| #
df219ccf |
| 16-Jun-2024 |
Gina Peter Banyard |
ext/soap: Fix memory leaks when calling SoapFault::__construct() twice
|
| #
43bc53a7 |
| 16-Apr-2024 |
Wilhansen Li |
Fix GH-14037: Make /ping of php-fpm work with pm.status_listen pool
The ping feature of php-fpm monitoring was previously not working
in pm.status_listen pool due to the configuration va
Fix GH-14037: Make /ping of php-fpm work with pm.status_listen pool
The ping feature of php-fpm monitoring was previously not working
in pm.status_listen pool due to the configuration variables ping.path
and ping.response not being copied over to the worker when forked. This
results in the ping code path being disabled because the worker detects
that ping.path is not configured.
Closes GH-13980
Co-authored-by: Pierrick Charron <pierrick@php.net>
show more ...
|
| #
564914ac |
| 14-Jun-2024 |
David Carlier |
ext/pgsql: adding postgresql 17 new libpq wrapper call.
pg_set_chunked_rows_size to allow to fetch results in chunk of max N rows.
close GH-14571
|
| #
2bb8fbd0 |
| 13-Jun-2024 |
David Carlier |
ext/pgsql: add pg_jit server info.
since PostgreSQL 11, LLVM JIT feature had been brought thus reporting
the settings to the client connection.
Close GH-14566
|
| #
784b745e |
| 13-Jun-2024 |
Derick Rethans |
Update NEWS
|
| #
c595ab96 |
| 13-Jun-2024 |
Derick Rethans |
Update NEWS
|
| #
b43378d8 |
| 13-Jun-2024 |
Ryan Carsten Schmidt |
Fix incompatible function pointer types
Closes #14549
|
| #
bc558bf7 |
| 09-Jun-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-11078: PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors
Although the issue was demonstrated using Curl, the issue is purely in
Fix GH-11078: PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors
Although the issue was demonstrated using Curl, the issue is purely in
the streams layer of PHP.
Full analysis is written in GH-11078 [1], but here is the brief version:
Here's what actually happens:
1) We're creating a FILE handle from a stream using the casting mechanism.
This will create a cookie-based FILE handle using funopen.
2) We're reading stream data using fread from the userspace stream. This will
temporarily set a buffer into a field _bf.base [2]. This buffer is now equal
to the upload buffer that Curl allocated and note that that buffer is owned
by Curl.
3) The fatal error occurs and we bail out from the fread function, notice how
the reset code is never executed and so the buffer will still point to
Curl's upload buffer instead of FILE's own buffer [3].
4) The resources are destroyed, this includes our opened stream and because the
FILE handle is cached, it gets destroyed as well.
In fact, the stream code calls through fclose on purpose in this case.
5) The fclose code frees the _bs.base buffer [4].
However, this is not the buffer that FILE owns but the one that Curl owns
because it isn't reset properly due to the bailout!
6) The objects are getting destroyed, and so the curl free logic is invoked.
When Curl tries to gracefully clean up, it tries to free the buffer.
But that buffer is actually already freed mistakingly by the C library!
This also explains why we can't reproduce it on Linux: this bizarre buffer
swapping only happens on macOS and BSD, not on Linux.
To solve this, we switch to an unbuffered mode for cookie-based FILEs.
This avoids any stateful problems related to buffers especially when the
bailout mechanism triggers. As streams have their own buffering
mechanism, I don't expect this to impact performance.
[1] https://github.com/php/php-src/issues/11078#issuecomment-2155616843
[2] https://github.com/apple-open-source-mirror/Libc/blob/5e566be7a7047360adfb35ffc44c6a019a854bea/stdio/FreeBSD/fread.c#L102-L103
[3] https://github.com/apple-open-source-mirror/Libc/blob/5e566be7a7047360adfb35ffc44c6a019a854bea/stdio/FreeBSD/fread.c#L117
[4] https://github.com/apple-open-source-mirror/Libc/blob/5e566be7a7047360adfb35ffc44c6a019a854bea/stdio/FreeBSD/fclose.c#L66-L67
Closes GH-14524.
show more ...
|
| #
159f14c4 |
| 08-Jun-2024 |
Florian Engelhardt |
fix memleak due to missing `pthread_attr_destroy()`-call
Closes GH-14510
|
| #
3c65375a |
| 08-Jun-2024 |
Florian Engelhardt |
fix memleak due to missing `pthread_attr_destroy()`-call
Closes GH-14510
|
| #
b4325d61 |
| 29-May-2024 |
Arnaud Le Blanc |
Improve randomness of uploaded file names and files created by tempnam()
Closes GH-14364
|
| #
98736e8b |
| 02-Jun-2024 |
Jakub Zelenka |
Fix GH-13343: openssl_x509_parse should not allow omitted seconds in UTCTimes
Closes GH-14439
Signed-off-by: Jakub Zelenka <bukka@php.net>
|
| #
a9259c04 |
| 09-Jun-2024 |
Guillaume Outters |
Add Pdo\Pgsql::setNoticeCallback() (#14299)
This moves the new method from magically being added to the PDO class from the driver to just be available on the dedicated subclass.
Dri
Add Pdo\Pgsql::setNoticeCallback() (#14299)
This moves the new method from magically being added to the PDO class from the driver to just be available on the dedicated subclass.
Drive-by fixes to NEWS and UPGRADING
show more ...
|
| #
d1f14a46 |
| 08-Jun-2024 |
Ayesh Karunaratne |
ext/pcre: update to PCRE2 v10.44 (#14498)
Previously: GH-13413.
This version also contains a fix with `preg_match('\X')`, so that it
can correctly detect grapheme clusters (PCRE
ext/pcre: update to PCRE2 v10.44 (#14498)
Previously: GH-13413.
This version also contains a fix with `preg_match('\X')`, so that it
can correctly detect grapheme clusters (PCRE2Project/pcre2#410).
This is useful to correctly [polyfill the new `grapheme_str_split`
function](https://php.watch/versions/8.4/grapheme_str_split#polyfill).
Diff: pcre2lib [v10.43..v10.44](https://github.com/PCRE2Project/pcre2/compare/pcre2-10.43...pcre2-10.44)
show more ...
|
| #
cdb7677b |
| 04-Jun-2024 |
Gina Peter Banyard |
Fix bug GH-14456: Attempting to initialize class with private constructor calls destructor
Closes GH-14469
|
| #
7b2ca071 |
| 05-Jun-2024 |
David Carlier |
ext/gd: imagewebp/imageavif/imagepng/imagejpeg stricter checks quality/speed.
close GH-14485
|
| #
9e1a1c10 |
| 05-Jun-2024 |
Eric Mann |
Fix NEWS typo
|
| #
da769be7 |
| 05-Jun-2024 |
Giovanni Giacobbi |
Fix parameter numbers for imagecolorset()
This is the 8.2 & 8.3 version of GH-14477.
|
| #
44cbdb10 |
| 05-Jun-2024 |
Giovanni Giacobbi |
Fix parameter numbers and missing alpha check for imagecolorset()
The check for the alpha parameter existed in PHP 7.4 but was lost in PHP 8.0.
Fixes: 50765075db6b6d5a9597589601c59f
Fix parameter numbers and missing alpha check for imagecolorset()
The check for the alpha parameter existed in PHP 7.4 but was lost in PHP 8.0.
Fixes: 50765075db6b6d5a9597589601c59f743f6ee9c8
Closes GH-14477.
show more ...
|
| #
a3b148e3 |
| 03-Jun-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-14361: Deep recursion in zend_cfg.c causes segfault
Changes the CFG reachability algorithm to use iteration instead of
recursion.
Closes GH-14432.
|
| #
b8196977 |
| 05-Jun-2024 |
Eric Mann |
[skip ci] update NEWS
|
| #
473cbdf5 |
| 05-Jun-2024 |
Pierrick Charron |
[skip ci] Update NEWS
|
| #
a87ccc7c |
| 05-Jun-2024 |
Ben Ramsey |
PHP-8.1 is now for PHP 8.1.30-dev
|
| #
557e09f6 |
| 05-Jun-2024 |
Ben Ramsey |
Update NEWS
Co-authored-by: Eric Mann <ericmann@php.net>
|
| #
b8a7cf9f |
| 04-Jun-2024 |
Calvin Buckley |
[skip ci] update NEWS for GH-14457
|
