From 9e52d1698a78a7ec4f788c099c79ce642b6aed1e Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 30 Mar 2025 20:26:57 +0200 Subject: [PATCH 1/7] Use specialised functions in SplFixedArray dimension handlers This is more efficient than manually dealing with a garbage copy. --- ext/spl/spl_fixedarray.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c index 99e6983b0ffc0..06b92057fd495 100644 --- a/ext/spl/spl_fixedarray.c +++ b/ext/spl/spl_fixedarray.c @@ -377,7 +377,7 @@ static zval *spl_fixedarray_object_read_dimension_helper(spl_fixedarray_object * { /* we have to return NULL on error here to avoid memleak because of * ZE duplicating uninitialized_zval_ptr */ - if (!offset) { + if (UNEXPECTED(!offset)) { zend_throw_error(NULL, "[] operator not supported for SplFixedArray"); return NULL; } @@ -422,7 +422,7 @@ static zval *spl_fixedarray_object_read_dimension(zend_object *object, zval *off static void spl_fixedarray_object_write_dimension_helper(spl_fixedarray_object *intern, zval *offset, zval *value) { - if (!offset) { + if (UNEXPECTED(!offset)) { /* '$array[] = value' syntax is not supported */ zend_throw_error(NULL, "[] operator not supported for SplFixedArray"); return; @@ -438,10 +438,10 @@ static void spl_fixedarray_object_write_dimension_helper(spl_fixedarray_object * } else { /* Fix #81429 */ zval *ptr = &(intern->array.elements[index]); - zval tmp; - ZVAL_COPY_VALUE(&tmp, ptr); - ZVAL_COPY_DEREF(ptr, value); - zval_ptr_dtor(&tmp); + /* This should be guaranteed by the VM handler or argument parsing. */ + ZEND_ASSERT(Z_TYPE_P(value) != IS_REFERENCE); + Z_TRY_ADDREF_P(value); + zend_safe_assign_to_variable_noref(ptr, value); } } @@ -472,10 +472,9 @@ static void spl_fixedarray_object_unset_dimension_helper(spl_fixedarray_object * if (UNEXPECTED(index >= intern->array.size)) { zend_throw_exception(spl_ce_OutOfBoundsException, "Index invalid or out of range", 0); } else { - zval garbage; - ZVAL_COPY_VALUE(&garbage, &intern->array.elements[index]); - ZVAL_NULL(&intern->array.elements[index]); - zval_ptr_dtor(&garbage); + zval null = {0}; + ZVAL_NULL(&null); + zend_safe_assign_to_variable_noref(&intern->array.elements[index], &null); } } From d20e3e6cb108a11c62f939538369c262e2a51535 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 30 Mar 2025 20:49:13 +0200 Subject: [PATCH 2/7] Simplify handling of inheritance in SplFixedArray After the loop, `parent` will for sure be ce_SplFixedArray, and inherited will be true; for inherited cases. --- ext/spl/spl_fixedarray.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c index 06b92057fd495..dc32045ba0ff9 100644 --- a/ext/spl/spl_fixedarray.c +++ b/ext/spl/spl_fixedarray.c @@ -278,7 +278,6 @@ static zend_object *spl_fixedarray_object_new_ex(zend_class_entry *class_type, z { spl_fixedarray_object *intern; zend_class_entry *parent = class_type; - bool inherited = false; intern = zend_object_alloc(sizeof(spl_fixedarray_object), parent); @@ -290,21 +289,10 @@ static zend_object *spl_fixedarray_object_new_ex(zend_class_entry *class_type, z spl_fixedarray_copy_ctor(&intern->array, &other->array); } - while (parent) { - if (parent == spl_ce_SplFixedArray) { - break; - } - - parent = parent->parent; - inherited = true; - } - - ZEND_ASSERT(parent); - - if (UNEXPECTED(inherited)) { + if (UNEXPECTED(class_type != spl_ce_SplFixedArray)) { /* Find count() method */ zend_function *fptr_count = zend_hash_find_ptr(&class_type->function_table, ZSTR_KNOWN(ZEND_STR_COUNT)); - if (fptr_count->common.scope == parent) { + if (fptr_count->common.scope == spl_ce_SplFixedArray) { fptr_count = NULL; } intern->fptr_count = fptr_count; From 355700c9044460967a5974e3b81643588eb9b84d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Vo=C5=99=C3=AD=C5=A1ek?= Date: Wed, 26 Mar 2025 12:17:48 +0100 Subject: [PATCH 3/7] Remove PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options This option is semi-deprecated [1] and shouldn't influence much anyway. The anticipated BC break is low. [1] https://github.com/PCRE2Project/pcre2/issues/736#issuecomment-2753974366 [2] https://github.com/PCRE2Project/pcre2/issues/736#issuecomment-2754110610 Closes GH-18150. --- NEWS | 2 ++ UPGRADING | 5 +++++ ext/pcre/php_pcre.c | 11 +---------- ext/pcre/tests/bug70345.phpt | 11 ++++++++--- ext/pcre/tests/bug70345_old.phpt | 26 ++++++++++++++++++++++++++ 5 files changed, 42 insertions(+), 13 deletions(-) create mode 100644 ext/pcre/tests/bug70345_old.phpt diff --git a/NEWS b/NEWS index dc91f999fb15e..14667511d6651 100644 --- a/NEWS +++ b/NEWS @@ -96,6 +96,8 @@ PHP NEWS - PCRE: . Upgraded to pre2lib from 10.44 to 10.45. (nielsdos) + . Remove PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK from pcre compile options. + (mvorisek) - PDO_PGSQL: . Added Iterable support for PDO::pgsqlCopyFromArray. (KentarouTakeda) diff --git a/UPGRADING b/UPGRADING index 1a525f22f4411..542513a16402b 100644 --- a/UPGRADING +++ b/UPGRADING @@ -59,6 +59,11 @@ PHP 8.5 UPGRADE NOTES . pcntl_exec() now throws ValueErrors when entries or keys of the $env_vars parameter contain null bytes. +- PCRE: + . The extension is compiled without semi-deprecated + PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK compile option. + https://github.com/PCRE2Project/pcre2/issues/736#issuecomment-2754024651 + - PDO: . The constructor arguments set in conjunction with PDO::FETCH_CLASS now follow the usual CUFA (call_user_func_array) semantics. diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index a2a577a6745a0..8e0fb2cce5f9b 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -199,13 +199,6 @@ static void php_pcre_efree(void *block, void *data) efree(block); } -#ifdef PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK - /* pcre 10.38 needs PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK, disabled by default */ -#define PHP_PCRE_DEFAULT_EXTRA_COPTIONS PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK -#else -#define PHP_PCRE_DEFAULT_EXTRA_COPTIONS 0 -#endif - #define PHP_PCRE_PREALLOC_MDATA_SIZE 32 static void php_pcre_init_pcre2(uint8_t jit) @@ -226,8 +219,6 @@ static void php_pcre_init_pcre2(uint8_t jit) } } - pcre2_set_compile_extra_options(cctx, PHP_PCRE_DEFAULT_EXTRA_COPTIONS); - if (!mctx) { mctx = pcre2_match_context_create(gctx); if (!mctx) { @@ -590,7 +581,7 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache_ex(zend_string *regex, bo #else uint32_t coptions = 0; #endif - uint32_t eoptions = PHP_PCRE_DEFAULT_EXTRA_COPTIONS; + uint32_t eoptions = 0; PCRE2_UCHAR error[128]; PCRE2_SIZE erroffset; int errnumber; diff --git a/ext/pcre/tests/bug70345.phpt b/ext/pcre/tests/bug70345.phpt index 42d4f8b12e265..bdfa2041fc08a 100644 --- a/ext/pcre/tests/bug70345.phpt +++ b/ext/pcre/tests/bug70345.phpt @@ -1,5 +1,10 @@ --TEST-- Bug #70345 (Multiple vulnerabilities related to PCRE functions) +--SKIPIF-- + --EXPECTF-- +Warning: preg_split(): Compilation failed: \K is not allowed in lookarounds (but see PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK) at offset 9 in %s on line %d bool(false) -Warning: preg_match(): Get subpatterns list failed in %s on line %d -array(0) { -} +Warning: preg_match(): Compilation failed: \K is not allowed in lookarounds (but see PCRE2_EXTRA_ALLOW_LOOKAROUND_BSK) at offset 12 in %s on line %d +NULL diff --git a/ext/pcre/tests/bug70345_old.phpt b/ext/pcre/tests/bug70345_old.phpt new file mode 100644 index 0000000000000..ea455a59330d4 --- /dev/null +++ b/ext/pcre/tests/bug70345_old.phpt @@ -0,0 +1,26 @@ +--TEST-- +Bug #70345 (Multiple vulnerabilities related to PCRE functions) +--SKIPIF-- += 38) { + die("skip new pcre version"); +} +--FILE-- + +--EXPECTF-- +bool(false) + +Warning: preg_match(): Get subpatterns list failed in %s on line %d +array(0) { +} From aa7c8a9de0ce54bd0d8479b3d64e805843022237 Mon Sep 17 00:00:00 2001 From: William Varmus <0@willvar.tw> Date: Sat, 29 Mar 2025 18:46:08 +0800 Subject: [PATCH 4/7] Address deprecated PHP 8.4 session options to prevent test failures Closes GH-18179. --- NEWS | 4 ++++ build/Makefile.global | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 980cf89ce3bd6..6b344f641681e 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,10 @@ PHP NEWS . Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()). (Jakub Zelenka) +- Tests: + . Address deprecated PHP 8.4 session options to prevent test failures. + (willvar) + 10 Apr 2025, PHP 8.4.6 - BCMath: diff --git a/build/Makefile.global b/build/Makefile.global index d5170ebcae4ac..52a629c048a22 100644 --- a/build/Makefile.global +++ b/build/Makefile.global @@ -89,7 +89,7 @@ PHP_TEST_SHARED_EXTENSIONS = ` \ . $$i; $(top_srcdir)/build/shtool echo -n -- " -d zend_extension=$(top_builddir)/modules/$$dlname"; \ done; \ fi` -PHP_DEPRECATED_DIRECTIVES_REGEX = '^(magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?)[\t\ ]*=' +PHP_DEPRECATED_DIRECTIVES_REGEX = '^(magic_quotes_(gpc|runtime|sybase)?|(zend_)?extension(_debug)?(_ts)?|session\.sid_(length|bits_per_character))[\t\ ]*=' test: all @if test ! -z "$(PHP_EXECUTABLE)" && test -x "$(PHP_EXECUTABLE)"; then \ From ce3d1cd5cb93e855c6527a475e8e2397fa8cd8cb Mon Sep 17 00:00:00 2001 From: DanielEScherzer Date: Mon, 31 Mar 2025 11:15:26 -0700 Subject: [PATCH 5/7] Fix typo in `ReflectionParameter::getName()` description [skip ci] --- ext/reflection/php_reflection.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c index 5fc4bd6b643b5..b53b7b97c9bc9 100644 --- a/ext/reflection/php_reflection.c +++ b/ext/reflection/php_reflection.c @@ -2671,7 +2671,7 @@ ZEND_METHOD(ReflectionParameter, __toString) /* }}} */ -/* {{{ Returns this parameters's name */ +/* {{{ Returns this parameter's name */ ZEND_METHOD(ReflectionParameter, getName) { reflection_object *intern; From a6aacd851b022d46d96110f43072685bacdc5efb Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Fri, 28 Mar 2025 14:30:38 +0100 Subject: [PATCH 6/7] Remove static __invoke() handling in zend_std_get_closure() Static __invoke() is disallowed since PHP 8.0. Closes GH-18171 --- Zend/zend_object_handlers.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c index 076d2b8bbc2dd..5faa7285763ad 100644 --- a/Zend/zend_object_handlers.c +++ b/Zend/zend_object_handlers.c @@ -2451,17 +2451,9 @@ ZEND_API zend_result zend_std_get_closure(zend_object *obj, zend_class_entry **c return FAILURE; } *fptr_ptr = Z_FUNC_P(func); - *ce_ptr = ce; - if ((*fptr_ptr)->common.fn_flags & ZEND_ACC_STATIC) { - if (obj_ptr) { - *obj_ptr = NULL; - } - } else { - if (obj_ptr) { - *obj_ptr = obj; - } - } + *obj_ptr = obj; + return SUCCESS; } /* }}} */ From 13d51f895b44c866858ee31f200f2619f99c731d Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Mon, 31 Mar 2025 23:05:07 +0200 Subject: [PATCH 7/7] Add missing EXTENSIONS section to intl test [ci skip] --- ext/intl/tests/dateformat_format_references.phpt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/intl/tests/dateformat_format_references.phpt b/ext/intl/tests/dateformat_format_references.phpt index da1a52955f121..576d901edeb82 100644 --- a/ext/intl/tests/dateformat_format_references.phpt +++ b/ext/intl/tests/dateformat_format_references.phpt @@ -1,5 +1,7 @@ --TEST-- Fix dateformat_format() with array argument with values as references. +--EXTENSIONS-- +intl --SKIPIF--