php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-30 04:02:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
138,902 Commits 547 Branches 1,481 Tags
php-8.4.2RC1
Commit Graph

1339 Commits

Author SHA1 Message Date
Ilija Tovilo
66ad4ce699 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Add NEWS entry
  Also fix same issue in ArrayObject::exchangeArray()
  Fix use-after-free in ArrayObject::unset() with destructor
 2024-11-04 17:49:08 +01:00
Ilija Tovilo
dca438e6a3 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Add NEWS entry
  Also fix same issue in ArrayObject::exchangeArray()
  Fix use-after-free in ArrayObject::unset() with destructor
 2024-11-04 17:47:49 +01:00
Ilija Tovilo
f7222bd2de Also fix same issue in ArrayObject::exchangeArray() 2024-11-04 17:46:17 +01:00
Ilija Tovilo
8910ac800d Fix use-after-free in ArrayObject::unset() with destructor 
Fixes GH-16646
Closes GH-16653
 2024-11-04 17:45:56 +01:00
Niels Dossche
7a78ffcbb2 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16604: Memory leaks in SPL constructors
 2024-11-01 20:43:43 +01:00
Niels Dossche
eaa2b61acb Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16604: Memory leaks in SPL constructors
 2024-11-01 20:43:28 +01:00
Niels Dossche
886a5287ca Fix GH-16604: Memory leaks in SPL constructors 
Closes GH-16673.
 2024-11-01 20:42:28 +01:00
David Carlier
6a0035b7f4 Merge branch 'PHP-8.3' into PHP-8.4 2024-10-28 21:25:39 +00:00
David Carlier
e039afffaf Merge branch 'PHP-8.2' into PHP-8.3 2024-10-28 21:22:17 +00:00
David Carlier
eeec0939e0 Fix GH-14687 segfault on debugging a freed SplObjectIterator instance. 
close GH-14711
 2024-10-28 21:21:44 +00:00
Niels Dossche
396b995d76 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16589: UAF in SplDoublyLinked->serialize()
 2024-10-27 19:12:16 +01:00
Niels Dossche
d9947e8c42 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16589: UAF in SplDoublyLinked->serialize()
 2024-10-27 19:12:02 +01:00
Niels Dossche
8f60309a78 Fix GH-16589: UAF in SplDoublyLinked->serialize() 
Closes GH-16611.
 2024-10-27 19:11:37 +01:00
Gina Peter Banyard
5d993e9641 Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor) 
Closes GH-16480
Closes GH-16604
 2024-10-25 22:05:10 +01:00
Gina Peter Banyard
a19029fc8b Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor) 
Closes GH-16480
Closes GH-16604
 2024-10-25 22:04:10 +01:00
Gina Peter Banyard
d353a89c49 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor)
 2024-10-25 22:03:29 +01:00
Gina Peter Banyard
9f5b5e34c3 Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor) 
Closes GH-16480
Closes GH-16604
 2024-10-25 22:02:38 +01:00
Niels Dossche
3599fd0c51 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16588: UAF in Observer->serialize
 2024-10-25 23:00:46 +02:00
Niels Dossche
cc88b1f824 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16588: UAF in Observer->serialize
 2024-10-25 23:00:24 +02:00
Niels Dossche
144d2ee29a Fix GH-16588: UAF in Observer->serialize 
Closes GH-16600.
 2024-10-25 22:59:59 +02:00
Niels Dossche
e9283c0819 Fix GH-16574: Incorrect error "undefined method" messages 
The `get_method` object handler may change the object pointer. SPL does
this in its iterator implementations. This causes the error message
to change to another class which is confusing to the user. JIT handles
this correctly. This patch aligns behaviour with JIT.

Closes GH-16576.
 2024-10-25 18:33:24 +02:00
Ilija Tovilo
c82cea0c34 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix uaf in SplFixedArray::unset()
 2024-10-17 18:25:56 +02:00
Ilija Tovilo
0932b76d02 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix uaf in SplFixedArray::unset()
 2024-10-17 18:25:33 +02:00
Ilija Tovilo
7fe168d855 Fix uaf in SplFixedArray::unset() 
Fixes GH-16478
Closes GH-16481
 2024-10-17 18:23:55 +02:00
Ilija Tovilo
6d6b20f561 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix use-after-free in SplObjectStorage::setInfo()
 2024-10-17 18:21:51 +02:00
Ilija Tovilo
40e43ffd41 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix use-after-free in SplObjectStorage::setInfo()
 2024-10-17 18:21:31 +02:00
Ilija Tovilo
12c987fae2 Fix use-after-free in SplObjectStorage::setInfo() 
Fixes GH-16479
Closes GH-16482
 2024-10-17 18:20:42 +02:00
Ilija Tovilo
d15e227750 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix uaf in SplDoublyLinkedList::offsetSet()
 2024-10-16 23:05:36 +02:00
Ilija Tovilo
e5d837ca79 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix uaf in SplDoublyLinkedList::offsetSet()
 2024-10-16 23:05:15 +02:00
Ilija Tovilo
8820a10360 Fix uaf in SplDoublyLinkedList::offsetSet() 
Write to the new offset before calling the destructor of the previous value.

Fixes GH-16464
Closes GH-16466
 2024-10-16 23:04:03 +02:00
Niels Dossche
c31eac7284 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Add missing hierarchy checks to replaceChild
  Fix GH-16337: Use-after-free in SplHeap
 2024-10-12 13:39:06 +02:00
Niels Dossche
6902e196c3 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-16337: Use-after-free in SplHeap
 2024-10-12 13:31:50 +02:00
Niels Dossche
a56ff4fec7 Fix GH-16337: Use-after-free in SplHeap 
We introduce a new flag to indicate when a heap or priority queue is
write-locked. In principle we could've used SPL_HEAP_CORRUPTED too, but
that won't be descriptive to users (and it's a lie too).

Closes GH-16346.
 2024-10-12 13:31:23 +02:00
Niels Dossche
4b8a12d1e6 Merge branch 'PHP-8.3' into PHP-8.4 
* PHP-8.3:
  Fix GH-16054: Segmentation fault when resizing hash table iterator list while adding
 2024-09-25 21:08:36 +02:00
Niels Dossche
fdd6ba62bb Fix GH-16054: Segmentation fault when resizing hash table iterator list while adding 
zend_array_dup_ht_iterators() loops over the hash table iterators and
can call zend_hash_iterator_add(). zend_hash_iterator_add() can resize
the array causing a crash in zend_array_dup_ht_iterators().

We solve this by refetching the iter pointer after an add happened.

Closes GH-16060.
 2024-09-25 21:05:05 +02:00
DanielEScherzer
34325c5e3a zend_assert_valid_class_name(): use double quotes around names (#15990) 2024-09-23 00:44:16 +01:00
Daniel Scherzer
79d708cfca GH-15976: clarify error messages for enum/trait/interface/alias names 
Instead of always saying that a name is reserved or deprecated and
cannot/should not be used as a class name, take the usage into account and say
the name cannot be used as an enum name, trait name, etc. In the process, for
class names add a missing "a".
 2024-09-22 19:14:57 +01:00
Niels Dossche
1b171bb6b4 Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix GH-15918: Assertion failure in ext/spl/spl_fixedarray.c
 2024-09-20 17:34:54 +02:00
Niels Dossche
9774cedb01 Fix GH-15918: Assertion failure in ext/spl/spl_fixedarray.c 
SplFixedArray should've never get supported in ArrayObject because it's
overloaded, and so that breaks assumptions. This regressed in c4ecd82f.

Closes GH-15947.
 2024-09-20 17:34:23 +02:00
Gina Peter Banyard
f756b96e06 Make CSV deprecation less annoying to deal with (#15569) 2024-09-13 15:07:26 +01:00
Christoph M. Becker
6d5962074f Dynamically xfail test cases which fail on CI (GH-15710) 
This is a stop-gap measure for GH-15709 to keep CI green.
 2024-09-02 18:23:52 +02:00
Gina Peter Bnayard
5853cdb73d Use "must not" instead of "cannot" wording 2024-08-21 21:12:17 +01:00
Gina Peter Banyard
c818d944cf ext/(standard|spl): Deprecate passing a non-empty string as the $enclosure parameter (#15362) 2024-08-12 16:09:56 +01:00
Gina Peter Banyard
efe4e6d38e ext/spl: Add ArrayObject test with property hooks (#15005) 
As expected, ArrayObject is cursed
 2024-07-18 13:10:00 +01:00
Niels Dossche
e2189beaca Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix GH-14639: Member access within null pointer in ext/spl/spl_observer.c
 2024-07-06 23:58:37 +02:00
Niels Dossche
8ea3f154be Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-14639: Member access within null pointer in ext/spl/spl_observer.c
 2024-07-06 23:58:20 +02:00
Niels Dossche
0d4e0c013e Fix GH-14639: Member access within null pointer in ext/spl/spl_observer.c 
`spl_object_storage_attach_handle` creates an entry already, but only
fills it in at the end with `spl_object_storage_create_element` which
allocates memory. In this case the allocation fails and we're left with
a NULL slot. Doing the allocation first isn't an option because we want
to check whether the slot is occupied before allocating memory.
The simplest solution is to set the entry to NULL and check for a NULL
pointer upon destruction.

Closes GH-14849.
 2024-07-06 23:57:46 +02:00
Niels Dossche
e16bc4b28e Merge branch 'PHP-8.3' 
* PHP-8.3:
  Fix GH-14290: Member access within null pointer in extension spl
 2024-05-21 23:24:28 +02:00
Niels Dossche
88af09193d Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix GH-14290: Member access within null pointer in extension spl
 2024-05-21 23:24:15 +02:00
Niels Dossche
b3a56bd558 Fix GH-14290: Member access within null pointer in extension spl 
php_pcre_replace_impl() can fail and return NULL. We should take that
error condition into account. Because other failures return false, we
return false here as well.

At first, I also thought there was a potential memory leak in the error
check of replacement_str, but found that the error condition can never
trigger, so replace that with an assertion.

Closes GH-14292.
 2024-05-21 23:20:32 +02:00