#
33f8dfb1 |
| 14-Jul-2021 |
Christoph M. Becker |
Fix #72146: Integer overflow on substr_replace Adding two `zend_long`s may overflow, and casting `size_t` to `zend_long` may truncate; we can avoid this here by enforcing unsigned ar
Fix #72146: Integer overflow on substr_replace Adding two `zend_long`s may overflow, and casting `size_t` to `zend_long` may truncate; we can avoid this here by enforcing unsigned arithmetic. Closes GH-7240.
show more ...
|
#
ecc4bf14 |
| 16-Apr-2021 |
twosee |
Fixed bug #80958 Missing check after zval_try_get_string(). Closes GH-6871.
|
#
85ffe8dc |
| 18-Feb-2021 |
Nikita Popov |
Avoid signed integer overflow in substr() Perform negation after the (size_t) cast rather than before, so as to avoid a signed integer overflow for PHP_INT_MIN. Fixes oss-fuzz #
Avoid signed integer overflow in substr() Perform negation after the (size_t) cast rather than before, so as to avoid a signed integer overflow for PHP_INT_MIN. Fixes oss-fuzz #31069.
show more ...
|
#
2772f7c3 |
| 27-Nov-2020 |
Nikita Popov |
Avoid direct calls to zend_cpu_supports() While the use of zend_cpu_supports_*() is only strictly necessary inside ifunc resolvers, where the cpu state has not been initialized yet,
Avoid direct calls to zend_cpu_supports() While the use of zend_cpu_supports_*() is only strictly necessary inside ifunc resolvers, where the cpu state has not been initialized yet, we should prefer the compiler builtins in all cases.
show more ...
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3 |
|
#
d776d25a |
| 27-Oct-2020 |
Nikita Popov |
Don't throw for out of bounds offsets in strspn() Make strspn($str1, $str2, $offset, $length) behaviorally equivalent to strspn(substr($str1, $offset, $length), $str2) by not throwin
Don't throw for out of bounds offsets in strspn() Make strspn($str1, $str2, $offset, $length) behaviorally equivalent to strspn(substr($str1, $offset, $length), $str2) by not throwing for out of bounds offset. There have been two reports that this change cause issues, including bug #80285.
show more ...
|
Revision tags: php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
#
13b791c7 |
| 22-Sep-2020 |
Nikita Popov |
Normalize substr() behavior Make the behavior of substr(), mb_substr(), iconv_substr() and grapheme_substr() consistent when it comes to the handling of out of bounds offsets. substr
Normalize substr() behavior Make the behavior of substr(), mb_substr(), iconv_substr() and grapheme_substr() consistent when it comes to the handling of out of bounds offsets. substr() will now always clamp out of bounds offsets to the string boundary. Cases that previously returned false will now return an empty string. This means that substr() itself *always* returns a string now (like mb_substr() already did before.) Closes GH-6182.
show more ...
|
#
5d9ab53a |
| 22-Sep-2020 |
Nikita Popov |
Check string bounds in strspn/strcspn strspn/strcspn are string search functions, and as such should throw ValueError on out-of-bounds offsets, just like strpos etc do.
|
#
12e772f1 |
| 22-Sep-2020 |
Nikita Popov |
Promote substr_replace warnings The implementation here was pretty confused. In reality the only error condition it has right now is that for a string input, from & length cannot be
Promote substr_replace warnings The implementation here was pretty confused. In reality the only error condition it has right now is that for a string input, from & length cannot be arrays. The fact that the array lengths are the same was probably supposed to be checked for the case of array input, as it wouldn't matter otherwise.
show more ...
|
Revision tags: php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1 |
|
#
c37a1cd6 |
| 10-Sep-2020 |
Máté Kocsis |
Promote a few remaining errors in ext/standard Closes GH-6110
|
#
46c0c82a |
| 14-Sep-2020 |
Máté Kocsis |
Declare array|int and object-of-class|int types in stubs Closes GH-6081 Co-Authored-By: Nikita Popov <nikic@php.net>
|
#
c98d4769 |
| 10-Sep-2020 |
Máté Kocsis |
Consolidate new union type ZPP macro names They will now follow the canonical order of types. Older macros are left intact due to maintaining BC. Closes GH-6112
|
#
4a2ae841 |
| 07-Sep-2020 |
Dmitry Stogov |
Add "const". Move constant strings to read-only memory.
|
Revision tags: php-8.0.0beta3, php-7.4.10, php-7.3.22 |
|
#
2c96780e |
| 20-Aug-2020 |
Máté Kocsis |
Fix UNKNOWN default values in ext/standard Closes GH-6026
|
#
8107a1da |
| 04-Sep-2020 |
Máté Kocsis |
Use ZPP instead of custom type checks We can add these types as a native type declaration to stubs as a side-effect. Closes GH-6068
|
#
ce83ec87 |
| 27-Aug-2020 |
Nikita Popov |
Clean up strtok implementation Store the zend_string instead of performing a copy and storing in a zval. Also make sure the string is released immediately if it's no longer needed. F
Clean up strtok implementation Store the zend_string instead of performing a copy and storing in a zval. Also make sure the string is released immediately if it's no longer needed. Finally, avoid null pointer offset UB if no string has been set -- though I'm wondering if this case shouldn't be generating a warning?
show more ...
|
#
c557c410 |
| 24-Aug-2020 |
Nikita Popov |
Drop a spurious zend_string_release This should have been dropped in the refactoring.
|
#
9feb9885 |
| 24-Aug-2020 |
Nikita Popov |
Clean up setlocale implementation Factor out the core logic into a separate function and drop the "clever" code that combines iteration through variadic arguments and arrays.
Clean up setlocale implementation Factor out the core logic into a separate function and drop the "clever" code that combines iteration through variadic arguments and arrays. This fixes bug #79829 as a side effect.
show more ...
|
#
8c3574bd |
| 24-Aug-2020 |
Nikita Popov |
Remove php_my_setlocale workaround This works around a macro-expansion issue that is no longer relevant in PHP 8.
|
Revision tags: php-8.0.0beta2 |
|
#
844a2dd6 |
| 18-Aug-2020 |
Christoph M. Becker |
Fix #79986: str_ireplace bug with diacritics characters `tolower()` returns an `int`, so we must not convert to `char` which may be `signed` and as such may be subject to overflow (actua
Fix #79986: str_ireplace bug with diacritics characters `tolower()` returns an `int`, so we must not convert to `char` which may be `signed` and as such may be subject to overflow (actually, implementation defined behavior). Closes GH-6007
show more ...
|
Revision tags: php-7.3.22RC1, php-7.4.10RC1 |
|
#
9d9dffe6 |
| 11-Aug-2020 |
Nikita Popov |
Fixed bug #79951 One branch did not release tmp_replace_entry_str. Also reduce the scope of some variables.
|
Revision tags: php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1 |
|
#
ce149b0c |
| 13-Jul-2020 |
Evgeny Stepanischev |
Fixed bug #79849 Closes GH-5853.
|
#
a72c53a0 |
| 10-Jul-2020 |
Nikita Popov |
Fixed bug #79817 Use *_IND macros in a few places in string.c.
|
Revision tags: php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
#
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files Closes GH-5758
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19 |
|
#
7e2147be |
| 26-May-2020 |
Alex Dowad |
Clean up some unused code (and fix some comments) in build scripts - Fix typo in build/php.m4 - Nothing uses HAVE_INTTYPES_H; so remove check for header file - Nothing defi
Clean up some unused code (and fix some comments) in build scripts - Fix typo in build/php.m4 - Nothing uses HAVE_INTTYPES_H; so remove check for header file - Nothing defines ZEND_ACCONFIG_H_NO_C_PROTOS; so remove #ifndef - `format_money` was removed in 2019, so <monetary.h> no longer needed - Nothing uses HAVE_NETDB_H; so remove check for header file - Nothing checks HAVE_TERMIOS_H; so remove check for header file (This was actually added when Wez Furlong was adding the original implementation of PTY support in `proc_open`, since replaced.) - Nothing checks HAVE_SYS_AUXV_H; so remove check for header file - PHP_BUILD_DATE variable is not used for anything, so remove it This variable was added to the Makefile, but from there, was not used for anything. The comments suggest it was intended to allow 'reproducible builds'. Presumably, this means that if a bug is found in a PHP binary somewhere, one could look at the Makefile which it was built from, see the date, and then could check the same code version out from source control. But... there can easily be multiple commits to the repo in the same day. Also, what makes us think that the Makefile which a binary was built from will be easily available? Besides, ext/standard/info.c already embeds the build date and time in each binary... but it does it using `__DATE__` and `__TIME__` (see `php_print_info`). - Nothing checks HAVE_FINITE; so don't check for function - Grammar fix to comment in build/php.m4 - Nothing sets $php_ldflags_add_usr_lib variable in configure, so remove conditional This was added in 2002, when Rasmus was having difficulty building PHP on some host and needed to have /usr/lib in the rpath. It was never documented and probably has never been used by anyone else.
show more ...
|
#
83a77015 |
| 08-Jun-2020 |
twosee |
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast()
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast() as a helper for the empty string / one char interned string / zend_string_init() pattern. Also add corresponding ZVAL_STRINGL_FAST etc macros. Closes GH-5684.
show more ...
|