Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c

libpcre2 can return the special value -1 for a non-match.
In this case we get pointer overflow, although it doesn't matter i

Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c

libpcre2 can return the special value -1 for a non-match.
In this case we get pointer overflow, although it doesn't matter in
practice because the pointer will be in bounds and the copy length will
be 0. Still, we should fix the UBSAN warning.

Closes GH-16205.

show more ...

Fix GH-16189: underflow on preg_match/preg_match_all start_offset.

close GH-16191

Use APPLY_STOP in pcre_clean_cache() (GH-15839)

Once num_clean has reached 0, we never remove any more elements anyway.

Closes GH-15839

Fix UAF issues with PCRE after request shutdown

There are two related issues, each tested.

First problem:
What happens is that on the CLI SAPI we have a per-request pcre cache,

Fix UAF issues with PCRE after request shutdown

There are two related issues, each tested.

First problem:
What happens is that on the CLI SAPI we have a per-request pcre cache,
and on there the request shutdown for the pcre module happens prior to
the remaining live object destruction. So when the SPL object wants to
clean up the regular expression object it gets a use-after-free.

Second problem:
Very similarly, the non-persistent resources are destroyed after request
shutdown, so on the CLI SAPI the pcre request cache is already gone, but
if a userspace stream references a regex in the pcre cache, this breaks.

Two things that come immediately to mind:
- We could fix it by no longer treating the CLI SAPI special and just use
the same lifecycle as the module. This simplifies the pcre module code
a bit too. I wonder why we even have the separation in the first place.
The downside here is that we're using more the system allocator
than Zend's allocator for cache entries.
- We could modify the shutdown code to not remove regular expressions
with a refcount>0 and modify php_pcre_pce_decref code such that it
becomes php_pcre_pce_decref's job to clean up when the refcount
becomes 0 during shutdown. However, this gets nasty quickly.

I chose the first solution here as it should be reliable and simple.

Closes GH-15064.

show more ...

Cache pcre subpattern table (#14424)

Recreating this over and over is pointless, cache this as well.
Fixes GH-14423.

Remove dead check in pcre

This isn't reachable since ab32d36, because since then the library
itself checks this condition during compilation. The compilation failure
that results of

Remove dead check in pcre

This isn't reachable since ab32d36, because since then the library
itself checks this condition during compilation. The compilation failure
that results of it makes this code not reachable.

This is split off of GH-14424.

show more ...

Clean-up unused headers (#14365)

* ext/mbstring.c: clean-up headers and include intrinsics

Sync HAVE_BUNDLED_PCRE #if/ifdef/defined (#14354)

Follow up of GH-5526 (-Wundef)

Fix external pcre2 build (#13662)

PCRE2_EXTRA_CASELESS_RESTRICT is only available as of pcre2 10.43.
Note: no check is necessary for pcre2_set_compile_extra_options because
it is ava

Fix external pcre2 build (#13662)

PCRE2_EXTRA_CASELESS_RESTRICT is only available as of pcre2 10.43.
Note: no check is necessary for pcre2_set_compile_extra_options because
it is available since pcre2 10.30, which is the minimum version PHP
requires.

show more ...

ext/pcre: Add "/r" modifier (#13583)

Adds support for "Caseless restricted" matching added in PCRE2lib
10.43 with the "r" modifier.

This is `PCRE2_EXTRA_CASELESS_RESTRICT` in PC

ext/pcre: Add "/r" modifier (#13583)

Adds support for "Caseless restricted" matching added in PCRE2lib
10.43 with the "r" modifier.

This is `PCRE2_EXTRA_CASELESS_RESTRICT` in PCRE2. This is an "extra"
option, which means it is not possible to pass this option as
pcre2_compile() function parameter.

This option is passed in a pcre2_set_compile_extra_options() call.
Previously, these extra options are set at php_pcre_init_pcre2(),
but after this change, it is possible to customize the options
by adding bits to `eoptions` in pcre_get_compiled_regex_cache_ex().

The tests for this change are ported from upstream test suite[^1].

[^1]: https://github.com/PCRE2Project/pcre2/commit/c13d54f6581#diff-8c8312e4eb2d35bb16485404b7b5cc0eaef0bca1aa95ff5febf6a1890048305c

show more ...

Implement stackless internal function calls

Co-authored-by: Dmitry Stogov <dmitry@zend.com>

Closes GH-12461

Improve preg_* functions warnings for NUL byte (#13068)

* Improve error messages for preg_ functions
* Adjusted tests and fixed formatting
* Removed unnecessary strings from preg_* t

Improve preg_* functions warnings for NUL byte (#13068)

* Improve error messages for preg_ functions
* Adjusted tests and fixed formatting
* Removed unnecessary strings from preg_* tests
* Removed ZPP tests

show more ...

Use a single version of mempcpy(3) (#12257)

While __php_mempcpy is only used by ext/standard/crypt_sha*, the
mempcpy "pattern" is used everywhere.

This commit removes __php_memp

Use a single version of mempcpy(3) (#12257)

While __php_mempcpy is only used by ext/standard/crypt_sha*, the
mempcpy "pattern" is used everywhere.

This commit removes __php_mempcpy, adds zend_mempcpy and transforms
open-coded parts into function calls.

show more ...

Fix pcre out-of-bounds when using closing symbols as opening delimiter (#12946)

Apparently we support using closing symbols )]}> as opening and closing
delimiters.

Fixes oss-fuz

Fix pcre out-of-bounds when using closing symbols as opening delimiter (#12946)

Apparently we support using closing symbols )]}> as opening and closing
delimiters.

Fixes oss-fuzz #65021

show more ...

Minor pcre optimizations (#12923)

* Update signature of pcre API

This changes the variables that are bools to actually be bools instead
of ints, which allows some additional opt

Minor pcre optimizations (#12923)

* Update signature of pcre API

This changes the variables that are bools to actually be bools instead
of ints, which allows some additional optimization by the compiler (e.g.
removing some ternaries and move extensions).

It also gets rid of the use_flags argument because that's just the same
as flags == 0. This reduces the call frame.

* Use zend_string_release_ex where possible

* Remove duplicate symbols from strchr

* Avoid useless value conversions

* Use a raw HashTable* instead of a zval

* Move condition

* Make for loop cheaper by reusing a recently used value as start iteration index

* Remove useless condition

This can't be true if the second condition is true because it would
require the string to occupy the entire address space.

* Upgrading + remark

show more ...

Use ZSTR_IS_VALID_UTF8 macro where possible (#12869)

Refactor some ext/pcre code for performance (#12447)

* Always inline populate_match_value and fix argument type

The call overhead of this function is quite large.

* Use _ne

Refactor some ext/pcre code for performance (#12447)

* Always inline populate_match_value and fix argument type

The call overhead of this function is quite large.

* Use _new variant of zend_hash in some places to avoid additional check

* Move allocation of match_sets down to simplify and reduce code size

* Move pcre2_get_ovector_pointer out of the loop

This is allocated together with the match data and stays loop invariant:
the pointer is always the same (the values not however).

* Mark error condition as cold block

* Simplify condition: subpats is already checked

* Move array size preallocation to use allocate the up-to-date size

* Simplify condition

* Rework internal functions to avoid repeated unwrapping

* Remember Z_ARRVAL_P(return_value)

The lookup is loop invariant.

* Mark some pointers as const

show more ...

pcre: Stop special-casing /e (#12355)

Support for /e was removed in PHP 7.0, remove the custom error message and stop
special casing it to simplify the logic.

Revert "Mangle PCRE regex cache key with JIT option"

This reverts commit 466fc78d2c373eae6acad4bd5a4553c5c0d1d18b.

Mangle PCRE regex cache key with JIT option

Closes GH-11396

Fix preg_replace_callback_array() pattern validation

Closes GH-11301

Fix incorrect zval type_flags in preg_replace_callback_array() for immutable arrays

The ZVAL_ARR macro always set the zval type_info to IS_ARRAY_EX, even if the
hash table is immutable.

Fix incorrect zval type_flags in preg_replace_callback_array() for immutable arrays

The ZVAL_ARR macro always set the zval type_info to IS_ARRAY_EX, even if the
hash table is immutable. Since in preg_replace_callback_array() we can return
the passed array directly, and that passed array can be immutable, we need to
reset the type_flags to keep the VM from performing ref-counting on the array.

Fixes GH-10968
Closes GH-10970

show more ...

Remove pcre_get_compiled_regex_ex() (#10354)

Revert GH-10220

Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>.

This reverts commit ecc880f491d66081298a16634629f149459706a9.
This reverts commit 588a07

Revert GH-10220

Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>.

This reverts commit ecc880f491d66081298a16634629f149459706a9.
This reverts commit 588a07f7371ee2b5fac17de147926780e427fae6.
This reverts commit f377e15751d3aa48b69cd9bcc366ede7803d511f.
This reverts commit b4ba16fe189b109144aff669e11d81365160104b.
This reverts commit 694ec1deea36e366b28b6349a52be49824e1a1a8.
This reverts commit 6b34de8eba9f66882ae16e6073af28783670ac53.
This reverts commit aa1cd02a4367834026ea2205ea13a2f904455aa1.
This reverts commit 308fd311ea6fcf3094b448df7f2b264f08e4fe4f.
This reverts commit 16203b53e1822a37b6ba6f2ab198bb435d05fdad.
This reverts commit 738fb5ca5412f5e833a7fab82b11519e635a3357.
This reverts commit 9fdbefacd3c382d731aa175b7bdc002ec9cb2b30.
This reverts commit cd4a7c1d90562ebb5f89caf94d00d579631b9fbe.
This reverts commit 928685eba2b2f0ded90e7f78fd806ea164002f6e.
This reverts commit 01e5ffc85cd4357fd7b5b7ceefa29f2d10ca26b7.

show more ...

ext/{standard,json,random,...}: add missing includes