| #
5ca72eca |
| 03-Apr-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Remove broken check in var_unserializer (#13852)
`end = *p+maxlen`, and pointer overflow is UB, so that means that a check
of the form `end < *p` will always be false because it can only
Remove broken check in var_unserializer (#13852)
`end = *p+maxlen`, and pointer overflow is UB, so that means that a check
of the form `end < *p` will always be false because it can only be true
on pointer overflow. In particular, the compiler simplifies this to
`maxlen < 0` which is always false because maxlen is unsigned.
show more ...
|
| #
413844d6 |
| 18-Feb-2023 |
Max Kellermann |
Zend/zend_types.h: deprecate zend_bool, zend_intptr_t, zend_uintptr_t (#10597)
These types are standard C99.
For compatibility with out-of-tree extensions, keep the typedefs
in
Zend/zend_types.h: deprecate zend_bool, zend_intptr_t, zend_uintptr_t (#10597)
These types are standard C99.
For compatibility with out-of-tree extensions, keep the typedefs
in main/php.h.
show more ...
|
| #
c8955c07 |
| 16-Jan-2023 |
Christoph M. Becker |
Revert GH-10220
Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>.
This reverts commit ecc880f491d66081298a16634629f149459706a9.
This reverts commit 588a07
Revert GH-10220
Cf. <https://github.com/php/php-src/pull/10220#issuecomment-1383739816>.
This reverts commit ecc880f491d66081298a16634629f149459706a9.
This reverts commit 588a07f7371ee2b5fac17de147926780e427fae6.
This reverts commit f377e15751d3aa48b69cd9bcc366ede7803d511f.
This reverts commit b4ba16fe189b109144aff669e11d81365160104b.
This reverts commit 694ec1deea36e366b28b6349a52be49824e1a1a8.
This reverts commit 6b34de8eba9f66882ae16e6073af28783670ac53.
This reverts commit aa1cd02a4367834026ea2205ea13a2f904455aa1.
This reverts commit 308fd311ea6fcf3094b448df7f2b264f08e4fe4f.
This reverts commit 16203b53e1822a37b6ba6f2ab198bb435d05fdad.
This reverts commit 738fb5ca5412f5e833a7fab82b11519e635a3357.
This reverts commit 9fdbefacd3c382d731aa175b7bdc002ec9cb2b30.
This reverts commit cd4a7c1d90562ebb5f89caf94d00d579631b9fbe.
This reverts commit 928685eba2b2f0ded90e7f78fd806ea164002f6e.
This reverts commit 01e5ffc85cd4357fd7b5b7ceefa29f2d10ca26b7.
show more ...
|
| #
f2e8c5da |
| 12-Jan-2023 |
Tim Düsterhus |
unserialize: Strictly check for `:{` at object start (#10214)
* unserialize: Strictly check for `:{` at object start
* unserialize: Update CVE tests
It's unlikely that the
unserialize: Strictly check for `:{` at object start (#10214)
* unserialize: Strictly check for `:{` at object start
* unserialize: Update CVE tests
It's unlikely that the object syntax error contributed to the actual CVE. The
CVE is rather caused by the incorrect object serialization data of the `C`
format. Add a second string without such a syntax error to ensure that path is
still executed as well to ensure the CVE is absent.
* Fix test expectation in gmp/tests/bug74670.phpt
No changes to the input required, because the test actually is intended to
verify the behavior for a missing `}`, it's just that the report position changed.
* NEWS
* UPGRADING
show more ...
|
| #
308fd311 |
| 04-Jan-2023 |
Max Kellermann |
ext/{standard,json,random,...}: add missing includes
|
| #
dd8de1e7 |
| 15-Nov-2022 |
Tim Düsterhus |
Promote unserialize() notices to warning (#9629)
* Unserialize: Migrate "Unexpected end of serialized data" to E_WARNING
* Unserialize: Migrate "Error at offset %d of %d bytes" to E
Promote unserialize() notices to warning (#9629)
* Unserialize: Migrate "Unexpected end of serialized data" to E_WARNING
* Unserialize: Migrate "Error at offset %d of %d bytes" to E_WARNING
* Unserialize: Migrate "%s is returned from __sleep() multiple times" to E_WARNING
* Add NEWS for “Promote unserialize() notices to warning”
show more ...
|
| #
db012a8b |
| 04-Oct-2022 |
Jorg Adam Sowa |
Use function HT_IS_PACKED where it's missing (#9658)
|
| #
5c355946 |
| 02-Sep-2022 |
Máté Kocsis |
Fix memory leak triggered by unsuccessful dynamic property unserialization
Closes GH-9468
|
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23 |
|
| #
adb45a63 |
| 30-Aug-2022 |
Máté Kocsis |
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become a
Fix GH-9186 @strict-properties can be bypassed using unserialization (#9354)
* Emit deprecation warnings when adding dynamic properties to classes during unserialization - this will become an Error in php 9.0.
(Adding dynamic properties in other contexts was already a deprecation warning - the use case of unserialization was overlooked)
* Throw an error when attempting to add a dynamic property to a `readonly` class when unserializing
* Add new serialization methods `__serialize`/`__unserialize` for SplFixedArray to avoid creating deprecated dynamic
properties that would then be added to the backing fixed-size array
* Don't add named dynamic/declared properties (e.g. $obj->foo) of SplFixedArray to the backing array when unserializing
* Update tests to declare properties or to expect the deprecation warning
* Add news entry
Co-authored-by: Tyson Andre <tysonandre775@hotmail.com>
show more ...
|
|
Revision tags: php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1, php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15, php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1 |
|
| #
6b8d4151 |
| 01-Sep-2021 |
Nikita Popov |
Remove leftover zval_ptr_dtor
This should have been dropped as part of
a8254ed57685c134073f41251365dc901c1b0ab8. |
| #
a8254ed5 |
| 01-Sep-2021 |
Nikita Popov |
Simplify unserialize_callback_func handling |
|
Revision tags: php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3 |
|
| #
4a4ae45a |
| 12-Aug-2021 |
Nikita Popov |
Fix bug #81142 by adding zend_string_init_existing_interned()
Add a new interned string handler that fetches an interned string
if it exists, but does not create one if it does not (and
Fix bug #81142 by adding zend_string_init_existing_interned()
Add a new interned string handler that fetches an interned string
if it exists, but does not create one if it does not (and instead
returns a non-interned string).
This fixes bug #81142, by preventing the creating of new interned
strings for unserialized array keys.
Closes GH-7360.
show more ...
|
|
Revision tags: php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1 |
|
| #
814a9327 |
| 16-Jul-2021 |
Nikita Popov |
Add ZEND_ACC_NOT_SERIALIZABLE flag
This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend
Add ZEND_ACC_NOT_SERIALIZABLE flag
This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend_class_unserialize_deny handlers that will be going away
in PHP 9 together with the Serializable interface.
In stubs, `@not-serializable` can be used to set this flag.
This patch only uses the new flag for a handful of Zend classes,
converting the remainder is left for later.
Closes GH-7249.
Fixes bug #81111.
show more ...
|
|
Revision tags: php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29, php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
|
Revision tags: php-8.0.6, php-7.4.19 |
|
| #
fd1d5ec2 |
| 28-Apr-2021 |
Nikita Popov |
Add ZEND_CLASS_CONST_FLAGS() macro
And drop Z_ACCESS_FLAGS(). We no longer store *only* access flags
in these. |
|
Revision tags: php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1 |
|
| #
f681c4a7 |
| 09-Apr-2021 |
Dmitry Stogov |
Use Fast Class Cache to speedup object unserialization |
| #
f191e4f2 |
| 08-Apr-2021 |
Dmitry Stogov |
Avoid destructor call for LONG keys |
| #
556d7526 |
| 08-Apr-2021 |
Dmitry Stogov |
Prevent call of var_push_dtor_value() on hot path.
When serialising object properties, they are oftet may override the
default values, however default values are most often scalars, inte
Prevent call of var_push_dtor_value() on hot path.
When serialising object properties, they are oftet may override the
default values, however default values are most often scalars, interned
strings or immutable arrays.
show more ...
|
| #
b3e59dc1 |
| 07-Apr-2021 |
Dmitry Stogov |
unserialize() optimization |
|
Revision tags: php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1, php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20, php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1 |
|
| #
269c8dac |
| 10-Jun-2020 |
Ilija Tovilo |
Implement enums
RFC: https://wiki.php.net/rfc/enumerations
Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
Closes GH-6489. |
| #
0f6c0020 |
| 25-Feb-2021 |
Dmitry Stogov |
Speed up __sleep() and __wakeup() calls |
| #
3b29f516 |
| 20-Feb-2021 |
Dmitry Stogov |
Revert "Remove class validation. zend_lookup_class_ex() performs it anyway."
This reverts commit 61cf1355fd53b6556f0502510ba3e1efbd04d242.
Class name validation is only performed if
Revert "Remove class validation. zend_lookup_class_ex() performs it anyway."
This reverts commit 61cf1355fd53b6556f0502510ba3e1efbd04d242.
Class name validation is only performed if key is not passed. Here, lc_name is passed as key.
show more ...
|
| #
61cf1355 |
| 20-Feb-2021 |
Dmitry Stogov |
Remove class validation. zend_lookup_class_ex() performs it anyway. |
| #
e0328473 |
| 18-Feb-2021 |
Nikita Popov |
Initialize property to UNDEF on unserialize overwrite
The UNDEF marker here is important to prevent the creation of
a reference to the property currently being overwritten, which
wou
Initialize property to UNDEF on unserialize overwrite
The UNDEF marker here is important to prevent the creation of
a reference to the property currently being overwritten, which
would then leak.
This fixes oss-fuzz 6029559193534464, which was incorrectly
merged into oss-fuzz #30584 (which is reported at
https://github.com/google/oss-fuzz/issues/5211).
show more ...
|
| #
b87080f3 |
| 18-Feb-2021 |
Nikita Popov |
Don't use unmangled name if property not found
This restores the previous behavior for this case. We'll continue
to use the mangled name, even if it does not correspond to a
declared
Don't use unmangled name if property not found
This restores the previous behavior for this case. We'll continue
to use the mangled name, even if it does not correspond to a
declared property.
This also fixes an assertion failure for the case of property
overwrite, as the add_new was not guaranteed to be "new" previously.
Fixes oss-fuzz #31045.
show more ...
|
