| #
b71c6b2c |
| 13-Aug-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix #81992: SplFixedArray::setSize() causes use-after-free
Upon resizing, the elements are destroyed from lower index to higher
index. When an element refers to an object with a destruct
Fix #81992: SplFixedArray::setSize() causes use-after-free
Upon resizing, the elements are destroyed from lower index to higher
index. When an element refers to an object with a destructor, it can
refer to a lower (i.e. already destroyed) element, causing a uaf.
Set refcounted zvals to NULL after destroying them to avoid a uaf.
Closes GH-11959.
show more ...
|
|
Revision tags: php-8.1.7RC1, php-8.1.4RC1 |
|
| #
5d907dfc |
| 24-Feb-2022 |
Tyson Andre |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
cd1c6f0b |
| 24-Feb-2022 |
Tyson Andre |
Fixes infinite recursion introduced by patch to SplFixedArray (#8105)
Closes GH-8079
Track whether the spl_fixedarray was modified since the last call to
get_properties |
|
Revision tags: php-8.1.3 |
|
| #
a584d126 |
| 11-Feb-2022 |
Dmitry Stogov |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fixed GH-8044 (var_export/debug_zval_dump HT_ASSERT_RC1 debug failure for SplFixedArray)
|
| #
52ae6417 |
| 11-Feb-2022 |
Dmitry Stogov |
Fixed GH-8044 (var_export/debug_zval_dump HT_ASSERT_RC1 debug failure for SplFixedArray) |
|
Revision tags: php-8.1.2RC1, php-8.1.0, php-7.3.33, php-7.3.32 |
|
| #
e73cc7ae |
| 28-Sep-2021 |
Christoph M. Becker |
Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
Fix #80663: Recursive SplFixedArray::setSize() may cause double-free
|
| #
6154aa65 |
| 28-Sep-2021 |
Christoph M. Becker |
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
Fix #80663: Recursive SplFixedArray::setSize() may cause double-free
|
| #
2d668409 |
| 21-Sep-2021 |
Christoph M. Becker |
Fix #80663: Recursive SplFixedArray::setSize() may cause double-free
We address the `::setSize(0)` case by setting `array->element = NULL`
and `array->size = 0` before we destroy the ele
Fix #80663: Recursive SplFixedArray::setSize() may cause double-free
We address the `::setSize(0)` case by setting `array->element = NULL`
and `array->size = 0` before we destroy the elements.
Co-authored-by: Tyson Andre <tyson.andre@uwaterloo.ca>
Closes GH-7503.
show more ...
|
|
Revision tags: php-7.3.31 |
|
| #
27976d7d |
| 14-Sep-2021 |
Tyson Andre |
Merge branch 'PHP-8.0' into PHP-8.1
|
| #
753645a6 |
| 14-Sep-2021 |
Tyson Andre |
Merge remote-tracking branch 'origin/PHP-7.4' into PHP-8.0
|
| #
b053192a |
| 14-Sep-2021 |
Tyson Andre |
Fix #81429: Handle resizing in SplFixedArray::offsetSet (#7487)
offsetSet did not account for the fact that the array may no longer exist after
the field is overwritten. This fixes that.
Fix #81429: Handle resizing in SplFixedArray::offsetSet (#7487)
offsetSet did not account for the fact that the array may no longer exist after
the field is overwritten. This fixes that.
Add test of resizing both to the empty array and a smaller array - there should
be no valgrind warnings with a proper fix.
Alternate approach to #7486 (described in https://bugs.php.net/bug.php?id=81429)
show more ...
|
| #
5b2ddf5a |
| 31-Aug-2021 |
Nikita Popov |
Export zend_use_resource_as_offset()
Use a common implementation to generate this error message, as
we do so in quite a few places dealing with array keys. |
|
Revision tags: php-7.3.30 |
|
| #
6d505d44 |
| 22-Jul-2021 |
Nikita Popov |
Add RETURN/RETVAL_COPY_DEREF() macros
These were missing from the set...
I think quite a few of these usages don't actually need the DEREF,
but I've just kept things as is for n
Add RETURN/RETVAL_COPY_DEREF() macros
These were missing from the set...
I think quite a few of these usages don't actually need the DEREF,
but I've just kept things as is for now.
show more ...
|
| #
b6538028 |
| 02-Jul-2021 |
Nikita Popov |
Avoid null pointer arithmetic in SplFixedArray
Fixes bug62904.phpt under clang ubsan. |
|
Revision tags: php-7.3.29 |
|
| #
e9e06279 |
| 18-Jun-2021 |
George Peter Banyard |
Refactor SplFixedArray (#7168)
* Move spl_offset_convert_to_long() to spl_fixedarray.c
It is only used there, which explains its weird offset semantics
* Refactor SplFixedA
Refactor SplFixedArray (#7168)
* Move spl_offset_convert_to_long() to spl_fixedarray.c
It is only used there, which explains its weird offset semantics
* Refactor SplFixedArray offset handling
- Implement warning for resource type
- Throw a proper TypeError instead of a RuntimeException
* Use a proper Error to signal that [] cannot be used with SplFixedArray
* Refactor SplFixedArray has_dimension helper
* Drop some ZPP tests
show more ...
|
| #
805471e8 |
| 08-Jun-2021 |
Nikita Popov |
Fix bug #81112: Implement JsonSerializable for SplFixedArray
This returns an array for SplFixedArray JSON encoding, which
is more appropriate than an object with integer string keys.
Fix bug #81112: Implement JsonSerializable for SplFixedArray
This returns an array for SplFixedArray JSON encoding, which
is more appropriate than an object with integer string keys.
Closes GH-7117.
show more ...
|
| #
9d2a466c |
| 09-Jun-2021 |
Nikita Popov |
Remove explicit assignments of zend_objects_destroy_object
This is the default handler, no need to set it explicitly. This
makes it easier to see which objects really have a custom dtor_
Remove explicit assignments of zend_objects_destroy_object
This is the default handler, no need to set it explicitly. This
makes it easier to see which objects really have a custom dtor_obj.
show more ...
|
| #
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
show more ...
|
|
Revision tags: php-7.3.28 |
|
| #
4f4c031f |
| 18-Feb-2021 |
Máté Kocsis |
Generate ext/spl class entries from stubs
Closes GH-6709 |
|
Revision tags: php-7.3.27 |
|
| #
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool
Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
show more ...
|
| #
aa517858 |
| 14-Jan-2021 |
Nikita Popov |
Remove SEPARATE_ARG_IF_REF macro
The name doesn't correspond to what it does at all, and all the
existing usages appear to be unnecessary.
Usage of this macro can be replaced by
Remove SEPARATE_ARG_IF_REF macro
The name doesn't correspond to what it does at all, and all the
existing usages appear to be unnecessary.
Usage of this macro can be replaced by ZVAL_DEREF + Z_TRY_ADDREF_P.
show more ...
|
|
Revision tags: php-7.3.26 |
|
| #
a25886d1 |
| 29-Dec-2020 |
Tyson Andre |
Optimize SplFixedArray when magic methods aren't overridden
This decreases the memory usage of SplFixedArrays by 32 bytes per object
on 64-bit systems (use 1 null pointer instead of 5 nu
Optimize SplFixedArray when magic methods aren't overridden
This decreases the memory usage of SplFixedArrays by 32 bytes per object
on 64-bit systems (use 1 null pointer instead of 5 null pointers)
If allocating a lot of arrays of size 1, memory usage was 19.44MiB before this
change, and 16.24MiB after the change.
Existing tests continue to pass.
Subclassing SplFixedArray is already inefficient and rarely done.
It checks for the existence of 5 methods every time a subclass is instantiated.
(and has to switch back from C to the php vm to call those methods)
Closes GH-6552
show more ...
|
|
Revision tags: php-7.3.26RC1, php-7.3.25, php-7.3.25RC1, php-7.3.24, php-7.3.24RC1, php-7.3.23 |
|
| #
3b34d74a |
| 27-Sep-2020 |
Levi Morrison |
Clean up spl_fixedarray.c
Remove inline.
Remove old folding blocks.
Convert an int usage to bool.
Convert some uses of int and size_t into zend_long. This is
incomplete
Clean up spl_fixedarray.c
Remove inline.
Remove old folding blocks.
Convert an int usage to bool.
Convert some uses of int and size_t into zend_long. This is
incomplete because get_gc requires `int *n`, which should probably
become zend_long or size_t eventually.
Adds spl_fixedarray_empty to help enforce invariants.
Adds spl_fixedarray_default_ctor.
Documents some functions.
Reworks spl_fixedarray_copy into two functions:
- spl_fixedarray_copy_ctor
- spl_fixedarray_copy_range
I'm hoping to eventually export SplFixedArray for extensions to
use directly, which is the motivation here.
show more ...
|
|
Revision tags: php-7.3.23RC1, php-7.3.22, php-7.3.22RC1, php-7.3.21, php-7.3.21RC1, php-7.3.20, php-7.3.20RC1, php-7.3.19, php-7.4.7RC1, php-7.3.19RC1 |
|
| #
4222ae16 |
| 11-May-2020 |
Alex Dowad |
SplFixedArray is Aggregate, not Iterable
One strange feature of SplFixedArray was that it could not be used in nested foreach
loops. If one did so, the inner loop would overwrite the ite
SplFixedArray is Aggregate, not Iterable
One strange feature of SplFixedArray was that it could not be used in nested foreach
loops. If one did so, the inner loop would overwrite the iteration state of the outer
loop.
To illustrate:
$spl = SplFixedArray::fromArray([0, 1]);
foreach ($spl as $a) {
foreach ($spl as $b) {
echo "$a $b";
}
}
Would only print two lines:
0 0
0 1
Use the new InternalIterator feature which was introduced in ff19ec2df3 to convert
SplFixedArray to an Aggregate rather than Iterable. As a bonus, we get to trim down
some ugly code! Yay!
show more ...
|
| #
063fdd94 |
| 12-Sep-2020 |
George Peter Banyard |
Use ValueError instead of exceptions in SPL extension |
