Fix serialization of RC1 objects appearing in object graph twice

Previously, if an object had RC1 it would never be recorded in
php_serialize_data.ht because it was assumed that it could

Fix serialization of RC1 objects appearing in object graph twice

Previously, if an object had RC1 it would never be recorded in
php_serialize_data.ht because it was assumed that it could not be encountered
again. This assumption is incorrect though as the object itself may be saved
inside an array with RCn. This results in a new instance of the object, instead
of a second reference to the same object.

This is solved by tracking these objects in php_serialize_data.ht. To retain
performance, track if the current object resides in a potentially nested RCn
array. If not, and if the object is RC1 itself it may be omitted from
php_serialize_data.ht.

Additionally, we may treat the array root itself as RC1 because it may not
appear in the object graph again without recursion. Recursive arrays are still
somewhat broken even with this change, as the tracking of the array only happens
when the reference is encountered, thus resulting in a -> a' -> a' for a self
recursive array a -> a. Recursive arrays have limited support in serialize
anyway, so we ignore this case for now.

Co-authored-by: Dmitry Stogov <dmitry@zend.com>
Co-authored-by: Martin Hoch <martin@littlerobot.de>

Closes GH-11349
Closes GH-11305

show more ...

Fix infiniry recursion during serialize() of "tricky" object

Fixes oss-fuzz #44954

Use zend_long for resource ID

Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very

Use zend_long for resource ID

Currently, resource IDs are limited to 32-bits. As resource IDs
are not reused, this means that resource ID overflow for
long-running processes is very possible.

This patch switches resource IDs to use zend_long instead, which
means that on 64-bit systems, 64-bit resource IDs will be used.
This makes resource ID overflow practically impossible.

The tradeoff is an 8 byte increase in zend_resource size.

Closes GH-7436.

show more ...

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() prov

Add additional double to string APIs

zend_double_to_str() converts a double to string in the way that
(string) would (using %.*H using precision).

smart_str_append_double() provides some more fine control over
the precision, and whether a zero fraction should be appeneded
for whole numbers.

A caveat here is that raw calls to zend_gcvt and going through
s*printf has slightly different behavior for the degenarate
precision=0 case. zend_gcvt will add a dummy E+0 in that case,
while s*printf convert this to precision=1 and will not. I'm
going with the s*printf behavior here, which is more common,
but does result in a minor change to the precision.phpt test.

show more ...

Move php_gcvt to zend_gcvt

Also move PHP_DOUBLE_MAX_LENGTH to ZEND_DOUBLE_MAX_LENGTH.

Remove leading underscore for _zend_hash_find_known_hash (#7260)

Convert zend_hash_find_ex(..., 1) to zend_hash_find_known_hash(...)
Convert zend_hash_find_ex(..., 0) to zend_hash_find(.

Remove leading underscore for _zend_hash_find_known_hash (#7260)

Convert zend_hash_find_ex(..., 1) to zend_hash_find_known_hash(...)
Convert zend_hash_find_ex(..., 0) to zend_hash_find(...)

Also add serializable changes to UPGRADING.INTERNALS summary

show more ...

Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend

Add ZEND_ACC_NOT_SERIALIZABLE flag

This prevents serialization and unserialization of a class and its
children in a way that does not depend on the zend_class_serialize_deny
and zend_class_unserialize_deny handlers that will be going away
in PHP 9 together with the Serializable interface.

In stubs, `@not-serializable` can be used to set this flag.

This patch only uses the new flag for a handful of Zend classes,
converting the remainder is left for later.

Closes GH-7249.
Fixes bug #81111.

show more ...

Fix false positive recursion warning for var_export of enums (#7201)

Fix bug #81163 __sleep allowed to return non-array

Use smart_str_extend() instead of smart_str_alloc()

These usages were re-implementing the exact functionality of
smart_str_extend().

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Implement enums

RFC: https://wiki.php.net/rfc/enumerations

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>

Closes GH-6489.

Explicitly print reference wrappers in debug_zval_dump()

Closes GH-6750.

Optimize serializing class names

Because of the memcpy, compilers can't infer that ZSTR_LEN (i.e. class_name->len)
did not change, so they copy it out of memory into a register for the l

Optimize serializing class names

Because of the memcpy, compilers can't infer that ZSTR_LEN (i.e. class_name->len)
did not change, so they copy it out of memory into a register for the last two
accesses.
php_var_serialize_string already does something similar.

Closes GH-6734

show more ...

Optimized object serialization without rebulding properties HashTable

Incomplete class may have only single "MAGIC_MEMBER"

serialize() optimization

Speed up __sleep() and __wakeup() calls

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Print "interned" instead of fake refcount in debug_zval_dump()

debug_zval_dump() currently prints refcount 1 for interned strings
and arrays, which does not really reflect the truth. The

Print "interned" instead of fake refcount in debug_zval_dump()

debug_zval_dump() currently prints refcount 1 for interned strings
and arrays, which does not really reflect the truth. These values
are not refcounted, so the refcount is misleading. Instead print
an "interned" tag.

Closes GH-6598.

show more ...

Make convert_to_*_ex simple aliases of convert_to_*

Historically, the _ex variants separated the zval first, if a
conversion was necessary. This distinction no longer makes sense
sin

Make convert_to_*_ex simple aliases of convert_to_*

Historically, the _ex variants separated the zval first, if a
conversion was necessary. This distinction no longer makes sense
since PHP 7.

The only difference that was still left is that _ex checked whether
the type is the same first, but the usage of these macros did not
actually distinguish on whether such an inlined check is valuable
or not in a given context.

Also drop the unused convert_to_explicit_type macros.

show more ...

Remove some INDIRECT handling in standard library

Fix edge case serializing __PHP_Incomplete_Class properties.

This was using strcmp instead of zend_string_equals_literal.
As a result, the property count didn't match the number of prope

Fix edge case serializing __PHP_Incomplete_Class properties.

This was using strcmp instead of zend_string_equals_literal.
As a result, the property count didn't match the number of properties
being serialized if properties started with
"__PHP_Incomplete_Class\0" (unlikely)

(before, `'O:8:"Missing_":1:{}'` would be serialized, which failed to
unserialize)

Everywhere else expects the MAGIC_MEMBER to match exactly,
and this should use zend_string_equals_literal as an example for other code.

This has used strcmp since 2004 in deb84befae4bbc3686a4f2ed82b04e2cabae5dc0

Closes GH-6555

show more ...

Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
Fixed bug #80411

Fixed bug #80411

References to null-serializations are stored as null, and as such
are part of the reference count.

Reminds me that we really need to deprecate the mess that is

Fixed bug #80411

References to null-serializations are stored as null, and as such
are part of the reference count.

Reminds me that we really need to deprecate the mess that is
Serializable.

show more ...