php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
559eb7ff266b1da7b7ae9ec2fd366b43ad333bc1
archived-php-src/NEWS
Niels Dossche 559eb7ff26 Fix integer overflows in timelib 
There are edge cases where computations can cause an integer overflow,
which is undefined behaviour. Lately, some fuzzers seem to be hitting
these quite frequently. While this behaviour is undefined, it doesn't
actually matter in practice, the worst effect is having a wrong
computation result, but no sane person would do computations on e.g. the
year pow(2,63).

Still, undefined behaviour is bad.
Make the wrapping behaviour defined by using -fwrapv when possible.
The scope of this is limited to timelib and doesn't affect php_date.c.

The reason for this is that this may in theory prevent some
optimizations and it also seems bad to affect code that lives so close
to the PHP-native edge.

I tested all issues.
This fixes all but one issues, the remaining issue is in php_date.c.

Fixes GH-13881.
Fixes GH-14075.
Fixes GH-15150.
Fixes GH-16034.
Fixes GH-16035.
Fixes GH-16048.
Fixes GH-16050.
Fixes GH-16051.
Fixes GH-16052.
Fixes GH-16775.
Fixes GH-16864.
Fixes GH-16865.
Fixes GH-16975.
Fixes GH-17025.
Fixes GH-17059.
Closes GH-17060.
2024-12-06 18:56:57 +01:00

93 lines
2.8 KiB
Plaintext
Raw Blame History

PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.5.0alpha1
- COM:
. Fixed property access of PHP objects wrapped in variant. (cmb)
. Fixed method calls for PHP objects wrapped in variant. (cmb)
- Core:
. Fixed bug GH-16665 (\array and \callable should not be usable in
class_alias). (nielsdos)
. Added PHP_BUILD_DATE constant. (cmb)
. Added support for Closures in constant expressions. (timwolla,
Volker Dusch)
- Curl:
. Added curl_multi_get_handles(). (timwolla)
- Date:
. Fix undefined behaviour problems regarding integer overflow in extreme edge
cases. (nielsdos, cmb, ilutov)
- DOM:
. Added Dom\Element::$outerHTML. (nielsdos)
. Added Dom\Element::insertAdjacentHTML(). (nielsdos)
- Intl:
. Bumped ICU requirement to ICU >= 57.1. (cmb)
- MySQLnd:
. Added mysqlnd.collect_memory_statistics to ini quick reference.
(hauk92)
- OPcache:
. Fixed ZTS OPcache build on Cygwin. (cmb)
. Added opcache.file_cache_read_only. (Samuel Melrose)
- Output:
. Fixed calculation of aligned buffer size. (cmb)
- PDO_PGSQL:
. Added Iterable support for PDO::pgsqlCopyFromArray. (KentarouTakeda)
. Implement GH-15387 Pdo\Pgsql::setAttribute(PDO::ATTR_PREFETCH, 0) or
Pdo\Pgsql::prepare(…, [ PDO::ATTR_PREFETCH => 0 ]) make fetch() lazy
instead of storing the whole result set in memory (Guillaume Outters)
- PGSQL:
. Added pg_close_stmt to close a prepared statement while allowing
its name to be reused. (David Carlier)
. Added Iterable support for pgsql_copy_from. (David Carlier)
- POSIX:
. Added POSIX_SC_OPEN_MAX constant to get the number of file descriptors
a process can handle. (David Carlier)
- Random:
. Moves from /dev/urandom usage to arc4random_buf on Haiku. (David Carlier)
- Reflection:
. Added ReflectionConstant::getExtension() and ::getExtensionName().
(DanielEScherzer)
- SOAP:
. Fixed bug #49169 (SoapServer calls wrong function, although "SOAP action"
header is correct). (nielsdos)
- Sockets:
. Added IPPROTO_ICMP/IPPROTO_ICMPV6 to create raw socket for ICMP usage.
(David Carlier)
. Added TCP_FUNCTION_BLK to change the TCP stack algorithm on FreeBSD.
(David Carlier)
- Standard:
. Fixed crypt() tests on musl when using --with-external-libcrypt
(Michael Orlitzky).
- Windows:
. Fixed bug GH-10992 (Improper long path support for relative paths). (cmb,
nielsdos)
- XMLWriter:
. Improved performance and reduce memory consumption. (nielsdos)
- XSL:
. Implement request #30622 (make $namespace parameter functional). (nielsdos)
- Zlib:
. gzfile, gzopen and readgzfile, their "use_include_path" argument
is now a boolean. (David Carlier)
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>
Reference in New Issue View Git Blame Copy Permalink