#
26c7c82d |
| 21-Oct-2022 |
Arnaud Le Blanc |
Fix crash when memory limit is exceeded during generator initialization
|
#
c083efb7 |
| 26-Sep-2022 |
Dmitry Stogov |
Fix memory leak Fixes oss-fuzz #51622
|
#
ba029fce |
| 19-Aug-2022 |
Tim Starling |
Fix GH-9323: crash when the VM enters userspace code via the GC Closes GH-9323
|
#
c489e360 |
| 04-Apr-2022 |
Dmitry Stogov |
JIT: Fix array clobbering by user error handler Fixes oss-fuzz #46336
|
#
a60a9b4a |
| 01-Feb-2022 |
Dmitry Stogov |
Fix memory leak Fixes oss-fuzz #44222
|
#
c787f42c |
| 13-Dec-2021 |
Dmitry Stogov |
Combine ADDREF/DELREF
|
#
cbc0b1af |
| 13-Dec-2021 |
Dmitry Stogov |
Fix array clobering by user error handler Fixes oss-fuzz #42234
|
#
1d054b3f |
| 03-Dec-2021 |
Dmitry Stogov |
Fix array object clobbering by user error handler Fixes oss-fuss #41605 and #41610
|
#
09547c64 |
| 01-Dec-2021 |
Dmitry Stogov |
Fix clobering of operand by error handler in assignment to string offset In some cases new code requires two reallocations insead of one. Fixes oss-fuzz #31716, #36196, #39739 and #
Fix clobering of operand by error handler in assignment to string offset In some cases new code requires two reallocations insead of one. Fixes oss-fuzz #31716, #36196, #39739 and #40002
show more ...
|
#
4d4fe763 |
| 17-Nov-2021 |
Nikita Popov |
Fixed bug #81631 We need to save the opline before fetching the operand, as it may throw an undef var warning.
|
#
fa0b84a0 |
| 11-Nov-2021 |
Dmitry Stogov |
Partially fix handling of exceptions thrown in interrupt handlers
|
#
1a2fb90b |
| 01-Nov-2021 |
Nikita Popov |
Fix finally exception chaining on recursion In this case zend_exception_set_previous() would destroy the fast_call exception and further accesses on ex would be invalid. We should on
Fix finally exception chaining on recursion In this case zend_exception_set_previous() would destroy the fast_call exception and further accesses on ex would be invalid. We should only update ex if we update EG(exception). Fixes oss-fuzz #40464.
show more ...
|
#
a2e3ca1f |
| 12-Oct-2021 |
Nikita Popov |
Don't free FETCH_W operand if GLOBAL_LOCK The error path performed the free unconditionally, while we should not do it for GLOBAL_LOCK. Fixes oss-fuzz #39868.
|
#
11a9b036 |
| 05-Oct-2021 |
Nikita Popov |
Fix duplicate undef warning in assign_dim_op In case of auto-vivification we were fetching dim twice and as such also emitting the undef var warning twice.
|
#
e11faad2 |
| 30-Sep-2021 |
Nikita Popov |
Create reference wrappers in SEND_UNPACK if necessary Even if we can't actually pass by reference, we still need to create the REFERENCE wrapper to satisfy the calling convention. Th
Create reference wrappers in SEND_UNPACK if necessary Even if we can't actually pass by reference, we still need to create the REFERENCE wrapper to satisfy the calling convention. The particular test case would crash with JIT, because the existence of the reference was assumed. Fixes oss-fuzz #39440.
show more ...
|
#
ec54ffad |
| 29-Sep-2021 |
Nikita Popov |
Handle throwing destructor in BIND_STATIC Fixes oss-fuzz #39406.
|
#
01453a0a |
| 17-Sep-2021 |
Nikita Popov |
Fix SEND_USER with ref arg Even though the input is not a reference (or not treated as such), we still need to create a reference to satisfy the function signature. Various code reli
Fix SEND_USER with ref arg Even though the input is not a reference (or not treated as such), we still need to create a reference to satisfy the function signature. Various code relies on reference arguments actually being references. In this particular case, it would result in a JIT crash. The zend_call_function() implementation already handled this correctly.
show more ...
|
#
0b7dffb4 |
| 17-Aug-2021 |
Christoph M. Becker |
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare cas
Fix #73122: Integer Overflow when concatenating strings We must avoid integer overflows in memory allocations, so we introduce an additional check in the VM, and bail out in the rare case of an overflow. Closes GH-7381.
show more ...
|
#
6c7b322d |
| 29-Jul-2021 |
Nikita Popov |
Fix parameter name in count() error message This parameter has been renamed to $value.
|
#
840e441d |
| 29-Jul-2021 |
Nikita Popov |
Fix parameter name in call_user_func() error message This parameter name has been changed to $callback.
|
#
ba8bcf39 |
| 14-Jul-2021 |
Nikita Popov |
Drop incorrect cache_slot optimization for typed properties For a particular assignment, a non-coerced constant assignment value will remain valid. However, opcache merges cache slots fo
Drop incorrect cache_slot optimization for typed properties For a particular assignment, a non-coerced constant assignment value will remain valid. However, opcache merges cache slots for all identical property references, which means that this optimization also disables property type checks for all other operands on the property that occur in the same functions. This could be addressed by blocking cache slot merging in opcache, but I prefer dropping it entirely instead. It does not seem important enough to warrant doing that.
show more ...
|
#
96bf925c |
| 02-Jul-2021 |
Nikita Popov |
Fix return value of wrong fucntion by-ref assign We should be using the result of zend_assign_to_variable() here, which will deref prior to potential freeing. Fixes oss-fuzz #29
Fix return value of wrong fucntion by-ref assign We should be using the result of zend_assign_to_variable() here, which will deref prior to potential freeing. Fixes oss-fuzz #29899.
show more ...
|
#
6dd85f83 |
| 22-Feb-2021 |
Nikita Popov |
Fixed bug #80781 zend_find_array_dim_slow() may throw, make sure to handle this. This backports the code we already use for this on PHP-8.0, and also backports an exception check tha
Fixed bug #80781 zend_find_array_dim_slow() may throw, make sure to handle this. This backports the code we already use for this on PHP-8.0, and also backports an exception check that makes this easier to catch.
show more ...
|
#
b529d02d |
| 26-Jan-2021 |
Dmitry Stogov |
Allow observer handlers disabling optimization in RETURN opcode handler, that may cause loss value of returned local variable.
|
#
a2dcd442 |
| 26-Jan-2021 |
Nikita Popov |
Fix VAR return type verification We should also set retval_ref when de-indirecting. Otherwise the retval_ref != retval_ptr comparison below may incorrect assume that we're returning
Fix VAR return type verification We should also set retval_ref when de-indirecting. Otherwise the retval_ref != retval_ptr comparison below may incorrect assume that we're returning a reference. I don't have a reliable reproducer for this issue, but it sometimes appears in certain configurations in arrow_functions/007.phpt in conjunction with other changes.
show more ...
|