php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
143,205 Commits 545 Branches 1,479 Tags
ff86c593a2fba834634a538bde4ee3396e5f371d
Commit Graph

143205 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Niels Dossche
ff86c593a2 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix shm corruption with coercion in options of unserialize()
 2025-10-13 21:45:27 +02:00
Niels Dossche
8389197768 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix shm corruption with coercion in options of unserialize()
 2025-10-13 21:45:09 +02:00
Niels Dossche
88f8c5c0bb Fix shm corruption with coercion in options of unserialize() 
Closes GH-20129.
 2025-10-13 21:40:54 +02:00
Niels Dossche
722a8b04bb Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  phar: Fix memleak+UAF when opening temp stream in buildFromDirectory() fails
 2025-10-13 21:02:47 +02:00
Niels Dossche
ffc548db09 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  phar: Fix memleak+UAF when opening temp stream in buildFromDirectory() fails
 2025-10-13 21:02:39 +02:00
Niels Dossche
5a7c84f274 phar: Fix memleak+UAF when opening temp stream in buildFromDirectory() fails 
Obvious memleak, but can also cause a UAF depending on destruction
ordering with lingering PCRE regex instances in the SPL objects.

Closes GH-20157.
 2025-10-13 21:02:17 +02:00
Niels Dossche
5ce00197f4 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  phar: Fix more alias memory leaks
 2025-10-13 18:51:32 +02:00
Niels Dossche
5e5883344a Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  phar: Fix more alias memory leaks
 2025-10-13 18:50:59 +02:00
Niels Dossche
b529c77094 phar: Fix more alias memory leaks 
Closes GH-20154.
 2025-10-13 18:50:30 +02:00
Niels Dossche
599078f70b Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Add forgotten NEWS item
  Partially fix GH-16317: DOM classes do not allow __debugInfo() overrides to work
 2025-10-13 18:45:34 +02:00
Niels Dossche
390e24397a Add forgotten NEWS item 2025-10-13 18:45:26 +02:00
Niels Dossche
39ef16a496 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Partially fix GH-16317: DOM classes do not allow __debugInfo() overrides to work
 2025-10-13 18:44:57 +02:00
Niels Dossche
8e0504c38b Partially fix GH-16317: DOM classes do not allow __debugInfo() overrides to work 
Closes GH-20132.
 2025-10-13 18:43:24 +02:00
Arnaud Le Blanc
0f634077aa Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix JIT TLS on MacOS
 2025-10-13 16:31:14 +02:00
Arnaud Le Blanc
54d793dc41 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix JIT TLS on MacOS
 2025-10-13 16:26:03 +02:00
Arnaud Le Blanc
3abebf3e31 Fix JIT TLS on MacOS 
The dynamic loader, starting around version 1284, patches the thunk emitted for
thread local variables by the compiler, so that its format changes from

struct Thunk {
    void *func;
    size_t module;
    size_t offset;
}

to

struct Thunk_v2 {
     void *func;
     uint32_t module;
     uint32_t offset;
     // other fields
}

which has the same size, but not the same layout.

This is mentionned in
9307719dd8/libdyld/ThreadLocalVariables.h (L90)

As a result, access to thread specific variables in JIT is broken.

Fix by using the new layout when the new dynamic loader is in use.

Closes GH-20121
 2025-10-13 16:16:39 +02:00
Niels Dossche
32a0d94cc5 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  phar: Fix file descriptor/memory leak when opening central fp fails
 2025-10-13 09:08:24 +02:00
Niels Dossche
f84605b2db Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  phar: Fix file descriptor/memory leak when opening central fp fails
 2025-10-13 09:08:19 +02:00
Niels Dossche
c89f25bf69 phar: Fix file descriptor/memory leak when opening central fp fails 
Closes GH-20145.
 2025-10-13 09:07:37 +02:00
Niels Dossche
1adf63d45c Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Update SKIPIF for bug #67563 (#20133)
 2025-10-13 08:34:33 +02:00
Niels Dossche
a1c290f7cb Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Update SKIPIF for bug #67563 (#20133)
 2025-10-13 08:34:25 +02:00
Niels Dossche
8a21d62c28 Update SKIPIF for bug #67563 (#20133) 2025-10-13 08:34:03 +02:00
David Carlier
f50942068d Fix GH-20106: locale methods catering to stricter C++ rules. 
close GH-20110
 2025-10-13 06:05:02 +01:00
Gina Peter Banyard
c1d0c61e81 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix GH-20070: Return type violation in imagefilter when an invalid filter is provided
 2025-10-12 23:09:47 +01:00
Gina Peter Banyard
e7aea3db48 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-20070: Return type violation in imagefilter when an invalid filter is provided
 2025-10-12 23:09:09 +01:00
Gina Peter Banyard
26f989313e Fix GH-20070: Return type violation in imagefilter when an invalid filter is provided 
Closes GH-20071
 2025-10-12 23:08:08 +01:00
Niels Dossche
053d72e3e2 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  phar: Reduce code duplication wrt error handling in phar_parse_zipfile()
 2025-10-12 23:52:41 +02:00
Niels Dossche
b3dd837bc4 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  phar: Reduce code duplication wrt error handling in phar_parse_zipfile()
 2025-10-12 23:52:34 +02:00
Niels Dossche
f9aeb9e57c phar: Reduce code duplication wrt error handling in phar_parse_zipfile() 
The PHAR_ZIP_FAIL and PHAR_ZIP_FAIL_FREE macros are almost the same.
The reason the latter exists is because of a single error path where the
error message is on the heap and needs to be freed. Instead, use a stack
allocated variable for the error message so we can get rid of the
duplicate macro code. This stack variable is big enough as the messages
written by phar_verify_signature() are short.

Closes GH-20144.
 2025-10-12 23:52:23 +02:00
Niels Dossche
bdf1bcc8d4 Fix GH-20088: Heap-use-after-free in PHP URI WHATWG parser during malformed URL processing 
Import lexbor/lexbor@fc5aeaa61f
 2025-10-12 12:30:04 +02:00
Niels Dossche
7ad5146bc1 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix memory leak in phar_parse_zipfile() error handling
 2025-10-12 11:29:14 +02:00
Niels Dossche
29bfb43f59 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix memory leak in phar_parse_zipfile() error handling
 2025-10-12 11:28:24 +02:00
Niels Dossche
416386acc4 Fix memory leak in phar_parse_zipfile() error handling 
Closes GH-20134.
 2025-10-12 11:28:01 +02:00
Niels Dossche
0b231c4895 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Partially fix GH-16317: SimpleXML does not allow __debugInfo() overrides to work
 2025-10-12 11:25:31 +02:00
Niels Dossche
aa1585f110 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Partially fix GH-16317: SimpleXML does not allow __debugInfo() overrides to work
 2025-10-12 11:25:25 +02:00
Niels Dossche
efa1fafc2f Partially fix GH-16317: SimpleXML does not allow __debugInfo() overrides to work 
If only we did not have the pseudo-key "@attributes", we could've just
removed the custom get_debug_info implementation and this would work out
of the box. Anyway, we just have to manually check for an override now.

Closes GH-20131.
 2025-10-12 11:24:45 +02:00
Niels Dossche
79b1419c0a Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  phar: Fix memory leak when setAlias() fails
 2025-10-12 11:20:21 +02:00
Niels Dossche
7d3c7268da Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  phar: Fix memory leak when setAlias() fails
 2025-10-12 11:20:16 +02:00
Niels Dossche
9216b8be8b phar: Fix memory leak when setAlias() fails 
Closes GH-20135.
 2025-10-12 11:19:53 +02:00
Niels Dossche
47bec0cf7f Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  phar: Fix memory leak of argument in webPhar
 2025-10-12 11:15:54 +02:00
Niels Dossche
3b878506e1 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  phar: Fix memory leak of argument in webPhar
 2025-10-12 11:15:49 +02:00
Niels Dossche
da39975001 phar: Fix memory leak of argument in webPhar 
Closes GH-20138.
 2025-10-12 11:15:24 +02:00
Niels Dossche
1cb539d843 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available
 2025-10-11 23:57:43 +02:00
Niels Dossche
990e05e579 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available
 2025-10-11 23:57:36 +02:00
Niels Dossche
40f4091256 Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available 
To do this, we move the macro check and therefore we also have to move
some variable declarations to avoid compiler warnings.

Closes GH-20130.
 2025-10-11 23:57:11 +02:00
Niels Dossche
bc76b3fca9 Improve __unserialize() hardening for SplHeap/SplPriorityQueue 
It was possible to make the heap accept unserialize data when the heap
was corrupted or under modification. This adds the necessary check to
prevent that from happening.
Also, the exception check at the bottom is pointless,
spl_heap_unserialize_internal_state() already returns FAILURE on
exception. If it *is* necessary, it should be documented why.

Closes GH-20109.
 2025-10-11 23:52:37 +02:00
Jakub Zelenka
234577ee90 Fix GH-19989: PHP 8.5 FPM access log lines also go to STDERR 
This was due to not omitting logging using external_log

Closes GH-20123
 2025-10-10 17:18:47 +02:00
Arnaud Le Blanc
01e34156a8 Merge branch 'PHP-8.4' into PHP-8.5 
* PHP-8.4:
  Fix access to uninitialized variables in preload_load()
 2025-10-10 15:45:22 +02:00
Arnaud Le Blanc
27807fd0f1 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix access to uninitialized variables in preload_load()
 2025-10-10 15:44:33 +02:00
Arnaud Le Blanc
ab9d121f48 Fix access to uninitialized variables in preload_load() 
preload_load() reads EG(class_table) and EG(function_table), but these may not
be initialized. Move these accesses out of preload_load().

Closes GH-20081
 2025-10-10 15:42:58 +02:00