This has been the case at least since PHP 5.4. Thanks to Girgias for
pointing it out.
It appears that there are several global variables internal to mbstring
which can be queried via mb_get_info() and which could be NULL, but
at the very least, we know that "mbstring.http_input" is one of them.
* fix segfault in `ZEND_BIND_STATIC`
In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full,
the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as
the opline might be a dangling pointer.
* add missing test
* `assert()`ing seems easier than trying to make the compiler to not optimize
* moved from function call to INI setting, so we can use this in other places as well
* make `assert()` work no NDEBUG builds
* document magic number
* fix segfault in `ZEND_FUNC_GET_ARGS`
In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is
full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash,
as the opline might be a dangling pointer.
---------
Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>
php_strip_url_passwd modifies url in-place. We cannot assume from
php_message_handler_for_zend that data is a temporary, modifiable string.
Fixes oss-fuzz #64209
Closes GH-12733
php_strip_url_passwd modifies url in-place. We cannot assume from
php_message_handler_for_zend that data is a temporary, modifiable string.
Fixes oss-fuzz #64209
Closes GH-12733
Right-shifting a negative number is unspecified (i.e.
implementation-defined) behaviour [1]. If we take a look at the
generated assembly [2], we see that the wrong value is computed.
Fix it by using Z_UL instead of Z_L.
While we're at it, just change every occurrence of this pattern to use
Z_UL instead of casting.
[1] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1548.pdf §6.5.7.5
[2] https://godbolt.org/z/4Y1qKKjsh
Closes GH-12613.
When redeclaring an overridden static property with a trait we're removing the
property from the class. However, because the property itself does not belong to
the class we must not free its associated data.
This issue is exposed by 9a250cc9d6 in PHP 8.3+ because duplicate static
properties in traits are no longer skipped, but redeclared.
Fixes GH-12468
The constant name is usually interend. Without opcache, compilation always
interns strings. Without opcache, compilation does not intern (new) strings, but
persisting of script does. If a script is not stored in shm the constant name
will not be interned.
The building of enum backing stores was missing a addref for the constant name,
leading to a double-free when releasing constants and backing stores of enums.
Fixes GH-12366
Closes GH-12405
