php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
140,807 Commits 545 Branches 1,479 Tags
867ed156f754af5ea4e269d6695bce03d1128ce9
Commit Graph

140807 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Niels Dossche
867ed156f7 Fix GH-18033: NULL-ptr dereference when using register_tick_function in destructor 
The problem is that `php_request_shutdown` calls `php_deactivate_ticks` prior
to running destructors and the shutdown functions and finalizing output
handlers.
So if a destructor or shutdown function re-registers a tick function,
then the user tick functions handler will be added back to `PG(tick_functions)`.
When the next request happens, the list `PG(tick_functions)` still contains an
entry to call the user tick functions (added in the previous request
during shutdown). This causes a NULL deref eventually because
`run_user_tick_functions` assumes that if it is called then
`BG(user_tick_functions)` must be non-NULL.

Fix this by moving the tick handler deactivation.

Closes GH-18047.
 2025-03-15 00:32:10 +01:00
Arnaud Le Blanc
f75dd82866 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Destroy temporary module classes in reverse order
 2025-03-14 10:51:50 +01:00
Arnaud Le Blanc
4b9c72f329 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Destroy temporary module classes in reverse order
 2025-03-14 10:49:10 +01:00
Arnaud Le Blanc
1c182674b0 Destroy temporary module classes in reverse order 
We destroy classes of dl()'ed modules in clean_module_classes(), during
shutdown. Child classes of a module use structures of the parent class (such as
inherited properties), which are destroyed earlier, so we have a use-after-free
when destroying a child class.

Here I destroy classes in reverse order, as it is done in zend_shutdown() for
persistent classes.

Fixes GH-17961
Fixes GH-15367
 2025-03-14 10:45:17 +01:00
Saki Takamachi
32547f1127 ext/bcmath: If the result is 0, n_scale is set to 0. (#18056) 2025-03-14 17:52:50 +09:00
Saki Takamachi
fa1effdb3c Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fixed pointer subtraction for scale (#17986)
 2025-03-14 09:00:33 +09:00
Saki Takamachi
7c9872e255 Fixed pointer subtraction for scale (#17986) 
Closes #17986
 2025-03-14 09:00:00 +09:00
Saki Takamachi
4e4f1729dd ext/bcmath: Simplify bc_divide() code (#17987) 
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
 2025-03-14 08:53:48 +09:00
Niels Dossche
b6e55d9856 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Correct check for maximum string length in JIT helpers
 2025-03-13 23:49:48 +01:00
Niels Dossche
f4ba3564f5 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Correct check for maximum string length in JIT helpers
 2025-03-13 23:49:42 +01:00
Niels Dossche
f18d0a1212 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-18037: SEGV Zend/zend_execute.c
 2025-03-13 23:48:35 +01:00
Niels Dossche
413938143b Fix GH-18037: SEGV Zend/zend_execute.c 
A frameless icall with 3 arguments is a special case because it uses
OP_DATA, but this was not added to the list, so the opline pointed to
the wrong address resulting in UBSAN report or crash.

Closes GH-18048.
 2025-03-13 23:48:24 +01:00
Niels Dossche
a7d2703246 Correct check for maximum string length in JIT helpers 
This is a bit of a theoretical issue, but the maximum string length is
actually ZSTR_MAX_LEN instead of SIZE_MAX. The resulting check is a bit
slower but should still be relatively cheap.

Closes GH-18049.
 2025-03-13 23:47:45 +01:00
Jakub Zelenka
6ec89f028f Merge branch 'PHP-8.4' 2025-03-13 22:32:18 +01:00
Jakub Zelenka
74911be889 Merge branch 'PHP-8.3' into PHP-8.4 2025-03-13 22:31:31 +01:00
Jakub Zelenka
1158a1ef3b Merge branch 'PHP-8.2' into PHP-8.3 2025-03-13 22:28:53 +01:00
Jakub Zelenka
e144c58fb2 Merge branch 'PHP-8.1' into PHP-8.2 2025-03-13 22:25:53 +01:00
Jakub Zelenka
70c2ebb698 Fix typo in GHSA-hgf5-96fm-v528 NEWS entry 2025-03-13 22:24:49 +01:00
Niels Dossche
fc047b4e00 Merge branch 'PHP-8.4' 
* PHP-8.4:
  [ci skip] Fix NEWS order
  Fix GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject
 2025-03-13 19:11:59 +01:00
Niels Dossche
3c17d3fc05 [ci skip] Fix NEWS order 2025-03-13 19:11:53 +01:00
Niels Dossche
d43d4684bd Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject
 2025-03-13 19:11:24 +01:00
Niels Dossche
27affd8da1 Fix GH-18018: RC1 data returned from offsetGet causes UAF in ArrayObject 
We should first check truthiness and only after that destroy the value.

Closes GH-18034.
 2025-03-13 19:10:34 +01:00
Pierrick Charron
11ec2cb94a Merge branch 'PHP-8.4' 
* PHP-8.4:
  [skip ci] Fix release dates on NEWS
  [skip ci] Fix release dates on NEWS
  [skip ci] Fix invalid release date of 8.1.1
  [skip ci] Fix release date of 8.3.19
 2025-03-13 13:51:44 -04:00
Pierrick Charron
0c0cebe031 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  [skip ci] Fix release dates on NEWS
  [skip ci] Fix invalid release date of 8.1.1
  [skip ci] Fix release date of 8.3.19
 2025-03-13 13:50:11 -04:00
Pierrick Charron
a3aaedc76c [skip ci] Fix release dates on NEWS 2025-03-13 13:50:06 -04:00
Pierrick Charron
945f5b83f4 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [skip ci] Fix invalid release date of 8.1.1
 2025-03-13 13:48:48 -04:00
Pierrick Charron
2003421454 [skip ci] Fix release dates on NEWS 2025-03-13 13:48:38 -04:00
Pierrick Charron
d9c0a49cba [skip ci] Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  [skip ci] Fix invalid release date of 8.1.1
 2025-03-13 13:47:22 -04:00
Pierrick Charron
c62523666c [skip ci] Fix invalid release date of 8.1.1 2025-03-13 13:45:08 -04:00
Pierrick Charron
54f93f127e [skip ci] Fix release date of 8.3.19 2025-03-13 13:14:37 -04:00
Ilija Tovilo
e5adfd5d89 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix flaky connection count in mysqli test
 2025-03-13 16:47:36 +01:00
Ilija Tovilo
e624364967 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix flaky connection count in mysqli test
 2025-03-13 16:47:29 +01:00
Ilija Tovilo
276c2a67ef Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix flaky connection count in mysqli test
 2025-03-13 16:47:20 +01:00
Ilija Tovilo
f390425db3 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix flaky connection count in mysqli test
 2025-03-13 16:46:03 +01:00
Ilija Tovilo
00ebd2d7f2 Fix flaky connection count in mysqli test 
Use connection ID instead of count to check whether we're using a
persistent connection. This allows the test to be run in parallel with
the other tests, but also protects against the possibility that some
other service connects to the mysql server.

Closes GH-18040
 2025-03-13 16:40:33 +01:00
Gina Peter Banyard
ac5e72e280 Add missing clean sections 2025-03-13 15:00:07 +00:00
Gina Peter Banyard
5dae1e1dc2 Split var_dump tests 
So that these aren't huge mega tests
 2025-03-13 15:00:07 +00:00
Gina Peter Banyard
83090b4705 Split print_r tests 
So that these aren't huge mega tests
 2025-03-13 15:00:07 +00:00
Gina Peter Banyard
2a859abd33 Remove test dependency on resource/object IDs 2025-03-13 15:00:07 +00:00
Jorg Adam Sowa
3f3ac4de25 [skip ci] Remove wrappers comments in session ext (#18017) 2025-03-13 12:14:31 +00:00
Jakub Zelenka
0d10f7bfe5 Remove OpenSSL 1.0.2 related code (#18032) 
This also removes old LibreSSL checks as minimum that compiles is 3.5.0
 2025-03-13 10:59:26 +01:00
Remi Collet
9d4fd7f9b9 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Relax test expectation for pcre2lib 10.45 Using e92848789a
 2025-03-13 07:48:50 +01:00
Remi Collet
5de019d9bd Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Relax test expectation for pcre2lib 10.45 Using e92848789a
 2025-03-13 07:46:55 +01:00
Remi Collet
69480be12a Relax test expectation for pcre2lib 10.45 Using e92848789a 
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
 2025-03-13 07:46:18 +01:00
Dmitry Stogov
7faa3decd9 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Update IR
 2025-03-13 03:08:16 +03:00
Dmitry Stogov
ae67eb0490 Update IR 
IR commit: 8bb0acca45a7b0f12691f4258e41462599efbd74
 2025-03-13 03:07:43 +03:00
David Carlier
ccb6d78bab fix php_version 2025-03-12 22:22:20 +00:00
David Carlier
4d6c7bd6e3 Merge branch 'PHP-8.4' 2025-03-12 22:21:17 +00:00
David Carlier
7f771e1e87 Merge branch 'PHP-8.3' into PHP-8.4 2025-03-12 22:20:03 +00:00
David Carlier
c3fc94c4b8 ext/intl: fix locale_compose/locale_lookup to be able to deal with references. 
close GH-18035
 2025-03-12 22:18:34 +00:00