Range analysis may fail to converge (the process hangs) when the transfer
function zend_inference_calc_range produces a smaller range.
Fix by ensuring that the widening operator zend_inference_widening_meet
allows only widening. This matches the inference rules in figure 13 of the
paper.
Fixes GH-19679
Closes GH-19683
Since cbf67e4, the GC needs to find all WeakMaps referencing a weakly
referenced object. Doing so, it treats all ZEND_WEAKREF_TAG_MAP as WeakMap
instances.
However, a ZEND_WEAKREF_TAG_MAP reference may be a bare HashTable when
zend_weakrefs_hash_add() is used.
Introduce a new tag, ZEND_WEAKREF_TAG_BARE_HT, and use this tag when weakly
referencing an object from a bare HashTable. Ignore such references in GC.
Fixes GH-19543
Closes GH-19544
Co-authored-by: Tim Düsterhus <tim@tideways-gmbh.com>
8MB sounded a prudent size for older 10.9 macOs release, however
with newer mac with arm64, it triggers a stack overflow.
Cherry picks b320aabc5e (GH-13319) from PHP-8.4.
Closes GH-19390.
Generator::throw() on a running generator is not allowed. It throws "Cannot
resume an already running generator" when trying to resume the generator to
handle the provided exception.
However, when calling Generator::throw() on a generator with a non-Generator
delegate, we release the delegate regardless. If a Fiber was suspended in
the delegate, this causes use after frees when the Fiber is resumed.
Fix this by throwing "Cannot resume an already running generator" earlier.
Fixes GH-19326
Closes GH-19327
Normally we prevent generators from being resumed while they are already
running, but we failed to do so for generators delegating to non-Generators. As
a result such generator can be resumed, terminated, which causes unexpected
results (crashes) later.
In gh19306.phpt in particular, the generator delegate It::getIterator() suspends
while being called by generator g(). We then resume g(), which throws while
trying to resume It::getIterator(). This causes g() and It::getIterator()
to be released. We then UAF when resuming the Fiber in It::getIterator().
Fix this by ensuring that generators are marked as running while they fetch
the next value from the delegate.
Fixes GH-19306
Closes GH-19315
Having an empty result array is not a problem, because zend_hash_extend()
will initialize it. Except it does not when the number of elements to add
equals 0, which leaves the array uninitialized and therefore does not
set the packed flag, causing the assertion failure.
Technically, removing the assert would also work and save a check.
On the other hand, this check could also prevent some real work to be
done and should be relatively cheap as we already have to compute the
sum anyway.
Closes GH-19318.
Both these issues have the same root cause, their reproducer is
extremely similar so I don't duplicate the test.
If the parser invokes the lexer, and the lexer fails, it could've
allocated a string which must be freed when the parser backs up.
The `%destructor` list is responsible for this but did not have an entry
for `fallback` yet. Solve the issue by adding such an entry.
Closes GH-19012.
The first warning may trigger an error handler, destroying the operand
and its string. So we need to protect the string in that case.
Care was taken to avoid unnecessary refcounts and to avoid touching the
hot code path.
Closes GH-18951.
The VM assumes that an exception must be handled when the AST evaluation
returns FAILURE. However, the comparison functions always return SUCCESS
even if an exception happened. This can be fixed in
zend_ast_evaluate_inner() or we can make is_smaller_function() etc check
for the exception. I chose the former to avoid impact or API breaks.
Perhaps in the future the comparison functions should either return void
or return whether an exception happened, as to be not misleading.
Closes GH-18589.
With nested objects and recursive comparisons, it is for now unavoidable
to have a stack overflow we do some early damage control attempt early
on with zend.max_allowed_stack_size check but ultimately more a band-aid
than a definitive solution.
close GH-18577
The error handling is incomplete on argument cleanup.
1. The fci is not cleared which means that zend_free_trampoline() is
never called.
2. The cleaning for extra named arguments was missing, resulting in
memory leak.
Closes GH-17219.
zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredoc lexing. The input
should not be freed if we restore to the same filtered string.
Closes GH-16716.
zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This causes an assert
failure at ZEND_VM_NEXT_OPCODE(). We fix this by checking if there's an
exception after zend_is_callable_ex().
Closes GH-16803.
Closes GH-16469
Working towards GH-16286
commit e0db221143b808d97bc3a44e9f0968c6308794b4
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date: Fri Oct 25 22:48:20 2024 +0200
Move CFLAGS into ./configure command for consistency
commit 8ad67768250d181cd7fef30e0c866625bbd8ac94
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date: Fri Oct 25 22:47:03 2024 +0200
Also upgrade nightly to macOS 13
commit 58a88ccb9f
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date: Wed Oct 23 19:07:59 2024 +0200
Fix call to dc[n]gettext in tests with 0 $category
This causes a segfault on PHP-8.1
commit 611af05c50
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date: Fri Dec 8 13:36:52 2023 +0100
[skip ci] Skip intermittently failing curl test on macOS
The test fails with "CURL ERROR: 56". I will create an issue for it shortly.
commit ec745178bb
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date: Wed Oct 23 19:05:32 2024 +0200
Backport parts of 9999a0c for gettext
See 9999a0cb75
commit 5ce703496f
Author: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun Jul 28 14:34:26 2024 +0200
Fix CI failure on macOS after Curl update
commit 714a3e7071
Author: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sat Jul 27 16:09:50 2024 +0200
Fix CI failure after Curl update (#15124)
commit 4f2eb921b9
Author: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Thu May 23 22:20:37 2024 +0200
Fix GH-14307: Test curl_basic_024 fails with curl 8.8.0
Curl changed the behaviour, from the changelog:
- lib: make protocol handlers store scheme name lowercase curl/curl@c294f9c
From the docs: "The returned scheme might be upper or lowercase. Do
comparisons case insensitively."
Closes GH-14312.
commit 251195b41b
Author: Ayesh Karunaratne <ayesh@aye.sh>
Date: Thu Feb 1 02:03:55 2024 +0700
ext/curl: Fix failing tests due to string changes in libcurl 8.6.0
Upstream libcurl 8.6.0 contains a change[^1] that caused a test failure.
This fixes it by updating the test's `EXPECTF` to use a regex to account for both string patterns.
[^1]: https://github.com/curl/curl/commit/45cf4755e71f#diff-a8a54563608f8155973318f4ddb61d7328dab512b8ff2b5cc48cc76979d4204cL1683
Closes GH-13293.
commit fc5d83f2b1
Author: Christoph M. Becker <cmbecker69@gmx.de>
Date: Wed Oct 16 22:46:20 2024 +0200
Prepare for necessary move to macOS 13
GH will remove macOS 12 runner images as of December 3rd, so we prepare
for that.
Besides the obvious need to change the runner, we also suppress a
couple of warnings, because otherwise the build would fail due to
`-Werror`.
Arnaud Le Blanc