Fix GH-15613: unpack on format hex strings repeater value.

close GH-15615

Fix GH-15837: Segmentation fault in ext/simplexml/simplexml.c

We should check if the iterator data is still valid, because if it
isn't, then the type info is UNDEF, but the pointer value

Fix GH-15837: Segmentation fault in ext/simplexml/simplexml.c

We should check if the iterator data is still valid, because if it
isn't, then the type info is UNDEF, but the pointer value may be
dangling.

Closes GH-15841.

show more ...

Fix UAF issues with PCRE after request shutdown

There are two related issues, each tested.

First problem:
What happens is that on the CLI SAPI we have a per-request pcre cache,

Fix UAF issues with PCRE after request shutdown

There are two related issues, each tested.

First problem:
What happens is that on the CLI SAPI we have a per-request pcre cache,
and on there the request shutdown for the pcre module happens prior to
the remaining live object destruction. So when the SPL object wants to
clean up the regular expression object it gets a use-after-free.

Second problem:
Very similarly, the non-persistent resources are destroyed after request
shutdown, so on the CLI SAPI the pcre request cache is already gone, but
if a userspace stream references a regex in the pcre cache, this breaks.

Two things that come immediately to mind:
- We could fix it by no longer treating the CLI SAPI special and just use
the same lifecycle as the module. This simplifies the pcre module code
a bit too. I wonder why we even have the separation in the first place.
The downside here is that we're using more the system allocator
than Zend's allocator for cache entries.
- We could modify the shutdown code to not remove regular expressions
with a refcount>0 and modify php_pcre_pce_decref code such that it
becomes php_pcre_pce_decref's job to clean up when the refcount
becomes 0 during shutdown. However, this gets nasty quickly.

I chose the first solution here as it should be reliable and simple.

Closes GH-15064.

show more ...

Fixed regression: Using more than one sign is now OK again when using modify()

Fix GH-15582: Crash when not calling parent constructor of DateTimeZone

[skip ci] Add NEWS for GH-15824 (GH-15835)

Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>

Fix bug #62900: Wrong namespace on xsd import error message

The one error message indeed had a wrong namespace, and in general they
weren't very descriptive, this also makes them more de

Fix bug #62900: Wrong namespace on xsd import error message

The one error message indeed had a wrong namespace, and in general they
weren't very descriptive, this also makes them more descriptive.

Furthermore, two additional bugs were fixed:
- Persistent memory leak of `location`.
- UAF issues when printing the error message.

Closes GH-15830.

show more ...

Fix GH-15657: Segmentation fault in ext/opcache/jit/ir/dynasm/dasm_x86.h

The crash happens because the zend_persist.c code tries to JIT the hook's
op_array while the JIT buffer memory is

Fix GH-15657: Segmentation fault in ext/opcache/jit/ir/dynasm/dasm_x86.h

The crash happens because the zend_persist.c code tries to JIT the hook's
op_array while the JIT buffer memory is still protected. This happens in
`zend_persist_property_info` called via `zend_persist_class_entry`
through the inheritance cache.

We shouldn't JIT the property hook code when persisting property info
for the inheritance cache.

This is a simple workaround by temporarily disabling the JIT so that the
property hook code is not JITted when persisting the property info.

An alternative solution would be to move the JITting of the property
hooks to a different place in zend_persist.c by doing an additional pass
over the classes.

Closes GH-15819.

show more ...

PHP-8.2 is now for PHP 8.2.25-dev

Fix bug #73182: PHP SOAPClient does not support stream context HTTP headers in array form

This code is modelled after how `http_fopen_wrapper.c` does things,
which apparently is just loo

Fix bug #73182: PHP SOAPClient does not support stream context HTTP headers in array form

This code is modelled after how `http_fopen_wrapper.c` does things,
which apparently is just looping over the array and handling each string
the same way as if we passed a header string directly.

Also fixes a potential crash in `php_sdl.c` but without adding support
for header arrays there (yet) because the code is untested.

Closes GH-15817.

show more ...

[ci skip] Update NEWS for PHP 8.4.0 beta5

PHP-8.3 is now for PHP 8.3.13-dev

Fix ReflectionProperty::isInitialized() for hooked props

In zend_std_has_property with ZEND_PROPERTY_EXISTS, we'd just return true when
no get hook was present. However, this function is

Fix ReflectionProperty::isInitialized() for hooked props

In zend_std_has_property with ZEND_PROPERTY_EXISTS, we'd just return true when
no get hook was present. However, this function is supposed to return false for
uninitialized properties. PROPERTY_EXISTS is somewhat of a misnomer. Virtual
properties continue to always return true, given there's no backing value to
check.

Fixes GH-15694
Closes GH-15822

show more ...

Fix GH-15658: Segmentation fault in Zend/zend_vm_execute.h

Implement a minimal ZEND_MATCH handler using a tail call.

Closes GH-15782.

Fix GH-15661: Access null pointer in Zend/Optimizer/zend_inference.c

Closes GH-15666.

Implement request #47317: SoapServer::__getLastResponse()

Convenient for debugging.

Closes GH-15792.

[skip ci] Add missing NEWS entry for master

Fix uninitialized lineno in constant AST of internal enums

Closes GH-15806

Fix bug #61525: SOAP functions require at least one space after HTTP header colon

HTTP/1.1 does not require a single whitespace after the colon, and
SoapServer does implement HTTP/1.1. T

Fix bug #61525: SOAP functions require at least one space after HTTP header colon

HTTP/1.1 does not require a single whitespace after the colon, and
SoapServer does implement HTTP/1.1. The header value is already correctly
whitespace-trimmed, so no behaviour change happens w.r.t. header values.

Closes GH-15793.

show more ...

Fix GH-15752: `finfo_file()` - parameter validation error messages

Show the correct parameter names and numbers - the errors are caused by the
second parameter being empty or having null

Fix GH-15752: `finfo_file()` - parameter validation error messages

Show the correct parameter names and numbers - the errors are caused by the
second parameter being empty or having null bytes, not the first.

close GH-15755

show more ...

[skip ci] update NEWS for GH-15731 (#15756)

Fix GH-15742: php_hash_sha.h incompatible with C++

Not only MSVC doesn't support this construct, but apparently it is
generally not supported by C++ compilers.

Closes GH-15745.

ext/curl: No-op `CURLOPT_DNS_USE_GLOBAL_CACHE` constant (GH-15127)

Libcurl `CURLOPT_DNS_USE_GLOBAL_CACHE` constant is no longer supported
since libcurl[^1] 7.62. This no-ops the constant

ext/curl: No-op `CURLOPT_DNS_USE_GLOBAL_CACHE` constant (GH-15127)

Libcurl `CURLOPT_DNS_USE_GLOBAL_CACHE` constant is no longer supported
since libcurl[^1] 7.62. This no-ops the constant, but without causing
any deprecation notices.

[^1]: [CURLOPT_DNS_USE_GLOBAL_CACHE](https://curl.se/libcurl/c/CURLOPT_DNS_USE_GLOBAL_CACHE.html)

show more ...

[RFC] Support object types in BCMath (#13741)

Added BcMath\Number class. It is an immutable object, has methods that are
equivalent to existing BCMath calculation functions, and can also

[RFC] Support object types in BCMath (#13741)

Added BcMath\Number class. It is an immutable object, has methods that are
equivalent to existing BCMath calculation functions, and can also be calculated
using operators.

The existing BCMath function returned a string for each calculation, but this
class returns an object.

RFC: https://wiki.php.net/rfc/support_object_type_in_bcmath,
https://wiki.php.net/rfc/fix_up_bcmath_number_class

---------

Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>

show more ...

Close-GH 15685: improve proc_open error reporting on Windows

While similar errors are already reported via `strerror()` on other
platforms, this has apparently overlooked for Windows, wh

Close-GH 15685: improve proc_open error reporting on Windows

While similar errors are already reported via `strerror()` on other
platforms, this has apparently overlooked for Windows, where only the
error code has been reported so far.

We adapt the affected test cases, but since there is no PHP userland
function which allows us to get the current system locale, we work
around.

Closes GH-15687.

show more ...