php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 16:22:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
140,064 Commits 545 Branches 1,479 Tags
ac2ce94de059b1ff0185079899e9d3af66209762
Commit Graph

2927 Commits

Author SHA1 Message Date
David Carlier
a4e25839d3 Merge branch 'PHP-8.4' 2025-01-14 18:33:00 +00:00
David Carlier
b1e0176455 Merge branch 'PHP-8.3' into PHP-8.4 2025-01-14 18:32:51 +00:00
David Carlier
e4473abefc Fix GH-17463: SplTempFileObject::ftruncate() segfault on negative length. 
close GH-465
 2025-01-14 18:32:01 +00:00
Niels Dossche
8c443016e9 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-17307: Internal closure causes JIT failure
  Generate inline frameless icall handlers only if the optimization level is set to inline
  Fix GH-15981: Segfault with frameless jumps and minimal JIT
  Fix GH-15833: Segmentation fault (access null pointer) in ext/spl/spl_array.c
 2025-01-09 20:01:16 +01:00
Niels Dossche
b666dc9788 Fix GH-15833: Segmentation fault (access null pointer) in ext/spl/spl_array.c 
We're accessing the object properties table directly in spl, but we're
not accounting for lazy objects. Upon accessing we should trigger the
initialization as spl is doing direct manipulations on the object
property table and expects a real object.

Closes GH-17235.
 2025-01-09 19:58:00 +01:00
Gina Peter Banyard
7c32e41ab8 ext/spl: Refactor iterator_apply() to not rely on an FCI 
This reduces the size of the struct from 112 to 56 bytes
 2025-01-05 12:27:28 +00:00
Gina Peter Banyard
3de22a84e8 ext/spl: Add trampoline test for iterator_apply() 2025-01-05 12:27:28 +00:00
Gina Peter Banyard
e547fe40df ext/spl: Remove useless obj field from spl_iterator_apply_info 2025-01-05 12:27:28 +00:00
Niels Dossche
accf957727 Change impossible condition into assertion 2024-12-27 17:34:21 +01:00
Kamil Tekiela
bf5e6c5f2d SplFileObject::fwrite $length param nullable (#17242) 2024-12-23 00:54:24 +01:00
Niels Dossche
8d39261603 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-17225: NULL deref in spl_directory.c
 2024-12-21 12:48:24 +01:00
Niels Dossche
a02648087a Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-17225: NULL deref in spl_directory.c
 2024-12-21 12:47:48 +01:00
Niels Dossche
4bfe69bbc4 Fix GH-17225: NULL deref in spl_directory.c 
NULL checks for the glob stream are inconsistently applied. To solve
this generally, factor it out to a helper function so it's less likely
to be forgotten in the future.

Closes GH-17231.
 2024-12-21 12:46:05 +01:00
Niels Dossche
4d140f79e6 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-17198: SplFixedArray assertion failure with get_object_vars
 2024-12-17 23:22:47 +01:00
Niels Dossche
5f13c62c77 Fix GH-17198: SplFixedArray assertion failure with get_object_vars 
Because the properties table contains both a numeric index and a string
index that map to 0 in a symbol table, this causes an assertion failure.
Looking at the manual page of get_object_vars(), it seems that only real
properties must be included. Given that SplFixedArray's elements are not
accessible like properties, they should be excluded. This restores PHP
8.3 behaviour. The reason that this didn't cause problems on 8.3 is
because it used a different handler (get_properties).

Closes GH-17206.
 2024-12-17 23:22:33 +01:00
Dmitry Stogov
c630801ae7 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-15709: Crashing tests on Windows x64  (#17095)
 2024-12-13 02:06:14 +03:00
Dmitry Stogov
ccc6c0f78c Fix GH-15709: Crashing tests on Windows x64 (#17095) 
This is a quick fix for the problem.
It'll work while all the JIT-ed functions have the same "fixed stack frame".
Unwinder uses hard-coded unwind data for this "fixed stack frame".

* Preallocate space for Win64 shadow args

* typo

* Setup unwinder for JIT functions

* Revert "Dynamically xfail test case which fails on CI"

This reverts commit 7cc327fd5a.

* Revert "Dynamically xfail test case which fails on CI"

This reverts commit bdde797159.

* Revert "Dynamically xfail test cases which fail on CI (GH-15710)"

This reverts commit 6d5962074f.

* Remove XFAIL sections

* Add hard-coded SEH unwind data for EXITCALL

* Fix unwind data

* Fix Windows multi-process support

* Typo
 2024-12-13 02:05:45 +03:00
Ilija Tovilo
0ce151b8fe Merge branch 'PHP-8.4' 
* PHP-8.4:
  Add NEWS entry
  Also fix same issue in ArrayObject::exchangeArray()
  Fix use-after-free in ArrayObject::unset() with destructor
 2024-11-04 17:50:37 +01:00
Ilija Tovilo
66ad4ce699 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Add NEWS entry
  Also fix same issue in ArrayObject::exchangeArray()
  Fix use-after-free in ArrayObject::unset() with destructor
 2024-11-04 17:49:08 +01:00
Ilija Tovilo
dca438e6a3 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Add NEWS entry
  Also fix same issue in ArrayObject::exchangeArray()
  Fix use-after-free in ArrayObject::unset() with destructor
 2024-11-04 17:47:49 +01:00
Ilija Tovilo
f7222bd2de Also fix same issue in ArrayObject::exchangeArray() 2024-11-04 17:46:17 +01:00
Ilija Tovilo
8910ac800d Fix use-after-free in ArrayObject::unset() with destructor 
Fixes GH-16646
Closes GH-16653
 2024-11-04 17:45:56 +01:00
Niels Dossche
aafcf997f9 Use spl_RecursiveIteratorIterator_free_iterators() 2024-11-01 20:46:29 +01:00
Niels Dossche
2b17168ac1 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-16604: Memory leaks in SPL constructors
 2024-11-01 20:43:49 +01:00
Niels Dossche
7a78ffcbb2 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16604: Memory leaks in SPL constructors
 2024-11-01 20:43:43 +01:00
Niels Dossche
eaa2b61acb Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16604: Memory leaks in SPL constructors
 2024-11-01 20:43:28 +01:00
Niels Dossche
886a5287ca Fix GH-16604: Memory leaks in SPL constructors 
Closes GH-16673.
 2024-11-01 20:42:28 +01:00
David Carlier
cb6212b073 Merge branch 'PHP-8.4' 2024-10-28 21:25:49 +00:00
David Carlier
6a0035b7f4 Merge branch 'PHP-8.3' into PHP-8.4 2024-10-28 21:25:39 +00:00
David Carlier
e039afffaf Merge branch 'PHP-8.2' into PHP-8.3 2024-10-28 21:22:17 +00:00
David Carlier
eeec0939e0 Fix GH-14687 segfault on debugging a freed SplObjectIterator instance. 
close GH-14711
 2024-10-28 21:21:44 +00:00
Niels Dossche
6bf5bde107 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-16589: UAF in SplDoublyLinked->serialize()
 2024-10-27 19:12:21 +01:00
Niels Dossche
396b995d76 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16589: UAF in SplDoublyLinked->serialize()
 2024-10-27 19:12:16 +01:00
Niels Dossche
d9947e8c42 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16589: UAF in SplDoublyLinked->serialize()
 2024-10-27 19:12:02 +01:00
Niels Dossche
8f60309a78 Fix GH-16589: UAF in SplDoublyLinked->serialize() 
Closes GH-16611.
 2024-10-27 19:11:37 +01:00
Gina Peter Banyard
bfca4c7ba9 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor)
  Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor)
  Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor)
 2024-10-25 22:06:12 +01:00
Gina Peter Banyard
5d993e9641 Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor) 
Closes GH-16480
Closes GH-16604
 2024-10-25 22:05:10 +01:00
Gina Peter Banyard
a19029fc8b Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor) 
Closes GH-16480
Closes GH-16604
 2024-10-25 22:04:10 +01:00
Gina Peter Banyard
d353a89c49 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor)
 2024-10-25 22:03:29 +01:00
Gina Peter Banyard
9f5b5e34c3 Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor) 
Closes GH-16480
Closes GH-16604
 2024-10-25 22:02:38 +01:00
Niels Dossche
1740d94626 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-16588: UAF in Observer->serialize
 2024-10-25 23:00:52 +02:00
Niels Dossche
3599fd0c51 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16588: UAF in Observer->serialize
 2024-10-25 23:00:46 +02:00
Niels Dossche
cc88b1f824 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16588: UAF in Observer->serialize
 2024-10-25 23:00:24 +02:00
Niels Dossche
144d2ee29a Fix GH-16588: UAF in Observer->serialize 
Closes GH-16600.
 2024-10-25 22:59:59 +02:00
Niels Dossche
0b3684c48e Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix GH-16574: Incorrect error "undefined method" messages
 2024-10-25 18:33:36 +02:00
Niels Dossche
e9283c0819 Fix GH-16574: Incorrect error "undefined method" messages 
The `get_method` object handler may change the object pointer. SPL does
this in its iterator implementations. This causes the error message
to change to another class which is confusing to the user. JIT handles
this correctly. This patch aligns behaviour with JIT.

Closes GH-16576.
 2024-10-25 18:33:24 +02:00
Ilija Tovilo
ee41549263 Merge branch 'PHP-8.4' 
* PHP-8.4:
  Revert undoing of partial spl_filesystem_object initialization
 2024-10-17 18:44:50 +02:00
Ilija Tovilo
1c542af144 Revert undoing of partial spl_filesystem_object initialization 
We're intentionally not initializing spl_filesystem_object.u.dir.entry, as it
will later be initialized, and we don't need to zero the entire buffer anyway.
 2024-10-17 18:44:06 +02:00
Ilija Tovilo
76138d6f0f Merge branch 'PHP-8.4' 
* PHP-8.4:
  Fix uaf in SplFixedArray::unset()
 2024-10-17 18:26:01 +02:00
Ilija Tovilo
c82cea0c34 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix uaf in SplFixedArray::unset()
 2024-10-17 18:25:56 +02:00