Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
  Handle exceptions from __toString in XXH3's initialization
  Fix phpdbg segmentation fault in case of malformed input

NEWS

@@ -23,6 +23,9 @@ PHP                                                                        NEWS
   . Fixed bug #67244 (Wrong owner:group for listening unix socket).
     (Jakub Zelenka)
 
+- Hash:
+  . Handle exceptions from __toString in XXH3's initialization (nielsdos)
+
 - LDAP:
   . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
     (cmb)
@@ -40,6 +43,7 @@ PHP                                                                        NEWS
   . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
   . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
   . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
+  . Fix phpdbg segmentation fault in case of malformed input (nielsdos)
 
 - Posix:
   . Fix memory leak in posix_ttyname() (girgias)

ext/hash/hash_xxhash.c

@@ -174,7 +174,9 @@ zend_always_inline static void _PHP_XXH3_Init(PHP_XXH3_64_CTX *ctx, HashTable *a
 			func_init_seed(&ctx->s, (XXH64_hash_t)Z_LVAL_P(_seed));
 			return;
 		} else if (_secret) {
-			convert_to_string(_secret);
+			if (!try_convert_to_string(_secret)) {
+				return;
+			}
 			size_t len = Z_STRLEN_P(_secret);
 			if (len < PHP_XXH3_SECRET_SIZE_MIN) {
 				zend_throw_error(NULL, "%s: Secret length must be >= %u bytes, %zu bytes passed", algo_name, XXH3_SECRET_SIZE_MIN, len);

ext/hash/tests/xxhash_secret.phpt

@@ -3,6 +3,13 @@ Hash: xxHash secret
 --FILE--
 <?php
 
+class StringableThrowingClass {
+    public function __toString(): string {
+        throw new Exception('exception in __toString');
+        return '';
+    }
+}
+
 foreach (["xxh3", "xxh128"] as $a) {
 
 	//$secret = random_bytes(256);
@@ -14,6 +21,12 @@ foreach (["xxh3", "xxh128"] as $a) {
 		var_dump($e->getMessage());
 	}
 
+	try {
+		$ctx = hash_init($a, options: ["secret" => new StringableThrowingClass()]);
+	} catch (Throwable $e) {
+		var_dump($e->getMessage());
+	}
+
 	try {
 		$ctx = hash_init($a, options: ["secret" => str_repeat('a', 17)]);
 	} catch (Throwable $e) {
@@ -35,8 +48,10 @@ foreach (["xxh3", "xxh128"] as $a) {
 ?>
 --EXPECT--
 string(67) "xxh3: Only one of seed or secret is to be passed for initialization"
+string(23) "exception in __toString"
 string(57) "xxh3: Secret length must be >= 136 bytes, 17 bytes passed"
 8028aa834c03557a == 8028aa834c03557a == true
 string(69) "xxh128: Only one of seed or secret is to be passed for initialization"
+string(23) "exception in __toString"
 string(59) "xxh128: Secret length must be >= 136 bytes, 17 bytes passed"
 54279097795e7218093a05d4d781cbb9 == 54279097795e7218093a05d4d781cbb9 == true

sapi/phpdbg/phpdbg_utils.c

@@ -466,6 +466,9 @@ PHPDBG_API int phpdbg_parse_variable_with_arg(char *input, size_t len, HashTable
 				case ']':
 					break;
 				case '>':
+					if (!last_index) {
+						goto error;
+					}
 					if (last_index[index_len - 1] == '-') {
 						new_index = 1;
 						index_len--;

sapi/phpdbg/tests/watch_007.phpt

@@ -0,0 +1,25 @@
+--TEST--
+Test malformed watchpoint name
+--INI--
+opcache.optimization_level=0
+--PHPDBG--
+b test
+r
+w $>
+q
+--EXPECTF--
+[Successful compilation of %s]
+prompt> [Breakpoint #0 added at test]
+prompt> [Breakpoint #0 in test() at %s:%d, hits: 1]
+>00004: }
+ 00005: test();
+ 00006: $a = 2;
+prompt> [Malformed input]
+prompt>
+--FILE--
+<?php
+$a = 1;
+function test() {
+}
+test();
+$a = 2;