This is only defined as of PHP-8.4; alternatively we could also inline
the `brew --prefix` call, but that makes it harder for upward merges.
Closes GH-16785.
cURL 8.11.0 added a couple of packages to `Requires.private`, but these
packages are irrelevant when building against a shared libcurl. For
some reason, these private requirements are checked when we're doing
`pkg-config --cflags` (that happens with the preinstalled pkg-config
0.29.2, as well as with pkgconf 2.3.0). To avoid further messing with
these packages, we just drop the `Requires.private` line from
libcurl.pc.
See GH-16741 for more details.
Closes GH-16783.
This fixes issues causing buffer over-read that leak heap content:
- RESP packet field default left over for COM_LIST
- RESP packet upsert filename
- OK packet message
- RESP packet for stmt row data
- ps_fetch_from_1_to_8_bytes
- ps_fetch_float
- ps_fetch_double
- ps_fetch_time
- ps_fetch_date
- ps_fetch_datetime
- ps_fetch_string
- ps_fetch_bit
- RESP packet for query row data (just possible overflow on 32bit)
It also adds various protocol tests using a new fake server.
It is assumed that the serialization always had initialised its buffer
zend_string, but in the case of a type not serialising, it is null.
close GH-16599
zlog_buf_prefix() can return a larger length than what actually was
written due to its use of snprintf(). The code in
zlog_stream_prefix_ex() does not take this into account, other callers
do. What ends up happening then is that stream->length is set to the
length as if snprintf() was able to write all bytes, causing
stream->length to become larger than stream->buf.size, causing a
segfault.
In case the buffer was too small we try with a larger buffer up to a
limit of zlog_limit. This makes sure that the stream length will remain
bounded by the buffer size.
This also adds assertions to make the programmer intent clear and catch
this more easily in debug builds.
Closes GH-16680.
Additionally fixes wrong behaviour in ReflectionParameter when you first
have a construction that uses an object and the subsequent doesn't.
Closes GH-16672.
`timelib_astro_rise_set_altitude()` is not prepared to deal with non-
finite values (`nan`, `inf` and `-inf`) for `lon` and `lat`; instead
these trigger undefined behavior. Thus we catch non-finite values
before even calling that timelib function; for `date_sun_info()` we
trigger `ValueError`s; for `date_sunrise()` and `date_sunset()` we
silently return `false`, since these functions will be sunsetted
anyway.
Closes GH-16497.
These have been introduced a while ago[1], but their initialization has
been overlooked. Since we cannot rely on TLS variables to be zeroed,
we catch up on this.
[1] <e3ef7bbbb8>
Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
Closes GH-16658.
A previous bug fix[1] relied on ODBC drivers to properly count down the
`StrLen_or_IndPtr` argument for consecutive calls to `SQLGetData()`.
Apparently, not all drivers handle this correctly, so we cannot assert
they do. Instead we fall back to the old behavior for drivers which
would violate the assertion.
A test against SQLServer (which we currently use in CI) would not make
sense, since the respective drivers do not exhibit that behavior.
Instead we target the regression test especially to a MS Access
database.
Since there is apparently no way to easily create an MS Access database
programmatically, we commit a minimal empty DB which is used for the
regression test, and could also be used by other test cases.
[1] <bccca0b53aa60a62e2988c750fc73c02d109e642>
Closes GH-16587.
