php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 08:12:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
145,471 Commits 545 Branches 1,479 Tags
master
Commit Graph

1415 Commits

Author SHA1 Message Date
Gina Peter Banyard
4d528531be ext/spl: extract AppendIterator constructor (#21367) 
The implementation of it is simple whereas spl_dual_it_construct() is extremely convoluted
 2026-03-21 17:05:33 +00:00
ndossche
a16ace8ee7 Merge branch 'PHP-8.5' 
* PHP-8.5:
  Fix GH-21454: Missing write lock validation in SplHeap
 2026-03-17 08:47:51 +01:00
ndossche
c9a6743b59 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-21454: Missing write lock validation in SplHeap
 2026-03-17 08:47:46 +01:00
ndossche
8796d75365 Fix GH-21454: Missing write lock validation in SplHeap 
Closes GH-21448.
 2026-03-17 08:47:20 +01:00
Gina Peter Banyard
2d10ae2f98 ext/spl: move autoloading tests to subfolder 2026-01-20 20:54:38 +00:00
Niels Dossche
a82a93d64e Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20856: heap-use-after-free in SplDoublyLinkedList iterator when modifying during iteration
 2026-01-11 20:43:12 +01:00
Niels Dossche
2a2e0e8128 Fix GH-20856: heap-use-after-free in SplDoublyLinkedList iterator when modifying during iteration 
The element may be still in use in other places, so the linking pointers
should be kept consistent. If not consistent, the "move forward" code in
the sample test will read a stale, dangling pointer.

Closes GH-20885.
 2026-01-11 20:42:25 +01:00
Niels Dossche
526938648e Fix test for 8.5+ 2025-12-14 13:35:03 +01:00
David Carlier
4d680fa1e2 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20678: resource created by GlobIterator crashes with fclose().
 2025-12-14 11:59:14 +00:00
David Carlier
90475249dd Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20678: resource created by GlobIterator crashes with fclose().
 2025-12-14 11:58:41 +00:00
David Carlier
97a90f4361 Fix GH-20678: resource created by GlobIterator crashes with fclose(). 
close GH-20697
 2025-12-14 11:58:18 +00:00
Niels Dossche
6afe2cef78 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20614: SplFixedArray incorrectly handles references in deserialization
 2025-11-30 10:43:27 +01:00
Niels Dossche
9734ba4d21 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20614: SplFixedArray incorrectly handles references in deserialization
 2025-11-30 10:42:19 +01:00
Niels Dossche
366ed4c750 Fix GH-20614: SplFixedArray incorrectly handles references in deserialization 
All other code caters to dereferencing array elements, except the
unserialize handler. This causes references to be present in the fixed
array even though this seems not intentional as reference assign is
otherwise impossible.
On 8.5+ this causes an assertion failure. On 8.3+ this causes references
to be present where they shouldn't be.

Closes GH-20616.
 2025-11-30 10:41:32 +01:00
Gina Peter Banyard
9a1b8a785d Fix GH-20194: null offset deprecation not emitted for writes (#20238) 
Based on a patch from @ndossche
 2025-10-29 18:36:10 +00:00
Niels Dossche
bc76b3fca9 Improve __unserialize() hardening for SplHeap/SplPriorityQueue 
It was possible to make the heap accept unserialize data when the heap
was corrupted or under modification. This adds the necessary check to
prevent that from happening.
Also, the exception check at the bottom is pointless,
spl_heap_unserialize_internal_state() already returns FAILURE on
exception. If it *is* necessary, it should be documented why.

Closes GH-20109.
 2025-10-11 23:52:37 +02:00
Niels Dossche
0458b3c8db Fix GH-20101: SplHeap/SplPriorityQueue serialization exposes INDIRECTs 
Exposing INDIRECTs to userland is not allowed and can lead to all sorts
of wrong behaviour. In this case it lead to UAF bugs.
Solve it by duplicating the properties table, which de-indirects the
elements and also decouples it for future modifications.

Closes GH-20102.
 2025-10-08 18:54:45 +02:00
Nicolas Grekas
fc353966f3 Revert deprecation of __sleep and __wakeup (#19966) 2025-10-06 10:30:27 +02:00
Alexandre Daubois
e6c07b004b Fix GH-14402: Add support for serialization in SplPriorityQueue, SplMinHeap and SplMaxHeap (#19447) 2025-09-22 09:43:09 +02:00
Gina Peter Banyard
a5f2eee785 Zend: Deprecate __wakeup() (#19435) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_the_sleep_and_wakeup_magic_methods
 2025-09-11 06:57:21 +01:00
Alexandre Daubois
c1fa560ba9 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-19577: avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator (#19585)
 2025-09-05 08:10:48 +02:00
Alexandre Daubois
7cceda1597 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-19577: avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator (#19585)
 2025-09-05 08:10:22 +02:00
Alexandre Daubois
05133ac962 Fix GH-19577: avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator (#19585) 2025-09-05 08:09:06 +02:00
Alexandre Daubois
49e3956b70 core: Deprecate using null as an array offset and when calling array_key_exists() (#19511) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_using_values_null_as_an_array_offset_and_when_calling_array_key_exists
 2025-09-04 22:12:24 +01:00
Gina Peter Banyard
fb87b14b6c ext/spl: Deprecate ArrayObject and ArrayIterator with objects (#19420) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_arrayobject_and_arrayiterator_with_objects

This also moves tests into a subfolder.
 2025-08-14 12:38:57 +01:00
Gina Peter Banyard
16872310d5 ext/spl: Deprecate SplObjectStorage::contains(), SplObjectStorage::attach(), and SplObjectStorage::detach() (#19424) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_splobjectstoragecontains_splobjectstorageattach_and_splobjectstoragedetach
 2025-08-09 11:36:14 +01:00
Gina Peter Banyard
8c5c03e33a ext/spl: Deprecate passing spl_autoload_call() to spl_autoload_unregister() (#19422) 
RFC: https://wiki.php.net/rfc/deprecations_php_8_5#deprecate_passing_spl_autoload_call_to_spl_autoload_unregister
 2025-08-09 11:23:14 +01:00
Ilija Tovilo
5be04e25fd [skip ci] Skip segfaulting OOM test in GH actions on Win 
This only fails on the PHP-8.3 branch, most likely to be related to the
environment as discussed with Niels.
 2025-08-06 14:28:47 +02:00
Gina Peter Banyard
1e0c8baf05 tree: drop non canonical casts and ZPP tests 2025-08-06 13:20:28 +01:00
Niels Dossche
5cacae8f29 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-19094: Attaching class with no Iterator implementation to MultipleIterator causes crash
 2025-07-11 12:28:47 +02:00
Niels Dossche
76b6b60b8c Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-19094: Attaching class with no Iterator implementation to MultipleIterator causes crash
 2025-07-11 12:28:25 +02:00
Niels Dossche
71472268c0 Fix GH-19094: Attaching class with no Iterator implementation to MultipleIterator causes crash 
Closes GH-19097.
 2025-07-11 12:27:41 +02:00
Gina Peter Banyard
50ddf6a68f ext/spl: Refactor ArrayObject sort methods 2025-07-03 21:50:45 +01:00
Gina Peter Banyard
faef004250 ext/spl: Add tests for disabled sort functions 2025-07-03 21:50:45 +01:00
Gina Peter Banyard
0ab5f70b3c ext/spl: Remove bool type coercions in tests 2025-06-21 22:18:52 +02:00
Niels Dossche
e3433fdaef Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-18421: Integer overflow with large numbers in LimitIterator
 2025-04-25 20:06:24 +02:00
Niels Dossche
4ff41cfb4b Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-18421: Integer overflow with large numbers in LimitIterator
 2025-04-25 20:06:18 +02:00
Niels Dossche
a91d913901 Fix GH-18421: Integer overflow with large numbers in LimitIterator 
Since we already know that `pos < intern->u.limit.offset` at this point,
we can reverse the expression.

Closes GH-18424.
 2025-04-25 20:05:55 +02:00
Niels Dossche
89e5f6ca53 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-18322: SplObjectStorage debug handler mismanages memory
 2025-04-14 14:11:40 +02:00
Niels Dossche
fc63a98f17 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-18322: SplObjectStorage debug handler mismanages memory
 2025-04-14 14:11:35 +02:00
Niels Dossche
67503870ca Fix GH-18322: SplObjectStorage debug handler mismanages memory 
This hack was once necessary before there was a proper get_gc handler,
but now it breaks the engine constraints.

Closes GH-18323.
 2025-04-14 14:11:09 +02:00
Niels Dossche
1684c52a88 Fix GlobIterator without constructor breaks count() (#18314) 
As reported by OpenAI AARDVARK.
 2025-04-12 09:59:56 +02:00
Niels Dossche
3ba725a556 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-18309: ipv6 filter integer overflow
  Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
 2025-04-11 23:36:42 +02:00
Niels Dossche
a019fbd970 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-18309: ipv6 filter integer overflow
  Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
 2025-04-11 23:36:12 +02:00
Niels Dossche
ba0853888d Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault 
For dynamic fetches the cache_slot will be NULL, so we have to check for
that when resetting the cache. For zip and xmlreader this couldn't
easily be tested because of a lack of writable properties.

Closes GH-18307.
 2025-04-11 23:33:58 +02:00
Gina Peter Banyard
fec4f7f389 ext/standard/file: clarify fclose() warning 2025-03-24 22:54:34 +00:00
Niels Dossche
fc047b4e00 Merge branch 'PHP-8.4' 
* PHP-8.4:
  [ci skip] Fix NEWS order
  Fix GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject
 2025-03-13 19:11:59 +01:00
Niels Dossche
d43d4684bd Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject
 2025-03-13 19:11:24 +01:00
Niels Dossche
27affd8da1 Fix GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject 
We should first check truthiness and only after that destroy the value.

Closes GH-18034.
 2025-03-13 19:10:34 +01:00
David Carlier
27125b8c39 Merge branch 'PHP-8.4' 2025-01-19 18:01:52 +00:00