If buf_len is zero, this would leave behind a dangling pointer
to an already released header.str. Make sure this can't happen
by always overwriting the pointer.
Closes GH-7376.
The CURLOPT_DEBUGDATA will point to the old curl handle after
copying. Update it to point to the new handle.
We don't separately store whether CURLINFO_HEADER_OUT is enabled,
so I'm doing this unconditionally. It should be harmless if
CURLOPT_DEBUGFUNCTION is not used.
When more than INT_MAX resource are created, throw a fatal error,
rather than reusing already allocated IDs, which will result in
assertion failures or crashes down the line.
This doesn't fix the fundamental problem, but makes the failure
more graceful with an obvious cause.
Inspired by https://bugs.php.net/bug.php?id=81399.
Closes GH-7428.
If we assemble a zend_string manually, we need to end it with a NUL
byte ourselves.
We also fix the size calculation for that zend_string; there is no need
for the extra byte for each part, and we don't have to multiply by two,
since we're using DnsQuery_A(), not DnsQuery_W () (in which case we
would have to do the character set conversion, anyway). This avoids
over-allocation, and the need to explicitly set the string length.
Finally, we use the proper access macro for zend_strings.
Closes GH-7427.
In this case we should use the original internal handler. Otherwise
the trampoline will attempt to free the closure, but the function
being used is not actually part of a closure anymore.
We port the upstream fix[1], and also revert commit a3383ac3d7[2] which
is now obsolete, and also not part of libgd. Especially the change to
gd.png.c was at best a half-baked optimization.
[1] <a24e96f019>
[2] <a3383ac3d7>
Closes GH-7402.
This change was originall only done for 'master'. Xdebug bundles this file as
it requires it, but PHP 7.2/7.3 don't have it bundled. By doing "phpize" with
master, it updates the file introducing a local diff. By fixing it in older
versions, that problem goes away.
It is insufficient to check whether the `base` is contained in `fname`;
we also need to ensure that `fname` is properly separated. And of
course, `fname` has to start with `base`.
For consistency with PDOStatement::setAttribute(). Attribute values
can for example also be bool.
This is backwards-compatible, as mixed is the same as no type for
parameter variance.
We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow.
Closes GH-7381.
We're currently only testing prime shm + use shm and prime file +
use file.
This adds testing for the prime shm + use file combination. The
prime file + use shm combination is broken on PHP-8.0, so not
tested.
The IS_UNSERIALIZED check here does not work if the string is
interned (serialized with file_cache_only=0) but unserialization
happens with file_cache_only=1. In this case the unserializde
string will be in the str area after mem, which is not included
in the script size, and which is also not accessible at this
point without threading through more information. Work around
the problem by checking for the serialized representation instead.
We must avoid integer overflows in memory allocations, so we introduce
an additional check in the VM, and bail out in the rare case of an
overflow. Since the recent fix for bug #74960 still doesn't catch all
possible overflows, we fix that right away.
Some GCC versions don't like zend_try in loop. Avoid the issue
by pulling it out of the loop, we don't particularly care about
skipping further warnings if a bailout occurs, just that it
does not interrupt shutdown.
Closes GH-7380.
