The SEPARATE_ARG_IF_REF macro increased the refcount of the object passed as a
key.
However, when the key did not exist in the ArrayAccess implementation,
the code returned early without trying to decrement the refcount.
Add a test of `??` succeeding+failing on a SplObjectStorage instance.
* origin/PHP-7.0.12: (99 commits)
set versions and release date
sync NEWS
Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
set versions
update NEWS
Ignore potentially misleading dberr values
update NEWS
Fixed bug #73172 parse error: Invalid numeric literal
Fix#53745: cgi.discard_path option is missing from php.ini
update libs_versions.txt
update libs_versions.txt
Fixed bug #73156 (segfault on undefined function)
Add an include path for freetype which is relevant for cmake builds
Fix test_image_equals_file() wrt. palette images
Fixed bug #73163Fix#73161: imagecreatefromgd2() may leak memory
Fix#73159: imagegd2(): unrecognized formats may result in corrupted files
Fix#73155: imagegd2() writes wrong chunk sizes on boundaries
Fix#73157 (again): imagegd2() ignores 3rd param if 4 are given
Fix#73157: imagegd2() ignores 3rd param if 4 are given
...
In case USE_KEY flag is active, RegexIterator->accept() should keep it's
old behavior which is to accept keys mapping arrays.
This broke after PHP 5.5 but was not noticed due to lack of tests for USE_KEY.
* PHP-7.0.11: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7 is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860: wddx_deserialize use-after-free
Fix bug #73007: add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
GlobIterator throws LogicException with message 'The parent constructor was
not called' on its first operation when the glob expression doesn't match
any file. It also throws on the first operation after the iteration
completes, when the glob expression matches some files.
# Resolved conflicts:
# ext/spl/spl_directory.c
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed#72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
update NEWS
Fix#66387: Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
Always duplicate the array before doing a sort with user-defined
comparison function, to avoid access to the intermediate
inconsistent state.
I've also dropped the "array modification" warning, as protection
against modifications is no longer relevant if we're always working
on a copy anyway.
This also required some changes to how SplArray forwards calls to
sorting functions.
a) Fix uses of zend_string in error message
b) Don't assign the overloaded object as the backing storage, that
sort of defeats the point. Instead leave the previous value.
Instead use the AOs own applyCount that just got freed up. Using the
apply count of the HashTable has various side effects, e.g. preventing
the ArrayObject from being dumped.
