The first while loop sets the bucket variable, and this is freed in
out_failure. However, when the second "goto out_failure" is triggered
then bucket still refers to the bucket from the first while loop,
causing a UAF.
Fix this by separating the error paths.
Closes GH-17058.
Transliteration works differently across the iconv implementations and
the system. When using GNU libiconv the output in this test is:
string(16) "Zlutouck'y kun\n"
(like on Windows). On glibc's built-in iconv output is:
string(15) "Zlutoucky kun\n"
autoconf/libtool generating code to test features missed `void` for
C calls prototypes w/o arguments.
Note that specific changes related to libtool have to be upstreamed.
Co-authored-by: Peter Kokot <petk@php.net>
close GH-13732
NetBSD still adopts the old iconv signature for buffer inputs.
The next release will too so we can assume it will remain that way for
a while.
Close GH-12001
The next generation of C compilers is going to enforce the C standard
more strictly:
https://wiki.gentoo.org/wiki/Modern_C_porting
One warning that will eventually become an error is
-Wimplicit-function-declaration. This is relatively easy to catch in
most code (it will fail to compile), but inside of autoconf tests it
can go unnoticed because many feature-test compilations fail by
design. For example,
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <iconv.h>]],
[[iconv_ccs_init(NULL, NULL);]])]...
is designed to fail if iconv_ccs_init() is not in iconv.h. On the
other hand,
AC_RUN_IFELSE([AC_LANG_SOURCE([[
#include <iconv.h>
int main() {
printf("%d", _libiconv_version);
return 0;
}
should pass if _libiconv_version is defined. If the user has
-Werror=implicit-function-declaration in his CFLAGS, however,
it will not:
$ export CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
$ ./configure
...
checking if using GNU libiconv... no
This is because the stdio.h header that defines printf() is missing:
conftest.c:240:3: error: implicit declaration of function 'printf'
[-Werror=implicit-function-declaration]
240 | printf("%d", _libiconv_version);
| ^~~~~~
conftest.c:239:1: note: include '<stdio.h>' or provide a declaration
of 'printf'
This commit adds the include, correcting the test with any compiler
that balks at implicit function definitions.
Closes GH-10751
The next generation of C compilers is going to enforce the C standard
more strictly:
https://wiki.gentoo.org/wiki/Modern_C_porting
One warning that will soon become an error is -Wstrict-prototypes.
This is relatively easy to catch in most code (it will fail to
compile), but inside of autoconf tests it can go unnoticed because
many feature-test compilations fail by design. For example,
$ export CFLAGS="$CFLAGS -Werror=strict-prototypes"
$ ./configure
...
checking if iconv supports errno... no
configure: error: iconv does not support errno
(this is on a system where iconv *does* support errno). If errno
support were optional, that test would have "silently" disabled
it. The underlying issue here, from config.log, is
conftest.c:211:5: error: function declaration isn't a prototype
[-Werror=strict-prototypes]
211 | int main() {
This commit goes through all of our autoconf tests, replacing main()
with main(void). Up to equivalent types and variable renamings, that's
one of the two valid signatures, and satisfies the compiler (gcc-12 in
this case).
Fixes GH-10751
@cname currently refers to the constant name in C. However, it is not always a (constant) name, but sometimes a function invocation, so naming it as @cvalue would be more appropriate.
smart_str uses an over-allocated string to optimize for append operations. Functions that use smart_str tend to return the over-allocated string directly. This results in unnecessary memory usage, especially for small strings.
The overhead can be up to 231 bytes for strings smaller than that, and 4095 for other strings. This can be avoided for strings smaller than `4096 - zend_string header size - 1` by reallocating the string.
This change introduces `smart_str_trim_to_size()`, and calls it in `smart_str_extract()`. Functions that use `smart_str` are updated to use `smart_str_extract()`.
Fixes GH-8896
The fix for GH-7953 introduced a regression by being to deliberate
adding the respective headers. These must only be added, if the
handler starts, but is not finalizing.
Closes GH-8353.
We need to reset the shift state right after conversion, to cater to
potenially following plain encodings. Also, there is no need to reset
the shift for plain encodings, because these are not state-dependent.
Closes GH-8025.
If an output handler has not yet been started, calling `ob_clean()`
causes it to start. If that happens, we must not forget to set the
`Content-Encoding` and `Vary` headers.
Closes GH-7960.
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
This deprecates passing null to non-nullable scale arguments of
internal functions, with the eventual goal of making the behavior
consistent with userland functions, where null is never accepted
for non-nullable arguments.
This change is expected to cause quite a lot of fallout. In most
cases, calling code should be adjusted to avoid passing null. In
some cases, PHP should be adjusted to make some function arguments
nullable. I have already fixed a number of functions before landing
this, but feel free to file a bug if you encounter a function that
doesn't accept null, but probably should. (The rule of thumb for
this to be applicable is that the function must have special behavior
for 0 or "", which is distinct from the natural behavior of the
parameter.)
RFC: https://wiki.php.net/rfc/deprecate_null_to_scalar_internal_arg
Closes GH-6475.
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.
Of course, zend_bool is retained as an alias.
Use a separate "reverse" flag to determine search direction,
using offset == -1 to indicate this is is confusing. I initially
thought the code was trying to handle negative offsets.
Also deduplicate the forward and reverse cases, they really only differ
in one place.
Make the behavior of substr(), mb_substr(), iconv_substr() and
grapheme_substr() consistent when it comes to the handling of
out of bounds offsets. substr() will now always clamp out of
bounds offsets to the string boundary. Cases that previously
returned false will now return an empty string. This means that
substr() itself *always* returns a string now (like mb_substr()
already did before.)
Closes GH-6182.
