This change primarily splits SAPI deactivation to module and destroy
parts. The reason is that currently some SAPIs might bail out
on deactivation. One of those SAPI is PHP-FPM that can bail out on
request end if for example the connection is closed by the client
(web sever). The problem is that in such case the resources are not
freed and some values reset. The most visible impact can have not
resetting the PG(headers_sent) which can cause erorrs in the next
request. One such issue is described in #77780 bug which this fixes
and is also cover by a test in this commit. It seems reasonable
to separate deactivation and destroying of the resource which means
that the bail out will not impact it.
Using a lot of memory may overflow some `int` calculations; to avoid
that we make sure that the operands are promoted to `size_t`.
This issue has been analyzed by @chschneider.
Closes GH-9379.
While the reason-phrase in a HTTP response status line is usually
short, there is no actual limit specified by the RFCs. As such, we
must not assume that the line fits into the buffer (which is currently
128 bytes large).
Since there is no real need to present the complete status line, we
simply read and discard the rest of a long line.
Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
Closes GH-9319.
This fix is another solution to replace d0527427be, use zend_try and zend_catch to make sure persistent stream will be released when error occurred.
Closes GH-9332.
This reverts commit d0527427be.
This patch makes Swoole/Swow can not work anymore, because Coroutine will yield to another one during socket operation, EG(record_errors) assertion will always fail, and zend_begin_record_errors() was only used during compile time before.
Note: zend_emit_recorded_errors() and the typo fix are reserved.
This is not actually related to SSL handshake but stream socket creation
which does not clean errors if the error handler is set. This fix
prevents emitting errors until the stream is freed.
The comparator function used at ksort in SORT_REGULAR mode
need to be consistent with basic comparison rules. These rules
were changed in PHP-8.0 for numeric strings, but comparator
used at ksort kept the old behaviour. It leads to inconsistent
situations, when after ksort the first key is GREATER than some
of the next ones by according to the basic comparison operators.
Closes GH-9293.
* Remove ZEND_DVAL_TO_LVAL_CAST_OK
As far as I can see, this operation should always use the _slow method, and the results seem to be wrong when ZEND_DVAL_TO_LVAL_CAST_OK is enabled.
* update NEWS
We are removing the entry in 8.0.23, as the fix was included
in the 8.0.22 release. Given that an entry already exists, we
are just deleting extra lines.
The arguments 3 to 6 of the authorizer callback may be `NULL`[1], and
we have to properly deal with that. Instead of causing a segfault, we
deny authorization, which is still better than a crash, and apparently,
we cannot do better anyway.
[1] <https://www.sqlite.org/c3ref/set_authorizer.html>
Closes GH-9040.
If the blacklist file contains a line with a single double-quote, we
called `zend_strndup(pbuf, -1)` what causes an unnecessary bail out;
instead we just ignore that line.
If the blacklist file contains an empty line, we may have caused an OOB
read; instead we just ignore that line.
Closes GH-9036.
Passing `null` to `$encodings` is supposed to behave like passing the
result of `mb_detect_order()`. Therefore, we need to remove the non-
encodings from the `elist` in this case as well. Thus, we duplicate
the global `elist`, so we can modify it.
Closes GH-9063.
The `--CGI--` section is supposed to be just a marker, and to be empty
as such. However, a previous refactoring[1] broke that.
[1] <9140c9038a>
Closes GH-9061.
With request timeouts configured, php-fpm occasionally prints the
following warning:
WARNING: failed to acquire scoreboard
This is happens when php-fpm checks the child scoreboards for timeouts,
but fails to acquire a lock immediately. As this can (and does) occur
during normal operation, this commit downgrades this to a notice.
Closes#9019.
Not such as fix but taking more precautions.
Indeed, the arc4random has two little flaws in this platform,
one already caught upfront by the extension (ie size 0), also
internal use of ccrng_generate which can silently fail in few rare
cases.
Closes#7824.
On Windows, closing a file which is locked may not immediately remove
the lock. The `LockFileEx()` documentation states:
| Therefore, it is recommended that your process explicitly unlock all
| files it has locked when it terminates.
We comply, and also use the macro `LOCK_EX` instead of the magic number
`2`.
Closes GH-8925.
We revert the commits which caused this regression from the PHP-8.0 and
PHP-8.1 branches for now. We keep it in "master" because of PR #8833
which may offer a proper fix without BC break.
When casting a `variant` to `int`, we need to heed the proper `zval`
type, which is an signed 64bit integer on x64, while `VT_INT` is only
a signed 32bit integer.
Closes GH-8779.
A connection string may contain just a single key, but
PHP used ";" as the heuristic to detect if a string was a connection
string versus plain DSN. However, a single-key connection string
would get treated like a DSN name, i.e. "DSN=*LOCAL". This makes it
so that "=" is used, as a connection string must contain a key.
Closes GH-8748.
It introduces a single function to check file paths passed to OpenSSL
functions. It expands the path, check null bytes and finally does
an open basedir check.
when passing an int to a string enum. Previously, the int was coerced to
a string. The JIT skips parameter clean up when unnecessary. In this
particular case, passing int to from(int|string) normally doesn't cause
a coercion so no dtor for the $value zval is generated.
To circumvent this we avoid coersion by explicitly allowing ints and
converting them to strings ourselves. Then we can free it appropriately.
See GH-8518
Closes GH-8633
Indirect Branch Tracking (IBT) is part of Intel's Control-Flow
Enforcement Technology (CET). IBT is hardware based, forward edge
Control-Flow-Integrity mechanism where any indirect CALL/JMP must target
an ENDBR instruction or suffer #CP.
This commit adds IBT support for fiber:
1. Add endbr32/64 in assembly
2. Inform compiler jump_fcontext may return via indirect branch
Furthermore:
gcc support CET since v8.1 and set it to default since gcc 11. That is,
the ELF header of sapi/cli/php has a property named IBT. However, such
property is lost since PHP8.1 because the assembly introduced by Fiber.
This commit also fixes this.
Closes GH-8339
Signed-off-by: Chen, Hu <hu1.chen@intel.com>
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
When stripping the namespace prefix, we can assume that this does not
contain any colons, while the rest of the name may contain colons.
Hence we must not use `strrchr()` but rather `strchr()` instead.
Closes GH-8543.
