Insert type guards (CHECK_OP1_TRACE_TYPE / CHECK_OP2_TRACE_TYPE) on the
sensitive bailout paths in ADD/SUB/MUL JIT compilation: the MAY_BE_UNDEF
and non-numeric operand breaks. Guards are only emitted when the traced
operand type is IS_LONG or IS_DOUBLE, ensuring TSSA result type
predictions stay valid for side traces without affecting the normal
numeric fast path.
Fixes GH-20838
Co-authored-by: Dmitry Stogov <dmitrystogov@gmail.com>
The cookie option parser uses a wrong offset to start scanning
attributes, causing cookie values containing substrings like
"path=" or "domain=" to be falsely matched as attributes.
close GH-21400
This path wasn't tested (clearly).
To trigger this we use FFI, which seemed like the easiest way that
doesn't involve using another process messing with the shared memory.
Closes GH-21388.
Fix `PQTRACE_SUPPRESS_TIMESTAMPS` guard misspelling in pgsql.stub.php.
The guard has been misspelled as `PQTRACE_SUPPPRESS_TIMESTAMPS`
(three P's) since 7ec8ae12c4, preventing the
`PGSQL_TRACE_SUPPRESS_TIMESTAMPS` constant from being registered.
close GH-21386
Also switch to uint64_t as that's used on master and makes the code
simpler to fix.
Closes GH-20807.
Co-authored-by: Arnaud Le Blanc <arnaud.lb@gmail.com>
Mirror the mdata_used protection pattern from php_pcre_replace_func_impl
in php_pcre_match_impl, php_pcre_replace_impl, php_pcre_split_impl,
and php_pcre_grep_impl.
close GH-21291
Disable resource-heavy tests by default (>1GB of memory usage), unless the
RUN_RESOURCE_HEAVY_TESTS env variable is set.
Fixes GH-20762
Closes GH-20935
Fix pcre2_code leak when pcre2_pattern_info() fails after a successful
pcre2_compile(), and fix match_sets/match_data/marks leak when
offsets[1] < offsets[0] in php_pcre_match_impl().
close GH-21298
Since GH-15021 preloaded constants are propagated to compiled scripts. This is
problematic for file cache, which assumes all referenced zvals are either
persistently allocated or local to the current script. However, preloaded
constants live in shm as immutable, but not persistent.
To solve this, we'd need to duplicate propagated constants in the optimizer when
file cache is used. This is error prone given it needs to happen in many places.
It's debatable whether constant propagation is even correct in this case, as
running the preloaded script on a restart isn't guaranteed to produce the same
result.
Hence, avoid the issue for now by just not relying on preloaded symbols when
file cache is used.
Fixes GH-21052
Closes GH-21281
Move the signal table update after the php_signal4 call, mirroring
what is already done in the SIG_DFL/SIG_IGN (integer) code path.
This prevents a stale entry in the table if sigaction fails.
close GH-21270
Add missing PCNTL_CPU_DESTROY(mask) call before RETURN_THROWS() when
the cpu id is out of range, matching the cleanup on other error paths.
close GH-21268
Save errno into a local int before calling close(fd), as close() may
clobber errno on failure. Use int rather than errno_t because errno_t
is defined in C11 Annex K (bounds-checking interfaces) which is
optional and not widely implemented — many platforms (Linux/glibc,
musl, macOS, FreeBSD) do not provide it.
close GH-21256
Truncating to an int seems dangerous, esp. in combination with a MIN
macro. I don't see a reason to truncate the length from size_t to int,
and especially no reason to change the signedness.
Closes GH-20747.
In SCCP, arrays containing partial objects must be marked as partial so that
their values are not accidentally propagated.
Fixes GH-21227
Closes GH-21232
This avoids a crash in cases where the list of candidate encodings is so huge
that alloca would fail. Such crashes have been observed when the list of
encodings was larger than around 208,000 entries.
The PHP_PQ_ERROR macro calls php_error_docref() which triggers user error handlers
thus libpq does not have the chance to clean the resources (and empty
connections string are allowed) on failure thus we avoid this macro
and delay the error handling after.
close GH-21165
in the ipv6 address creation helper we need to use, for the error
message, the converted data rather than assuming the original
is a proper zend_string().
close GH-21166
The SysV shared memory allocator in OPcache hardcodes a maximum segment size of
32MB (SEG_ALLOC_SIZE_MAX). If the JIT buffer exceeds this, which it does with
the default 64MB size, startup will fail with "Insufficient shared memory!".
The allocator will now try allocating a contiguous buffer first, and only then
use segmentation by searching for continuously smaller powers of 2.
Fixes GH-20718
Closes GH-20719
There are two issues:
1. The 'e' formatter doesn't output the seconds of the timezone even if
it has seconds.
2. var_dump(), (array) cast, serialization, ... don't include the
timezone second offset in the output. This means that, for example,
serializing and then unserializing a date object loses the seconds of
the timezone. This can be observed by comparing the output of
getTimezone() for `$dt` vs the unserialized object in the provided test.
Closes GH-20764.
