This should be safe change, as we don't dereference value and member
after calling setter/getter.
And compare to adding unref codes, this is much cheaper.
Under the special circumstance where a garbage collected objects bucket slot was not reused until the end of the script, we get access into freed memory...
No test added as it usually is valgrind-only, and only sometimes when the memory happens to have changed (i.e. (GC_FLAGS(obj) & IS_OBJ_FREE_CALLED) == 0), it actually *may* segfault
Previously reference arguments were allowed if call_user_func()
was compiled to SEND_USER and not otherwise. Make it consistent
by always forbidding them.
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed#72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix#66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
Same check we do for "yield", was missed when "yield from" was
added. We could make this more granular by only forbidding to
actually yield values and still allow something like "yield from []",
but this does not seem worthwhile.
Currently, `foo` is reserialized as `'foo'` due to misuse of zend_ast_export().
ZEND_AST_SHELL_EXEC can only contain ZEND_AST_ZVAL(string) or ZEND_AST_ENCAPS_LIST,
so just handle the ZEND_AST_ZVAL(string) case directly.
The problem is because we release p->value too early
and later you try to convert an object to string, which is a fatal error
then leave p->value double free, change to expect long is a BC break
This reverts commit 8e5b381004.