Instead of using integers that then need to be converted to the string
representation via `::getSendByString()`, just always store a string,
eliminating the conversion method and replacing it with property access.
`Type::tryToSimpleType()` tries to convert a type holding multiple simple types
into a single simple type, with the following logic
- if all of the inner types represent `null`, return the first of those
- if all but one of the inner types represent `null`, return the non-null type
- otherwise, return `null`
Previously, it did this with a helper method `::getWithoutNull()`, that
constructed a new `Type` containing only the inner types that did not represent
`null`. However, the only thing the newly created object was used for was
extracting the types it contains, so the actual object creation just adds
overhead. Merge `Type::getWithoutNull()` into `Type::tryToSimpleType()` and
clean up to avoid creating an unneeded object.
Protected method not overridden in any subclasses, so could be made private,
but the method is short enough and simple enough that it can just be inlined.
Both `ArgInfo::setTypes()` and `ReturnInfo::setTypes()` were private methods
only called in the applicable class's constructor. They had no special logic
that benefited from existing as a separate method, and just added a level of
indirection. Inline the uses and remove the methods.
The following one-line methods, only used in `SimpleType::fromValue()`, were
inlined:
* `SimpleType::bool()`
* `SimpleType::int()`
* `SimpleType::float()`
* `SimpleType::string()`
* `SimpleType::array()`
* `SimpleType::object()`
Doing so removes an unneeded level of indirection and helps simplify the class.
The two calls that MySQLnd does to this handler all pass a buffer the same size as the error_msg field
Thus, we know that we can just memcpy the error message into the buffer.
See https://nrk.neocities.org/articles/not-a-fan-of-strlcpy for a rationale against the usage of `strlcpy()`
The reason this breaks is because of a type mismatch.
The following line uses fields of the timeval struct which are both 8 bytes on
Alpine 32-bit, which results in a computed value of also 8 bytes:
b09ed9a0f2/sapi/fpm/fpm/fpm_status.c (L611)
However, it is passed to a format string which expects 4 bytes
(`unsigned long` and thus the `%lu` format specifier is 4 bytes on Alpine 32-bit),
resulting in argument corruption.
Since the value is generally small, truncating to 4 bytes is sufficient to fix this.
Closes GH-17286.
We relax the constraint that the array must be a list. What really
matters is that it only has numeric keys. As shown in the example code,
it's really easy to accidentally create a non-list array, so it makes
sense to relax the constraint.
There are 3 cases left where the array is checked to be a list,
in php_ldap_do_search, but I believe this makes sense to keep because
the indices of those arrays have a meaning because they should match
between different arrays. In that case it will prevent programmer
errors.
Even when tests are not run in parallel, shuffling can help discover tests that
unintentionally depend on other tests being run before them.
Closes GH-17149.
A bunch of different issues:
1) The referenced value is copied without incrementing the refcount.
The reason the refcount isn't incremented is because otherwise
the array modifications would violate the RC1 constraints.
Solve this by copying the reference itself instead and always
read the referenced value.
2) No type checks on the array data, so malicious scripts could
cause type confusion bugs.
3) Potential overflow when the arrays resize and we access ctag.
Closes GH-17205.
Replaces GH-15730 as that PR became stale.
But instead of introducing a new helper, reuse
smart_str_append_escaped(), this also removes the dependency on
ext/standard.
Closes GH-15730.
Closes GH-17277.
- `TCP_FUNCTION_ALIAS`: fetches the function pointer name alias (>= 14.0
only tough).
- `TCP_BBR_ALGORITHM`: set/get the underlying algorithm (0: netflix, 1:
google) when the BBR's TCP stack is used.
- `TCP_REUSPORT_LB_NUMA`: set/get a NUMA domain filter on the socket.
close GH-16923
EX(opline) / opline can be stale if the IP is not stored, like in this
case on a trace enter. We always need to make sure that the opline is up
to date to make sure we don't use stale data.
Closes GH-17260.
This was a bug in both libxml and PHP.
We follow up with the same change as done in GNOME/libxml@b3871dd138.
Changing away from `xmlOutputBufferCreateFilenameDefault` is not
possible yet because this is a stable branch and would break BC.
Closes GH-17254.
Checking for the exact output of most image formats is brittle; even an
otherwise change to some header field causes the output to change, even
if the image would be visually identical.
Checking for an (MD5) hash is even worse, since if the tests fails, we
have no clue for what reason.
Thus we compare the generated image against an pre-generated PNG, using
a test helper which will output a simple image diff in case of test
failure.
The FFI call return values follow widening rules.
We must widen to `ffi_arg` in the case we're handling a return value for types shorter than the machine width.
From http://www.chiark.greenend.org.uk/doc/libffi-dev/html/The-Closure-API.html:
> In most cases, ret points to an object of exactly the size of the type specified when cif was constructed.
> However, integral types narrower than the system register size are widened.
> In these cases your program may assume that ret points to an ffi_arg object.
If we don't do this, we get wrong values when reading the return values.
Closes GH-17255.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
The main intent of the test was to show the changed behavior on
Windows; previously, `stream_select()` would return immediately there,
reporting all pipes as ready; now, it only returns if at least one pipe
is actually ready.
The original test case was overspecified; of course, we cannot assume
that the pipes are ready one after the other; depending on the concrete
`select(2)` implementation and the system scheduler, minor differences
are to be expected.
Thus we relax the test expectations, and now require that not all pipes
are reported ready after a single `stream_select()` call, and that the
output contains all strings. We also ensure that `stream_select()`
doesn't fail (for whatever reason). And in case of the test
expectations not being met, we also output some diagnostics (most
notably the output that has already been read).
The issue that BMP RLE occasionally swallowed some pixels[1] had been
fixed long ago in libgd, but apparently it has been overlooked to port
it to our bundled libgd.
We also introduce the test helper `test_image_equals_image()` which
compares in-memory images for equality.
[1] <https://github.com/libgd/libgd/issues/276>
Closes GH-17250.
This bug happens because of a nested `SHM_UNPROTECT()` sequence.
In particular:
```
unprotect memory at ext/opcache/ZendAccelerator.c:2127
protect memory at ext/opcache/ZendAccelerator.c:2160
unprotect memory at ext/opcache/ZendAccelerator.c:2164
unprotect memory at ext/opcache/jit/zend_jit_trace.c:7464
^^^ Nested
protect memory at ext/opcache/jit/zend_jit_trace.c:7591
^^^ Problem is here: it should not protect again due to the nested unprotect
protect memory at ext/opcache/ZendAccelerator.c:2191
^^^ This one should actually protect, not the previous one
```
The reason this nesting happen is because:
1. We try to include the script, this eventually calls `cache_script_in_shared_memory`
2. `zend_optimize_script` will eventually run SCCP as part of the DFA pass.
3. SCCP will try to replace constants, but can also run destructors when a partial array is destructed here:
4e9cde758e/Zend/Optimizer/sccp.c (L2387-L2389)
In this case, this destruction invokes the GC which invokes the tracing JIT,
leading to the nested unprotects.
This patch disables the GC to prevent invoking user code, as user code
is not supposed to run during the optimizer pipeline.
Closes GH-17249.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
