php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-28 18:22:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
135,600 Commits 547 Branches 1,481 Tags
php-8.3.21
Commit Graph

4817 Commits

Author SHA1 Message Date
Ilija Tovilo
ef2c459941 Use-after-free for ??= due to incorrect live-range calculation 
Fixes GHSA-rwp7-7vc6-8477
 2025-03-11 22:10:21 +01:00
Tim Düsterhus
00d4390ea1 Free the trampoline when deprecation on materializing __callStatic() of trait throws (#17729) 
Fixes php/php-src#17728
 2025-02-07 10:53:14 +01:00
Tim Düsterhus
0607b663d3 Disallow calls to abstract __call() / __callStatic() (#17719) 
Fixes php/php-src#17718
 2025-02-07 09:36:33 +01:00
Tim Düsterhus
f8b57ff1bf zend_execute: Suppress values in UnhandledMatchError for zend.exception_ignore_args=1 (#17619) 
Fixes php/php-src#17618.
 2025-01-31 10:19:49 +01:00
Ilija Tovilo
333f5dd848 Fix stack overflow detection for variable compilation 
Closes GH-17623
 2025-01-29 23:27:27 +01:00
Ilija Tovilo
a6a290d541 Relax final+private warning for trait methods with inherited final 
Fixes GH-17214
Closes GH-17381
 2025-01-13 16:46:01 +01:00
Niels Dossche
7626e88de7 Fix GH-16892: ini_parse_quantity() fails to parse inputs starting with 0x0b 2025-01-09 19:51:18 +01:00
Niels Dossche
2c267722b3 Fix GH-16886: ini_parse_quantity() fails to emit warning for 0x+0 2025-01-09 19:51:17 +01:00
Niels Dossche
2c3b56ded0 Fix GH-17216: Trampoline crash on error 
The error handling is incomplete on argument cleanup.
1. The fci is not cleared which means that zend_free_trampoline() is
   never called.
2. The cleaning for extra named arguments was missing, resulting in
   memory leak.

Closes GH-17219.
 2024-12-21 00:25:06 +01:00
Niels Dossche
ee0daa59db Fix GH-17162: zend_array_try_init() with dtor can cause engine UAF 
Closes GH-17167.
 2024-12-15 20:11:40 +01:00
Niels Dossche
6a632a2d60 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16630: UAF in lexer with encoding translation and heredocs
 2024-11-18 19:59:01 +01:00
Niels Dossche
fc1db70f10 Fix GH-16630: UAF in lexer with encoding translation and heredocs 
zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredoc lexing. The input
should not be freed if we restore to the same filtered string.

Closes GH-16716.
 2024-11-18 19:58:02 +01:00
Niels Dossche
ed59c00661 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469
 2024-11-15 20:03:19 +01:00
Niels Dossche
553d79c709 Fix GH-16799: Assertion failure at Zend/zend_vm_execute.h:7469 
zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This causes an assert
failure at ZEND_VM_NEXT_OPCODE(). We fix this by checking if there's an
exception after zend_is_callable_ex().

Closes GH-16803.
 2024-11-15 20:02:26 +01:00
Ilija Tovilo
f033cf75e4 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix array going away during sorting
 2024-11-04 15:51:03 +01:00
Ilija Tovilo
2bdce61390 Fix array going away during sorting 
Fixes GH-16648
Closes GH-16654
 2024-11-04 15:50:35 +01:00
Ilija Tovilo
e02085359d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix lineno for inheritance errors of early bound classes
 2024-10-22 15:17:11 +02:00
Ilija Tovilo
2d068c4f47 Fix lineno for inheritance errors of early bound classes 
Fixes GH-16508
Closes GH-16532
 2024-10-22 15:16:43 +02:00
Ilija Tovilo
381e020edb Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix lineno in function redeclaration error
 2024-10-22 15:05:29 +02:00
Ilija Tovilo
de7ef3fa66 Fix lineno in function redeclaration error 
We were previously using the lineno of the first instruction, rather than the
start of the function itself.

Fixes GH-16509
Closes GH-16531
 2024-10-22 15:04:20 +02:00
Ilija Tovilo
5eddcb313e Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline
 2024-10-22 14:48:58 +02:00
Ilija Tovilo
8720063c4e Fix propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline 
Fixes GH-16515
Closes GH-16529
 2024-10-22 14:47:01 +02:00
Arnaud Le Blanc
900afb6ff0 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix handling of invalid iterator in zend_weakmap_iterator_get_current_key()
 2024-10-15 12:23:00 +02:00
Arnaud Le Blanc
1d94fb86b7 Fix handling of invalid iterator in zend_weakmap_iterator_get_current_key() 
Fixes GH-16371
Closes GH-16436
 2024-10-15 12:22:35 +02:00
Ilija Tovilo
817d21ecc4 Fix deprecation warnings in tests 2024-10-14 14:27:56 +02:00
Ilija Tovilo
f512ff4afa Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix exception in assert() callback with bail enabled
 2024-10-14 14:00:20 +02:00
Ilija Tovilo
b5c09b1a61 Fix exception in assert() callback with bail enabled 
Fixes GH-16293
Closes GH-16304
 2024-10-14 13:59:26 +02:00
Ilija Tovilo
c5745f40a5 Fix array to string conversion warning emitted in optimizer 
Fixes GH-16408
Closes GH-16380
 2024-10-14 13:24:05 +02:00
Arnaud Le Blanc
498e88489e Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  NEWS for GH-16196
  Handle references properties of the Exception class
 2024-10-07 15:03:55 +02:00
Arnaud Le Blanc
c2115a43e3 Handle references properties of the Exception class 
Fixes GH-16188
Closes GH-16196
 2024-10-07 15:03:31 +02:00
Niels Dossche
bd724bdf42 Fix GH-15169: stack overflow when var serialization in ext/standard/var 
Adding a stack check here as I consider serialization to be a more
sensitive place where erroring out with an exception seems appropriate.

Closes GH-16159.
 2024-10-02 21:30:59 +02:00
Arnaud Le Blanc
7e6616cafb Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [ci skip] NEWS for GH-16025
  Fix assertion failure in generator dtor (#16025)
 2024-10-02 12:31:21 +02:00
Arnaud Le Blanc
6e55f4df23 Fix assertion failure in generator dtor (#16025) 2024-10-02 12:29:19 +02:00
Ilija Tovilo
8c556b211d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix printing backtrace of fake generator frame
 2024-09-27 17:35:55 +02:00
Ilija Tovilo
706bcdbc1a Fix printing backtrace of fake generator frame 
Fixes GH-15851
Closes GH-15952
 2024-09-27 17:34:51 +02:00
Ilija Tovilo
5cff4a9b69 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix failed assertion when promoting Serialize deprecation to exception
 2024-09-26 22:03:01 +02:00
Ilija Tovilo
15a0c3a9d4 Fix failed assertion when promoting Serialize deprecation to exception 
Fixes GH-15907
Closes GH-15951
 2024-09-26 22:01:59 +02:00
David Carlier
eb460229ad Merge branch 'PHP-8.2' into PHP-8.3 2024-09-11 21:19:58 +01:00
David Carlier
503d9145e0 Fix GH-15712: overflow on float print with precision ini large value. 
When allocating enough room for floats, the allocator used overflows with
large ndigits/EG(precision) value which used an signed integer to
increase the size of thebuffer.
Testing with the zend operator directly is enough to trigger
the issue rather than higher level math interface.

close GH-15715
 2024-09-11 21:19:07 +01:00
Arnaud Le Blanc
f551a719dc Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [ci skip] NEWS for GH-15330
  Do not scan generator frames more than once (#15330)
 2024-08-28 17:44:41 +02:00
Arnaud Le Blanc
cd25500766 Do not scan generator frames more than once (#15330) 2024-08-28 17:43:17 +02:00
Arnaud Le Blanc
ba9f65bacd Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [ci skip] NEWS for GH-15275
  Fix crash during GC of suspended generator delegate (#15275)
 2024-08-10 15:48:43 +02:00
Arnaud Le Blanc
c767fec2d0 Fix crash during GC of suspended generator delegate (#15275) 2024-08-10 15:46:31 +02:00
Arnaud Le Blanc
e24101acb4 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  [ci skip] NEWS
  Fix destruction of generator running in fibers during shutdown (#15158)
 2024-07-30 14:56:28 +02:00
Arnaud Le Blanc
99e0d3fe09 Fix destruction of generator running in fibers during shutdown (#15158) 
The destructor of generators is a no-op when the generator is running in a fiber,
because the fiber may resume the generator. Normally the destructor
is not called in this case, but this can happen during shutdown.

We detect that a generator is running in a fiber with the
ZEND_GENERATOR_IN_FIBER flag.

This change fixes two cases not handled by this mechanism:

- The ZEND_GENERATOR_IN_FIBER flag was not added when resuming a "yield from $nonGenerator"

- When a generator that is running in a fiber has multiple children (aka multiple generators yielding from it), all of them could be considered to also run in a fiber (only one actually is), and could leak if not destroyed before shutdown.
 2024-07-30 14:53:19 +02:00
Ilija Tovilo
e01e2bb5fd Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix comments between -> and keyword
 2024-07-16 23:40:59 +02:00
Ilija Tovilo
b368db204f Fix comments between -> and keyword 
Comments should not fall out of ST_LOOKING_FOR_PROPERTY.

Fixes GH-14961
Closes GH-14976
 2024-07-16 23:40:18 +02:00
Ilija Tovilo
aca2322801 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix use-after-free in property coercion with __toString()
 2024-07-16 12:43:29 +02:00
Ilija Tovilo
8c312ba74b Fix use-after-free in property coercion with __toString() 
This was only partially fixed in PHP-8.3. Backports and fixes the case for both
initialized and uninitialized property writes.

Fixes GH-14969
Closes GH-14971
 2024-07-16 12:40:14 +02:00
Niels Dossche
015b5195ae Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Factor out common check for short-circuited ast
  Fix OSS-Fuzz #69765: Yield reference to nullsafe chain
 2024-06-30 13:38:44 +02:00