Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Fix GH-10187: Segfault in stripslashes() with arm64
  Fix memory leak in posix_ttyname()

Author: Girgias

NEWS

@@ -23,6 +23,12 @@ PHP                                                                        NEWS
   . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
   . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
 
+- Posix:
+  . Fix memory leak in posix_ttyname() (girgias)
+
+- Standard:
+  . Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos)
+
 05 Jan 2023, PHP 8.2.1
 
 - Core:

ext/posix/posix.c

@@ -474,15 +474,15 @@ PHP_FUNCTION(posix_ttyname)
 		efree(p);
 		RETURN_FALSE;
 	}
-	RETURN_STRING(p);
+	RETVAL_STRING(p);
 	efree(p);
 #else
 	if (NULL == (p = ttyname(fd))) {
 		POSIX_G(last_error) = errno;
 		RETURN_FALSE;
 	}
-#endif
 	RETURN_STRING(p);
+#endif
 }
 /* }}} */
 

ext/standard/string.c

@@ -3990,19 +3990,23 @@ static zend_always_inline char *php_stripslashes_impl(const char *str, char *out
 		quad_word q;
 		vst1q_u8(q.mem, vceqq_u8(x, vdupq_n_u8('\\')));
 		if (q.dw[0] | q.dw[1]) {
-			int i = 0;
-			for (; i < 16; i++) {
+			unsigned int i = 0;
+			while (i < 16) {
 				if (q.mem[i] == 0) {
 					*out++ = str[i];
+					i++;
 					continue;
 				}
 
 				i++;			/* skip the slash */
-				char s = str[i];
-				if (s == '0')
-					*out++ = '\0';
-				else
-					*out++ = s;	/* preserve the next character */
+				if (i < len) {
+					char s = str[i];
+					if (s == '0')
+						*out++ = '\0';
+					else
+						*out++ = s;	/* preserve the next character */
+					i++;
+				}
 			}
 			str += i;
 			len -= i;

ext/standard/tests/strings/gh10187.phpt

@@ -0,0 +1,8 @@
+--TEST--
+GH-10187 (Segfault in stripslashes() with arm64)
+--FILE--
+<?php
+var_dump(stripslashes("1234567890abcde\\"));
+?>
+--EXPECT--
+string(15) "1234567890abcde"