| #
33f8dfb1 |
| 14-Jul-2021 |
Christoph M. Becker |
Fix #72146: Integer overflow on substr_replace
Adding two `zend_long`s may overflow, and casting `size_t` to
`zend_long` may truncate; we can avoid this here by enforcing unsigned
ar
Fix #72146: Integer overflow on substr_replace
Adding two `zend_long`s may overflow, and casting `size_t` to
`zend_long` may truncate; we can avoid this here by enforcing unsigned
arithmetic.
Closes GH-7240.
show more ...
|
| #
ecc4bf14 |
| 16-Apr-2021 |
twosee |
Fixed bug #80958
Missing check after zval_try_get_string().
Closes GH-6871.
|
| #
85ffe8dc |
| 18-Feb-2021 |
Nikita Popov |
Avoid signed integer overflow in substr()
Perform negation after the (size_t) cast rather than before,
so as to avoid a signed integer overflow for PHP_INT_MIN.
Fixes oss-fuzz #
Avoid signed integer overflow in substr()
Perform negation after the (size_t) cast rather than before,
so as to avoid a signed integer overflow for PHP_INT_MIN.
Fixes oss-fuzz #31069.
show more ...
|
| #
2772f7c3 |
| 27-Nov-2020 |
Nikita Popov |
Avoid direct calls to zend_cpu_supports()
While the use of zend_cpu_supports_*() is only strictly necessary
inside ifunc resolvers, where the cpu state has not been initialized
yet,
Avoid direct calls to zend_cpu_supports()
While the use of zend_cpu_supports_*() is only strictly necessary
inside ifunc resolvers, where the cpu state has not been initialized
yet, we should prefer the compiler builtins in all cases.
show more ...
|
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3 |
|
| #
d776d25a |
| 27-Oct-2020 |
Nikita Popov |
Don't throw for out of bounds offsets in strspn()
Make strspn($str1, $str2, $offset, $length) behaviorally
equivalent to strspn(substr($str1, $offset, $length), $str2)
by not throwin
Don't throw for out of bounds offsets in strspn()
Make strspn($str1, $str2, $offset, $length) behaviorally
equivalent to strspn(substr($str1, $offset, $length), $str2)
by not throwing for out of bounds offset.
There have been two reports that this change cause issues,
including bug #80285.
show more ...
|
|
Revision tags: php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23 |
|
| #
13b791c7 |
| 22-Sep-2020 |
Nikita Popov |
Normalize substr() behavior
Make the behavior of substr(), mb_substr(), iconv_substr() and
grapheme_substr() consistent when it comes to the handling of
out of bounds offsets. substr
Normalize substr() behavior
Make the behavior of substr(), mb_substr(), iconv_substr() and
grapheme_substr() consistent when it comes to the handling of
out of bounds offsets. substr() will now always clamp out of
bounds offsets to the string boundary. Cases that previously
returned false will now return an empty string. This means that
substr() itself *always* returns a string now (like mb_substr()
already did before.)
Closes GH-6182.
show more ...
|
| #
5d9ab53a |
| 22-Sep-2020 |
Nikita Popov |
Check string bounds in strspn/strcspn
strspn/strcspn are string search functions, and as such should throw
ValueError on out-of-bounds offsets, just like strpos etc do.
|
| #
12e772f1 |
| 22-Sep-2020 |
Nikita Popov |
Promote substr_replace warnings
The implementation here was pretty confused. In reality the only
error condition it has right now is that for a string input,
from & length cannot be
Promote substr_replace warnings
The implementation here was pretty confused. In reality the only
error condition it has right now is that for a string input,
from & length cannot be arrays.
The fact that the array lengths are the same was probably supposed
to be checked for the case of array input, as it wouldn't matter
otherwise.
show more ...
|
|
Revision tags: php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1 |
|
| #
c37a1cd6 |
| 10-Sep-2020 |
Máté Kocsis |
Promote a few remaining errors in ext/standard
Closes GH-6110
|
| #
46c0c82a |
| 14-Sep-2020 |
Máté Kocsis |
Declare array|int and object-of-class|int types in stubs
Closes GH-6081
Co-Authored-By: Nikita Popov <nikic@php.net>
|
| #
c98d4769 |
| 10-Sep-2020 |
Máté Kocsis |
Consolidate new union type ZPP macro names
They will now follow the canonical order of types. Older macros are
left intact due to maintaining BC.
Closes GH-6112
|
| #
4a2ae841 |
| 07-Sep-2020 |
Dmitry Stogov |
Add "const". Move constant strings to read-only memory.
|
|
Revision tags: php-8.0.0beta3, php-7.4.10, php-7.3.22 |
|
| #
2c96780e |
| 20-Aug-2020 |
Máté Kocsis |
Fix UNKNOWN default values in ext/standard
Closes GH-6026
|
| #
8107a1da |
| 04-Sep-2020 |
Máté Kocsis |
Use ZPP instead of custom type checks
We can add these types as a native type declaration to stubs as a side-effect. Closes GH-6068
|
| #
ce83ec87 |
| 27-Aug-2020 |
Nikita Popov |
Clean up strtok implementation
Store the zend_string instead of performing a copy and storing
in a zval. Also make sure the string is released immediately if
it's no longer needed. F
Clean up strtok implementation
Store the zend_string instead of performing a copy and storing
in a zval. Also make sure the string is released immediately if
it's no longer needed. Finally, avoid null pointer offset UB if
no string has been set -- though I'm wondering if this case
shouldn't be generating a warning?
show more ...
|
| #
c557c410 |
| 24-Aug-2020 |
Nikita Popov |
Drop a spurious zend_string_release
This should have been dropped in the refactoring.
|
| #
9feb9885 |
| 24-Aug-2020 |
Nikita Popov |
Clean up setlocale implementation
Factor out the core logic into a separate function and drop the
"clever" code that combines iteration through variadic arguments
and arrays.
Clean up setlocale implementation
Factor out the core logic into a separate function and drop the
"clever" code that combines iteration through variadic arguments
and arrays.
This fixes bug #79829 as a side effect.
show more ...
|
| #
8c3574bd |
| 24-Aug-2020 |
Nikita Popov |
Remove php_my_setlocale workaround
This works around a macro-expansion issue that is no longer
relevant in PHP 8.
|
|
Revision tags: php-8.0.0beta2 |
|
| #
844a2dd6 |
| 18-Aug-2020 |
Christoph M. Becker |
Fix #79986: str_ireplace bug with diacritics characters
`tolower()` returns an `int`, so we must not convert to `char` which
may be `signed` and as such may be subject to overflow (actua
Fix #79986: str_ireplace bug with diacritics characters
`tolower()` returns an `int`, so we must not convert to `char` which
may be `signed` and as such may be subject to overflow (actually,
implementation defined behavior).
Closes GH-6007
show more ...
|
|
Revision tags: php-7.3.22RC1, php-7.4.10RC1 |
|
| #
9d9dffe6 |
| 11-Aug-2020 |
Nikita Popov |
Fixed bug #79951
One branch did not release tmp_replace_entry_str.
Also reduce the scope of some variables.
|
|
Revision tags: php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1 |
|
| #
ce149b0c |
| 13-Jul-2020 |
Evgeny Stepanischev |
Fixed bug #79849
Closes GH-5853.
|
| #
a72c53a0 |
| 10-Jul-2020 |
Nikita Popov |
Fixed bug #79817
Use *_IND macros in a few places in string.c.
|
|
Revision tags: php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
| #
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files
Closes GH-5758
|
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19 |
|
| #
7e2147be |
| 26-May-2020 |
Alex Dowad |
Clean up some unused code (and fix some comments) in build scripts
- Fix typo in build/php.m4
- Nothing uses HAVE_INTTYPES_H; so remove check for header file
- Nothing defi
Clean up some unused code (and fix some comments) in build scripts
- Fix typo in build/php.m4
- Nothing uses HAVE_INTTYPES_H; so remove check for header file
- Nothing defines ZEND_ACCONFIG_H_NO_C_PROTOS; so remove #ifndef
- `format_money` was removed in 2019, so <monetary.h> no longer needed
- Nothing uses HAVE_NETDB_H; so remove check for header file
- Nothing checks HAVE_TERMIOS_H; so remove check for header file
(This was actually added when Wez Furlong was adding the original implementation of
PTY support in `proc_open`, since replaced.)
- Nothing checks HAVE_SYS_AUXV_H; so remove check for header file
- PHP_BUILD_DATE variable is not used for anything, so remove it
This variable was added to the Makefile, but from there, was not used for anything.
The comments suggest it was intended to allow 'reproducible builds'. Presumably,
this means that if a bug is found in a PHP binary somewhere, one could look at the
Makefile which it was built from, see the date, and then could check the same
code version out from source control. But... there can easily be multiple commits
to the repo in the same day. Also, what makes us think that the Makefile which a
binary was built from will be easily available?
Besides, ext/standard/info.c already embeds the build date and time in each binary...
but it does it using `__DATE__` and `__TIME__` (see `php_print_info`).
- Nothing checks HAVE_FINITE; so don't check for function
- Grammar fix to comment in build/php.m4
- Nothing sets $php_ldflags_add_usr_lib variable in configure, so remove conditional
This was added in 2002, when Rasmus was having difficulty building PHP on some
host and needed to have /usr/lib in the rpath. It was never documented and
probably has never been used by anyone else.
show more ...
|
| #
83a77015 |
| 08-Jun-2020 |
twosee |
Add helper APIs for maybe-interned string creation
Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.
Add zend_string_init_fast()
Add helper APIs for maybe-interned string creation
Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.
Add zend_string_init_fast() as a helper for the empty string /
one char interned string / zend_string_init() pattern.
Also add corresponding ZVAL_STRINGL_FAST etc macros.
Closes GH-5684.
show more ...
|
