Merge branch 'PHP-8.1'

* PHP-8.1:
Fix finally exception chaining on recursion

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix finally exception chaining on recursion

Fix finally exception chaining on recursion

In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should on

Fix finally exception chaining on recursion

In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should only update ex if we update EG(exception).

Fixes oss-fuzz #40464.

show more ...

Drop FREE_OP_VAR_PTR() distinction

FREE_OP_VAR_PTR() is like FREE_OP(), but only frees VAR, rather
than VARs and TMPs. I don't think this distinction makes sense
anymore, as opcodes

Drop FREE_OP_VAR_PTR() distinction

FREE_OP_VAR_PTR() is like FREE_OP(), but only frees VAR, rather
than VARs and TMPs. I don't think this distinction makes sense
anymore, as opcodes using FREE_OP_VAR_PTR() generally only accept
VAR or CV. For the cases where other op types are accepted and
only freeing VAR is desired we already have FREE_OP_IF_VAR().

This drops FREE_OP_VAR_PTR(), leaving only FREE_OP() and
FREE_OP_IF_VAR().

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix inc/dec of undef var with error handler

Fix inc/dec of undef var with error handler

Set the variable to null after emitting the undef var notice
rather than before. This avoids an assertion failure if the var
is unset by t

Fix inc/dec of undef var with error handler

Set the variable to null after emitting the undef var notice
rather than before. This avoids an assertion failure if the var
is unset by the error handler.

The flip side is that this may cause a leak instead, but that's
the more harmless outcome.

Fixes oss-fuzz #36604.

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Don't free FETCH_W operand if GLOBAL_LOCK

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Don't free FETCH_W operand if GLOBAL_LOCK

Don't free FETCH_W operand if GLOBAL_LOCK

The error path performed the free unconditionally, while we should
not do it for GLOBAL_LOCK.

Fixes oss-fuzz #39868.

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix duplicate undef warning in assign_dim_op

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix duplicate undef warning in assign_dim_op

Fix duplicate undef warning in assign_dim_op

In case of auto-vivification we were fetching dim twice and as
such also emitting the undef var warning twice.

Merge branch 'PHP-8.1'

* PHP-8.1:
Create reference wrappers in SEND_UNPACK if necessary

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Create reference wrappers in SEND_UNPACK if necessary

Create reference wrappers in SEND_UNPACK if necessary

Even if we can't actually pass by reference, we still need to
create the REFERENCE wrapper to satisfy the calling convention.
Th

Create reference wrappers in SEND_UNPACK if necessary

Even if we can't actually pass by reference, we still need to
create the REFERENCE wrapper to satisfy the calling convention.
The particular test case would crash with JIT, because the existence
of the reference was assumed.

Fixes oss-fuzz #39440.

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Handle throwing destructor in BIND_STATIC

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Handle throwing destructor in BIND_STATIC

Handle throwing destructor in BIND_STATIC

Fixes oss-fuzz #39406.

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix SEND_USER with ref arg

Merge branch 'PHP-8.0' into PHP-8.1

* PHP-8.0:
Fix SEND_USER with ref arg

Fix SEND_USER with ref arg

Even though the input is not a reference (or not treated as such),
we still need to create a reference to satisfy the function
signature. Various code reli

Fix SEND_USER with ref arg

Even though the input is not a reference (or not treated as such),
we still need to create a reference to satisfy the function
signature. Various code relies on reference arguments actually
being references. In this particular case, it would result in
a JIT crash.

The zend_call_function() implementation already handled this
correctly.

show more ...

Merge branch 'PHP-8.1'

* PHP-8.1:
Fix memory leak in array unpack with refcounted numeric string key

Fix memory leak in array unpack with refcounted numeric string key

Avoid use after free in internal prop type verification

This issue only applies to debug builds: read_property can free
the object, but we'd try to check the object handlers afterwards.

Avoid use after free in internal prop type verification

This issue only applies to debug builds: read_property can free
the object, but we'd try to check the object handlers afterwards.
Rewrite the check in a way that only accessed the object before
the read_property call.

Fixes oss-fuzz #38297.

show more ...

Fixed bug #81377

BP_VAR_UNSET should not result in undefined warnings.