merge #2
Merged
merge #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is a deeper underlying issue here, in that the opcodes violate VM write-fetch safety, but let's fix the infinite loop first. This fixes oss-fuzz #25352.
* PHP-7.3: Fix infinite loop on string offset during by-ref list assign
* PHP-7.4: Fix infinite loop on string offset during by-ref list assign
Shift the responsibility for emitting MAKE_REF to the list assignment code, to make sure that LIST_W and MAKE_REF are directly adjacent, and there are no opcodes in between that could modify the LIST_W result. Additionally, adjust the zend_wrong_string_offset() code to not perform a loop over opcodes and assert that the next opcode is a relevant one. The VM write-safety model requires this. This is a followup to a07c1f5 and the full fix for oss-fuzz #25352.
Use the general zend_generator_throw_exception() helper for this. Otherwise we don't handle the off-by-one opline correctly (should we maybe just stop doing that?) This is a followup to ad750c3, which fixed a different yield from exception handling problem that happened to show up in the same test case from oss-fuzz #25321. Now both issues should be fixed.
* PHP-7.3: Fix throwing of yield from related exceptions into generator
* PHP-7.4: Fix throwing of yield from related exceptions into generator
Based on: "Fast CRC Computation for Generic Polynomials Using PCLMULQDQ Instruction" V. Gopal, E. Ozturk, et al., 2009, http://intel.ly/2ySEwL0 Signed-off-by: Frank Du <frank.du@intel.com> Closes GH-6018
php_parse_url() is intended to support strings that are not zero terminated. We can't use strcspn in the implementation. As we have two uses of strcspn, add a helper.
* PHP-7.3: Fix binary-safety of parse_url
* PHP-7.4: Fix binary-safety of parse_url
Add pfsockopen and stream_socket_server.
This reverts commit 1d84a58. Signed-off-by: Anatol Belski <ab@php.net>
Man, I can be pedantic sometimes. Tiny little things like misspelled words just hurt me inside. So while it's not really a big deal, I couldn't leave these typos alone...
[ci skip] Signed-off-by: Anatol Belski <ab@php.net>
Do not decrement the refcount before allocating the new string, as the allocation operation may bail out and cause a use-after-free lateron. We can only decrement the refcount once the allocation has succeeded. Fixes oss-fuzz #25384.
Only enable it for cron builds. We don't need to run exotic architectures on every commit and PR. Closes GH-6076.
Looks like pgsql on i386 broke even more.
* PHP-7.4: Fix azure i386 build
PHP treats `#ini_setting=value` as a call to
`ini_set('ini_setting', 'value')`,
and silently skips undeclared settings.
This is a problem due to `#[` becoming supported attribute syntax:
- `#[Attr] const X = 123;` (this is not a valid place to put an attribute)
This does not create a constant.
- `#[Attr] function test($x=false){}` also contains `=`.
This does not create a function.
Instead, only treat lines starting with `#` as a special case
when the next character isn't `[`
Closes GH-6085
`php -a` treats lines starting with `#` as comments when deciding if
the provided statement is valid.
So it passed `#[MyAttr]` to the parser after the user hits enter,
causing a syntax error for multi-line statements..
With this patch, the following snippet is parsed correctly
```
php > #[Attr]
php > function x() { }
php > var_export((new ReflectionFunction('x'))->getAttributes()[0]->getName());
'Attr'
```
Followup to GH-6085
Closes GH-6086
More straightforward approach to get the path of the current PHP process. Closes GH-6082.
A recurring pattern in old extension: Putting the whole source code behind HAVE_EXTNAME. This is pointless, as the code is only compiled if the extension is enabled. This removes a couple of them, but not all.
To allow exporting the php_curl.h header containing curl class entries, split off a separate curl_private.h header with all the implementation details. We may move or expose additional APIs in php_curl.h on an as-needed basis.
While we limit the size of the main compilation input, the size of eval inputs was not limited. This could result in stack overflows, e.g. oss-fuzz #25464.
Create a separate general context that uses ZMM as allocator and use it to allocate temporary PCRE match data (there is still one global match data). There is no requirement that the match data and the compiled regex / match context use the same general context. This makes sure that we do not leak persistent memory on bailout and fixes oss-fuzz #25296, on which half the libfuzzer runs currently get stuck.
crypt() without salt generates a weak $1$ MD5 hash. It has been throwing a notice since 2013 and we provide a much better alternative in password_hash() (which can auto-generate salts for strong password hashes), so keeping this is just a liability.
* PHP-7.4: Don't leave behind temporary file in bug70362.phpt
Noticed this because we leak those properties in GC. This was never intended to be allowed.
We only have 4 Zend test cases > 8k. Large inputs tend to just make things slower.
Otherwise the assignment will have the same number as the default arm which will 1. mis-trigger a breakpoint and 2. mark the line as covered even when it isn't. Closes GH-6083
chopins
pushed a commit
that referenced
this pull request
May 5, 2023
…#10533) Commit a211956 added a TSRM destructor, but that destructor will get called by tsrm_shutdown(), which is after opcache.so has already been unloaded, resulting in a shutdown crash, e.g.: #0 0x00007fad01737500 in ?? () #1 0x000055ac54e723c4 in tsrm_shutdown () at TSRM/TSRM.c:194 #2 0x000055ac54c42180 in main (argc=80, argv=0x55ac57bc14d0) at sapi/cli/php_cli.c:1388 By calling ts_free_id() before opcache.so gets unloaded, we can easily fix this crash bug.
chopins
pushed a commit
that referenced
this pull request
May 5, 2023
In PHP-2.0 and below we by mistake returned "obcect(FFI\CData:void)#2 (0) {}". We decided not to fix this in PHP-2.0 and below to aboid BC breaks.
chopins
pushed a commit
that referenced
this pull request
May 5, 2023
In PHP-8.2 and below we by mistake returned "object(FFI\CData:void)#2 (0) {}". We decided not to fix this in PHP-8.2 and below to avoid BC breaks.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.