even without sanitizers, it is reproducible but with the following
```
<?php
$g = gmp_init(256);
var_dump(gmp_pow($g, PHP_INT_MAX));
```
we get this
```
AddressSanitizer:DEADLYSIGNAL
=================================================================
==286922==ERROR: AddressSanitizer: FPE on unknown address 0x03e8000460ca (pc 0x7faf6c69de5c bp 0x400000000000004 sp 0x7ffe9843c740 T0)
#0 0x7faf6c69de5c in __pthread_kill_implementation nptl/pthread_kill.c:44
#1 0x7faf6c649c81 in __GI_raise ../sysdeps/posix/raise.c:26
#2 0x7faf6db9386c in __gmp_exception (/lib/x86_64-linux-gnu/libgmp.so.10+0xd86c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#3 0x7faf6db938d3 in __gmp_overflow_in_mpz (/lib/x86_64-linux-gnu/libgmp.so.10+0xd8d3) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#4 0x7faf6dbac95c in __gmpz_realloc (/lib/x86_64-linux-gnu/libgmp.so.10+0x2695c) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#5 0x7faf6dba9038 in __gmpz_n_pow_ui (/lib/x86_64-linux-gnu/libgmp.so.10+0x23038) (BuildId: 1af68a49fe041a5bb48a2915c3d47541f713bb38)
#6 0x5565ae1ccd9f in zif_gmp_pow /home/dcarlier/Contribs/php-src/ext/gmp/gmp.c:1286
#7 0x5565aee96ea9 in ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:1312
#8 0x5565af144320 in execute_ex /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:56075
#9 0x5565af160f07 in zend_execute /home/dcarlier/Contribs/php-src/Zend/zend_vm_execute.h:60439
#10 0x5565aed6fafe in zend_execute_scripts /home/dcarlier/Contribs/php-src/Zend/zend.c:1842
#11 0x5565aeae70a8 in php_execute_script /home/dcarlier/Contribs/php-src/main/main.c:2578
#12 0x5565af532f4e in do_cli /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:964
#13 0x5565af535877 in main /home/dcarlier/Contribs/php-src/sapi/cli/php_cli.c:1334
#14 0x7faf6c633d67 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#15 0x7faf6c633e24 in __libc_start_main_impl ../csu/libc-start.c:360
#16 0x5565adc04040 in _start (/home/dcarlier/Contribs/php-src/sapi/cli/php+0x2604040) (BuildId: 949049955bdf8b7197390b1978a1dfc3ef6fdf38)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE nptl/pthread_kill.c:44 in __pthread_kill_implementation
==286922==ABORTING
```
We must not `efree()` `zend_string`s, since they may have a refcount
greater than one, and may even be interned.
We also must not confuse `zend_string *` with `zend_string **`.
And we should play it safe by using `safe_emalloc()` to avoid
theoretical integer overflows.
We also simplify a bit, according to suggestions of @TimWolla.
Closes GH-16335.
when passing PHP_INT_MAX for the $length param we get this (with ubsan)
`ext/sockets/sockets.c:1409:36: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long int'`
close GH-16382
We must not use `try_convert_to_string()` on members of unseparated
array arguments; instead of separating, we use `zval_try_get_string()`.
Closes GH-16370.
* PHP-8.2:
Fix error message for newer libxml
Backport 061058a9: Test fixes for libxml2 2.12.0
Workaround deprecation warning in zend_test on 8.1
Backport 3ec5919e: Update error message for libxml 2.13
Backport f74f9b07: Update libxml test for the directory field behaviour change
Backport 4fe82131: Backport libxml2 2.13.2 fixes (#14816)
Backport e2d97314: Backport deprecation warning ignores to unbreak CI
Backport 0a39890c: Fix libxml2 2.12 build due to API breaks
* upstream/PHP-8.1:
Fix error message for newer libxml
Backport 061058a9: Test fixes for libxml2 2.12.0
Workaround deprecation warning in zend_test on 8.1
Backport 3ec5919e: Update error message for libxml 2.13
Backport f74f9b07: Update libxml test for the directory field behaviour change
Backport 4fe82131: Backport libxml2 2.13.2 fixes (#14816)
Backport e2d97314: Backport deprecation warning ignores to unbreak CI
Backport 0a39890c: Fix libxml2 2.12 build due to API breaks
In master I use ZEND_DIAGNOSTIC_IGNORED_START, but that doesn't exist on
8.2 or 8.3 (8.3 has a similar macro though).
So to unbreak CI I just made a variation of this directly in the
php_libxml.h header.
See 683e787860 (commitcomment-134301083)
We introduce a new flag to indicate when a heap or priority queue is
write-locked. In principle we could've used SPL_HEAP_CORRUPTED too, but
that won't be descriptive to users (and it's a lie too).
Closes GH-16346.
Two issues:
1) The check happened before ZPP checks
2) The `return;` statement caused NULL to be returned while this
function can only return booleans. An exception seems not acceptable
in stable versions, but a warning may do.
Closes GH-16386.
The inline assembly uses labels with the prefix `.L`. On Linux systems
this is the local label prefix. It appears that macOS uses `L` as a
local prefix, which means that the prefix used in the inline assembly is not
local for macOS systems [1].
When combined with inlining, this causes the compiler to get confused
and merge a part of the inline assembly between different functions,
causing control flow to jump from one function to another function.
This is avoided on PHP 8.2 and up by the fact that it
uses `zend_never_inline NOIPA`, but nothing guarantees that compiler
changes won't affect this as well.
To solve this issue, we instead use local labels. These will make the
compiler pick the correct prefix, preventing the issue.
Additionally, while here, we also change the computation of `delta`.
It is undefined behaviour to compute the pointer difference between
two different objects. To circumvent this, we cast first to `uintptr_t`.
This change is cleanly backportable to 8.1 for vendors to pick up.
[1] https://github.com/php/php-src/issues/16168#issuecomment-2404792553
With the help of investigation and testing of @ryandesign.
Closes GH-16348.
As is, we're running the push workflow for all pushes and pull request,
plus we run more comprehensive nightly workflow for all branches which
had commits during the day. That means that security branches may not
run CI for weeks or even months. In the meantime, dependencies might
be updated, which can cause later workflow runs to fail. For instance,
a few openssl tests fail due to security fixes in OpenSSL[1], an update
of Oracle Instant Client causes a couple of oci8 and pdo_oci tests to
fail[2], and the macOS builds do no longer even built (investigation
pending).
Therefore, we allow to run the pull workflow manually, so it is
possible to check the CI condition of temporary inactive branches from
time to time.
[1] <https://github.com/php/php-src/pull/16097>
[2] <https://github.com/php/php-src/pull/16107>
Closes GH-16148.
