Having a stack allocated zend_function may cause crashes if the stack is polluted between bailout and the actual unwinding in zend_observer_fcall_end_all.
Signed-off-by: Bob Weinand <bobwei9@hotmail.com>
This PR changes the glob stream wrapper so it impacts "glob://"
streamsas well. The idea is to do a check for each found path instead
of the pattern which was not working correctly.
The arguments 3 to 6 of the authorizer callback may be `NULL`[1], and
we have to properly deal with that. Instead of causing a segfault, we
deny authorization, which is still better than a crash, and apparently,
we cannot do better anyway.
[1] <https://www.sqlite.org/c3ref/set_authorizer.html>
Closes GH-9040.
One may argue that `DROP_NEW_LINE` does not make sense in combination
with `READ_CSV`, but without `DROP_NEW_LINE`, `SKIP_EMPTY` does not
skip empty lines at all. We could fix that, but do not for BC reasons.
Instead we no longer drop newlines in `spl_filesystem_file_read_ex()`
when reading CSV, but handle that in `spl_filesystem_file_read_csv()`
by treating lines with only (CR)LF as being empty as well.
Closes GH-7618.
This has only been done for Windows systems so far, and there was a
TODO comment about looping for larger values; that appears to be
overkill, though, since 2 million bytes should be sufficient for all
use cases, and if there is really the need for more, users can still
loop manually. Anyhow, checking the range upfront on all platforms
is clearer then silently casting to `int`.
We split the error message for the least possible BC break.
Closes GH-9126.
Whenever ->last_unsafe is set to `true` an exception has been thrown. Thus we
can replace the check for `->last_unsafe` with a check for `EG(exception)`
which is a much more natural way to ommunicate an error up the chain.
For some reason, GCC warns[1]:
| ‘blacklist_path_length’ may be used uninitialized in this function
| [-Werror=maybe-uninitialized]
This looks like a false positive to me, but it doesn't hurt to
explicitly initialize the variable.
[1] <https://github.com/php/php-src/runs/7502212969?check_suite_focus=true>
Closes GH-9129.
If the blacklist file contains a line with a single double-quote, we
called `zend_strndup(pbuf, -1)` what causes an unnecessary bail out;
instead we just ignore that line.
If the blacklist file contains an empty line, we may have caused an OOB
read; instead we just ignore that line.
Closes GH-9036.
