- GH-11958: DNF types in trait properties do not get bound properly
- GH-11883: Memory leak in zend_type_release() for non-arena allocated DNF types
- Internal trait bound to userland class would not be arena allocated
- Property DNF types were not properly deep copied during lazy loading
Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
Co-authored-by: ju1ius <jules.bernable@gmail.com>
Upon resizing, the elements are destroyed from lower index to higher
index. When an element refers to an object with a destructor, it can
refer to a lower (i.e. already destroyed) element, causing a uaf.
Set refcounted zvals to NULL after destroying them to avoid a uaf.
Closes GH-11959.
We may OOM during object initialization. In this case, free_obj needs to guard
against NULL values. There may be more cases where this is an issue, these were
the ones I was able to discover via script.
Fixes GH-11734
* opcache: use zend_ast_size helper in zend_persist_ast
* opcache: use zend_ast_size helper in zend_persist_ast_calc
* Zend: fix zend_ast_size definition
It is better not to use sizeof(struct_with_flexible_array)
and instead rely on offsetof(type, member) like most
other similar wrappers do.
Re-formats the BCmath extension to have consistent formatting.
Mostly, it adds the spaces in calculations to have them more readable.
Also:
- removes unused headers
- removes few variables which are used only once in the code
Co-authored-by: George Peter Banyard <girgias@php.net>
Because we check the list with dom_sanity_check_node_list_for_insertion()
before dom_is_node_in_list(), then we don't have to check the object
type anymore in dom_is_node_in_list(), because
dom_sanity_check_node_list_for_insertion() will have already done that.
Closes GH-11914.
Cirrus will no longer offer unlimited free builds starting next month. We don't
have an alternative for FreeBSD and ARM, so move what we can for now.
Closes GH-11898
The tempnam documentation currently states that "Only the first 63
characters of the prefix are used, the rest are ignored". However when
the prefix is 64 characters-long, the current implementation fails to
strip the last character, diverging from the documented behavior. This
patch fixes the implementation so it matches the documented behavior for
that specific case where the prefix is 64 characters long.
Closes GH-11870
Signed-off-by: George Peter Banyard <girgias@php.net>
