c6992121cc
Updated to version 2022.2 (2022b)
2022-08-11 15:54:28 +01:00
d9ff5e079f
Fix GH-8472: stream_socket_accept result may have incorrect metadata
2022-08-07 14:17:38 +01:00
2758ff2a77
Tracing: Prevent recording types of variables used to pass zend_class_entry
2022-08-01 17:02:53 +03:00
af1a7b7b72
Fix SSA reconstruction when body of "foreach" loop is removed
...
Fixes oss-fuzz #49483
2022-08-01 14:00:19 +03:00
001e7dbb04
Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable)
2022-07-28 10:28:10 +01:00
85f3a969dc
Revert "Fixed #80047 : DatePeriod doesn't warn with custom DateTimeImmutable"
...
This reverts commit 973c3f6e24
2022-07-28 10:13:54 +01:00
8ed21a89f3
Fix GH-9032: SQLite3 authorizer crashes on NULL values
...
The arguments 3 to 6 of the authorizer callback may be `NULL`[1], and
we have to properly deal with that. Instead of causing a segfault, we
deny authorization, which is still better than a crash, and apparently,
we cannot do better anyway.
[1] <https://www.sqlite.org/c3ref/set_authorizer.html >
Closes GH-9040.
2022-07-27 12:49:16 +02:00
a442e29485
Fix GH-9155: dba_open("non-existing", "c-", "flatfile") segfaults
...
We must not assume that the lock file has been opened.
Closes GH-9156.
2022-07-27 12:08:36 +02:00
35fd97c3c9
Fix GH-9033: Loading blacklist file can fail due to negative length
...
If the blacklist file contains a line with a single double-quote, we
called `zend_strndup(pbuf, -1)` what causes an unnecessary bail out;
instead we just ignore that line.
If the blacklist file contains an empty line, we may have caused an OOB
read; instead we just ignore that line.
Closes GH-9036.
2022-07-25 16:30:19 +02:00
44b86aee31
Fix memory leak
...
Fixes oss-fuzz #49272
2022-07-25 12:04:46 +03:00
3962f00b01
Fix spl test cleanup
2022-07-21 17:20:30 +02:00
5b83b3a933
Fix memory leak in LMDB driver
2022-07-21 14:05:48 +01:00
3b7babf9b3
Fix GH-9017: php_stream_sock_open_from_socket could return NULL
...
Closes GH-9020.
2022-07-19 17:06:02 +02:00
bd30eff5de
Fix type inference for FETCH_DI_UNSET
...
Fixes oss-fuzz #48507
2022-07-18 13:14:15 +03:00
d830a1f6f0
random extension macOs handling update.
...
Not such as fix but taking more precautions.
Indeed, the arc4random has two little flaws in this platform,
one already caught upfront by the extension (ie size 0), also
internal use of ccrng_generate which can silently fail in few rare
cases.
Closes #7824 .
2022-07-15 12:43:43 +01:00
7c3dfbb845
intl extension, build fix for icu >= 69.x release. ubrk/ucnv_safeClone had been deprecated in favor of ubrk/ucnv_clone which does not use user provided stacks but remain thread safe.
2022-07-08 17:38:31 +01:00
79a283240e
Revert "Fix GH-8563 Different results for seek() on SplFileObject and SplTempFileObject"
...
Although the fix is partially correct it also breaks long standing behaviour which has been produced since PHP 5.3.
This reverts commit 6f87a5c633
2022-07-05 21:28:59 +01:00
8fce70ae7b
Abort LMDB transaction whe trying to delete non-existing key
2022-07-01 17:26:27 +01:00
b3569865b3
Fix the crypt sha apis build (with recent clang versions).
...
Removing the said subtraction by casting instead.
While at it fixing werror level on phpdbg too.
Closes #8897 .
2022-07-01 05:33:12 +01:00
d66d477d6f
Fix incorrect condition introdused in 7cf6f17383
2022-06-29 13:08:18 +03:00
7cf6f17383
Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file)
2022-06-29 12:10:46 +03:00
973c3f6e24
Fixed #80047 : DatePeriod doesn't warn with custom DateTimeImmutable
2022-06-25 17:52:14 +01:00
13f55d5c1b
Use proper grammar in error message
...
Drop period in error messages
2 reasons:
- These error messages are not regular sentences.
- Having the offending value between parenthesis after the period looks weird.
Closes GH-8858.
2022-06-25 07:39:31 +01:00
9405f43ba9
Fix GH-8848: imagecopyresized() error refers to the wrong argument
...
Closes GH-8849.
2022-06-23 15:20:49 +02:00
a8437d08a8
Fix GH-8827: Intentionally closing std handles no longer possible
...
We revert the commits which caused this regression from the PHP-8.0 and
PHP-8.1 branches for now. We keep it in "master" because of PR #8833
which may offer a proper fix without BC break.
2022-06-20 18:01:02 +02:00
6f87a5c633
Fix GH-8563 Different results for seek() on SplFileObject and SplTempFileObject
...
With memory streams if we get a NULL buffer we must not instantiate an empty line
2022-06-20 12:47:37 +01:00
229e80c6ef
Fix memory leak
...
This fixes oss-fuzz #48051
2022-06-20 10:59:37 +03:00
e330f443c9
Fix bug #67764 : fpm: syslog.ident does not work
2022-06-19 20:05:49 +01:00
651e0cc187
Fix GH-8778: Integer arithmethic with large number variants fails
...
When casting a `variant` to `int`, we need to heed the proper `zval`
type, which is an signed 64bit integer on x64, while `VT_INT` is only
a signed 32bit integer.
Closes GH-8779.
2022-06-18 11:48:49 +02:00
d84b972658
Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
2022-06-17 19:51:58 -04:00
b23dfe4986
Skip tests on 32-bit
2022-06-17 09:34:27 +01:00
36990aab8e
Fixed bug #77243 (Weekdays are calculated incorrectly for negative years)
2022-06-17 09:34:27 +01:00
390538af2e
Fix GH-8781 ZipArchive::close deletes zip file without updating stat cache
2022-06-15 15:37:27 +02:00
1cd8074743
JIT: Fix missing register store
...
This fixes oss-fuzz #48023
2022-06-14 13:57:44 +03:00
0b8e471b3c
Fix use after free
...
This fixes oss-fuzz #47997
2022-06-14 12:44:37 +03:00
445d9502bf
Fix handling of single-key connection strings
...
A connection string may contain just a single key, but
PHP used ";" as the heuristic to detect if a string was a connection
string versus plain DSN. However, a single-key connection string
would get treated like a DSN name, i.e. "DSN=*LOCAL". This makes it
so that "=" is used, as a connection string must contain a key.
Closes GH-8748.
2022-06-13 14:41:50 +02:00
df4dd82ea0
Fix bad integer promotion in mysqlnd big5 charset detection
2022-06-10 12:41:54 -04:00
2f78c1f9d9
Fix and improve OpenSSL VCWD path checking test for bug #50293
2022-06-09 23:01:52 +01:00
cb9a48a0c5
Pass signature to openssl_verify in bug81713 test
2022-06-09 20:09:08 +01:00
b765d4cd41
Fix bug #50293 and #81713 : file path checking in OpenSSL functions
...
It introduces a single function to check file paths passed to OpenSSL
functions. It expands the path, check null bytes and finally does
an open basedir check.
2022-06-09 19:49:59 +01:00
e2d55f2f12
Fix LONG_CHECK_VALID_INT in socket extension
2022-06-09 13:48:02 -04:00
52eb52d652
Backport fcba0a49fc
...
Forgot this file exists in lower branches
2022-06-08 11:43:12 +01:00
088e5677fb
Fix memory leak
...
This fixes oss-fuzz #47791
2022-06-06 11:35:01 +03:00
e864cb61a7
Merge branch 'PHP-7.4' into PHP-8.0
2022-06-06 01:11:13 -06:00
58006537fc
Fix bug #81719 : mysqlnd/pdo password buffer overflow
2022-06-06 00:56:51 -06:00
55f6895f4b
Fix #81720 : Uninitialized array in pg_query_params() leading to RCE
...
We must not free parameters which we haven't initialized yet.
We also fix the not directly related issue, that we checked for the
wrong value being `NULL`, potentially causing a segfault.
2022-06-06 00:34:23 -06:00
bfe63f565f
Fix dblib ghtest8626 test.
...
Follow-up of GH-8628.
Closes GH-9694.
2022-06-03 15:12:09 +01:00
2eb2f9d74f
Fix GH-8685 mbstring requires pcre
2022-06-03 07:53:48 +02:00
df52903ee0
Closes GH-8626: Fix PDOStatement->execute() failed.
...
Then execute successfully, errorInfo() information is incorrect
2022-06-02 17:32:43 +01:00
3a8912fb7c
Fix memory leak
...
This fixes oss-fuzz #47648
2022-05-30 11:32:17 +03:00
Derick Rethans