Since these go through a file, this can fail.
For some of these, the error is already checked but not propagated to
userland, causing a "true" return value but an incomplete file.
For others, the error is not checked and can also lead to an incomplete
file.
Solve this by always propagating failure, especially as the other write
calls are already checked for failure.
Closes GH-21360.
When the JIT defers the IS_UNDEF check for FETCH_OBJ_R to the result
type guard, the deoptimization escape path dispatches to opline->handler
via the trace_escape stub. If opline->handler has been overwritten with
JIT code (e.g. a function entry trace), this creates an infinite loop.
Fix by dispatching to the original VM handler (orig_handler from the
trace extension) instead of going through the trace_escape stub. This
avoids the extra IS_UNDEF guard on every property read while correctly
handling the rare IS_UNDEF case during deoptimization.
Also set current_op_array in zend_jit_trace_exit_to_vm so that the
blacklisted exit deoptimizer can resolve orig_handler, covering the
case where side trace compilation is exhausted.
Closes GH-21368.
openssl_pkey_new() checks private_key_bits >= 384 before generating any
key. For EC, X25519, ED25519, X448, and ED448 the size is inherent to
the curve or algorithm, so this check doesn't apply and causes failures
when default_bits is missing from openssl.cnf (which is the case in
OpenSSL 3.6's default config).
Skip the minimum-bits check for key types that don't use private_key_bits.
Closes GH-21387.
Registering namespace after the parsing is too late because parsing can
fail due to attributes referencing namespaces.
So we have to register fake namespaces before the parsing.
However, the clone operation reconciles namespaces in the wrong way, so
we have to clone via an object.
Closes GH-21371.
Insert type guards (CHECK_OP1_TRACE_TYPE / CHECK_OP2_TRACE_TYPE) on the
sensitive bailout paths in ADD/SUB/MUL JIT compilation: the MAY_BE_UNDEF
and non-numeric operand breaks. Guards are only emitted when the traced
operand type is IS_LONG or IS_DOUBLE, ensuring TSSA result type
predictions stay valid for side traces without affecting the normal
numeric fast path.
Fixes GH-20838
Co-authored-by: Dmitry Stogov <dmitrystogov@gmail.com>
The cookie option parser uses a wrong offset to start scanning
attributes, causing cookie values containing substrings like
"path=" or "domain=" to be falsely matched as attributes.
close GH-21400
This path wasn't tested (clearly).
To trigger this we use FFI, which seemed like the easiest way that
doesn't involve using another process messing with the shared memory.
Closes GH-21388.
On AIX, NSIG is def'd as SIGMAX64+1, and SIGMAX64 itself is def'd as
255:
```
$ grep -Rw SIGMAX64 /QOpenSys/usr/include/
/QOpenSys/usr/include/sys/signal.h:#define SIGMAX64 255
/QOpenSys/usr/include/sys/signal.h:#define SIGMAX SIGMAX64
/QOpenSys/usr/include/sys/signal.h:#define NSIG64 (SIGMAX64+1)
```
...this causes an overflow when we set num_signals from the value of
NSIG, per GCC:
```
/rpmbuild/BUILD/php-8.5.3/ext/pcntl/pcntl.c:216:25: warning: large integer implicitly truncated to unsigned type [-Woverflow]
PCNTL_G(num_signals) = NSIG;
^~~~
```
...when we try to use pcntl to i.e. install a signal handler, we get an
error from pcntl:
```
Fatal error: Uncaught ValueError: pcntl_signal(): Argument #1 ($signal) must be less than 0 in phar:///QOpenSys/pkgs/bin/composer/vendor/seld/signal-handler/src/SignalHandler.php:491
```
The easiest way to deal with this silly AIX behaviour is to just promote
the storage size.
Fix `PQTRACE_SUPPRESS_TIMESTAMPS` guard misspelling in pgsql.stub.php.
The guard has been misspelled as `PQTRACE_SUPPPRESS_TIMESTAMPS`
(three P's) since 7ec8ae12c4, preventing the
`PGSQL_TRACE_SUPPRESS_TIMESTAMPS` constant from being registered.
close GH-21386
