#
02ee521e |
| 10-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16727: Opcache bad signal 139 crash in ZTS bookworm (frankenphp) Reproducer: https://github.com/php/php-src/issues/16727#issuecomment-2466256317 The root cause is a data race
Fix GH-16727: Opcache bad signal 139 crash in ZTS bookworm (frankenphp) Reproducer: https://github.com/php/php-src/issues/16727#issuecomment-2466256317 The root cause is a data race between two different threads: 1) We allocate a lower cased name for an anonymous class here: https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8109 2) This gets looked up as an interned string here: https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8112 Assuming that there are uppercase symbols in the string and therefore `lcname != name` and that `lcname` is not yet in the interned string table, the pointer value of `lcname` won't change. 3) Here we add the string into the interned string table: https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8223 However, in the meantime another thread could've added the string into the interned string table. This means that the following code will run, indirectly called via the `LITERAL_STR` macro, freeing `lcname`: https://github.com/php/php-src/blob/62e53e6f4965f37d379a3fd21f65a4210c5c86b5/ext/opcache/ZendAccelerator.c#L572-L575 4) In the reproducer we then access the freed `lcname` string here: https://github.com/php/php-src/blob/f97353f228e21dcc2db24d7edf08c1cb3678b0fd/Zend/zend_compile.c#L8229 This is solved in my patch by retrieving the interned string pointer and putting it in `lcname`. Closes GH-16748.
show more ...
|
#
e7891838 |
| 11-Nov-2024 |
Gina Peter Banyard |
ext/standard: Sync parameter names for fpow() to be identical to pow() Closes GH-16751
|
#
1b379f5e |
| 06-Nov-2024 |
Gina Peter Banyard |
ext/hash: Fix GH-16711: Segfault in mhash() Closes GH-16713
|
#
72c02229 |
| 04-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16695: phar:// tar parser and zero-length file header blocks There are two issues: 1) There's an off-by-one in the check for the minimum file size for a tar (i.e. `>` inste
Fix GH-16695: phar:// tar parser and zero-length file header blocks There are two issues: 1) There's an off-by-one in the check for the minimum file size for a tar (i.e. `>` instead of `>=`). 2) The loop in the tar parsing parses a header, and then unconditionally reads the next one. However, that doesn't necessarily exist. Instead, we remove the loop condition and check for the end of the file before reading the next header. Note that we can't use php_stream_eof as the flag may not be set yet when we're already at the end. Closes GH-16700.
show more ...
|
#
c0755463 |
| 07-Nov-2024 |
Hans Krentel (hakre) |
Fail early in *nix configuration build script Adding two exit early safeguards in the *nix configuration build script: 1) Given the initial cd into the build tree fails (the project
Fail early in *nix configuration build script Adding two exit early safeguards in the *nix configuration build script: 1) Given the initial cd into the build tree fails (the project root), the `buildconf` script exits with non-zero status (failure). 2) Given the grep command does not exist or `configure.ac` AC_INIT [1] expectations are unmet, the buildconf script exits non-zero. Additionally quoting the pathname to cd into and the empty CD_PATH parameter for portability, also for systems that are using a non-portable pathname [2] for the build tree. The initial CD safeguard has been applied to the `buildconf` and four more scripts: - build/genif.sh - scripts/dev/credits - scripts/dev/genfiles - scripts/dev/makedist Rationale: Cd-ing into the project root should always prematurely exit w/ FAILURE as a required precondition for its invocation has not been met. This should never go unnoticed as it always requires user intervention. Similar and more specifically to the PHP build on *nix systems, the grep command is required early to obtain the `php_extra_version` from configure.ac. Previously, if the grep command is missing (or failing due to not matching the line with the AC_INIT macro [1]), the internal dev parameter would always be zero (0) which can easily result in the situation that the configure script is not being rebuilt. This is cumbersome as the rebuild of a configure script is more likely required with checked-out dev versions under change rather than an already properly set-up build environment on a dedicated build or release system. Missing the fact that either the grep utility is missing or the expectation of having the AC_INIT macro in configure.ac is unmet should never go unnoticed as it always requires user intervention. [1]: https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Initializing-configure.html [2]: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_271 Closes GH-16717.
show more ...
|
#
3a1a205f |
| 08-Nov-2024 |
Christoph M. Becker |
Fix GH-16723: CURLMOPT_PUSHFUNCTION issues We copy the source handler's FCCs to those of the destination. We also fix the erroneous test assumption that the trampoline wouldn't
Fix GH-16723: CURLMOPT_PUSHFUNCTION issues We copy the source handler's FCCs to those of the destination. We also fix the erroneous test assumption that the trampoline wouldn't be called. Closes GH-16732.
show more ...
|
#
56bd0571 |
| 09-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
[ci skip] NEWS for ReflectionConstant additions
|
#
994e866c |
| 03-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix memory leak in php_openssl_pkey_from_zval() Closes GH-16691.
|
#
2f4f09f7 |
| 03-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix various memory leaks related to openssl exports Closes GH-16692.
|
#
ac8d0e57 |
| 03-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Prevent unexpected array entry conversion when reading key When passing an array, the key entry can get converted to a string if it is an object, but this actually modifies the original
Prevent unexpected array entry conversion when reading key When passing an array, the key entry can get converted to a string if it is an object, but this actually modifies the original array entry. The test originally outputted: ``` array(2) { [0]=> string(...) => ... [1]=> string(0) "" } ``` This is unexpected. Use zval_try_get_string() to prevent this behaviour. Closes GH-16693.
show more ...
|
#
a3b27c08 |
| 09-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Add Dom\Element::insertAdjacentHTML() (#16614)
|
#
73c4fa0e |
| 08-Nov-2024 |
Maximilian Bosch |
ext/soap: fix `make check` being invoked in `ext/soap` On NixOS we run `make` & `make check` inside `ext/soap` which broke the test like this: 001+ Fatal error: Uncaught Soa
ext/soap: fix `make check` being invoked in `ext/soap` On NixOS we run `make` & `make check` inside `ext/soap` which broke the test like this: 001+ Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'ext/soap/tests/gh15711.wsdl' : failed to load "ext/soap/tests/gh15711.wsdl": No such file or directory 002+ in /build/php-8.3.13/ext/soap/tests/gh15711.php:29 003+ Stack trace: 004+ #0 /build/php-8.3.13/ext/soap/tests/gh15711.php(29): SoapClient->__construct('ext/soap/tests/...', Array) 005+ #1 {main} 006+ thrown in /build/php-8.3.13/ext/soap/tests/gh15711.php on line 29 Fix is to make the path dependant on `__DIR__` as it's the case in other testcases including WSDLs. Closes GH-16733.
show more ...
|
#
27b4df42 |
| 08-Nov-2024 |
Jakub Zelenka |
Fix 8.4 NEWS file
|
#
065bde1e |
| 23-Oct-2024 |
Jakub Zelenka |
Fix GH-16432: PHP-FPM 8.2 SIGSEGV in fpm_get_status
|
#
e74e66e3 |
| 16-Sep-2024 |
David Carlier |
Fix oss-fuzz report triggered by GH-15712 commit. It triggered allocation overflow which, even fixed, in turn gives memory leak on 32 bits but the allocator relies on signed integers.
Fix oss-fuzz report triggered by GH-15712 commit. It triggered allocation overflow which, even fixed, in turn gives memory leak on 32 bits but the allocator relies on signed integers. close GH-15915
show more ...
|
#
40997c2c |
| 07-Nov-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16702
|
#
5c76ef78 |
| 04-Nov-2024 |
Christoph M. Becker |
Fix GH-10992: Improper long path support for relative paths Relative paths are passed to the ioutils APIs, these are not properly converted to long paths. If the path length already exc
Fix GH-10992: Improper long path support for relative paths Relative paths are passed to the ioutils APIs, these are not properly converted to long paths. If the path length already exceeds a given threshold (usually 259 characters, but only 247 for `mkdir()`), the long path prefix is prepended, resulting in an invalid path, since long paths have to be absolute. If the path length does not exceed that threshold, no conversion to a long path is done, although that may be necessary. Thus we take the path length of the current working directory into account when checking the threshold, and prepend it to the filename if necessary. Since this is only relevant for NTS builds, and using the current working directory of the process would be erroneous for ZTS builds, we skip the new code for ZTS builds. Closes GH-16687.
show more ...
|
#
96d1cd00 |
| 02-Nov-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16665: \array and \callable should not be usable This list was initially introduced in 53a40386, but never included array or callable. I suppose this is because int & friends are
Fix GH-16665: \array and \callable should not be usable This list was initially introduced in 53a40386, but never included array or callable. I suppose this is because int & friends are not actual tokens, while array and callable are. This means it was never possible to do class array, which is probably the reason this was overlooked. Closes GH-16683.
show more ...
|
#
fde053bb |
| 05-Oct-2024 |
David Carlier |
Fix GH-16235 jdtogregorian overflow close GH-16242
|
#
4d14325b |
| 05-Nov-2024 |
Saki Takamachi |
Added gc_handler to properly handle circular references. (#16703) closes #16703 Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
|
#
f5895792 |
| 05-Nov-2024 |
Pierrick Charron |
PHP-8.2 is now for PHP 8.2.27-dev
|
#
a94ead4b |
| 05-Nov-2024 |
Calvin Buckley |
[ci skip] Update NEWS for PHP 8.4.0RC4
|
#
a5f13782 |
| 05-Nov-2024 |
Máté Kocsis |
Fix GH-16314 "Pdo\Mysql object is uninitialized" when opening a persistent connection (#16369)
|
#
fd1dff98 |
| 04-Nov-2024 |
Saki Takamachi |
Fixed a bug where size_t underflows (#16696) fixes #16262 closes #16696
|
#
2fe7719a |
| 04-Nov-2024 |
Saki Takamachi |
Added early return case when result is 0 (#16697) fixes #16265 closes #16697
|