* PHP-8.5:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.4:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.3:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.2:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.1:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
The arg_info member of zend_function is now always a zend_arg_info*. Before,
it was a zend_internal_arg_info* on internal functions, unless the
ZEND_ACC_USER_ARG_INFO flag was set.
Closes GH-19022
This is an alias for zval_ptr_dtor_nogc().
I've seen people make mistakes against this and use zval_dtor() instead
of zval_ptr_dtor(). The crucial detail here is that the former won't
root possible GC cycles while the latter will.
We can avoid the confusion by just retiring this compatibility macro.
Closes GH-20235.
From what I see the incorrect scope is not observable in any other way. The
mixin methods are completely invisible to Reflection and a SQLite function
referring to a private method is still properly called as before.
Fixesphp/php-src#20095.
* tree-wide: Replace `zval_is_true()` by `zend_is_true()`
The former is a direct alias of the latter which is much more often used.
* zend_operators: Remove `zval_is_true()`
* Reduce code bloat in arginfo by using specialised string releases
Comparing this patch to master (c7da728574),
with a plain configure command without any options:
```
text data bss dec hex filename
20683738 1592400 137712 22413850 156021a sapi/cli/php
20688522 1592400 137712 22418634 15614ca sapi/cli/php_old
```
We see a minor reduction of 0.023% in code size.
* Also use true for the other initialization line
* Also use specialized code for consts
This is in preparation for the possible future transformation of `clone` into a
function call, but also meaningful on its own, since the purpose of the tests
is not to test the stack trace generation, but rather that an exception was
thrown. It also cleans up some unreachable code in the tests.
Introducing a new attribute macro in lower branches is an ABI break and
not allowed. However, we still need to fix the warnings such that
-Werror builds don't break. So we copy the macro from the master branch
to the C files in the appropriate places.
Starting with gcc 15 the warning `-Wunterminated-string-initialization`
is enabled by default. We make now use of the `nonstring` attribute to
silence the warning for the cases where this is intended.
Closes GH-18603.
* PHP-8.4:
Fix GH-18309: ipv6 filter integer overflow
Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
* PHP-8.3:
Fix GH-18309: ipv6 filter integer overflow
Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
For dynamic fetches the cache_slot will be NULL, so we have to check for
that when resetting the cache. For zip and xmlreader this couldn't
easily be tested because of a lack of writable properties.
Closes GH-18307.
This should call zend_object_std_dtor() to clean the property table etc.
This also has a semantic influence because previously weak refs were not
notified for example.
This fixes the final issue in GH-18114 (the crash was master-only and
fixed already).
Closes GH-18114.
Closes GH-18123.
Since 0537968, the properties are no longer initialized.
So we call object_properties_init to handle that correctly.
Lower branches have a memory leak, but that requires a separate fix.
The cache slot for FETCH_OBJ_W in function `test` is primed with the
class for C. The next call uses a simplexml instance and reuses the same
cache slot. simplexml's get_property_ptr handler does not use the cache
slot, so the old values remain in the cache slot. When
`zend_handle_fetch_obj_flags` is called this is not guarded by a check
for the class entry. So we end up using the prop_info from the property
C::$a instead of the simplexml property.
This patch adds a reset to the cache slots in the property address fetch
code and also in the extensions with a non-standard reference handler.
This keeps the run time cache consistent and avoids the issue without
complicating the fast paths.
Closes GH-17739.
