Merge remote-tracking branch 'upstream/PHP-8.1'

Merge remote-tracking branch 'upstream/PHP-8.0' into PHP-8.1

Remove ZEND_DVAL_TO_LVAL_CAST_OK (#9215)

* Remove ZEND_DVAL_TO_LVAL_CAST_OK
As far as I can see, this operation should always use the _slow method, and the results seem to be wrong when

Remove ZEND_DVAL_TO_LVAL_CAST_OK (#9215)

* Remove ZEND_DVAL_TO_LVAL_CAST_OK
As far as I can see, this operation should always use the _slow method, and the results seem to be wrong when ZEND_DVAL_TO_LVAL_CAST_OK is enabled.

* update NEWS

show more ...

Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)

Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()

zend_atol() and zend_atoi() don't just do number p

Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)

Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()

zend_atol() and zend_atoi() don't just do number parsing.
They also check for a 'K', 'M', or 'G' at the end of the string,
and multiply the parsed value out accordingly.

Unfortunately, they ignore any other non-numerics between the
numeric component and the last character in the string.
This means that numbers such as the following are both valid
and non-intuitive in their final output.

* "123KMG" is interpreted as "123G" -> 132070244352
* "123G " is interpreted as "123 " -> 123
* "123GB" is interpreted as "123B" -> 123
* "123 I like tacos." is also interpreted as "123." -> 123

Currently, in php-src these functions are used only for parsing ini values.

In this change we deprecate zend_atol(), zend_atoi(), and introduce a new
function with the same behavior, but with the ability to report invalid inputs
to the caller. The function's name also makes the behavior less unexpected:
zend_ini_parse_quantity().

Co-authored-by: Sara Golemon <pollita@php.net>

show more ...

Add ZEND_THREEWAY_COMPARE() macro to fix casting underflowed unsigned to signed (#8220)

Casting a huge unsigned value to signed is implementation-defined
behavior in C. By introducing t

Add ZEND_THREEWAY_COMPARE() macro to fix casting underflowed unsigned to signed (#8220)

Casting a huge unsigned value to signed is implementation-defined
behavior in C. By introducing the ZEND_THREEWAY_COMPARE() macro, we
can sidestep this integer overflow/underflow/casting problem.

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix typo (wrong string length)

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix typo (wrong string length)

Fix typo (wrong string length)

Fixes oss-fuzz #44110

Make strtolower() and strtoupper() do ASCII case conversion (#7506)

Implement RFC https://wiki.php.net/rfc/strtolower-ascii

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default

Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default

Unfortunately, libedit is locale based and does not accept UTF-8
input when the C locale is used. This patch switches the defaul

Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default

Unfortunately, libedit is locale based and does not accept UTF-8
input when the C locale is used. This patch switches the default
locale to C.UTF-8 instead (if it is available). This makes libedit
work and I believe it shouldn't affect behavior of single-byte
locale-dependent functions that PHP otherwise uses.

Closes GH-7635.

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Remove unnecessary assertion

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Remove unnecessary assertion

Remove unnecessary assertion

zend_class_implements_interface works fine if the "class" is an
interface, so simply drop this assertion. This avoids the need to
special case this situa

Remove unnecessary assertion

zend_class_implements_interface works fine if the "class" is an
interface, so simply drop this assertion. This avoids the need to
special case this situation.

show more ...

Add upper case functions to zend_operators.c and use them (#7521)

Add a family of upper case conversion functions to zend_operators.c,
by analogy with the lower case functions.

Add upper case functions to zend_operators.c and use them (#7521)

Add a family of upper case conversion functions to zend_operators.c,
by analogy with the lower case functions.

Move the single-character conversion macros to the header so that they
can be used as a locale-independent replacement for tolower() and
toupper().

Factor out the ugly bits of the SSE2 case conversion so that the four
functions that use it are easy to read and processor-independent.

Use the new ASCII upper case functions in ext/xml, ext/pdo_dblib and as
an optimization for strtoupper() when the locale is "C".

show more ...

Remove zend_binary_zval_strcasecmp() APIs

These are thin wrappers ... around the wrong functions. They call
the "_l()" version of the underlying APIs. For clarify, just call
the wrap

Remove zend_binary_zval_strcasecmp() APIs

These are thin wrappers ... around the wrong functions. They call
the "_l()" version of the underlying APIs. For clarify, just call
the wrapped API directly.

show more ...

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() prov

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() provides some more fine control over
the precision, and whether a zero fraction should be appeneded
for whole numbers.

A caveat here is that raw calls to zend_gcvt and going through
s*printf has slightly different behavior for the degenarate
precision=0 case. zend_gcvt will add a dummy E+0 in that case,
while s*printf convert this to precision=1 and will not. I'm
going with the s*printf behavior here, which is more common,
but does result in a minor change to the precision.phpt test.

show more ...

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix #74960: Heap buffer overflow via str_repeat

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fix #74960: Heap buffer overflow via str_repeat

Fix #74960: Heap buffer overflow via str_repeat

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow, so callers may need to

Fix #74960: Heap buffer overflow via str_repeat

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow, so callers may need to
check that explicitly. To make that easy in a portable way, we
introduce `ZSTR_MAX_LEN`.

Closes GH-7294.

show more ...

Restore zend_atoi()

I dropped this in preparation for changes that I didn't end up
doing. Restore the function for now to avoid unnecessary churn for
extensions.

Use unsigned arithmetic in zend_atol

To avoid UB on overflow. I'm not really sure what the correct
overflow behavior here would be.

Remove zend_atoi() (#7232)

It's the same as (int) zend_atol() -- it doesn't try to do anything
integer size specific. Canonicalize to one function in preparation
for renaming zend_at

Remove zend_atoi() (#7232)

It's the same as (int) zend_atol() -- it doesn't try to do anything
integer size specific. Canonicalize to one function in preparation
for renaming zend_atol() to something less misleading.

FFI test is adjusted to use a zend_test function. It just calls
zend_atol() internally, but could really be anything.

Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>

show more ...

Merge branch 'PHP-8.0'

* PHP-8.0:
Fix use after free on compound division by zero

Fix use after free on compound division by zero

We can't destroy the result operand early, because the division
might fail, in which case we need to preserve the original value.
Plac

Fix use after free on compound division by zero

We can't destroy the result operand early, because the division
might fail, in which case we need to preserve the original value.
Place the division result in a temporary zval, and only copy it
on success.

Fixes oss-fuzz #35876.

show more ...