sync #27
Merged
sync #27
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fixes segfault becuse of UAF in ext/standard/tests/gh14643_longname.phpt
* PHP-8.4: Cleanup SSA(s) in case of fatal error during tracing JIT
We need to emit the EXT_STMT opcode before we compile the call, so that we
attach the line number of where the right hand pipe operator starts.
We also do not need to reset the line number anymore.
The following code shows where these EXT_STMTs are introduced.
```
<?php
/* EXT_STMT */ $myString = "<Hello World>";
$result = /* EXT_STMT */ $myString
|> /* EXT_STMT(!0:$myString) */ \htmlentities(...)
|>
/* EXT_STMT($4) */ \str_split(...)
|> /* EXT_STMT($6) */ (fn($x) => array_map(strtoupper(...), $x))
|> /* EXT_STMT($9) */ (fn($x) => join( ', ', $x));
/* EXT_STMT */ echo $result, /* EXT_STMT */ "\n";
```
…rnal_encoding()` in tests (#19663) Moves the usage of `mb_internal_encoding()` to INI section for the tests not testing the encoding/function itself, but the other mbstring/iconv functions.
If (brake->type+1) exeeds 30, we have undefined behavior and won't actually remove the relevant bit. See GH-19633
* PHP-8.3: Fix date_sunrise() and date_sunset() with partial-hour UTC offset
* PHP-8.4: Fix date_sunrise() and date_sunset() with partial-hour UTC offset
* PHP-8.3: Fix RC assertion in fpm when php_admin_value setting fails
* PHP-8.4: Fix RC assertion in fpm when php_admin_value setting fails
* PHP-8.3: Stale array iterator pointer
* PHP-8.4: Stale array iterator pointer
This code is very similar to code on PHP 8.4 and higher, but the mitigation is extended to entity references and to attribute children. Closes GH-19620.
* PHP-8.3: Fix GH-19612: Mitigate libxml2 tree dictionary bug
* PHP-8.4: Fix GH-19612: Mitigate libxml2 tree dictionary bug
Don't require `@var` with a type when the type can be inferred from a literal value in the stub file.
The canonical way to do this is via `get_constructor` as `create_object` may not return NULL.
Range analysis may fail to converge (the process hangs) when the transfer function zend_inference_calc_range produces a smaller range. Fix by ensuring that the widening operator zend_inference_widening_meet allows only widening. This matches the inference rules in figure 13 of the paper. Fixes GH-19679 Closes GH-19683
* PHP-8.3: Ensure that type widening converges
* PHP-8.4: Ensure that type widening converges
* fpm: Improve the error message when FPM is running as root Co-authored-by: Jakub Zelenka <bukka@php.net> * fpm: Disable `TEST_FPM_RUN_AS_ROOT` for proc-user-not-set-when-root.phpt --------- Co-authored-by: Jakub Zelenka <bukka@php.net>
…auses heap corruption Use the PHP_STREAM_FLAG_NO_FCLOSE flag to prevent closing a stream while a handler is running. We already do this in some other places as well. Only handlers that do something with the stream afterwards need changes. Closes GH-18797.
* PHP-8.4: Fix GH-19653: Closure named argument unpacking between temporary closures can cause a crash
…ching backtrace (#19842)
* zend_hash: Assert that the `interned` parameter is not a lie While investigating #19842 I was wondering why non-interned string didn't cause troubles, until I realized it was the value instead of the key. Nevertheless it appears useful to check that the key is actually interned as claimed by the caller to prevent hard-to-find bugs. * zend_hash: Rename `interned` parameter name to `key_guaranteed_interned`
* PHP-8.3: Fix incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array
* PHP-8.4: Fix incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array
php_request_shutdown() may also bail. E.g. GH-19844.
This introduces new SAPI callback that runs before post read Closes GH-19333
Don't access fbc->op_array.refcount on internal function. Don't attempt to cache ZEND_ACC_USER_ARG_INFO at all, which is only used in zend_get_closure_invoke_method(). This may reuse arg_info from a temporary closure, and hence caching would also be unsafe. Also avoid populating the cache slot for variadic parameters, where the ZEND_ACC_USER_ARG_INFO is set for the same reason. Closes GH-19856
* PHP-8.3: Fix use-of-uninitialized-value in zend_get_arg_offset_by_name()
* PHP-8.4: Fix use-of-uninitialized-value in zend_get_arg_offset_by_name()
This prevents the implementations from going out of sync, causing bugs like #19813.
* uri: Add `UriError` * uri: Throw `UriError` for unexpected failures in uri_parser_rfc3986 This is a follow-up for #19779 which updated the error *messages* for the non-syntax errors, but did not update the exception class, still implying it's related to invalid URIs. Given that we don't know ourselves if these are reachable in practice, they are cannot be meaningfully handled by a user of PHP. Thus this should be a `Error` according to our exception policy. * uri: Throw `UriError` when unable to recompose URIs * uri: Throw `UriError` when unable to read component * NEWS
Fixes #19823 and makes the deprecation more reliable by triggering even when `$_SERVER` is not accessed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.