The rename code can error out prior to the reassignment of the filename,
which is why the test causes a crash.
The rename code can also error out at a later point,
which means it will have already assigned the new filename.
We detect in which case we are in and act accordingly.
Closes GH-19761.
PSFS_FEED_ME is supposed to be returned when the filter did not receive
enough data and did not generate buckets for the output brigade.
The test generates buckets anyway on the output brigade, and the stream
layer did not handle that case causing a memory leak.
To solve this, discard any such buckets as it would conflict with the
status code returned by the filter. This keeps BC and solves the leak.
Closes GH-18972.
This regressed in 8.4 when dba started mixing objects and resources
(streams).
The streams are first destroyed at a first step in shutdown, and in slow
shutdown then the symbol table is destroyed which destroys the dba
objects. The dba objects still use the streams but they have been
destroyed already, causing a UAF. Using dtor_obj instead of free_obj
would work around this but would cause issues like memory leaks because
dtor_obj may be skipped while free_obj may not be.
Instead, use the same solution as mysqlnd uses in that we fully manage
the stream lifecycle ourselves. This also avoids users from meddling
with the stream through get_resources().
This would be fixed 'automatically' in the future when we are using
objects for everything.
Closes GH-19710.
The case of returning 0 is inconsistent in when it returns an empty
array, furthermore the caller already returns an empty array.
Because the caller overwrites the return value in these cases, it can
cause a memory leak.
This is easier to trigger on master in some cases as different code paths
are taken with the new bundled glob. On some platforms it is also
triggerable on 8.3.
Closes GH-19715.
This code is very similar to code on PHP 8.4 and higher, but the
mitigation is extended to entity references and to attribute children.
Closes GH-19620.
Since cbf67e4, the GC needs to find all WeakMaps referencing a weakly
referenced object. Doing so, it treats all ZEND_WEAKREF_TAG_MAP as WeakMap
instances.
However, a ZEND_WEAKREF_TAG_MAP reference may be a bare HashTable when
zend_weakrefs_hash_add() is used.
Introduce a new tag, ZEND_WEAKREF_TAG_BARE_HT, and use this tag when weakly
referencing an object from a bare HashTable. Ignore such references in GC.
Fixes GH-19543
Closes GH-19544
Co-authored-by: Tim Düsterhus <tim@tideways-gmbh.com>
JIT doesn't recognize that variables may be used after returning from a
trace due to YIELD, so some effects may never be stored to memory.
YIELD ops terminate trace recordings with ZEND_JIT_TRACE_STOP_RETURN, and are
handled mostly like RETURN. Here I change zend_jit_trace_execute() so that
YIELD terminates recordings with ZEND_JIT_TRACE_STOP_INTERPRETER instead,
to ensure that we recognize that variables may be used after returning from
the trace due to YIELD.
Fixes GH-19493
Closes GH-19515
The tidyOptGetCategory function (added in libtidy 5.4.0) if only useable if TidyInternalCategory (added in libtidy 5.6.0) is also present, so check for the latter instead.
close GH-19053
