 Closes GH-15645
|
#
8df557ac |
| 27-Aug-2024 |
Ilija Tovilo |
[RFC] Asymmetric visibility v2 (GH-15063) Co-authored-by: Larry Garfield <larry@garfieldtech.com>
|
#
4a4aae54 |
| 14-Aug-2024 |
Gina Peter Bnayard |
Zend/zend_object_handlers.c: Remove unused include
|
#
46ee0fb3 |
| 09-Aug-2024 |
Ilija Tovilo |
Disallow indirect modification on readonly properties within __clone() (#15012) Indirect modification isn't allowed in __construct() because it allows references to leak, so it doesn't m
Disallow indirect modification on readonly properties within __clone() (#15012) Indirect modification isn't allowed in __construct() because it allows references to leak, so it doesn't make much sense to allow it in __clone().
show more ...
|
#
f4eb81d7 |
| 22-Jul-2024 |
Arnaud Le Blanc |
Followup GH-14996 (#15062)
|
#
82479e89 |
| 22-Jul-2024 |
Ilija Tovilo |
Throw error for recursive comparison, instead of fatal (#14989) I don't understand the rationale of fatal erroring here. It seems this should properly unprotect the compared elements whe
Throw error for recursive comparison, instead of fatal (#14989) I don't understand the rationale of fatal erroring here. It seems this should properly unprotect the compared elements when returning up the stack. Related to GH-14980
show more ...
|
#
1fbb6665 |
| 17-Jul-2024 |
Arnaud Le Blanc |
Use zend_std_build_properties() to access zend_object.properties The zend_object.properties HashTable needs to be built just in time by calling rebuild_object_properties() on the object
Use zend_std_build_properties() to access zend_object.properties The zend_object.properties HashTable needs to be built just in time by calling rebuild_object_properties() on the object before accessing it. Normally this is done automatically in zend_std_get_properties(), but we do it manually in a few places. In this change I introduce an inline variant of zend_std_build_properties(), and refactor these places to use it instead of calling rebuild_object_properties() manually. rebuild_object_properties() renamed as rebuild_object_properties_internal(), to enforce usage of zend_std_get_properties() or zend_std_build_properties_ex(). Closes GH-14996
show more ...
|
#
fdbe910b |
| 16-Jul-2024 |
Ilija Tovilo |
Fix indirect readonly error messages (#14979) $obj->ro[] = 42;, passByRef($obj->ro); and the likes should emit an indirect modification error message. This message already existed but wa
Fix indirect readonly error messages (#14979) $obj->ro[] = 42;, passByRef($obj->ro); and the likes should emit an indirect modification error message. This message already existed but was used inconsistently.
show more ...
|
#
8c312ba7 |
| 16-Jul-2024 |
Ilija Tovilo |
Fix use-after-free in property coercion with __toString() This was only partially fixed in PHP-8.3. Backports and fixes the case for both initialized and uninitialized property writes.
Fix use-after-free in property coercion with __toString() This was only partially fixed in PHP-8.3. Backports and fixes the case for both initialized and uninitialized property writes. Fixes GH-14969 Closes GH-14971
show more ...
|
#
7e022ea0 |
| 16-Jul-2024 |
Ilija Tovilo |
Avoid duplicate code in zend_std_write_property() (#14966)
|
#
913157f7 |
| 15-Jul-2024 |
Ilija Tovilo |
Extract obtaining of fake scope into function (#14960)
|
#
780a8280 |
| 14-Jul-2024 |
Ilija Tovilo |
[RFC] Property hooks (#13455) RFC: https://wiki.php.net/rfc/property-hooks Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
|
#
cdb7677b |
| 04-Jun-2024 |
Gina Peter Banyard |
Fix bug GH-14456: Attempting to initialize class with private constructor calls destructor Closes GH-14469
|
#
c461b600 |
| 24-May-2024 |
Levi Morrison |
refactor: change `zend_is_true` to return `bool` (#14301) Previously this returned `int`. Many functions actually take advantage of the fact this returns exactly 0 or 1. For instance,
refactor: change `zend_is_true` to return `bool` (#14301) Previously this returned `int`. Many functions actually take advantage of the fact this returns exactly 0 or 1. For instance, `main/streams/xp_socket.c` does: sockopts |= STREAM_SOCKOP_IPV6_V6ONLY_ENABLED * zend_is_true(tmpzval); And `Zend/zend_compile.c` does: child = &ast->child[2 - zend_is_true(zend_ast_get_zval(ast->child[0]))]; I changed a few places trivially from `int` to `bool`, but there are still many places such as the object handlers which return `int` that should eventually be `bool`.
show more ...
|
#
f47b7f1c |
| 18-Mar-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Cleanup name handling in magic methods (#13733) The copy was introduced in bc59289b7, and later changed in 57527455eb, to prevent indirect modifications of magic method arguments. Th
Cleanup name handling in magic methods (#13733) The copy was introduced in bc59289b7, and later changed in 57527455eb, to prevent indirect modifications of magic method arguments. This is no longer necessary because we no longer deal with zvals, but with string directly that the VM has retrieved either as a constant, or via zval_try_get_tmp_string().
show more ...
|
#
87edeed3 |
| 13-Jan-2024 |
Michael Voříšek |
Remove UNEXPECTED from typed prop checks Closes GH-13143
|
#
8a392edd |
| 02-Sep-2023 |
George Peter Banyard |
Fix OSS Fuzz #61865: Undef variable in ++/-- for declared property that is unset in error handler Reorder when we assign the property value to NULL which is identical to a3a3964497922bcd
Fix OSS Fuzz #61865: Undef variable in ++/-- for declared property that is unset in error handler Reorder when we assign the property value to NULL which is identical to a3a3964497922bcd74282685218d90acea69c296 Just for the declared property case instead of dynamic. Closes GH-12114
show more ...
|
#
eee1617f |
| 03-Sep-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Tweak behaviour of dynamic properties wrt error handlers With the fix in https://github.com/php/php-src/pull/12114, the behaviour would change for non-dynamic properties. Align the behav
Tweak behaviour of dynamic properties wrt error handlers With the fix in https://github.com/php/php-src/pull/12114, the behaviour would change for non-dynamic properties. Align the behaviour for dynamic properties to be the same. Closes GH-12117.
show more ...
|
#
a3a39644 |
| 27-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix oss-fuzz #61712: assertion failure with error handler during binary op Because the error handler is invoked after the property is updated, the error handler has the opportunity to re
Fix oss-fuzz #61712: assertion failure with error handler during binary op Because the error handler is invoked after the property is updated, the error handler has the opportunity to remove it before the property is returned. Switching the order around fixes this issue. The comments mention that the current ordering prevents overwriting the EG(std_property_info) field in the error handler. EG(std_property_info) no longer exists as it was removed in 7471c217. Back then a global was used to store the returned property info, but as this is no longer the case there is no longer a need to protect against overwriting a global. Closes GH-12062.
show more ...
|
#
53aa53f4 |
| 24-Aug-2023 |
Jakub Zelenka |
Introduce Zend guard recursion protection This PR introduces a new way of recursion protection in JSON, var_dump and friends. It fixes issue in master for __debugInfo and also improves
Introduce Zend guard recursion protection This PR introduces a new way of recursion protection in JSON, var_dump and friends. It fixes issue in master for __debugInfo and also improves perf for jsonSerializable in some cases. More info can be found in GH-10020. Closes GH-11812
show more ...
|
#
efc73f24 |
| 07-Aug-2023 |
Ilija Tovilo |
Revert "Call cast_object handler from get_properties_for" This reverts commit 4182813ebffe0570e3741debd7da543df3517d0d.
|