If an exception _and_ a warning (or deprecation) is emitted, then the
result is destroyed twice. Use an `else if` to prevent this.
This is tested via zend_test because the deprecation that triggered the
original reproducer may disappear in the future.
Closes GH-19793.
The rename code can error out prior to the reassignment of the filename,
which is why the test causes a crash.
The rename code can also error out at a later point,
which means it will have already assigned the new filename.
We detect in which case we are in and act accordingly.
Closes GH-19761.
PSFS_FEED_ME is supposed to be returned when the filter did not receive
enough data and did not generate buckets for the output brigade.
The test generates buckets anyway on the output brigade, and the stream
layer did not handle that case causing a memory leak.
To solve this, discard any such buckets as it would conflict with the
status code returned by the filter. This keeps BC and solves the leak.
Closes GH-18972.
The case of returning 0 is inconsistent in when it returns an empty
array, furthermore the caller already returns an empty array.
Because the caller overwrites the return value in these cases, it can
cause a memory leak.
This is easier to trigger on master in some cases as different code paths
are taken with the new bundled glob. On some platforms it is also
triggerable on 8.3.
Closes GH-19715.
This one is not initialized. This is not hittable from userspace code
because all locations within first-party php-src code have a valid
`option` argument.
Closes GH-19714.
Range analysis may fail to converge (the process hangs) when the transfer
function zend_inference_calc_range produces a smaller range.
Fix by ensuring that the widening operator zend_inference_widening_meet
allows only widening. This matches the inference rules in figure 13 of the
paper.
Fixes GH-19679
Closes GH-19683
This code is very similar to code on PHP 8.4 and higher, but the
mitigation is extended to entity references and to attribute children.
Closes GH-19620.
The value is temporarily duplicated. While the value is allocated persistently,
it will be freed if the ini value can't be set. This is safe, given the value
has not actually been stored.
Exposed by GH-19619
Closes GH-19671
This seems like an issue that might be potentially causing issues like
GH-12901. The problem is that libs like libcurl, libldap and others use
the default OpenSSL version so this might result in linking issues.
The fact that OpenSSL 1.1.1 was actually good that we were able to have
it in the pipeline but this is just not right setup so we should find
another way how to test it at least in nightly.
Closes GH-19472
Since cbf67e4, the GC needs to find all WeakMaps referencing a weakly
referenced object. Doing so, it treats all ZEND_WEAKREF_TAG_MAP as WeakMap
instances.
However, a ZEND_WEAKREF_TAG_MAP reference may be a bare HashTable when
zend_weakrefs_hash_add() is used.
Introduce a new tag, ZEND_WEAKREF_TAG_BARE_HT, and use this tag when weakly
referencing an object from a bare HashTable. Ignore such references in GC.
Fixes GH-19543
Closes GH-19544
Co-authored-by: Tim Düsterhus <tim@tideways-gmbh.com>
yylen is unsigned int, but len in zend_scan_escape_string() is int, which will
break for string literals >=2GB. yyleng is still limited to 4GB, but we can't
fix this without breaking the ABI.
Partially addresses GH-19542
Closes GH-19545
The tidyOptGetCategory function (added in libtidy 5.4.0) if only useable if TidyInternalCategory (added in libtidy 5.6.0) is also present, so check for the latter instead.
close GH-19053
