The fix for feature request #53466 did not properly handle resetting of
the corresponding statement; the problem with this is that the
statement does not know about its result sets. But even if we could
fix this, the `complete` handling still appears to be brittle, since
the `sqlite3_column_type()`docs[1] state:
| If the SQL statement does not currently point to a valid row, or if
| the column index is out of range, the result is undefined.
Fortunately, we can use `sqlite3_data_count()` instead, since[2]:
| If prepared statement P does not have results ready to return (via
| calls to the sqlite3_column() family of interfaces) then
| sqlite3_data_count(P) returns 0.
Thus, we guard `SQLite3::columnType()` with `sqlite3_data_count()`, and
completely drop updating the `php_sqlite3_result_object.complete`
field, but keep it for ABI BC purposes.
[1] <https://www.sqlite.org/c3ref/column_blob.html>
[2] <https://www.sqlite.org/c3ref/data_count.html>
exif_process_IFD_TAG() currently accepts a dir_entry, offset_base
and IFDlength. However, it's very hard to follow how these values
are related to each other and the addressable memory region. As we
add additional bounds check, this gets further confused.
One of the basic cases is where dir_entry is in
[offset_base, offset_base+IFDlength), in which case the memory
[dir_entry, offset_base+IFDlength) is valid, but the memory
[offset_base, dir_entry) is not necessarily valid. I wasn't able
to understand what exactly is valid if dir_entry is outside
[offset_base, offset_base+IFDlength)
This patch changes everything to use a struct that separately stores
offset_base and the valid memory region and adds helpers to fetch
offsets and check that pointers are in-bounds.
Closes GH-5068.
As an exception, we allow "Type $foo = null" to occur before a
required parameter, because this pattern was used as a replacement
for nullable types in PHP versions older than 7.1.
Closes GH-5067.
This only exists as a method, so using zend_parse_method_parameters
doesn't make sense. Also make sure that zpp is always called, not
only conditionally.
While the `$command` passed to `proc_open()` had to be wrapped in
double-quotes manually, that was implicitly done for all other
program execution functions. This could easily introduce bugs and
even security issues when switching from one to another program
execution function.
Furthermore we ensure that the additional quotes are always
unwrapped regardless of what is passed as `$command` by passing
the `/s` flag to cmd.exe. As it was, `shell_exec('path with
spaces/program.exe')` did execute program.exe, but adding an
argument (`shell_exec('path with spaces/program.exe -h)`) failed
to execute program.exe, because cmd.exe stripped the additional
quotes.
While these changes obviously can cause BC breaks, we feel that in
the long run the benefits of having consistent behavior for all
program execution functions outweighs the drawbacks of potentially
breaking some code now.
Firstly, we must not rely on `stmt->column_count` when freeing the
driver specific column values, but rather store the column count in
the driver data. Since the column count is a `short`, 16 bit are
sufficient, so we can store it in reserved bits of `pdo_odbc_stmt`.
Furthermore, we must not allocate new column value storage when the
statement is not executed, but rather when the column value storage has
not been allocated.
Finally, we have to introduce a driver specific `cursor_closer` to
avoid that `::closeCursor()` calls `odbc_stmt_next_rowset()` which then
frees the column value storage, because it may be still needed for
bound columns.
The primary motivation to have each test worker running its own console
is to allow the windows_mb_path tests to run in parallel. A nice side
effect is that this also prevents changing the code page of the
tester's console window (which can even cause its font to be changed).
To be able to do so, we introduce the `create_new_console` option for
`proc_open()`, which might occasionally be useful for other purposes
than testing.
In order of preference, the generated name will be:
new class extends ParentClass {};
// -> ParentClass@anonymous
new class implements FirstInterface, SecondInterface {};
// -> FirstInterface@anonymous
new class {};
// -> class@anonymous
This is intended to display a more useful class name in error messages
and stack traces, and thus make debugging easier.
Closes GH-5153.
RFC: https://wiki.php.net/rfc/static_return_type
The "static" type is represented as MAY_BE_STATIC, rather than
a class type like "self" and "parent", as it has special
resolution semantics, and cannot be cached in the runtime cache.
Closes GH-5062.
* PHP-7.4:
Disable instantiation of zero size FFI\CData objects
Fix # 79171: heap-buffer-overflow in phar_extract_file
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
