php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-31 04:32:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
135,103 Commits 547 Branches 1,481 Tags
php-8.3.14
Commit Graph

14487 Commits

Author SHA1 Message Date
Niels Dossche
c105552413 Fix GHSA-r977-prxv-hc43 
Move the bound check upwards. Since this doesn't generate output we can
check the bound first.
 2024-11-18 09:05:38 +01:00
Jakub Zelenka
ab16b79dfd Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF injection 2024-11-18 09:04:37 +01:00
Ilija Tovilo
f033cf75e4 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix array going away during sorting
 2024-11-04 15:51:03 +01:00
Ilija Tovilo
2bdce61390 Fix array going away during sorting 
Fixes GH-16648
Closes GH-16654
 2024-11-04 15:50:35 +01:00
Arnaud Le Blanc
f3e87e2a6d Fix tests: Prevent stack overflow during dtor 
On s390x the stack is smaller and/or the object dtor code uses more stack,
which causes the destruction of deeply nested objects to crash in these
tests. Here I ensure that objects are released one by one at the end of the
tests to avoid recursive dtor.

Closes GH-16561
Fixes GH-16528
 2024-10-24 15:56:25 +02:00
Ilija Tovilo
f512ff4afa Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix exception in assert() callback with bail enabled
 2024-10-14 14:00:20 +02:00
Ilija Tovilo
b5c09b1a61 Fix exception in assert() callback with bail enabled 
Fixes GH-16293
Closes GH-16304
 2024-10-14 13:59:26 +02:00
Niels Dossche
bd724bdf42 Fix GH-15169: stack overflow when var serialization in ext/standard/var 
Adding a stack check here as I consider serialization to be a more
sensitive place where erroring out with an exception seems appropriate.

Closes GH-16159.
 2024-10-02 21:30:59 +02:00
Arnaud Le Blanc
220c8828cc Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [ci skip] NEWS for GH-16061
  Fix array_merge_recursive(): convert_to_array() may need separation (#16061)
 2024-10-02 12:43:48 +02:00
Arnaud Le Blanc
545bef8ae6 Fix array_merge_recursive(): convert_to_array() may need separation (#16061) 2024-10-02 12:37:04 +02:00
David Carlier
d828308095 Merge branch 'PHP-8.2' into PHP-8.3 2024-09-30 18:11:14 +01:00
David Carlier
332b067c5e Fix GH-15937: stream timeout option overflow. 
close GH-15942
 2024-09-30 18:10:33 +01:00
Christoph M. Becker
a17634c029 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix potential parallel test conflicts
 2024-09-29 02:11:48 +02:00
Christoph M. Becker
f5649556ea Fix potential parallel test conflicts 
Both tests call `create_files()` with the same `$name_prefix` what
might clash.

Co-authored-by: Gina Peter Banyard <girgias@php.net>

Closes GH-16103.
 2024-09-29 02:05:14 +02:00
Ilija Tovilo
0226e5d01d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Reduce regex backtracking in phpinfo.phpt
 2024-09-27 17:10:47 +02:00
Ilija Tovilo
c4c45da4b9 Reduce regex backtracking in phpinfo.phpt 
On NixOS, the output of phpinfo() can get very large, causing us to run into the
backtracking limit. Lazy matching for .*/.+ can help reduce backtracking.
 2024-09-27 15:02:21 +02:00
Christoph M. Becker
acee803e6a Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-15980: Signed integer overflow in main/streams/streams.c
 2024-09-24 12:33:17 +02:00
Christoph M. Becker
81916758ec Fix GH-15980: Signed integer overflow in main/streams/streams.c 
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the
largest value of `zend_off_t` on all platforms).  Of course, that seek
may fail, but even if it succeeds, the stream is no longer readable,
but that matches the current behavior for offsets near `ZEND_LONG_MAX`.

Closes GH-15989.
 2024-09-24 12:32:00 +02:00
Christoph M. Becker
a9fcf498e3 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Revert "Fix GH-15980: Signed integer overflow in main/streams/streams.c"
 2024-09-23 01:32:45 +02:00
Christoph M. Becker
ee95ee7216 Revert "Fix GH-15980: Signed integer overflow in main/streams/streams.c" 
This reverts commit 6a04c79e41, since the
new test case apparently fails on 64bit Linux, so this needs closer
investigation.
 2024-09-23 01:31:05 +02:00
Christoph M. Becker
c701508e6b Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-15980: Signed integer overflow in main/streams/streams.c
 2024-09-23 00:29:15 +02:00
Christoph M. Becker
6a04c79e41 Fix GH-15980: Signed integer overflow in main/streams/streams.c 
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the
largest value of `zend_off_t` on all platforms).  Of course, after such
a seek a stream is no longer readable, but that matches the current
behavior for offsets near `ZEND_LONG_MAX`.

Closes GH-15989.
 2024-09-23 00:28:09 +02:00
Niels Dossche
94c2ae616b Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-15908 and GH-15026: leak / assertion failure in streams.c
 2024-09-22 16:08:51 +02:00
Niels Dossche
018c0b3d14 Fix GH-15908 and GH-15026: leak / assertion failure in streams.c 
This was first reported as a leak in GH-15026, but was mistakingly
believed to be a false positive. Then an assertion was added and it got
triggered in GH-15908. This fixes the leak. Upon merging into master the
assertion should be removed as well.

Closes GH-15924.
 2024-09-22 16:07:12 +02:00
David Carlier
b975b6c9ab Merge branch 'PHP-8.2' into PHP-8.3 2024-09-11 21:15:42 +01:00
David Carlier
791a6ef19c Fix GH-15613: unpack on format hex strings repeater value. 
close GH-15615
 2024-09-11 21:14:27 +01:00
Ilija Tovilo
a5bd4ccb8c Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix MSAN getservbyport() false positive
  Fix uninitialized CG(zend_lineno)
  Fix uninitialized EG(user_error_handler_error_reporting)
 2024-09-09 19:35:00 +02:00
Ilija Tovilo
0faa1d2017 Fix MSAN getservbyport() false positive 
Closes GH-15814
 2024-09-09 19:34:43 +02:00
Ilija Tovilo
24a294922b Fix uouv in array_column 
column_long and index_long might not be set, but are still used as arguments.
They are not actually used if column_str is set, but it's better to initialize
them anyway, if only to make MemorySanitizer happy.
 2024-09-09 16:55:02 +02:00
Christoph M. Becker
a51f54b54b Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-15552: Signed integer overflow in ext/standard/scanf.c
 2024-09-01 17:25:18 +02:00
Christoph M. Becker
08841bf79c Fix GH-15552: Signed integer overflow in ext/standard/scanf.c 
We ensure that the argnum `value` is in the allowed range, *before*
mapping it to the `objIndex`, not *afterwards*.

Closes GH-15581.
 2024-09-01 17:24:17 +02:00
Christoph M. Becker
ac4039df20 Mark gd14930.phpt as dynamic xfail 
This test only fails when `NAME_MAX` is defined, which is never the
case on Windows, so we let the test pass there.  This could be extended
to other environments where `NAME_MAX` is not defined.
 2024-09-01 15:04:54 +02:00
Go Kudo
bf9929a26c standard: supress msan (#15665) 2024-08-31 15:56:11 +09:00
David Carlier
d7d40b4c80 Merge branch 'PHP-8.2' into PHP-8.3 2024-08-30 17:17:20 +01:00
David Carlier
7db1a5843f Fix GH-15653: fgetcsv overflow on length parameter. 
close GH-15655
 2024-08-30 17:16:57 +01:00
Jakub Zelenka
70c5e366f6 Revert fix for GH-14930: truncating readdir output (#15533) 2024-08-22 23:41:34 +01:00
Niels Dossche
9913b83ce5 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-15179: Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re
 2024-08-03 02:05:35 +02:00
Niels Dossche
67ce8759e8 Fix GH-15179: Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re 
Based on analysis by Ilija: https://github.com/php/php-src/issues/15179#issuecomment-2261546902

* Apply suggestions from code review

Closes GH-15206.

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
 2024-08-03 02:05:06 +02:00
Niels Dossche
9f570163b3 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix CI failure on macOS after Curl update
 2024-07-28 14:34:35 +02:00
Niels Dossche
fdae7c23f0 Fix CI failure on macOS after Curl update 2024-07-28 14:34:26 +02:00
Niels Dossche
014e515ccc Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix CI failure after Curl update (#15124)
 2024-07-27 16:11:26 +02:00
Niels Dossche
404bd30810 Fix CI failure after Curl update (#15124) 2024-07-27 16:09:50 +02:00
David Carlier
2599b6e780 Merge branch 'PHP-8.2' into PHP-8.3 2024-07-22 23:26:28 +01:00
David Carlier
350c10d985 fix GH-14785 pedantic error 
close GH-15071
 2024-07-22 23:26:09 +01:00
David Carlier
5bac3c27c9 Merge branch 'PHP-8.2' into PHP-8.3 2024-07-22 22:58:18 +01:00
David Carlier
ba909d7c43 Fix GH-14780: p(f)sockopen overflow on timeout argument. 
close GH-14785
 2024-07-22 22:57:59 +01:00
Niels Dossche
a0e1e085d8 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix passing non-finite timeout values in stream functions
 2024-07-22 17:52:53 +02:00
Niels Dossche
fdcfd62b9b Fix passing non-finite timeout values in stream functions 
Closes GH-15061.
 2024-07-22 17:52:21 +02:00
Niels Dossche
c26d1a36e2 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-15034: Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB
 2024-07-21 22:02:47 +02:00
Niels Dossche
cfcc2a3fda Fix GH-15034: Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB 
We were using atoi, which is only for integers. When the size does not
fit in an integer this breaks. Use ZEND_STRTOUL instead. Also make sure
invalid data isn't accidentally parsed into a file size.

Closes GH-15035.
 2024-07-21 22:02:11 +02:00