| #
ec68d3c6 |
| 31-Oct-2024 |
Christoph M. Becker |
Properly initialize _override executor globals
These have been introduced a while ago[1], but their initialization has
been overlooked. Since we cannot rely on TLS variables to be zeroe
Properly initialize _override executor globals
These have been introduced a while ago[1], but their initialization has
been overlooked. Since we cannot rely on TLS variables to be zeroed,
we catch up on this.
[1] <https://github.com/php/php-src/commit/e3ef7bbbb87bcbf6154a0a4854127b9cea8f92ff>
Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
Closes GH-16658.
show more ...
|
| #
fd39e230 |
| 20-Oct-2024 |
Christoph M. Becker |
Free internal_runtime_cache on shutdown for NTS
As is, the `internal_runtime_cache` is only free for ZTS builds; we
also free it for NTS builds on shutdown.
Co-authored-by: Bob
Free internal_runtime_cache on shutdown for NTS
As is, the `internal_runtime_cache` is only free for ZTS builds; we
also free it for NTS builds on shutdown.
Co-authored-by: Bob Weinand <bobwei9@hotmail.com>
Closes GH-16402.
show more ...
|
| #
3293fafa |
| 24-Sep-2024 |
Florian Engelhardt |
Add OPcache restart hook (#15590)
This hook will allow observing extensions to observe the actual OPcache restart.
|
| #
ea297654 |
| 24-Sep-2024 |
DanielEScherzer |
Zend/*: fix a bunch of typos (GH-16017)
* Zend/*: fix a bunch of typos
* Zend/tests/try/try_catch_finally_005.phpt: update string length
|
| #
d313ad60 |
| 30-Dec-2023 |
Michael Voříšek |
Deprecate E_STRICT constant and remove error level
RFC: https://wiki.php.net/rfc/deprecations_php_8_4#remove_e_strict_error_level_and_deprecate_e_strict_constant
Closes GH-13053
|
| #
1f35e2a9 |
| 09-Sep-2024 |
Ilija Tovilo |
Fix uninitialized CG(zend_lineno)
Closes GH-15813
|
| #
b9fdc0bd |
| 09-Sep-2024 |
Ilija Tovilo |
Fix uninitialized EG(user_error_handler_error_reporting)
Closes GH-15812
|
| #
25d76162 |
| 06-Sep-2024 |
Bob Weinand |
Make internal run_time_cache a persistent allocation (#15040)
We also add zend_map_ptr_static, so that we do not incur the overhead of constantly recreating the internal run_time_cache point
Make internal run_time_cache a persistent allocation (#15040)
We also add zend_map_ptr_static, so that we do not incur the overhead of constantly recreating the internal run_time_cache pointers on each request.
This mechanism might be extended for mutable_data of internal classes too.
show more ...
|
| #
5b482b70 |
| 28-Aug-2024 |
Arnaud Le Blanc |
Alpine/Musl nightly job (#13925)
Co-authored-by: Michael Voříšek <mvorisek@mvorisek.cz>
|
| #
a62eda3f |
| 04-Jul-2024 |
Arnaud Le Blanc |
Fix stack limit on MSAN (#14829)
|
| #
0bd26021 |
| 03-Jul-2024 |
Arnaud Le Blanc |
Fix stack limit on ASAN/MSAN (#14771)
Increase the reserved stack size in ASAN builds, as instrumentation use more stack.
Increase the max allowed stack size in some tests, and enable th
Fix stack limit on ASAN/MSAN (#14771)
Increase the reserved stack size in ASAN builds, as instrumentation use more stack.
Increase the max allowed stack size in some tests, and enable these tests under ASAN.
Use __builtin_frame_address(0), instead of some stack variable, when we need a stack address, as ASAN may store local variables outside of the real stack.
show more ...
|
| #
3c56af99 |
| 21-Feb-2024 |
Arnaud Le Blanc |
Allow fiber switching during destructor execution
Fiber switching was disabled during destructor execution due to conflicts
with the garbage collector. This unfortunately introduces a fu
Allow fiber switching during destructor execution
Fiber switching was disabled during destructor execution due to conflicts
with the garbage collector. This unfortunately introduces a function color
problem: destructors can not call functions that may switch Fibers.
In this change we update the GC so that Fiber switching during GC is safe. In
turn we allow Fiber switching during destrutor execution.
The GC executes destructors in a dedicated Fiber. If a destructor suspends, the
Fiber is owned by userland and a new dedicated Fiber is created to execute the
remaining destructors. Destructor suspension results in a resurection of the
object, which is handled as usual: The object is not considered garbage anymore,
but may be collected in a later run.
When the GC is executed in the main context (not in a Fiber), then destructors
are executed in the main context as well because there is no risk of conflicting
with GC in this case (main context can not suspend).
Fixes GH-11389
Closes GH-13460
show more ...
|
| #
25360ef2 |
| 12-Jun-2024 |
Arnaud Le Blanc |
Detect heap freelist corruption (#14054)
We keep track of free slots by organizing them in a linked list, with the
first word of every free slot being a pointer to the next one.
Detect heap freelist corruption (#14054)
We keep track of free slots by organizing them in a linked list, with the
first word of every free slot being a pointer to the next one.
In order to make corruptions more difficult to exploit, we check the consistency
of these pointers before dereference by comparing them with a shadow. The shadow
is a copy of the pointer, stored at the end of the slot.
Before this change, an off-by-1 write is enough to produce a valid freelist
pointer. After this change, a bigger out of bound write is required for that.
The difficulty is increase further by mangling the shadow with a secret, and
byte-swapping it, which increases the minimal required out of bound write
length.
Closes GH-14054
show more ...
|
| #
d1048a08 |
| 12-Jun-2024 |
Arnaud Le Blanc |
Add zend_random_bytes(), zend_random_bytes_insecure() functions (#14054)
Co-authored-by: Tim Düsterhus <tim@bastelstu.be>
|
| #
9bbc195d |
| 23-Apr-2024 |
Arnaud Le Blanc |
Remove zend_strtod mutex (#13974)
`zend_strtod.c` uses a global state (mostly an allocation freelist) protected by a mutex in ZTS builds. This state is used by `zend_dtoa()`, `zend_strtod()`
Remove zend_strtod mutex (#13974)
`zend_strtod.c` uses a global state (mostly an allocation freelist) protected by a mutex in ZTS builds. This state is used by `zend_dtoa()`, `zend_strtod()`, and variants. This creates a lot of contention in concurrent loads. `zend_dtoa()` is used to format floats to string, e.g. in sprintf, json_encode, serialize, uniqid.
Here I move the global state to the thread specific `executor_globals` and remove the mutex.
The impact on non-concurrent environments is null or negligible, but there is a considerable speed up on concurrent environments, especially on Alpine/Musl.
show more ...
|
| #
3301d960 |
| 12-Mar-2024 |
Ilija Tovilo |
Restore error handler after running it
Symfony relies on finding the exception handler in the handler stack. There's
currently no clean API to find it, so they pop all the handlers, and
Restore error handler after running it
Symfony relies on finding the exception handler in the handler stack. There's
currently no clean API to find it, so they pop all the handlers, and push them
again once the stack is empty. This PR attempts to minimize the BC break by
pushing the current handler onto the stack and clearing the current handler, and
restoring it once it has finished. This is essentially equivalent to
set_exception_handler(null) and restore_exception_handler().
restore_exception_handler() however is only called if the exception handler is
still unset. If the handler has pushed a new handler in the meantime, we assume
it knows what it's doing.
Fixes GH-13446
Closes GH-13686
show more ...
|
| #
2f605820 |
| 13-Feb-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Workaround ZTS persistent resource crashes (PHP 8.3 and lower)
For master (8.4-dev) I merged GH-13381. But that PR changes public API
of TSRM, so cannot be used on lower branches.
Workaround ZTS persistent resource crashes (PHP 8.3 and lower)
For master (8.4-dev) I merged GH-13381. But that PR changes public API
of TSRM, so cannot be used on lower branches.
This patch is a safe workaround for the issue, in combination with a
pre-existing fix using `ifdef ZTS + if (module_started)` inside pgsql
and odbc. The idea is to delay unloading modules until the persistent
resources are destroyed. This will keep the destructor code accessible
in memory.
This is not a proper fix on its own, because we still need the
workaround of not accessing globals after module destruction.
The proper fix is in master.
Closes GH-13388.
show more ...
|
| #
5941cdaa |
| 13-Feb-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix ZTS crashes with persistent resources in modules (#13381)
On shutdown in ZTS the following happens:
- https://github.com/php/php-src/blob/master/Zend/zend.c#L1124-L1125
gets ex
Fix ZTS crashes with persistent resources in modules (#13381)
On shutdown in ZTS the following happens:
- https://github.com/php/php-src/blob/master/Zend/zend.c#L1124-L1125
gets executed. This destroys global persistent resources and destroys
the modules. Furthermore, the modules are unloaded too.
- Further down, `ts_free_id(executor_globals_id)` gets executed, which
calls `executor_globals_dtor`. This function destroys persistent
resources for each thread.
Notice that in the last step, the modules that the persistent resource
belong to may already have been destroyed. This means that accessing
globals will cause a crash (I previously fixed this with ifdef magic),
or when the module is dynamically loaded we'll try jumping to a
destructor that is no longer loaded in memory. These scenarios cause
crashes.
It's not possible to move the `ts_free_id` call upwards, because that
may break assumptions of callers, and furthermore this would deallocate
the executor globals structure, which means that any access to those
will cause a segfault.
This patch adds a new API to the TSRM that allows running a callback on
a certain resource type. We use this API to destroy the persistent
resources in all threads prior to the module destruction, and keep the
rest of the resource dtor intact.
I verified this fix on Apache with postgres, both dynamically and
statically.
Fixes GH-12974.
show more ...
|
| #
c149b4f5 |
| 30-Jan-2024 |
Ilija Tovilo |
Fix missing syntax error message in cli-server router script
Fixes GH-13113
Closes GH-13275
|
| #
631bc816 |
| 06-Feb-2024 |
Ilija Tovilo |
Implement stackless internal function calls
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
Closes GH-12461
|
| #
fe064d7f |
| 19-Jan-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-13142: Undefined variable name is shortened when contains \0
Uses the new %S formatter and introduces the necessary changes and
helpers.
|
| #
fe3a819e |
| 01-Nov-2023 |
Dmitry Stogov |
Fixed GH-12564: The negative fiber.stack_size setting leads to crash
|
| #
692cea5c |
| 13-Sep-2023 |
Ilija Tovilo |
Use zend_error_noreturn for E_ERROR consistently
To be clear, these already don't return. zend_error_noreturn just hints at this
fact through the ZEND_NORETURN attribute.
Closes
Use zend_error_noreturn for E_ERROR consistently
To be clear, these already don't return. zend_error_noreturn just hints at this
fact through the ZEND_NORETURN attribute.
Closes GH-12204
show more ...
|
| #
53aa53f4 |
| 24-Aug-2023 |
Jakub Zelenka |
Introduce Zend guard recursion protection
This PR introduces a new way of recursion protection in JSON, var_dump
and friends. It fixes issue in master for __debugInfo and also improves
Introduce Zend guard recursion protection
This PR introduces a new way of recursion protection in JSON, var_dump
and friends. It fixes issue in master for __debugInfo and also improves
perf for jsonSerializable in some cases. More info can be found in
GH-10020.
Closes GH-11812
show more ...
|
| #
96885bc0 |
| 05-Aug-2023 |
Kévin Dunglas |
fix: handle the GNU specific version of strerror_r
Close GH-11882
|
