When the JIT defers the IS_UNDEF check for FETCH_OBJ_R to the result
type guard, the deoptimization escape path dispatches to opline->handler
via the trace_escape stub. If opline->handler has been overwritten with
JIT code (e.g. a function entry trace), this creates an infinite loop.
Fix by dispatching to the original VM handler (orig_handler from the
trace extension) instead of going through the trace_escape stub. This
avoids the extra IS_UNDEF guard on every property read while correctly
handling the rare IS_UNDEF case during deoptimization.
Also set current_op_array in zend_jit_trace_exit_to_vm so that the
blacklisted exit deoptimizer can resolve orig_handler, covering the
case where side trace compilation is exhausted.
Closes GH-21368.
openssl_pkey_new() checks private_key_bits >= 384 before generating any
key. For EC, X25519, ED25519, X448, and ED448 the size is inherent to
the curve or algorithm, so this check doesn't apply and causes failures
when default_bits is missing from openssl.cnf (which is the case in
OpenSSL 3.6's default config).
Skip the minimum-bits check for key types that don't use private_key_bits.
Closes GH-21387.
Registering namespace after the parsing is too late because parsing can
fail due to attributes referencing namespaces.
So we have to register fake namespaces before the parsing.
However, the clone operation reconciles namespaces in the wrong way, so
we have to clone via an object.
Closes GH-21371.
Insert type guards (CHECK_OP1_TRACE_TYPE / CHECK_OP2_TRACE_TYPE) on the
sensitive bailout paths in ADD/SUB/MUL JIT compilation: the MAY_BE_UNDEF
and non-numeric operand breaks. Guards are only emitted when the traced
operand type is IS_LONG or IS_DOUBLE, ensuring TSSA result type
predictions stay valid for side traces without affecting the normal
numeric fast path.
Fixes GH-20838
Co-authored-by: Dmitry Stogov <dmitrystogov@gmail.com>
The cookie option parser uses a wrong offset to start scanning
attributes, causing cookie values containing substrings like
"path=" or "domain=" to be falsely matched as attributes.
close GH-21400
This path wasn't tested (clearly).
To trigger this we use FFI, which seemed like the easiest way that
doesn't involve using another process messing with the shared memory.
Closes GH-21388.
On AIX, NSIG is def'd as SIGMAX64+1, and SIGMAX64 itself is def'd as
255:
```
$ grep -Rw SIGMAX64 /QOpenSys/usr/include/
/QOpenSys/usr/include/sys/signal.h:#define SIGMAX64 255
/QOpenSys/usr/include/sys/signal.h:#define SIGMAX SIGMAX64
/QOpenSys/usr/include/sys/signal.h:#define NSIG64 (SIGMAX64+1)
```
...this causes an overflow when we set num_signals from the value of
NSIG, per GCC:
```
/rpmbuild/BUILD/php-8.5.3/ext/pcntl/pcntl.c:216:25: warning: large integer implicitly truncated to unsigned type [-Woverflow]
PCNTL_G(num_signals) = NSIG;
^~~~
```
...when we try to use pcntl to i.e. install a signal handler, we get an
error from pcntl:
```
Fatal error: Uncaught ValueError: pcntl_signal(): Argument #1 ($signal) must be less than 0 in phar:///QOpenSys/pkgs/bin/composer/vendor/seld/signal-handler/src/SignalHandler.php:491
```
The easiest way to deal with this silly AIX behaviour is to just promote
the storage size.
Previously, static trait properties would always redeclare locally declared
static properties to make sure any inherited property would stop sharing a
common slot with the parent. This would leave holes in property_info, creating
issues for this code:
zend_hash_extend(&ce->properties_info,
zend_hash_num_elements(&ce->properties_info) +
zend_hash_num_elements(&parent_ce->properties_info), 0);
where zend_hash_num_elements(&ce->properties_info) +
zend_hash_num_elements(&parent_ce->properties_info) is supposed to extend the
hash table enough to hold all additional properties coming from parent. However,
if ce->properties_info contains holes this might not be enough, given all parent
properties are appended at nNumUsed.
This could be fixed by further extending the hash table, but we can also avoid
the holes in properties_info completely by not redeclaring trait properties that
are already declared in the target class. This is now possible because traits
are bound before performing parent class inheritance, so if the property is
already present we know it will separate the property slot.
Fixes GH-20672
Closes GH-21358
Fix `PQTRACE_SUPPRESS_TIMESTAMPS` guard misspelling in pgsql.stub.php.
The guard has been misspelled as `PQTRACE_SUPPPRESS_TIMESTAMPS`
(three P's) since 7ec8ae12c4, preventing the
`PGSQL_TRACE_SUPPRESS_TIMESTAMPS` constant from being registered.
close GH-21386
