| #
f203edd3 |
| 30-Nov-2023 |
Ilija Tovilo |
Fix leak of call->extra_named_params on internal __call
Fixes GH-12835
Closes GH-12836 |
| #
50ccea31 |
| 24-Nov-2023 |
Bob Weinand |
Merge branch 'PHP-8.1' into PHP-8.2
|
| #
8d2df86b |
| 24-Nov-2023 |
Florian Engelhardt |
Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)
* fix segfault in `ZEND_BIND_STATIC`
In case a `ZEND_BIND_STATIC` is being executed, while
Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768)
* fix segfault in `ZEND_BIND_STATIC`
In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full,
the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as
the opline might be a dangling pointer.
* add missing test
* `assert()`ing seems easier than trying to make the compiler to not optimize
* moved from function call to INI setting, so we can use this in other places as well
* make `assert()` work no NDEBUG builds
* document magic number
* fix segfault in `ZEND_FUNC_GET_ARGS`
In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is
full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash,
as the opline might be a dangling pointer.
---------
Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>
show more ...
|
| #
1fdcfa4e |
| 20-Nov-2023 |
Ilija Tovilo |
Fix use-after-free of name in var-var with malicious error handler
Fixes oss-fuzz #54325
Closes GH-12732 |
| #
ea52706a |
| 20-Nov-2023 |
Ilija Tovilo |
Fix use-after-free of name in var-var with malicious error handler
Fixes oss-fuzz #54325
Closes GH-12732 |
| #
ab6d564a |
| 05-Sep-2023 |
Dmitry Stogov |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)
|
| #
f1f608bf |
| 05-Sep-2023 |
Dmitry Stogov |
Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash) |
| #
42619b23 |
| 08-Jun-2023 |
Dmitry Stogov |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Keep consistent EG(current_execute_data) after return from generator (#11380)
|
| #
06d68738 |
| 08-Jun-2023 |
Dmitry Stogov |
Keep consistent EG(current_execute_data) after return from generator (#11380) |
| #
e14ac1ca |
| 10-Apr-2023 |
Dmitry Stogov |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
|
| #
0c65b396 |
| 10-Apr-2023 |
Dmitry Stogov |
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048) |
| #
e223bf20 |
| 10-Mar-2023 |
Kamil Tekiela |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Fix strlen error message param name
|
| #
1be99fae |
| 04-Mar-2023 |
Kamil Tekiela |
Fix strlen error message param name |
| #
81f3fcd5 |
| 16-Feb-2023 |
Ilija Tovilo |
Revert "Remove useless UNEXPECTED around RETURN_VALUE_USED in specialized RETVAL handler"
This reverts commit 5b801612cb33d238a5dafbe04374dadc6e3a9f35. |
| #
efb9181a |
| 16-Feb-2023 |
Ilija Tovilo |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"
|
| #
7b68ff46 |
| 16-Feb-2023 |
Ilija Tovilo |
Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"
This reverts commit 71ddede5655fe654002ae18af6a18e033f717287. |
| #
972a5a02 |
| 08-Feb-2023 |
Ilija Tovilo |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv
|
| #
71ddede5 |
| 06-Feb-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv
The problem is that we're using the variable_ptr in the opcode handler
*after* it has already been destroyed. The solution is to c
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv
The problem is that we're using the variable_ptr in the opcode handler
*after* it has already been destroyed. The solution is to create a
specialised version of zend_assign_to_variable which takes in two
destination zval pointers.
Closes GH-10524
show more ...
|
| #
c2e77f9c |
| 20-Jan-2023 |
Arnaud Le Blanc |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
[ci skip] NEWS
Fix GH-10248: Assertion `!(zval_get_type(&(*(property))) == 10)' failed.
|
| #
66605994 |
| 18-Jan-2023 |
Christoph M. Becker |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
Fix incorrect check condition in ZEND_YIELD
|
| #
b5e9bf77 |
| 15-Jan-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix incorrect check condition in ZEND_YIELD
The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always
returned false, because `UNEXPECTED(expression)` always returns 0 or 1.
M
Fix incorrect check condition in ZEND_YIELD
The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always
returned false, because `UNEXPECTED(expression)` always returns 0 or 1.
Move the parens so the comparison is executed properly.
Closes GH-10332.
show more ...
|
| #
9529b891 |
| 23-Dec-2022 |
Derick Rethans |
Merge branch 'PHP-8.1' into PHP-8.2
|
| #
233ffccc |
| 12-Dec-2022 |
Derick Rethans |
Fix GH-10072: PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code |
| #
05b63b15 |
| 07-Nov-2022 |
Dmitry Stogov |
Don't check "fake" closures (fix assertion)
Fixes oss-fuzz #53078 |
| #
cfd5fb98 |
| 22-Oct-2022 |
Arnaud Le Blanc |
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
[ci skip] NEWS
[ci skip] NEWS
Fix compilation warning
Fix crash when memory limit is exceeded during generator initiali
Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
[ci skip] NEWS
[ci skip] NEWS
Fix compilation warning
Fix crash when memory limit is exceeded during generator initialization
show more ...
|
