* PHP-8.4:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.3:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.2:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
* PHP-8.1:
Update NEWS with info about security issues
Fix GHSA-www2-q4fc-65wf
Fix GHSA-h96m-rvf9-jgm2
Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
Fix GH-20584: Information Leak of Memory
From what I see the incorrect scope is not observable in any other way. The
mixin methods are completely invisible to Reflection and a SQLite function
referring to a private method is still properly called as before.
Fixesphp/php-src#20095.
This is in preparation for the possible future transformation of `clone` into a
function call, but also meaningful on its own, since the purpose of the tests
is not to test the stack trace generation, but rather that an exception was
thrown. It also cleans up some unreachable code in the tests.
Introducing a new attribute macro in lower branches is an ABI break and
not allowed. However, we still need to fix the warnings such that
-Werror builds don't break. So we copy the macro from the master branch
to the C files in the appropriate places.
Starting with gcc 15 the warning `-Wunterminated-string-initialization`
is enabled by default. We make now use of the `nonstring` attribute to
silence the warning for the cases where this is intended.
Closes GH-18603.
* PHP-8.4:
Fix GH-18309: ipv6 filter integer overflow
Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
* PHP-8.3:
Fix GH-18309: ipv6 filter integer overflow
Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
For dynamic fetches the cache_slot will be NULL, so we have to check for
that when resetting the cache. For zip and xmlreader this couldn't
easily be tested because of a lack of writable properties.
Closes GH-18307.
This should call zend_object_std_dtor() to clean the property table etc.
This also has a semantic influence because previously weak refs were not
notified for example.
This fixes the final issue in GH-18114 (the crash was master-only and
fixed already).
Closes GH-18114.
Closes GH-18123.
Since 0537968, the properties are no longer initialized.
So we call object_properties_init to handle that correctly.
Lower branches have a memory leak, but that requires a separate fix.
The cache slot for FETCH_OBJ_W in function `test` is primed with the
class for C. The next call uses a simplexml instance and reuses the same
cache slot. simplexml's get_property_ptr handler does not use the cache
slot, so the old values remain in the cache slot. When
`zend_handle_fetch_obj_flags` is called this is not guarded by a check
for the class entry. So we end up using the prop_info from the property
C::$a instead of the simplexml property.
This patch adds a reset to the cache slots in the property address fetch
code and also in the extensions with a non-standard reference handler.
This keeps the run time cache consistent and avoids the issue without
complicating the fast paths.
Closes GH-17739.
To call the constructor we now only store the CE and a HashTable for the arguments.
This reduces the size of the _pdo_stmt_t struct from 320 bytes to 232 bytes.
Moreover, this now means that the constructor argument array follows the usual CUFA semantics.
This change is a BC break, as string keys now act like named arguments.
Moreover, the automatic wrapping of by-value arguments for by-ref parameters has been dropped, and the usual E_WARNING is now emitted in those cases.
The do_fetch() is heavily refactored to simplify the execution flow, which also makes it easier to understand.
Additionally we add a new bitflag in_fetch to prevent modification of the fetch flags by userland when PDO is fetching from the DB.
Jakub Zelenka