Fix GH-13836: Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference

If the destination already exists, then the `add` function on the
manifest will

Fix GH-13836: Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference

If the destination already exists, then the `add` function on the
manifest will return NULL, resulting in a NULL entry and therefore a
NULL deref. As `copy()` (not `Phar::copy`) chooses to succeed and
overwrite the destination if it already exists, we should do the same.
Therefore the fix is as simple as changing `add` to `update`.

Closes GH-13840.

show more ...

Fix #77432: Segmentation fault on including phar file

phar_get_pharfp() can return NULL. In this case this is because the
stream gets closed by the include code in the engine. However, t

Fix #77432: Segmentation fault on including phar file

phar_get_pharfp() can return NULL. In this case this is because the
stream gets closed by the include code in the engine. However, the phar
entry is still cached, so when the next include happens the engine tries
to read from a closed (and nullified) stream.
Use the same fix as in phar_open_entry_fp(): take into account that the
phar_get_pharfp() can return NULL and in that case reopen the phar
archive.

Closes GH-13056.

show more ...

Use new ZSTR_INIT_LITERAL macro (#10879)

Replace memcmp() with zend_string functions (#8216)

* ext/oci8: use zend_string_equals()

Eliminate duplicate code.

* main/php_variables: use zend_string_equals_literal()

Replace memcmp() with zend_string functions (#8216)

* ext/oci8: use zend_string_equals()

Eliminate duplicate code.

* main/php_variables: use zend_string_equals_literal()

Eliminate duplicate code.

* Zend/zend_string: add zend_string_equals_cstr()

Allows eliminating duplicate code.

* Zend, ext/{opcache,standard}, main/output: use zend_string_equals_cstr()

Eliminate duplicate code.

* Zend/zend_string: add zend_string_starts_with()

* ext/{opcache,phar,spl,standard}: use zend_string_starts_with()

This adds missing length checks to several callers, e.g. in
cache_script_in_shared_memory(). This is important when the
zend_string is shorter than the string parameter, when memcmp()
happens to check backwards; this can result in an out-of-bounds memory
access.

show more ...

Use more compact representation for packed arrays.

- for packed arrays we store just an array of zvals without keys.
- the elements of packed array are accessible throuf as ht->arPacked[

Use more compact representation for packed arrays.

- for packed arrays we store just an array of zvals without keys.
- the elements of packed array are accessible throuf as ht->arPacked[i]
instead of ht->arData[i]
- in addition to general ZEND_HASH_FOREACH_* macros, we introduced similar
familied for packed (ZEND_HASH_PACKED_FORECH_*) and real hashes
(ZEND_HASH_MAP_FOREACH_*)
- introduced an additional family of macros to access elements of array
(packed or real hashes) ZEND_ARRAY_ELEMET_SIZE, ZEND_ARRAY_ELEMET_EX,
ZEND_ARRAY_ELEMET, ZEND_ARRAY_NEXT_ELEMENT, ZEND_ARRAY_PREV_ELEMENT
- zend_hash_minmax() prototype was changed to compare only values

Because of smaller data set, this patch may show performance improvement
on some apps and benchmarks that use packed arrays. (~1% on PHP-Parser)

TODO:
- sapi/phpdbg needs special support for packed arrays (WATCH_ON_BUCKET).
- zend_hash_sort_ex() may require converting packed arrays to hash.

show more ...

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.p

[RFC] Only unserialize Phar metadata when getMetadata() is called

In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.php.net/rfc/phar_stop_autoloading_metadata

Also, change the signature from `getMetadata()`
to `getMetadata(array $unserialize_options = [])`.
Start throwing earlier if setMetadata() is called and serialization threw.

See https://externals.io/message/110856 and
https://bugs.php.net/bug.php?id=76774

This was refactored to add a phar_metadata_tracker for the following reasons:
- The way to properly copy a zval was previously implicit and undocumented
(e.g. is it a pointer to a raw string or an actual value)
- Avoid unnecessary serialization and unserialization in the most common case
- If a metadata value is serialized once while saving a new/modified phar file,
this allows reusing the same serialized string.
- Have as few ways to copy/clone/lazily parse metadata (etc.) as possible,
so that code changes can be limited to only a few places in the future.
- Performance is hopefully not a concern - copying a string should be faster
than unserializing a value, and metadata should be rare in most cases.

Remove unnecessary skip in a test(Compression's unused)

Add additional assertions about usage of persistent phars

Improve robustness of `Phar*->setMetadata()`

- Add sanity checks for edge cases freeing metadata, when destructors
or serializers modify the phar recursively.
- Typical use cases of php have phar.readonly=1 and would not be affected.

Closes GH-5855

show more ...

Fix expression warnings and break warnings

Close GH-5675.

Fix [-Wundef] warning in PHAR extension

Report errors from stream read and write operations

The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Function

Report errors from stream read and write operations

The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Functions
like fread() and fwrite() will return false in that case.

As a special case, EWOULDBLOCK and EAGAIN on non-blocking streams
should not be regarded as error conditions, and be reported as
successful zero-length reads/writes instead. The handling of EINTR
remains unclear and is internally inconsistent (e.g. some code-paths
will automatically retry on EINTR, while some won't).

I'm landing this now to make sure the stream wrapper ops API changes
make it into 7.4 -- however, if the user-facing changes turn out to
be problematic we have the option of clamping negative returns to
zero in php_stream_read() and php_stream_write() to restore the
old behavior in a relatively non-intrusive manner.

show more ...

Update and fix remaining year ranges (2019)

This patch follows previous license year ranges updates. With new
approach source code files now have simplified headers with license
info

Update and fix remaining year ranges (2019)

This patch follows previous license year ranges updates. With new
approach source code files now have simplified headers with license
information without year ranges.

show more ...

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly

Remove local variables

This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.

A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.

This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.

With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.

Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.

show more ...

Use HT_IS_INITIALIZED() and HT_INVALIDATE() macros instead of hackish HT_FLAGS assumtions.

Uze ZVAL_COPY_DEREF() instead of ZVAL_DEREF() and ZVAL_COPY()

Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence.

Move to unsigned types in phar

Preventing integer overflows in principle, which allows to avoid additional
range checks. The phar format is based on 32-bit lengths, so the storage
si

Move to unsigned types in phar

Preventing integer overflows in principle, which allows to avoid additional
range checks. The phar format is based on 32-bit lengths, so the storage
sizes was kept same.

show more ...

Access HashTable.u.flags through HT_FLAGS() macro.

year++

Turn "php_stream_wrapper"s into constants
Keep non-constant "php_stream_wrapper"s in API functions and callbacks for compatibility.

Move constants into read-only data segment

Refactor php_url struct to save memory dup in common cases

Update copyright headers to 2017

further normalizations, uint vs uint32_t

fix merge mistake

yet one more replacement run

Remove Netware support

If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I can

Remove Netware support

If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I cannot test atm.

show more ...