The error handling is incomplete on argument cleanup.
1. The fci is not cleared which means that zend_free_trampoline() is
never called.
2. The cleaning for extra named arguments was missing, resulting in
memory leak.
Closes GH-17219.
This is a quick fix for the problem.
It'll work while all the JIT-ed functions have the same "fixed stack frame".
Unwinder uses hard-coded unwind data for this "fixed stack frame".
* Preallocate space for Win64 shadow args
* typo
* Setup unwinder for JIT functions
* Revert "Dynamically xfail test case which fails on CI"
This reverts commit 7cc327fd5a.
* Revert "Dynamically xfail test case which fails on CI"
This reverts commit bdde797159.
* Revert "Dynamically xfail test cases which fail on CI (GH-15710)"
This reverts commit 6d5962074f.
* Remove XFAIL sections
* Add hard-coded SEH unwind data for EXITCALL
* Fix unwind data
* Fix Windows multi-process support
* Typo
Ouch, Z_TRY_ADDREF_P() uses pz twice... Also make sure we actually reserve
enough Buckets for all dynamic properties.
Fixes OSS-Fuzz #382922236
Closes GH-17085
Normally, accesses to properties marked as lazy trigger the object's
initialization, or forward to a real instance if the object is an initialized
proxy.
The purpose of ReflectionProperty::setRawValueWithoutLazyInitialization() and
ReflectionProperty::skipLazyInitialization() is to bypass auto-initialization,
so that some properties can be initialized without triggering initialization.
However, when the object is an initialized proxy, these methods would
unexpectedly update the proxy.
Here I make sure that these methods have an effect on the real instance, when
the object is an initialized proxy.
Fixes GH-16344
zend_save_lexical_state() can be nested multiple times, for example for
the parser initialization and then in the heredoc lexing. The input
should not be freed if we restore to the same filtered string.
Closes GH-16716.
The zend_hash_update_ind() variant unwraps indirects, rather than creating them.
Don't use _zend_hash_append_ind() because the property might already exist.
Fixes GH-16725
Closes GH-16805
zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This causes an assert
failure at ZEND_VM_NEXT_OPCODE(). We fix this by checking if there's an
exception after zend_is_callable_ex().
Closes GH-16803.
We asserted that Z_PROP_FLAG_P(retval) was exactly IS_PROP_UNINIT, but this is a
bit field and it may contain irrelevant bits. For instance it may contain
IS_PROP_REINITABLE during clone, or IS_PROP_LAZY if the object is lazy.
Fixes GH-16615
Closes GH-16639
If a lazy object is created for a class whose constants can not be updated, then
we have created an instance of a non-instantiable class. This breaks the
expectations of clone.
Here I ensure that a class has its constants updated before creating a lazy
instance of it.
Fixes OSS-Fuzz #71407
Closes GH-15856
This check was forgotten in the original implementation. Relaxing this
restriction shouldn't be hard, but needs some work. We either need to prevent
merging of cache slots for R/RW/W, or we need to introduce an additional check
when writing to the property indirectly. This check is currently present only
for direct writes.
Closes GH-16462
zend_hash_get_current_key() does not return a string with incremented
refcount, so it shouldn't get released. This release caused a UAF later
when the attribute was destroyed. This wasn't noticed earlier because
object_init_with_constructor() was only ever tested with interned
strings.
Closes GH-16349.
Niels Dossche