#
87d59d7f |
| 16-Sep-2024 |
Christoph M. Becker |
Fix GH-15905: Assertion failure for TRACK_VARS_SERVER When the superglobals are eagerly initialized, but "S" is not contained in `variables_order`, `TRACK_VARS_SERVER` is created as empt
Fix GH-15905: Assertion failure for TRACK_VARS_SERVER When the superglobals are eagerly initialized, but "S" is not contained in `variables_order`, `TRACK_VARS_SERVER` is created as empty array with refcount > 1. Since this hash table may later be modified, a flag is set which allows such COW violations for assertions. However, when `register_argc_argv` is on, the so far uninitialized hash table is updated with `argv`, what causes the hash table to be initialized, what drops the allow-COW-violations flag. The following update with `argc` then triggers a refcount violation assertion. Since we consider `HT_ALLOW_COW_VIOLATION` a hack, we do not want to keep the flag during hash table initialization, so we initialize the hash table right away after creation for this code path. Closes GH-15930.
show more ...
|
#
f4c45ee3 |
| 25-Sep-2024 |
Gina Peter Banyard |
ext/ldap: Fix GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()) We check that the "attrib" and "modtype" keys are present in each array. If not we throw a ValueErro
ext/ldap: Fix GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()) We check that the "attrib" and "modtype" keys are present in each array. If not we throw a ValueError, in line with what other validation failure cases do. Closes GH-16057
show more ...
|
#
12844f96 |
| 25-Sep-2024 |
Ilija Tovilo |
Fix use-after-free of object released in hook Fixes GH-16040 Closes GH-16058
|
#
fdd6ba62 |
| 25-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16054: Segmentation fault when resizing hash table iterator list while adding zend_array_dup_ht_iterators() loops over the hash table iterators and can call zend_hash_iterator_add
Fix GH-16054: Segmentation fault when resizing hash table iterator list while adding zend_array_dup_ht_iterators() loops over the hash table iterators and can call zend_hash_iterator_add(). zend_hash_iterator_add() can resize the array causing a crash in zend_array_dup_ht_iterators(). We solve this by refetching the iter pointer after an add happened. Closes GH-16060.
show more ...
|
#
043b9e1f |
| 25-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c dom_object_get_node() can fail if we don't have a user object associated. Closes GH-16056.
|
#
daba40c6 |
| 23-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16009: Segmentation fault with frameless functions and undefined CVs The frameless function handlers do not update the op variables when handling the result is undefined. In this
Fix GH-16009: Segmentation fault with frameless functions and undefined CVs The frameless function handlers do not update the op variables when handling the result is undefined. In this case this causes propagating an UNDEF value into a temporary, which results in an extra undefined variable warning for a temporary in this case. The original issue also reports a crash in some cases, which is also fixed by this patch. Closes GH-16012.
show more ...
|
#
7bd0bcad |
| 24-Sep-2024 |
Saki Takamachi |
Prepare for PHP 8.4
|
#
c5b258fe |
| 24-Sep-2024 |
Saki Takamachi <34942839+SakiTakamachi@users.noreply.github.com> |
Fix GH-15968: Avoid converting objects to strings in operator calculations. (#16021)
|
#
654b787e |
| 24-Sep-2024 |
Bob Weinand |
Add API to exempt function from being traced in JIT (#15559) Internally accessible via zend_jit_blacklist_function / externally via opcache_jit_blacklist. The functionality currently onl
Add API to exempt function from being traced in JIT (#15559) Internally accessible via zend_jit_blacklist_function / externally via opcache_jit_blacklist. The functionality currently only affects tracing JIT, but may be extended to other JIT modes in future.
show more ...
|
#
f35ad560 |
| 03-Feb-2024 |
David Carlier |
GH-12940 ext/pdo_pgsql: using PQclosePrepared to free statement resources. PQclosePrepared allows the statement's name to be reused thus allowing cache solutions to work properly ; where
GH-12940 ext/pdo_pgsql: using PQclosePrepared to free statement resources. PQclosePrepared allows the statement's name to be reused thus allowing cache solutions to work properly ; whereas, for now, the `DEALLOCATE <statement>` query is used which free entirely the statement's resources. close GH-13316
show more ...
|
#
81916758 |
| 23-Sep-2024 |
Christoph M. Becker |
Fix GH-15980: Signed integer overflow in main/streams/streams.c We need to avoid signed integer overflows which are undefined behavior. We catch that, and set `offset` to `ZEND_LONG_MAX`
Fix GH-15980: Signed integer overflow in main/streams/streams.c We need to avoid signed integer overflows which are undefined behavior. We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the largest value of `zend_off_t` on all platforms). Of course, that seek may fail, but even if it succeeds, the stream is no longer readable, but that matches the current behavior for offsets near `ZEND_LONG_MAX`. Closes GH-15989.
show more ...
|
#
ba748e7b |
| 24-Sep-2024 |
Ayesh Karunaratne |
ext/curl: Add `CURLOPT_DEBUGFUNCTION` option (GH-15674) This adds support for `CURLOPT_DEBUGFUNCTION`[^1] Curl option to set a custom callback that gets called with debug information dur
ext/curl: Add `CURLOPT_DEBUGFUNCTION` option (GH-15674) This adds support for `CURLOPT_DEBUGFUNCTION`[^1] Curl option to set a custom callback that gets called with debug information during the lifetime of a Curl request. The callback gets called with the `CurlHandle` object, an integer containing the type of the debug message, and a string containing the debug message. The callback may get called multiple times with the same message type during a request. PHP already uses `CURLOPT_DEBUGFUNCTION` functionality to internally to expose a Curl option named `CURLINFO_HEADER_OUT`. However,`CURLINFO_HEADER_OUT` is not a "real" Curl option supported by libcurl. Back in 2006, `CURLINFO_HEADER_OUT` was added[^2] as a Curl option by using the debug-callback feature. Git history does not run that back to show why `CURLINFO_HEADER_OUT` was added as a Curl option, and why the other debug types (such as `CURLINFO_HEADER_IN` were not added as Curl options, but this seems to be a historical artifact when we added features without trying to be close to libcurl options. This approach has a few issues: 1. `CURLINFO_HEADER_OUT` is not an actual Curl option supported by upstream libcurl. 2. All of the Curl options have `CURLOPT_` prefix, and `CURLINFO_HEADER_OUT` is the only Curl "option" that uses the `CURLINFO` prefix. This exception is, however, noted[^3] in docs. 3. When `CURLINFO_HEADER_OUT` is set, the `CURLOPT_VERBOSE` is also implicitly set. This was reported[^4] to bugs.php.net, but the bug is marked as wontfix. This commit adds support for `CURLOPT_DEBUGFUNCTION`. It extends the existing `curl_debug` callback to store the header-in information if it encounters a debug message with `CURLINFO_HEADER_OUT`. In all cases, if a callable is set, it gets called. `CURLOPT_DEBUGFUNCTION` intends to replace `CURLINFO_HEADER_OUT` Curl option as a versatile alternative that can also be used to extract other debug information such as SSL data, text information messages, incoming headers, as well as headers sent out (which `CURLINFO_HEADER_OUT` makes available). The callables are allowed to throw exceptions, but the return values are ignored. `CURLOPT_DEBUGFUNCTION` requires `CURLOPT_VERBOSE` enabled, and setting `CURLOPT_DEBUGFUNCTION` does _not_ implicitly enable `CURLOPT_VERBOSE`. If the `CURLOPT_DEBUGFUNCTION` option is set, setting `CURLINFO_HEADER_OUT` throws a `ValueError` exception. Setting `CURLOPT_DEBUGFUNCTION` _after_ enabling `CURLINFO_HEADER_OUT` is allowed. Technically, it is possible for both functionality (calling user-provided callback _and_ storing header-out data) is possible, setting `CURLINFO_HEADER_OUT` is not allowed to encourage the use of `CURLOPT_DEBUGFUNCTION` function. This commit also adds the rest of the `CURLINFO_` constants used as the `type` integer value in `CURLOPT_DEBUGFUNCTION` callback. --- [^1]: [cur.se - CURLOPT_DEBUGFUNCTION](https://curl.se/libcurl/c/CURLOPT_DEBUGFUNCTION.html) [^2]: [`5f25d80`](https://github.com/php/php-src/commit/5f25d80d106004692dacb9c01cdc49c7c883a13a) [^3]: [curl_setopt doc mentioning `CURLINFO_` prefix is intentional](https://www.php.net/manual/en/function.curl-setopt.php#:~:text=prefix%20is%20intentional) [^4]: [bugs.php.net - `CURLOPT_VERBOSE` does not work with `CURLINFO_HEADER_OUT`](https://bugs.php.net/bug.php?id=65348)
show more ...
|
#
ee95ee72 |
| 22-Sep-2024 |
Christoph M. Becker |
Revert "Fix GH-15980: Signed integer overflow in main/streams/streams.c" This reverts commit 6a04c79e41bcdb8f8a62270b7d25f82698b9c5f0, since the new test case apparently fails on 64bit L
Revert "Fix GH-15980: Signed integer overflow in main/streams/streams.c" This reverts commit 6a04c79e41bcdb8f8a62270b7d25f82698b9c5f0, since the new test case apparently fails on 64bit Linux, so this needs closer investigation.
show more ...
|
#
6a04c79e |
| 22-Sep-2024 |
Christoph M. Becker |
Fix GH-15980: Signed integer overflow in main/streams/streams.c We need to avoid signed integer overflows which are undefined behavior. We catch that, and set `offset` to `ZEND_LONG_MAX`
Fix GH-15980: Signed integer overflow in main/streams/streams.c We need to avoid signed integer overflows which are undefined behavior. We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the largest value of `zend_off_t` on all platforms). Of course, after such a seek a stream is no longer readable, but that matches the current behavior for offsets near `ZEND_LONG_MAX`. Closes GH-15989.
show more ...
|
#
f6db576c |
| 22-Sep-2024 |
Saki Takamachi <34942839+SakiTakamachi@users.noreply.github.com> |
[RFC] ext/bcmath: Added `bcdivmod` (#15740) RFC: https://wiki.php.net/rfc/add_bcdivmod_to_bcmath Added bcdivmod() function and added divmod() method to BcMath\Number class.
|
#
2b90acb4 |
| 22-Sep-2024 |
Christoph M. Becker |
Fix GH-15986: Double-free due to Pdo\Pgsql::setNoticeCallback() We need to release the fcall info cache instead of destroying it. Closes GH-15987.
|
#
5bcbe8a3 |
| 21-Sep-2024 |
Christoph M. Becker |
Fix minimal Windows version As of PHP 8.3.0, Windows 8/Server 2012 are the minimum requirement. However, PR #9104 only updated `_WIN32_WINNT`, but not `WINVER`[1], `NTDDI_VERSION`[2]
Fix minimal Windows version As of PHP 8.3.0, Windows 8/Server 2012 are the minimum requirement. However, PR #9104 only updated `_WIN32_WINNT`, but not `WINVER`[1], `NTDDI_VERSION`[2] nor the manifest[3]. [1] <https://learn.microsoft.com/en-us/windows/win32/winprog/using-the-windows-headers> [2] <https://learn.microsoft.com/en-us/windows/win32/winprog/using-the-windows-headers> [3] <https://learn.microsoft.com/en-us/windows/win32/sbscs/application-manifests> Closes GH-15975.
show more ...
|
#
f303840a |
| 22-Sep-2024 |
Christoph M. Becker |
Prevent closing of unrelated handles If our `shmget()` fails for certain reasons, the segment handle is closed. However, the handle might be reused by Windows, and as such we must n
Prevent closing of unrelated handles If our `shmget()` fails for certain reasons, the segment handle is closed. However, the handle might be reused by Windows, and as such we must not close it again when shutting down the TSRM. Closes GH-15984.
show more ...
|
#
018c0b3d |
| 16-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15908 and GH-15026: leak / assertion failure in streams.c This was first reported as a leak in GH-15026, but was mistakingly believed to be a false positive. Then an assertion was
Fix GH-15908 and GH-15026: leak / assertion failure in streams.c This was first reported as a leak in GH-15026, but was mistakingly believed to be a false positive. Then an assertion was added and it got triggered in GH-15908. This fixes the leak. Upon merging into master the assertion should be removed as well. Closes GH-15924.
show more ...
|
#
27b31314 |
| 22-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15982: Assertion failure with array_find when references are involved Closes GH-15983.
|
#
05cb27a8 |
| 21-Sep-2024 |
Saki Takamachi <34942839+SakiTakamachi@users.noreply.github.com> |
ext/bcmath: Check for scale overflow (#15741)
|
#
9774cedb |
| 18-Sep-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15918: Assertion failure in ext/spl/spl_fixedarray.c SplFixedArray should've never get supported in ArrayObject because it's overloaded, and so that breaks assumptions. This regre
Fix GH-15918: Assertion failure in ext/spl/spl_fixedarray.c SplFixedArray should've never get supported in ArrayObject because it's overloaded, and so that breaks assumptions. This regressed in c4ecd82f. Closes GH-15947.
show more ...
|
#
090b53bc |
| 19-Sep-2024 |
Remi Collet |
[ci skip] NEWS + UPGRADING
|
#
1b9568d3 |
| 01-Sep-2024 |
Ilija Tovilo |
Implement backed enum coercion in http_build_query() Fixes GH-15650 Closes GH-15704
|
#
422aa17b |
| 18-Sep-2024 |
Christoph M. Becker |
Fix GH-15901: phpdbg: Assertion failure on `i funcs` New hash tables are not automatically packed, so we must not treat them as such. Therefore we guard the foreach appropriately.
Fix GH-15901: phpdbg: Assertion failure on `i funcs` New hash tables are not automatically packed, so we must not treat them as such. Therefore we guard the foreach appropriately. Closes GH-15929.
show more ...
|