Fix generator memory leaks when interrupted during argument evaluation (#9756)

Combine ADDREF/DELREF

Fix array clobering by user error handler

Fixes oss-fuzz #42234

Fix array object clobbering by user error handler

Fixes oss-fuss #41605 and #41610

Add missing zend_string_release_ex(tmp, 0) and cleanup

- use GC_DELREF() instead of zend_string_release_ex()
- add expectations for exceptional cases
- replace IS_ARRAY_IMMUTABLE by

Add missing zend_string_release_ex(tmp, 0) and cleanup

- use GC_DELREF() instead of zend_string_release_ex()
- add expectations for exceptional cases
- replace IS_ARRAY_IMMUTABLE by IS_STR_INTERNED

show more ...

Fixed ext/bz2/tests/005.phpt test failure introduesed by 09547c64c28f81957d986b9c6b995b28d1098db6

Fix clobering of operand by error handler in assignment to string offset (optimization and JIT support)

Fix clobering of operand by error handler in assignment to string offset

In some cases new code requires two reallocations insead of one.

Fixes oss-fuzz #31716, #36196, #39739 and #

Fix clobering of operand by error handler in assignment to string offset

In some cases new code requires two reallocations insead of one.

Fixes oss-fuzz #31716, #36196, #39739 and #40002

show more ...

Use proper functions

Fix crash after indirect modification of string by user error handler

Fixes oss-fuzz #39346

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29

Fix return value of wrong fucntion by-ref assign

We should be using the result of zend_assign_to_variable() here,
which will deref prior to potential freeing.

Fixes oss-fuzz #29899.

show more ...

Fix bug #81159: Object to int warning when using an object as a string offset

Closes GH-7167

Fixed bug #81090

For concatenation, the in-place variant can be much more efficient,
because it will reallocate the string in-place. Special-case the
typed property compound assignme

Fixed bug #81090

For concatenation, the in-place variant can be much more efficient,
because it will reallocate the string in-place. Special-case the
typed property compound assignment code for the case where we
concatenate to a string, in which case we know that the result
will also be a string, and we don't need the type check anyway.

show more ...

Fix Bug #80972: Memory exhaustion on invalid string offset

Closes GH-6909

Fix Bug #80972: Memory exhaustion on invalid string offset

Closes GH-6890

Changed PowerPC CPU registers used by Zend VM to work around GCC bug.

Old registers (r28/r29) might be clobbered by _restgpr routine used for return from C function compiled with -Os.

Fixed bug #80811

When filling in defaults for skipped params, make sure that
reference parameters get the expected reference wrapper.

Fix trampoline leak on dynamic static call of non-static method

Fixes oss-fuzz #30317.

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check tha

Fixed bug #80781

zend_find_array_dim_slow() may throw, make sure to handle this.
This backports the code we already use for this on PHP-8.0,
and also backports an exception check that makes this easier to
catch.

show more ...

Fix symtable cache being used while cleaning symtable

We need to first clean the symtable and then check whether a cache
slot is available for it. Otherwise, it may happen that a destruc

Fix symtable cache being used while cleaning symtable

We need to first clean the symtable and then check whether a cache
slot is available for it. Otherwise, it may happen that a destructor
runs while cleaning the table and uses up all the remaining slots
in the cache.

This is particularly insidious because once we overflow the cache,
the first pointer we modify is symtable_cache_ptr, making it hard
to understand what happened after the fact.

Fixes oss-fuzz #30815.

show more ...

Don't throw additional Error in require_once if exception already thrown

As pointed out in comments on bug #66216.

Use E_ERROR to report arginfo/zpp mismatch

When E_CORE_ERROR is used, we don't get correct file/line information.

Add support for union types for internal functions

This closes the last hole in the supported types for internal
function arginfo types. It's now possible to represent unions of
mult

Add support for union types for internal functions

This closes the last hole in the supported types for internal
function arginfo types. It's now possible to represent unions of
multiple classes. This is done by storing them as TypeA|TypeB and
PHP will then convert this into an appropriate union type list.

Closes GH-6581.

show more ...

Fix bug #80537

This is an unavoidable breaking change to both the type and
parameter name.

The assertion that was supposed to prevent this was overly lax
and accepted any ob

Fix bug #80537

This is an unavoidable breaking change to both the type and
parameter name.

The assertion that was supposed to prevent this was overly lax
and accepted any object type for string parameters.

show more ...

Fix removal of type source during unserialization

Missed a check for info in this code. Add it, and add an assertion
in type source removal to make it easier to catch this issue.

Fix removal of type source during unserialization

Missed a check for info in this code. Add it, and add an assertion
in type source removal to make it easier to catch this issue.

Fixes oss-fuzz #28208 and #28257.

show more ...