We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the
largest value of `zend_off_t` on all platforms). Of course, that seek
may fail, but even if it succeeds, the stream is no longer readable,
but that matches the current behavior for offsets near `ZEND_LONG_MAX`.
Closes GH-15989.
This effectively inlines the behaviour of php_mkdir_ex() which is a deprecated API from at least 17 years ago, and also fixes some of the return values.
This also removes a dependency on ext/standard
We need to avoid signed integer overflows which are undefined behavior.
We catch that, and set `offset` to `ZEND_LONG_MAX` (which is also the
largest value of `zend_off_t` on all platforms). Of course, after such
a seek a stream is no longer readable, but that matches the current
behavior for offsets near `ZEND_LONG_MAX`.
Closes GH-15989.
This was first reported as a leak in GH-15026, but was mistakingly
believed to be a false positive. Then an assertion was added and it got
triggered in GH-15908. This fixes the leak. Upon merging into master the
assertion should be removed as well.
Closes GH-15924.
First we refactor to have only a single usage of `PHP_GAI_STRERROR()`
left; then we drop the macro in favor of calling the different
functions conditionally in an ad-hoc style.
This is necessary because the return value of `php_win32_error_to_msg`
needs to be freed by the caller.
The error messages are no more inline with other error messages, since
`gai_strerror()` apparently always appends a period and a space.
We also properly configure IPv4/v6 on Windows. Since WSPiApi.h has been
created in 2000, so we can safely assume that it is available everywhere
nowadays. Furthermore, `gai_strerror()` is available regardless of
whether there is IPv6 support.
A common convention is to name internal C header files as `*_int.h`.
Since a couple of these are actually installed, we add comments that
this is not supposed to happen, (a) to avoid installing further
internal headers, and (b) to pave the way to fix this in the next major
PHP version.
Somewhat special is php_gmp_int.h, where "int" is meant as abbreviation
for "interface".
Another common convention is appending `_priv` or `_private`, but since
there have not been any issues regarding these headers so far, we
refrain from adding respective comments to these headers.
Anyhow, it might be a good idea to introduce some common naming
convention for such internal/private headers.
We also add zend_map_ptr_static, so that we do not incur the overhead of constantly recreating the internal run_time_cache pointers on each request.
This mechanism might be extended for mutable_data of internal classes too.
We're reasonably sure that appending the NUL is not an OOB write, since
the memory stream implementation uses `zend_string` APIs instead of
fiddling with the buffer.
We don't add a regression test because that would require to set up
something in the zend_test extension, and regressions are supposed
to be caught by external consumers of this API, such as mailparse.
Closes GH-15648.
* main/network: Use more appropriate types
And check directly against 0 for success for functions not returning a zend_result
* Remove redundant declaration in file.h
Not sure why it even is here
* Show build provider information in "php -v"
Vendors such as distributions can set the `PHP_BUILD_PROVIDER`
variable, that gets printed in phpinfo. However, I find that users check
`php -v` more often than phpinfo to see what PHP they're running. The
problem with this is that it does not show that build provider
information.
This change makes the build provider information printed on an
additional line of the version information.
* Put on same line so it works with or without env var
Unbreaks build without PHP_BUILD_PROVIDER set.
* change wording in provider version text
better grammatically; many different possibilities here though
* Unify SAPI version printing
This makes it so that all of the SAPIs share the same code for printing
version information. This is useful in case of any future changes to the
version information, such as i.e. adding build provider to the output.
* Make include for php_print_version explicit
* Preserve phpdbg version and output channel
php_printf doesn't have same semantics, as phpdbg_out could be on a
different output than stdout/err. Also add the phpdbg version (in case
it differs from PHP's, to keep similar output before this PR)
* remove size variables
we don't use them and CI doesn't like unused variables
* Fix format string insecurity
When an `PHP_OUTPUT_HANDLER_FAILURE` occurs, the output handler becomes
disabled (i.e. the `PHP_OUTPUT_HANDLER_DISABLED` flag is set). However,
there is no guard for disabled handlers in `php_output_handler_op()`
what may cause serious issues (as reported, UB due to passing `NULL` as
the 2nd argument of `memcpy`, because the handler's buffer has already
been `NULL`ed). Therefore, we add a respective guard for disabled
handlers, and return `PHP_OUTPUT_HANDLER_FAILURE` right away.
Closes GH-15183.
