#
ded8fb79 |
| 02-Aug-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix UAF issues with PCRE after request shutdown There are two related issues, each tested. First problem: What happens is that on the CLI SAPI we have a per-request pcre cache,
Fix UAF issues with PCRE after request shutdown There are two related issues, each tested. First problem: What happens is that on the CLI SAPI we have a per-request pcre cache, and on there the request shutdown for the pcre module happens prior to the remaining live object destruction. So when the SPL object wants to clean up the regular expression object it gets a use-after-free. Second problem: Very similarly, the non-persistent resources are destroyed after request shutdown, so on the CLI SAPI the pcre request cache is already gone, but if a userspace stream references a regex in the pcre cache, this breaks. Two things that come immediately to mind: - We could fix it by no longer treating the CLI SAPI special and just use the same lifecycle as the module. This simplifies the pcre module code a bit too. I wonder why we even have the separation in the first place. The downside here is that we're using more the system allocator than Zend's allocator for cache entries. - We could modify the shutdown code to not remove regular expressions with a refcount>0 and modify php_pcre_pce_decref code such that it becomes php_pcre_pce_decref's job to clean up when the refcount becomes 0 during shutdown. However, this gets nasty quickly. I chose the first solution here as it should be reliable and simple. Closes GH-15064.
show more ...
|
#
642e1114 |
| 11-Dec-2023 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Minor pcre optimizations (#12923) * Update signature of pcre API This changes the variables that are bools to actually be bools instead of ints, which allows some additional opt
Minor pcre optimizations (#12923) * Update signature of pcre API This changes the variables that are bools to actually be bools instead of ints, which allows some additional optimization by the compiler (e.g. removing some ternaries and move extensions). It also gets rid of the use_flags argument because that's just the same as flags == 0. This reduces the call frame. * Use zend_string_release_ex where possible * Remove duplicate symbols from strchr * Avoid useless value conversions * Use a raw HashTable* instead of a zval * Move condition * Make for loop cheaper by reusing a recently used value as start iteration index * Remove useless condition This can't be true if the second condition is true because it would require the string to occupy the entire address space. * Upgrading + remark
show more ...
|
#
fa1e3f97 |
| 18-Jan-2023 |
Kamil Tekiela |
Remove pcre_get_compiled_regex_ex() (#10354)
|
Revision tags: php-8.2.0RC1, php-8.1.10, php-8.0.23, php-8.0.23RC1, php-8.1.10RC1, php-8.2.0beta3, php-8.2.0beta2, php-8.1.9, php-8.0.22, php-8.1.9RC1, php-8.2.0beta1, php-8.0.22RC1, php-8.0.21, php-8.1.8, php-8.2.0alpha3, php-8.1.8RC1, php-8.2.0alpha2, php-8.0.21RC1, php-8.0.20, php-8.1.7, php-8.2.0alpha1, php-7.4.30, php-8.1.7RC1, php-8.0.20RC1, php-8.1.6, php-8.0.19, php-8.1.6RC1, php-8.0.19RC1, php-8.0.18, php-8.1.5, php-7.4.29, php-8.1.5RC1, php-8.0.18RC1, php-8.1.4, php-8.0.17, php-8.1.4RC1, php-8.0.17RC1, php-8.1.3, php-8.0.16, php-7.4.28, php-8.1.3RC1, php-8.0.16RC1, php-8.1.2, php-8.0.15, php-8.1.2RC1, php-8.0.15RC1, php-8.0.14, php-8.1.1, php-7.4.27, php-8.1.1RC1, php-8.0.14RC1, php-7.4.27RC1, php-8.1.0, php-8.0.13, php-7.4.26, php-7.3.33, php-8.1.0RC6, php-7.4.26RC1, php-8.0.13RC1, php-8.1.0RC5, php-7.3.32, php-7.4.25, php-8.0.12, php-8.1.0RC4, php-8.0.12RC1, php-7.4.25RC1, php-8.1.0RC3, php-8.0.11, php-7.4.24, php-7.3.31, php-8.1.0RC2, php-7.4.24RC1, php-8.0.11RC1, php-8.1.0RC1, php-7.4.23, php-8.0.10, php-7.3.30, php-8.1.0beta3, php-8.0.10RC1, php-7.4.23RC1, php-8.1.0beta2, php-8.0.9, php-7.4.22, php-8.1.0beta1, php-7.4.22RC1, php-8.0.9RC1, php-8.1.0alpha3, php-7.4.21, php-7.3.29, php-8.0.8, php-8.1.0alpha2, php-7.4.21RC1, php-8.0.8RC1, php-8.1.0alpha1, php-8.0.7, php-7.4.20, php-8.0.7RC1, php-7.4.20RC1 |
|
#
01b3fc03 |
| 06-May-2021 |
KsaR |
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as
Update http->https in license (#6945) 1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https. 2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier". 3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted. 4. fixed indentation in some files before |
show more ...
|
Revision tags: php-8.0.6, php-7.4.19, php-7.4.18, php-7.3.28, php-8.0.5, php-8.0.5RC1, php-7.4.18RC1, php-8.0.4RC1, php-7.4.17RC1, php-8.0.3, php-7.4.16, php-8.0.3RC1, php-7.4.16RC1, php-8.0.2, php-7.4.15, php-7.3.27, php-8.0.2RC1, php-7.4.15RC2, php-7.4.15RC1 |
|
#
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
show more ...
|
Revision tags: php-8.0.1, php-7.4.14, php-7.3.26, php-7.4.14RC1, php-8.0.1RC1, php-7.3.26RC1, php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1 |
|
#
f4b2497a |
| 07-Sep-2020 |
Nikita Popov |
Allocate temporary PCRE match data using ZMM Create a separate general context that uses ZMM as allocator and use it to allocate temporary PCRE match data (there is still one global
Allocate temporary PCRE match data using ZMM Create a separate general context that uses ZMM as allocator and use it to allocate temporary PCRE match data (there is still one global match data). There is no requirement that the match data and the compiled regex / match context use the same general context. This makes sure that we do not leak persistent memory on bailout and fixes oss-fuzz #25296, on which half the libfuzzer runs currently get stuck.
show more ...
|
Revision tags: php-8.0.0beta3, php-7.4.10, php-7.3.22, php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21, php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20, php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19 |
|
#
88355dd3 |
| 07-Jun-2020 |
twosee |
Constify char * arguments of APIs Closes GH-5676.
|
Revision tags: php-7.4.7RC1, php-7.3.19RC1 |
|
#
d50b076f |
| 20-May-2020 |
George Peter Banyard |
Fix [-Wundef] warning in PCRE extension
|
Revision tags: php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28 |
|
#
aa79a22d |
| 17-Feb-2020 |
Nicolas Oelgart |
Add preg_last_error_msg() function Provides the last PCRE error as a human-readable message, similar to functionality existing in other extensions, such as json_last_error_msg().
Add preg_last_error_msg() function Provides the last PCRE error as a human-readable message, similar to functionality existing in other extensions, such as json_last_error_msg(). Closes GH-5185.
show more ...
|
Revision tags: php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14, php-7.3.14RC1, php-7.4.2RC1, php-7.4.1, php-7.2.26, php-7.3.13, php-7.4.1RC1, php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1 |
|
#
a8f60ac9 |
| 08-Oct-2019 |
Sergei Turchanov |
Add pcre_get_compiled_regex_cache_ex() with local_aware flag A new function `pcre_get_compiled_regex_cache_ex()` is introduced, which allows to compile regexp pattern using the "C" local
Add pcre_get_compiled_regex_cache_ex() with local_aware flag A new function `pcre_get_compiled_regex_cache_ex()` is introduced, which allows to compile regexp pattern using the "C" locale instead of a current locale. This will be needed to replace setlocale() usage in fileinfo, which is not thread-safe.
show more ...
|
Revision tags: php-7.4.0RC3 |
|
#
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers Closes GH-4732.
|
Revision tags: php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16 |
|
#
e06836a1 |
| 24-Feb-2019 |
Peter Kokot |
Remove checks for locale.h, setlocale, localeconv The `<loccale.h>` header file, setlocale, and localeconv are part of the standard C89 [1] and on current systems can be used uncondition
Remove checks for locale.h, setlocale, localeconv The `<loccale.h>` header file, setlocale, and localeconv are part of the standard C89 [1] and on current systems can be used unconditionally. Since PHP 7.4 requires at least C89 or greater, the `HAVE_LOCALE_H`, `HAVE_SETLOCALE`, and `HAVE_LOCALECONV` symbols defined by Autoconf in configure.ac [2] can be ommitted and simplifed. The bundled libmagic (file) has also been patched already in version 5.35 and up in upstream location so when it will be patched also in php-src the check for locale.h header is still left in the configure.ac and in windows headers definition file. [1] https://port70.net/~nsz/c/c89/c89-draft.html#4.4 [2] https://git.savannah.gnu.org/cgit/autoconf.git/tree/lib/autoconf/headers.m4 Omit the bundled libmagic files
show more ...
|
#
a9b01b60 |
| 25-Mar-2019 |
Nikita Popov |
Make PCRE cache per-request on CLI There will only be one request on the CLI SAPI, so there is no advantage to having a persistent PCRE cache. Using a non-persistent cache allows us
Make PCRE cache per-request on CLI There will only be one request on the CLI SAPI, so there is no advantage to having a persistent PCRE cache. Using a non-persistent cache allows us to use arbitrary strings as cache keys.
show more ...
|
#
e7e2056d |
| 22-Mar-2019 |
Nikita Popov |
Remove HAVE_PCRE/HAVE_BUNDLED_PCRE checks PCRE is always available.
|
#
4fe3d108 |
| 19-Mar-2019 |
Nikita Popov |
Don't create a new array for empty/null match every time If PREG_OFFSET_CAPTURE is used, unmatched subpatterns will be either [null, -1] or ['', -1] depending on PREG_UNMATCHED_AS_NULL m
Don't create a new array for empty/null match every time If PREG_OFFSET_CAPTURE is used, unmatched subpatterns will be either [null, -1] or ['', -1] depending on PREG_UNMATCHED_AS_NULL mode. Instead of creating a new array like this every time, cache it inside a global (per-request -- could make it immutable though). Additionally check whether the subpattern is an empty string or single character string and use an existing interned string in that case. Empty / single-char subpatterns are common, so let's avoid allocating strings for them.
show more ...
|
#
275fa535 |
| 18-Mar-2019 |
Nikita Popov |
Accept zend_string* instead of char* in php_pcre_match_impl()
|
Revision tags: php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2 |
|
#
0cf7de1c |
| 30-Jan-2019 |
Zeev Suraski |
Remove yearly range from copyright notice
|
#
38c337f2 |
| 30-Jan-2019 |
Zeev Suraski |
Remove year range from copyright notice
|
Revision tags: php-7.2.15RC1, php-7.3.2RC1, php-5.6.40, php-7.1.26, php-7.3.1, php-7.2.14 |
|
#
27e9c05e |
| 26-Dec-2018 |
Nikita Popov |
Remove preg_options param from pcre_get_compiled_regex() This parameter is always zero and not necessary to call pcre2_match. I'm leaving the parameter behind on the _ex() variant,
Remove preg_options param from pcre_get_compiled_regex() This parameter is always zero and not necessary to call pcre2_match. I'm leaving the parameter behind on the _ex() variant, so the preg_flags are still accessible in some way.
show more ...
|
Revision tags: php-7.2.14RC1, php-7.3.1RC1, php-5.6.39, php-7.1.25, php-7.2.13, php-7.0.33, php-7.3.0, php-7.1.25RC1, php-7.2.13RC1, php-7.3.0RC6, php-7.1.24, php-7.2.12, php-7.3.0RC5, php-7.1.24RC1, php-7.2.12RC1, php-7.3.0RC4, php-7.1.23, php-7.2.11, php-7.3.0RC3, php-7.1.23RC1, php-7.2.11RC1, php-7.3.0RC2, php-5.6.38, php-7.1.22, php-7.3.0RC1, php-7.2.10, php-7.0.32, php-7.1.22RC1, php-7.3.0beta3, php-7.2.10RC1, php-7.1.21, php-7.2.9, php-7.3.0beta2, php-7.1.21RC1, php-7.3.0beta1, php-7.2.9RC1, php-5.6.37, php-7.1.20, php-7.3.0alpha4, php-7.0.31, php-7.2.8, php-7.1.20RC1, php-7.2.8RC1, php-7.3.0alpha3 |
|
#
8d3f8ca1 |
| 03-Jul-2018 |
Peter Kokot |
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last use
Remove unused Git attributes ident The $Id$ keywords were used in Subversion where they can be substituted with filename, last revision number change, last changed date, and last user who changed it. In Git this functionality is different and can be done with Git attribute ident. These need to be defined manually for each file in the .gitattributes file and are afterwards replaced with 40-character hexadecimal blob object name which is based only on the particular file contents. This patch simplifies handling of $Id$ keywords by removing them since they are not used anymore.
show more ...
|
Revision tags: php-7.3.0alpha2, php-7.1.19, php-7.2.7, php-7.1.19RC1, php-7.3.0alpha1, php-7.2.7RC1, php-7.1.18, php-7.2.6, php-7.2.6RC1, php-7.1.18RC1, php-5.6.36, php-7.2.5, php-7.1.17, php-7.0.30, php-7.1.17RC1, php-7.2.5RC1, php-5.6.35, php-7.0.29, php-7.2.4, php-7.1.16, php-7.1.16RC1, php-7.2.4RC1, php-7.1.15, php-5.6.34, php-7.2.3, php-7.0.28, php-7.2.3RC1, php-7.1.15RC1, php-7.1.14, php-7.2.2, php-7.1.14RC1, php-7.2.2RC1, php-7.1.13, php-5.6.33, php-7.2.1, php-7.0.27 |
|
#
a6519d05 |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
#
7a7ec01a |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
#
ccd4716e |
| 02-Jan-2018 |
Xinchen Hui |
year++
|
Revision tags: php-7.2.1RC1, php-7.1.13RC1, php-7.0.27RC1, php-7.2.0, php-7.1.12, l, php-7.1.12RC1, php-7.2.0RC6, php-7.0.26RC1, php-7.1.11, php-5.6.32, php-7.2.0RC5, php-7.0.25 |
|
#
a5bc5aed |
| 12-Oct-2017 |
Anatol Belski |
Patch core for PCRE2 support RFC https://wiki.php.net/rfc/pcre2-migration
|
Revision tags: php-7.1.11RC1, php-7.2.0RC4, php-7.0.25RC1, php-7.1.10, php-7.2.0RC3, php-7.0.24, php-7.2.0RC2, php-7.1.10RC1, php-7.0.24RC1, php-7.1.9, php-7.2.0RC1, php-7.0.23, php-7.1.9RC1, php-7.2.0beta3, php-7.0.23RC1, php-7.1.8, php-7.2.0beta2, php-7.0.22, php-7.1.8RC1, php-7.2.0beta1, php-7.0.22RC1, php-5.6.31, php-7.0.21, php-7.1.7, php-7.2.0alpha3 |
|
#
f626a783 |
| 27-Jun-2017 |
Dmitry Stogov |
Avoid string duplication in preg_split()
|