1
0
mirror of https://github.com/php/php-src.git synced 2026-04-24 00:18:23 +02:00
Commit Graph

722 Commits

Author SHA1 Message Date
Niels Dossche 142f85e2e1 Fix GH-17137: Segmentation fault ext/phar/phar.c
Commit edae2431 attempted to fix a leak and double free, but didn't
properly understand what was going on, causing a reference count mistake
and subsequent segfault in this case.

The first mistake of that commit is that the reference count should've
been increased because we're reusing a phar object. The error handling
path should've gotten changed instead to undo this refcount increase
instead of not refcounting at all (root cause of this bug).

The second mistake is that the alias isn't supposed to be transferred or
whatever, that just doesn't make sense. The reason the test
bug69958.phpt originally leaked is because in the non-reuse case we
borrowed the alias and otherwise we own the alias. If we own the alias
the alias information shouldn't get deleted anyway as that would desync
the alias map.

Fixing these will reveal a third issue in which the alias memory is not
always properly in sync with the persistence-ness of the phar, fix this
as well.

Closes GH-17150.
2024-12-15 13:50:09 +01:00
Niels Dossche 58f4b45bca Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
  Fix GH-16695: phar:// tar parser and zero-length file header blocks
2024-11-09 17:08:19 +01:00
Niels Dossche 72c0222926 Fix GH-16695: phar:// tar parser and zero-length file header blocks
There are two issues:
1) There's an off-by-one in the check for the minimum file size for a
   tar (i.e. `>` instead of `>=`).
2) The loop in the tar parsing parses a header, and then unconditionally
   reads the next one. However, that doesn't necessarily exist.
   Instead, we remove the loop condition and check for the end of the
   file before reading the next header. Note that we can't use
   php_stream_eof as the flag may not be set yet when we're already at
   the end.

Closes GH-16700.
2024-11-09 17:07:53 +01:00
Calvin Buckley 22d25d2896 Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
  Cast big endian byte shuffling to uint
2024-09-24 02:23:51 -03:00
Calvin Buckley 792a0e6dec Cast big endian byte shuffling to uint
This works, but UBSan running on a big endian platform (in this, ppc64)
will complain that the ((uchar*)buffer)[n] is int, and shifting that
could be weird. Since the value of PHAR_GET_32 et al are almost always
unsigned, it makes sense to cast these as unsigned.

Fixes phar tests on a big endian system with UBSan enabled.
2024-09-22 15:29:50 -03:00
Niels Dossche b1a6832287 Merge branch 'PHP-8.2' into PHP-8.3
* PHP-8.2:
  Fix GH-13833: Applying zero offset to null pointer in zend_hash.c
2024-03-31 14:25:39 +02:00
Niels Dossche 47bb6c1b79 Fix GH-13833: Applying zero offset to null pointer in zend_hash.c
MAPPHAR_FAIL will call the destructor of the manifest, mounted_dirs, and
virtual_dirs tables. When a new phar object is allocated using (p)ecalloc,
the bytes are zeroed, but the flag for an uninitialized table is
non-zero. So we have to manually set the flag in case that we have a
code path that can destroy the tables without first initializing them at
least once.

Closes GH-13847.
2024-03-31 14:25:08 +02:00
Michael Voříšek f89fe830f2 Minor conditions simplify (#10397) 2023-04-26 15:12:01 +02:00
George Peter Banyard aae20cd119 ext/phar: Fix recently introduced potential NULL dereferencement segfaults (#11065) 2023-04-12 17:05:03 +01:00
George Peter Banyard a72778b45d ext/phar: Prevent unnecessary known string length computation
Closes GH-11033
2023-04-10 13:23:08 +01:00
George Peter Banyard 7d93ef067f Convert char* + size_t parameters to zend_string* in phar_find_in_include_path() 2023-04-06 14:56:42 +01:00
Max Kellermann d46dea169c Make globals const (part 2) (#10610)
* Zend/zend_enum: make `forbidden_methods` static+const

* main/php_syslog: make `xdigits` static

* sapi/fpm: make several globals `const`

* sapi/phpdbg: make `OPTIONS` static

* sapi/phpdbg/help: make help texts const

* sapi/cli: make `template_map` const

* ext/ffi: make `zend_ffi_types` static

* ext/bcmath: make `ref_str` const

* ext/phar: make several globals static+const
2023-02-18 19:52:53 +00:00
Christoph M. Becker bdef504f65 Merge branch 'PHP-8.2'
* PHP-8.2:
  Fix regression introduced by fixing bug 81726
2022-09-27 18:25:45 +02:00
Christoph M. Becker 8ba8383916 Merge branch 'PHP-8.1' into PHP-8.2
* PHP-8.1:
  Fix regression introduced by fixing bug 81726
2022-09-27 18:25:13 +02:00
Christoph M. Becker 4552f62911 Merge branch 'PHP-8.0' into PHP-8.1
* PHP-8.0:
  Fix regression introduced by fixing bug 81726
2022-09-27 18:24:07 +02:00
Christoph M. Becker 3477499d26 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix regression introduced by fixing bug 81726
2022-09-27 18:22:57 +02:00
Christoph M. Becker 432bf196d5 Fix regression introduced by fixing bug 81726
When a tar phar is created, `phar_open_from_fp()` is also called, but
since the file has just been created, none of the format checks can
succeed, so we continue to loop, but must not check again for the
format.  Therefore, we bring back the old `test` variable.

Closes GH-9620.
2022-09-27 18:21:32 +02:00
Derick Rethans 01677cafae Merge branch 'PHP-8.2' 2022-09-27 14:11:47 +01:00
Derick Rethans 25290cd25c Merge branch 'PHP-8.1' into PHP-8.2 2022-09-27 14:11:40 +01:00
Derick Rethans cfee252a95 Merge branch 'PHP-8.0' into PHP-8.1 2022-09-27 14:11:31 +01:00
Derick Rethans def8c8d174 Merge branch 'PHP-7.4' into PHP-8.0 2022-09-27 14:11:14 +01:00
Christoph M. Becker 404e8bdb68 Fix #81726: phar wrapper: DOS when using quine gzip file
The phar wrapper needs to uncompress the file; the uncompressed file
might be compressed, so the wrapper implementation loops. This raises
potential DOS issues regarding too deep or even infinite recursion (the
latter are called compressed file quines[1]). We avoid that by
introducing a recursion limit; we choose the somewhat arbitrary limit
`3`.

This issue has been reported by real_as3617 and gPayl0ad.

[1] <https://honno.dev/gzip-quine/>
2022-09-09 17:10:04 +01:00
Tim Düsterhus 03fd405423 Use php_info_print_table_header for actual column headers only (#9485)
Using php_info_print_table_header() for "Foo: bar" looks odd and out of place,
because the whole line is colored. It is also questionable from a HTML
semantics point of view, because it does not described the columns that follow.

The use of this across extensions is inconsistent. It was part of the skeleton,
but ext/date or ext/json already use a regular row.
2022-09-06 08:48:22 +02:00
Ilija Tovilo 2f5295692f Optimize stripos/stristr
Closes GH-7847
Closes GH-7852

Previously stripos/stristr would lowercase both the haystack and the
needle to reuse strpos. The approach in this PR is similar to strpos.
memchr is highly optimized so we're using it to search for the first
character of the needle in the haystack. If we find it we compare the
remaining characters of the needle manually.

The new implementation seems to perform about half as well as strpos (as
two memchr calls are necessary to find the next candidate).
2022-01-31 21:44:31 +01:00
Dmitry Stogov 90b7bde615 Use more compact representation for packed arrays.
- for packed arrays we store just an array of zvals without keys.
- the elements of packed array are accessible throuf as ht->arPacked[i]
  instead of ht->arData[i]
- in addition to general ZEND_HASH_FOREACH_* macros, we introduced similar
  familied for packed (ZEND_HASH_PACKED_FORECH_*) and real hashes
  (ZEND_HASH_MAP_FOREACH_*)
- introduced an additional family of macros to access elements of array
  (packed or real hashes) ZEND_ARRAY_ELEMET_SIZE, ZEND_ARRAY_ELEMET_EX,
  ZEND_ARRAY_ELEMET, ZEND_ARRAY_NEXT_ELEMENT, ZEND_ARRAY_PREV_ELEMENT
- zend_hash_minmax() prototype was changed to compare only values

Because of smaller data set, this patch may show performance improvement
on some apps and benchmarks that use packed arrays. (~1% on PHP-Parser)

TODO:
    - sapi/phpdbg needs special support for packed arrays (WATCH_ON_BUCKET).
    - zend_hash_sort_ex() may require converting packed arrays to hash.
2021-11-03 15:18:26 +03:00
Remi Collet c51af22fef implement openssl_256 and openssl_512 for phar singatures 2021-08-11 14:13:57 +02:00
Nikita Popov bca1ebf529 Merge branch 'PHP-8.0'
* PHP-8.0:
  Create interned strings for internal union types
  Duplicate possibly persistent string in phar metadata clone
2021-07-20 16:24:33 +02:00
Nikita Popov 9726bc6977 Duplicate possibly persistent string in phar metadata clone 2021-07-20 16:24:00 +02:00
Anatol Belski e7123ef569 phar: crc32: Extend and cleanup API for the new bulk crc32 functions
As suggested on the patch discussion, adding init/end macros. Plus,
prefixed the new functions with php_ to avoid possible symbol conflicts.

Signed-off-by: Anatol Belski <ab@php.net>
2021-07-03 21:03:47 +02:00
jianxind 28a1a6be08 phar: use crc32 bulk method instead. (#6099)
phar: use crc32 bulk method instead.

Benefit from the hardware crc32 computing.

Signed-off-by: Frank Du <frank.du@intel.com>
2021-06-19 22:21:21 +02:00
KsaR 01b3fc03c3 Update http->https in license (#6945)
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
2021-05-06 12:16:35 +02:00
George Peter Banyard 09efad615b Use zend_string_equals_(literal_)ci() API more often
Also drive-by usage of zend_ini_parse_bool()

Closes GH-6844
2021-04-09 02:34:50 +01:00
Dmitry Stogov c732ab400a Change Zend Stream API to use zend_string* instead of char*.
This allows to eliminate re-calculation of string lenght and hash value.
See the detailed list of changes in UPGRADING.INTERNALS.
2021-03-16 20:31:36 +03:00
Christoph M. Becker 8b21e4e951 Merge branch 'PHP-8.0'
* PHP-8.0:
  Fix #53467: Phar cannot compress large archives
2021-02-03 11:25:02 +01:00
Christoph M. Becker f4332a36b4 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #53467: Phar cannot compress large archives
2021-02-03 11:24:36 +01:00
Christoph M. Becker 1bb2a4f91c Fix #53467: Phar cannot compress large archives
When Phars are flushed, a new temporary file is created for each entry
which should be compressed, and the `compressed_filesize` is retrieved.
Afterwards, the Phar manifest is written, and only after that the files
are copied to the actual Phar.  So for each such entry there is an open
temp file, what easily exceeds the limit.

Therefore, we use a single temporary file for all entries, and store
the start offset in the otherwise unused `header_offset` member.  We
ensure that the `cfp` members are properly set to NULL even if flushing
fails, to avoid use after free scenarios.

This solution is based on a suggestion by @lserni[1].

Closes GH-6643.

[1] <https://github.com/box-project/box2/issues/80#issuecomment-77147371>
2021-02-03 11:22:37 +01:00
Christoph M. Becker 5a0e4067b6 Merge branch 'PHP-8.0'
* PHP-8.0:
  Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon
2021-01-25 18:49:50 +01:00
Christoph M. Becker 2e580da28e Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon
2021-01-25 18:49:22 +01:00
Christoph M. Becker 61ed904cec Fix #75850: Unclear error message wrt. __halt_compiler() w/o semicolon
We add the failure reason to the error message.

Closes GH-6638.
2021-01-25 18:47:15 +01:00
Nikita Popov 3e01f5afb1 Replace zend_bool uses with bool
We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.
2021-01-15 12:33:06 +01:00
Nikita Popov 26fc4bea44 Remove some INDIRECT handling in standard library 2021-01-06 12:46:31 +01:00
Tyson Andre 0c238ede01 [RFC] Only unserialize Phar metadata when getMetadata() is called
In other words, don't automatically unserialize when the magic
phar:// stream wrappers are used.
RFC: https://wiki.php.net/rfc/phar_stop_autoloading_metadata

Also, change the signature from `getMetadata()`
to `getMetadata(array $unserialize_options = [])`.
Start throwing earlier if setMetadata() is called and serialization threw.

See https://externals.io/message/110856 and
https://bugs.php.net/bug.php?id=76774

This was refactored to add a phar_metadata_tracker for the following reasons:
- The way to properly copy a zval was previously implicit and undocumented
  (e.g. is it a pointer to a raw string or an actual value)
- Avoid unnecessary serialization and unserialization in the most common case
- If a metadata value is serialized once while saving a new/modified phar file,
  this allows reusing the same serialized string.
- Have as few ways to copy/clone/lazily parse metadata (etc.) as possible,
  so that code changes can be limited to only a few places in the future.
- Performance is hopefully not a concern - copying a string should be faster
  than unserializing a value, and metadata should be rare in most cases.

Remove unnecessary skip in a test(Compression's unused)

Add additional assertions about usage of persistent phars

Improve robustness of `Phar*->setMetadata()`

- Add sanity checks for edge cases freeing metadata, when destructors
  or serializers modify the phar recursively.
- Typical use cases of php have phar.readonly=1 and would not be affected.

Closes GH-5855
2020-08-03 13:28:51 -04:00
Máté Kocsis ec22e5aa38 Get rid of empty function entries
Closes GH-5917
2020-08-01 10:07:05 +02:00
Max Semenik 2b5de6f839 Remove proto comments from C files
Closes GH-5758
2020-07-06 21:13:34 +02:00
Dmitry Stogov 92c23e1fd3 Call zend_unregister_ini_entries() when unload extension loaded through dl() without MSHUTDOWN callback.
Extensions with MSHUTDOWN should use UNREGISTER_INI_ENTRIES().
2019-12-09 15:05:24 +03:00
Nikita Popov e4aac082a2 Merge branch 'PHP-7.3' into PHP-7.4 2019-10-10 16:14:52 +02:00
Nikita Popov 74ac3dd6e2 Merge branch 'PHP-7.2' into PHP-7.3 2019-10-10 16:14:37 +02:00
Nikita Popov 46561dab6a Fix leak in phar open 2019-10-10 16:14:21 +02:00
Nikita Popov d9680272c7 Revert "Drop free_filename field from zend_file_handle"
This reverts commit e0eca26285.

free_filename is used by the wincache extension, restore this
field for PHP 7.4.
2019-07-24 10:43:37 +02:00
Nikita Popov 5664035ffe Also report errors from Zend stream reader operation 2019-07-22 17:49:08 +02:00