Endless recursion when using + on array in foreach

This reverts commit 84b4020eb4a8ebc45cb80164d4589cbf818f47f2.

Fixes GH-11171

Fix add_function_array() assertion when op2 contains op1

Fixes GH-10085
Closes GH-10975
Co-authored-by: Dmitry Stogov <dmitry@zend.com>

Fix undefined behaviour in string uppercasing and lowercasing

At least on 32-bit, the address computations overflow in running the
test on CI with UBSAN enabled. Fix it by reordering the

Fix undefined behaviour in string uppercasing and lowercasing

At least on 32-bit, the address computations overflow in running the
test on CI with UBSAN enabled. Fix it by reordering the arithmetic.
Since a part of the expression is already used in the code above the
computation, this should not negatively affect performance.

Closes GH-10936.

show more ...

Remove ZEND_DVAL_TO_LVAL_CAST_OK (#9215)

* Remove ZEND_DVAL_TO_LVAL_CAST_OK
As far as I can see, this operation should always use the _slow method, and the results seem to be wrong when

Remove ZEND_DVAL_TO_LVAL_CAST_OK (#9215)

* Remove ZEND_DVAL_TO_LVAL_CAST_OK
As far as I can see, this operation should always use the _slow method, and the results seem to be wrong when ZEND_DVAL_TO_LVAL_CAST_OK is enabled.

* update NEWS

show more ...

Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)

Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()

zend_atol() and zend_atoi() don't just do number p

Deprecate zend_atol() / add zend_ini_parse_quantity() (#7951)

Add zend_ini_parse_quantity() and deprecate zend_atol(), zend_atoi()

zend_atol() and zend_atoi() don't just do number parsing.
They also check for a 'K', 'M', or 'G' at the end of the string,
and multiply the parsed value out accordingly.

Unfortunately, they ignore any other non-numerics between the
numeric component and the last character in the string.
This means that numbers such as the following are both valid
and non-intuitive in their final output.

* "123KMG" is interpreted as "123G" -> 132070244352
* "123G " is interpreted as "123 " -> 123
* "123GB" is interpreted as "123B" -> 123
* "123 I like tacos." is also interpreted as "123." -> 123

Currently, in php-src these functions are used only for parsing ini values.

In this change we deprecate zend_atol(), zend_atoi(), and introduce a new
function with the same behavior, but with the ability to report invalid inputs
to the caller. The function's name also makes the behavior less unexpected:
zend_ini_parse_quantity().

Co-authored-by: Sara Golemon <pollita@php.net>

show more ...

Add ZEND_THREEWAY_COMPARE() macro to fix casting underflowed unsigned to signed (#8220)

Casting a huge unsigned value to signed is implementation-defined
behavior in C. By introducing t

Add ZEND_THREEWAY_COMPARE() macro to fix casting underflowed unsigned to signed (#8220)

Casting a huge unsigned value to signed is implementation-defined
behavior in C. By introducing the ZEND_THREEWAY_COMPARE() macro, we
can sidestep this integer overflow/underflow/casting problem.

show more ...

Make strtolower() and strtoupper() do ASCII case conversion (#7506)

Implement RFC https://wiki.php.net/rfc/strtolower-ascii

Add upper case functions to zend_operators.c and use them (#7521)

Add a family of upper case conversion functions to zend_operators.c,
by analogy with the lower case functions.

Add upper case functions to zend_operators.c and use them (#7521)

Add a family of upper case conversion functions to zend_operators.c,
by analogy with the lower case functions.

Move the single-character conversion macros to the header so that they
can be used as a locale-independent replacement for tolower() and
toupper().

Factor out the ugly bits of the SSE2 case conversion so that the four
functions that use it are easy to read and processor-independent.

Use the new ASCII upper case functions in ext/xml, ext/pdo_dblib and as
an optimization for strtoupper() when the locale is "C".

show more ...

Remove zend_binary_zval_strcasecmp() APIs

These are thin wrappers ... around the wrong functions. They call
the "_l()" version of the underlying APIs. For clarify, just call
the wrap

Remove zend_binary_zval_strcasecmp() APIs

These are thin wrappers ... around the wrong functions. They call
the "_l()" version of the underlying APIs. For clarify, just call
the wrapped API directly.

show more ...

Fix typo (wrong string length)

Fixes oss-fuzz #44110

Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default

Unfortunately, libedit is locale based and does not accept UTF-8
input when the C locale is used. This patch switches the defaul

Fix bug #81598: Use C.UTF-8 as LC_CTYPE locale by default

Unfortunately, libedit is locale based and does not accept UTF-8
input when the C locale is used. This patch switches the default
locale to C.UTF-8 instead (if it is available). This makes libedit
work and I believe it shouldn't affect behavior of single-byte
locale-dependent functions that PHP otherwise uses.

Closes GH-7635.

show more ...

Remove unnecessary assertion

zend_class_implements_interface works fine if the "class" is an
interface, so simply drop this assertion. This avoids the need to
special case this situa

Remove unnecessary assertion

zend_class_implements_interface works fine if the "class" is an
interface, so simply drop this assertion. This avoids the need to
special case this situation.

show more ...

Revert "Fix #73122: Integer Overflow when concatenating strings"

This reverts commit f1ce8d5f5839cb2069ea37ff424fb96b8cd6932d, which has
been accidentially pushed.

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare cas

Fix #73122: Integer Overflow when concatenating strings

We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow. Since the recent fix for bug #74960 still doesn't catch all
possible overflows, we fix that right away.

show more ...

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() prov

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() provides some more fine control over
the precision, and whether a zero fraction should be appeneded
for whole numbers.

A caveat here is that raw calls to zend_gcvt and going through
s*printf has slightly different behavior for the degenarate
precision=0 case. zend_gcvt will add a dummy E+0 in that case,
while s*printf convert this to precision=1 and will not. I'm
going with the s*printf behavior here, which is more common,
but does result in a minor change to the precision.phpt test.

show more ...

Fix #74960: Heap buffer overflow via str_repeat

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow, so callers may need to

Fix #74960: Heap buffer overflow via str_repeat

Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow, so callers may need to
check that explicitly. To make that easy in a portable way, we
introduce `ZSTR_MAX_LEN`.

Closes GH-7294.

show more ...

Restore zend_atoi()

I dropped this in preparation for changes that I didn't end up
doing. Restore the function for now to avoid unnecessary churn for
extensions.

Use unsigned arithmetic in zend_atol

To avoid UB on overflow. I'm not really sure what the correct
overflow behavior here would be.

Remove zend_atoi() (#7232)

It's the same as (int) zend_atol() -- it doesn't try to do anything
integer size specific. Canonicalize to one function in preparation
for renaming zend_at

Remove zend_atoi() (#7232)

It's the same as (int) zend_atol() -- it doesn't try to do anything
integer size specific. Canonicalize to one function in preparation
for renaming zend_atol() to something less misleading.

FFI test is adjusted to use a zend_test function. It just calls
zend_atol() internally, but could really be anything.

Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>

show more ...

Fix use after free on compound division by zero

We can't destroy the result operand early, because the division
might fail, in which case we need to preserve the original value.
Plac

Fix use after free on compound division by zero

We can't destroy the result operand early, because the division
might fail, in which case we need to preserve the original value.
Place the division result in a temporary zval, and only copy it
on success.

Fixes oss-fuzz #35876.

show more ...

Fix leak on div by zero compound assignment with coercion

The result == op1 check did not work properly here, because op1
was &op1_copy at this point. Move the division by zero reporting

Fix leak on div by zero compound assignment with coercion

The result == op1 check did not work properly here, because op1
was &op1_copy at this point. Move the division by zero reporting
out of the _base function, so it can check the original op1.

show more ...

Initialize retval on bitwise_not exception

Fixed some spaces used instead of tabs

Update deprecation message for incompatible float to int conversion

Updates the deprecation message for implicit incompatible float to int conversion from:

```
Implicit conversi

Update deprecation message for incompatible float to int conversion

Updates the deprecation message for implicit incompatible float to int conversion from:

```
Implicit conversion from non-compatible float %.*H to int in %s on line %d
```

to

```
Implicit conversion from float %.*H to int loses precision in %s on line %d
```

Related: #6661

show more ...

Implement "Deprecate implicit non-integer-compatible float to int conversions" RFC. (#6661)

RFC: https://wiki.php.net/rfc/implicit-float-int-deprecate

Co-authored-by: Nikita Popov <

Implement "Deprecate implicit non-integer-compatible float to int conversions" RFC. (#6661)

RFC: https://wiki.php.net/rfc/implicit-float-int-deprecate

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

show more ...