For GD, libxpm is an optional dependency, and we should treat it as
such, i.e. if the library is not found, we build ext/gd without XPM
support.
This should also be done for other optional dependencies (like libjpeg),
but since we're close to PHP 8.4.0RC1, we postpone that. However, wrt
libxpm[1] we're taking action immediately, so that we can ship builds
without XPM support, or at least custom builds without XPM support are
possible without modifying the sources.
[1] <https://news-web.php.net/php.internals/125502>
When allocating enough room for floats, the allocator used overflows with
large ndigits/EG(precision) value which used an signed integer to
increase the size of thebuffer.
Testing with the zend operator directly is enough to trigger
the issue rather than higher level math interface.
close GH-15715
We should check if the iterator data is still valid, because if it
isn't, then the type info is UNDEF, but the pointer value may be
dangling.
Closes GH-15841.
There are two related issues, each tested.
First problem:
What happens is that on the CLI SAPI we have a per-request pcre cache,
and on there the request shutdown for the pcre module happens prior to
the remaining live object destruction. So when the SPL object wants to
clean up the regular expression object it gets a use-after-free.
Second problem:
Very similarly, the non-persistent resources are destroyed after request
shutdown, so on the CLI SAPI the pcre request cache is already gone, but
if a userspace stream references a regex in the pcre cache, this breaks.
Two things that come immediately to mind:
- We could fix it by no longer treating the CLI SAPI special and just use
the same lifecycle as the module. This simplifies the pcre module code
a bit too. I wonder why we even have the separation in the first place.
The downside here is that we're using more the system allocator
than Zend's allocator for cache entries.
- We could modify the shutdown code to not remove regular expressions
with a refcount>0 and modify php_pcre_pce_decref code such that it
becomes php_pcre_pce_decref's job to clean up when the refcount
becomes 0 during shutdown. However, this gets nasty quickly.
I chose the first solution here as it should be reliable and simple.
Closes GH-15064.
Dynamic properties are generally referred to as "dynamic" properties, while
non-dynamic properties are not commonly referred to as "default" properties.
Thus, the existing method `ReflectionProperty::isDefault()` has a non obvious
name; while an alias could be added for `isNotDynamic()`, a new `isDynamic()`
method seems cleaner. The new method returns the opposite of `isDefault()`;
dynamic properties are not present on the class by default, and properties
present by default are not added dynamically.
Closes GH-15754
The one error message indeed had a wrong namespace, and in general they
weren't very descriptive, this also makes them more descriptive.
Furthermore, two additional bugs were fixed:
- Persistent memory leak of `location`.
- UAF issues when printing the error message.
Closes GH-15830.
The crash happens because the zend_persist.c code tries to JIT the hook's
op_array while the JIT buffer memory is still protected. This happens in
`zend_persist_property_info` called via `zend_persist_class_entry`
through the inheritance cache.
We shouldn't JIT the property hook code when persisting property info
for the inheritance cache.
This is a simple workaround by temporarily disabling the JIT so that the
property hook code is not JITted when persisting the property info.
An alternative solution would be to move the JITting of the property
hooks to a different place in zend_persist.c by doing an additional pass
over the classes.
Closes GH-15819.
I fixed from strcasecmp to strncasecmp.
However, strncasecmp is specify size to #3 parameter.
Hence, Add check length to mime and aliases.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
To match other capitalized strings like `ZEND_STR_UNKNOWN_CAPITALIZED` and
`ZEND_STR_ARRAY_CAPITALIZED`. Since this known string was only added in PHP
8.4, no backwards compatibility alias is needed.
This code is modelled after how `http_fopen_wrapper.c` does things,
which apparently is just looping over the array and handling each string
the same way as if we passed a header string directly.
Also fixes a potential crash in `php_sdl.c` but without adding support
for header arrays there (yet) because the code is untested.
Closes GH-15817.