The two calls that MySQLnd does to this handler all pass a buffer the same size as the error_msg field
Thus, we know that we can just memcpy the error message into the buffer.
See https://nrk.neocities.org/articles/not-a-fan-of-strlcpy for a rationale against the usage of `strlcpy()`
We relax the constraint that the array must be a list. What really
matters is that it only has numeric keys. As shown in the example code,
it's really easy to accidentally create a non-list array, so it makes
sense to relax the constraint.
There are 3 cases left where the array is checked to be a list,
in php_ldap_do_search, but I believe this makes sense to keep because
the indices of those arrays have a meaning because they should match
between different arrays. In that case it will prevent programmer
errors.
A bunch of different issues:
1) The referenced value is copied without incrementing the refcount.
The reason the refcount isn't incremented is because otherwise
the array modifications would violate the RC1 constraints.
Solve this by copying the reference itself instead and always
read the referenced value.
2) No type checks on the array data, so malicious scripts could
cause type confusion bugs.
3) Potential overflow when the arrays resize and we access ctag.
Closes GH-17205.
Replaces GH-15730 as that PR became stale.
But instead of introducing a new helper, reuse
smart_str_append_escaped(), this also removes the dependency on
ext/standard.
Closes GH-15730.
Closes GH-17277.
- `TCP_FUNCTION_ALIAS`: fetches the function pointer name alias (>= 14.0
only tough).
- `TCP_BBR_ALGORITHM`: set/get the underlying algorithm (0: netflix, 1:
google) when the BBR's TCP stack is used.
- `TCP_REUSPORT_LB_NUMA`: set/get a NUMA domain filter on the socket.
close GH-16923
EX(opline) / opline can be stale if the IP is not stored, like in this
case on a trace enter. We always need to make sure that the opline is up
to date to make sure we don't use stale data.
Closes GH-17260.
This was a bug in both libxml and PHP.
We follow up with the same change as done in GNOME/libxml@b3871dd138.
Changing away from `xmlOutputBufferCreateFilenameDefault` is not
possible yet because this is a stable branch and would break BC.
Closes GH-17254.
Checking for the exact output of most image formats is brittle; even an
otherwise change to some header field causes the output to change, even
if the image would be visually identical.
Checking for an (MD5) hash is even worse, since if the tests fails, we
have no clue for what reason.
Thus we compare the generated image against an pre-generated PNG, using
a test helper which will output a simple image diff in case of test
failure.
The FFI call return values follow widening rules.
We must widen to `ffi_arg` in the case we're handling a return value for types shorter than the machine width.
From http://www.chiark.greenend.org.uk/doc/libffi-dev/html/The-Closure-API.html:
> In most cases, ret points to an object of exactly the size of the type specified when cif was constructed.
> However, integral types narrower than the system register size are widened.
> In these cases your program may assume that ret points to an ffi_arg object.
If we don't do this, we get wrong values when reading the return values.
Closes GH-17255.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
The main intent of the test was to show the changed behavior on
Windows; previously, `stream_select()` would return immediately there,
reporting all pipes as ready; now, it only returns if at least one pipe
is actually ready.
The original test case was overspecified; of course, we cannot assume
that the pipes are ready one after the other; depending on the concrete
`select(2)` implementation and the system scheduler, minor differences
are to be expected.
Thus we relax the test expectations, and now require that not all pipes
are reported ready after a single `stream_select()` call, and that the
output contains all strings. We also ensure that `stream_select()`
doesn't fail (for whatever reason). And in case of the test
expectations not being met, we also output some diagnostics (most
notably the output that has already been read).
The issue that BMP RLE occasionally swallowed some pixels[1] had been
fixed long ago in libgd, but apparently it has been overlooked to port
it to our bundled libgd.
We also introduce the test helper `test_image_equals_image()` which
compares in-memory images for equality.
[1] <https://github.com/libgd/libgd/issues/276>
Closes GH-17250.
This bug happens because of a nested `SHM_UNPROTECT()` sequence.
In particular:
```
unprotect memory at ext/opcache/ZendAccelerator.c:2127
protect memory at ext/opcache/ZendAccelerator.c:2160
unprotect memory at ext/opcache/ZendAccelerator.c:2164
unprotect memory at ext/opcache/jit/zend_jit_trace.c:7464
^^^ Nested
protect memory at ext/opcache/jit/zend_jit_trace.c:7591
^^^ Problem is here: it should not protect again due to the nested unprotect
protect memory at ext/opcache/ZendAccelerator.c:2191
^^^ This one should actually protect, not the previous one
```
The reason this nesting happen is because:
1. We try to include the script, this eventually calls `cache_script_in_shared_memory`
2. `zend_optimize_script` will eventually run SCCP as part of the DFA pass.
3. SCCP will try to replace constants, but can also run destructors when a partial array is destructed here:
https://github.com/php/php-src/blob/4e9cde758eadf30cc4d596d6398c2c34c64197b4/Zend/Optimizer/sccp.c#L2387-L2389
In this case, this destruction invokes the GC which invokes the tracing JIT,
leading to the nested unprotects.
This patch disables the GC to prevent invoking user code, as user code
is not supposed to run during the optimizer pipeline.
Closes GH-17249.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
NULL checks for the glob stream are inconsistently applied. To solve
this generally, factor it out to a helper function so it's less likely
to be forgotten in the future.
Closes GH-17231.
A label should be followed by a statement and not a declaration, else old gcc gives the following error: a label can only be part of a statement and a declaration is not a statement
To fix this we wrap the code in the switch case block in braces.
When observer is enabled, we normally add an extra temporary to all
functions, to store the previously observed frame. However, this is done in
zend_observer_post_startup() so it doesn't happen to dl'ed() functions.
One possible fix would be to move that from zend_observer_post_startup()
to zend_register_functions(), but this would be too early: Observer may
not be enabled when zend_register_functions() is called, and may still be
enabled later.
However, when zend_register_functions() is called at run-time (during dl()),
we know definitively whether observer is enabled.
Here I update zend_register_functions() to add a temporary to dl'ed()
functions when observer is enabled.
Fixes: GH-17211
Closes: GH-17220
Gina Peter Banyard