[pull] master from php:master#690
Merged
pull[bot] merged 18 commits intoConnectionMaster:masterfrom Apr 20, 2026
Merged
Conversation
* fix compiling (intl) C++ extensions --with-toolset=clang
* guard the double extern "C" { ... } for clang-only
* don't error on warnings with clang
* enable compiler intrinsics for clang too
* make --enable-compiler-intrinsics=no same as disabled
* add clang windows x64 ZTS test
* remove check if it's clang
* debloat logs from common warning
* @shivammathur feedback
* remove CI changes
* rebase on #21630
* fix default to asan => false
* bring back explicit error
* fix typo
When session.cookie_lifetime was set to a value larger than maxcookie, OnUpdateCookieLifetime returned SUCCESS without updating the internal long value, causing ini_get() string and PS(cookie_lifetime) to go out of sync. We now properly parse the string value of the ini setting and fail when it is not an integer string or is not within the expected range.
phar_intercept_functions_init hooks 22 built-in functions via PHAR_INTERCEPT. phar_intercept_functions_shutdown restores all of them via PHAR_RELEASE except is_link, which was simply missing from the list. On MSHUTDOWN the is_link entry in CG(function_table) retains the phar intercept handler. In a persistent SAPI, if the module is reloaded, the second MINIT saves PHP_FN(phar_is_link) as orig_is_link, and any subsequent is_link() call recurses infinitely. Closes GH-21800
In the CGI/FastCGI branch of webPhar(), sapi_getenv("SCRIPT_NAME") can return NULL when the upstream server doesn't forward SCRIPT_NAME in the FastCGI params block. The return value was passed directly to strstr() without a NULL check, causing a segfault.
Add a NULL guard that jumps to the finish: label, which is already used for the "SCRIPT_NAME doesn't match the phar basename" case. The fix matches the intent of the existing strstr check and requires no new cleanup.
Closes GH-21797
Closes GH-21802
Phar::offsetGet() calls phar_get_entry_info_dir with allow_dir=1, which may return a heap-allocated temporary directory entry (is_temp_dir=1) for paths that resolve to a virtual directory in the manifest. Three early-exit paths for .phar/stub.php, .phar/alias.txt, and the generic .phar/* prefix all called RETURN_THROWS() before the is_temp_dir cleanup block, leaking the entry and its filename buffer on every rejection. Move the is_temp_dir cleanup before the .phar/* guards so all exit paths release the temporary entry regardless of which rejection fires. Closes GH-21798
…r paths phar_add_file opens or creates an entry via phar_get_or_create_entry_data_rw, which increments the entry's reference count and must be balanced by a phar_entry_delref call. Two error paths inside the content-write block jumped to finish: with goto, skipping the phar_entry_delref at line 3714. The finish: label comes after the delref, so both paths leaked the entry reference. Add phar_entry_delref(data) before each goto finish in the short-write and missing-resource branches. Closes GH-21798 Closes GH-21803
phar_stream_close called phar_stream_flush but discarded its int return value, always returning 0 from the stream close operation. On a write- modified phar entry, a flush failure (e.g. disk full during archive commit) was silently ignored. Capture the flush result and return it so the stream layer gets an accurate close status. Closes GH-21799 Closes GH-21804
* PHP-8.4: Update NEWS for recent bug fixes ext/phar: Fix memory leak in phar_verify_signature() when md_ctx is invalid phar: propagate phar_stream_flush return value from phar_stream_close phar: call phar_entry_delref before goto finish in phar_add_file error paths phar: free is_temp_dir entry before rejecting .phar/* paths in offsetGet phar: fix NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent phar: restore is_link handler in phar_intercept_functions_shutdown
* PHP-8.5: Update NEWS for recent bug fixes ext/phar: Fix memory leak in phar_verify_signature() when md_ctx is invalid phar: propagate phar_stream_flush return value from phar_stream_close phar: call phar_entry_delref before goto finish in phar_add_file error paths phar: free is_temp_dir entry before rejecting .phar/* paths in offsetGet phar: fix NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent phar: restore is_link handler in phar_intercept_functions_shutdown
* PHP-8.2: [skip ci] Backport CI changes
* PHP-8.3: [skip ci] Backport CI changes
* PHP-8.4: [skip ci] Backport CI changes
* PHP-8.5: [skip ci] Backport CI changes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )