Casting from pointer to array is special, so we must not fall back to
the general FFI casting. There is a particular issue regarding the
size comparison, namely that the pointer size is always 8 for 64bit
architectures, but the size of an array is determined by its
declaration, so as is casting a pointer to an array with more than 8
elements would fail, but casting to an array with less than 9 elements
succeeds, but the internal pointer would point to some arbitrary
memory.
We fix this by properly supporting the cast. An alternative would be
to deny this kind of cast generally, since it is not necessarily safe.
However, FFI isn't necessarily safe anyway.
We also check pointer/array type compatibility when casting.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
Closes GH-7876.
By switching attribute constructor stackframe to be called via
trampoline the stack allocation is not causing dangling pointers
in the zend_observer API anymore.
Co-Authored-By: Florian Sowade <f.sowade@suora.com>
Co-Authored-By: Christopher Becker <cmbecker69@gmx.de>
Co-Authored-By: Dmitry Stogov <dmitry@zend.com>
Closes GH-7885.
If these tests fail with a fatal error, they won't properly clean up,
which likely causes other tests to fail as (several ODBC tests use the
`odbcTEST` database and tables or stored procedures named `FOO`). This
is particularly annoying during development, where you would need to
clean up manually.
We fix this by moving the cleanup code to the --CLEAN-- section, so
that this code is executed no matter what.
Closes GH-7886.
Unless stringified results are requested, we need to parse large
bigints as unsigned, to avoid wrap-around behavior.
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-7837.
This may happen, when the execute_data was allocated on the stack. We
ensure that the runtime cache pointer is not NULL before dereferencing
it.
This is a partial fix for bug 81430.
Closes GH-7665.
http2.golang.org/serverpush has been retired[1], so we need to come up
with an alternative. Until then, we mark the relevant tests as XFAIL
(although bug77535.phpt passes, what might be an indication that the
test needs further revision). To avoid waiting for the timeout, we
also unconditionally skip these tests for now.
[1] <https://github.com/golang/go/issues/49301>
Closes GH-7829.
This header declaration is never supposed to be interpreted as
definition; otherwise, the handlers are not properly initialized, what
happens, for instance, with ASan instrumented MSVC builds.
Closes GH-7827.
Like `hash_file()`, `hash_hmac_file()` expects a filename, and not some
string data. Fixing this now, constitutes a (hopefully small) BC break
though.
Closes GH-7828.
On NetBSD, ifconf.ifc_buf member, unlike most of platforms, is a void
pointer.
We also fix the cpuinfo declarations with empty parameter lists.
Closes GH-7819.
`2001:10::/28` is a reserved IPv6 range. But there's a typo in GH-7476,
which caused IPv6 address like `240b:0010::1` will be filtered by the
flag `FILTER_FLAG_NO_RES_RANGE`.
http://www.faqs.org/rfcs/rfc6890.html
Closes GH-7790.
When a new process reattaches to OPcache, tracing JIT causes segfaults,
because each new process allocates its own `zend_jit_traces` and
`zend_jit_exit_groups` in SHM, although these need to be shared between
all processes.
We solve that by only allocating these structs for the first process,
and store the pointers in `accel_shared_globals`, so we can reassign
them when a new process reattaches.
Closes GH-7776.
We must not use the TSRM accessor macros in GINIT and GSHUTDOWN, but
rather use the passed pointers directly. For simplicity, we inline
`php_oci_cleanup_global_handles()`, and also the `PHP_OCI_CALL()`
macros; the latter are unlikely to be needed here, but don't hurt.
Closes GH-7766.
`hash()` and `hash_hmac()` never return `false`; only `hash_file()` and
`hash_hmac_file()` return `false` in case the data cannot be read.
Closes GH-7760.
This test fails because san-cert.pem and san-ca.pem have expired. We
fix that by using the CertificateGenerator to generate temporary certs
during the test run. Since san-cert.pem and san-ca.pem have been
identical, we only generate one certificate.
Closes GH-7763.
Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow; we make sure that this
doesn't happen by catering to the maximal overhead of a `zend_string`.
Closes GH-7597.
Since we're going to read from the current stream position anyway, the
`max_len` should be the size of the file minus the current position
(still catering to potentially filtered streams). We must, however,
make sure to cater to the file position being beyond the actual file
size.
While we're at, we also fix the step size in the comment, which is 8K.
A further optimization could be done for unfiltered streams, thus
saving that step size, but 8K might not be worth it.
Closes GH-7693.
For parity with non Windows systems, we should `AC_DEFINE` these macros
so that they are defined in config.w32.h instead of directly passed to
the compiler. This allows extensions which have ext/gd as dependency
to check for these macros. E.g. ext/ps does this[1], and fails to
build on Windows, because `HAVE_GD_BUNDLED` isn't defined.
[1] <https://github.com/steinm/ps/blob/RELEASE_1_4_4/ps.c#L34>
Closes GH-7680.
Make sure to destroy the old value only after assigning the new
one. Otherwise we may try to double free, e.g. if GC runs during
this dtor.
This caused an assertion failure in phpro/grumphp and is likely
the cause for bug #81603 as well.
(cherry picked from commit 6f38acfaf9)
(I applied this to the wrong base branch at first...)
Make sure to destroy the old value only after assigning the new
one. Otherwise we may try to double free, e.g. if GC runs during
this dtor.
This caused an assertion failure in phpro/grumphp and is likely
the cause for bug #81603 as well.
Modify dns_get_record to test for records result based on dns_errno to
accommodate modern FreeBSD, for which res_nsearch() does not update
h_errno directly. Add new php_dns_errno macro, and have it consult
statp->res_h_errno when OS has res_nsearch().
Closes GH-7655.
The libxml based XML functions accepting a filename actually accept
URIs with possibly percent-encoded characters. Percent-encoded NUL
bytes lead to truncation, like non-encoded NUL bytes would. We catch
those, and let the functions fail with a respective warning.
Same as with userland classes, automatically add a string return
type to __toString() methods in internal classes, so the signature
is compatible with Stringable.
We also need to drop pi nodes for new_pred here, as the pi node
restriction for new_pred is not necessarily true for control
coming from old_pred as well.
Fixes oss-fuzz #40782.
Requiring all internal classes (including those from 3rd-party
extensions) to implement Stringable if they provide __toString()
is too error prone. Case in point, our _ZendTestClass test class
was not doing so, resulting in preloading test failures after
recent changes.
Instead we automatically implement Stringable, the same as we do
for userland classes. We still allow explicit implementations,
but ignore them (normally they would result in an error due to
duplicate interface implementation). Finally, we need to be
careful about not trying to implement Stringable on Stringable
itself.
In some cases this changes the interface order, in particular the
automatic Stringable implementation will now come first.
iterator_funcs_ptr may be null for Iterators with custom
get_iterator. Ideally MultipleIterator would make use of get_iterator,
but this would require a large implementation change.
* PHP-7.4:
CLDR 40a0 uses a lowercase "temp" instead of "Temp" in ICU >= 70.1
Accommodate changes to canonicalized forms in ICU >= 70.1
Change UBool to bool for equality operators in ICU >= 70.1
This can happen if a call is optimized, but FETCH_DIM_FUNC_ARG
cannot be converted to FETCH_DIM_R because it uses an UNUSED op2,
which is not supported by FETCH_DIM_R.
Fixes oss-fuzz 6144185837682688.
We shouldn't switch from range to no range for ZEND_DIV and instead
explicitly return an overflowing range. Otherwise the range will
not actually get updated during widening, and we'll perform
essentially infinite narrowing.
Fixes oss-fuzz #40566.
We must not reuse per-request memory across multiple requests, so this
check triggered during RINIT makes no sense. As explained in the bug
report[1], it can be even harmful, if some request startup fails, and
the pointers refer to already freed memory in the next request.
[1] <https://bugs.php.net/76167>
Closes GH-7604.
The test contains PII in the base64-encoded part and is way too
complicated to be useful. I'd try to reduce it, but I can't tell
what it's actually supposed to test.
While it may not be desired, `DateInterval::$f` supports negative
values, at least with regard to calculations. We still need to guard
from assigning double values which are out of range for signed 64bit
integers (which would be undefined behavior). zend_dval_to_lval() does
this by returning `0` instead of triggering UB. This way we can avoid
setting the invalid marker, which doesn't work as expected anyway.
We must not do that only for unserialization, but also when the property
is set in the first place.
We need to adapt some of the existing tests wrt. this behavior. In
particular, we check for an arbitrary value in bug79015.phpt, to cater
to differences between 32bit and 64bit architectures.
Closes GH-7575.
The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read().
We backport the respective upstream fix[1] to our bundled pcre2lib plus
the follow-up fix[2] for a functional regression.
[1] <dc5f966635>
[2] <e7af7efaa1>
Closes GH-7573.
Use the proper error reporting mechanism rather than throwing a
warning. This requires something of a hack because we don't have
direct access to the connection object at this point.
This now prints an additional
> CONTEXT: unnamed portal parameter $1 = ''
on azure, presumably as a result of a version update or configuration
change. Strip this additional line from the error info, the same as
already done in one other place in the test.
Don't allow calling fclose() on the stream while in the user
filter callback. This is basically the same protection as xp_ssl
streams use during callback invocations.
There are more issues in this general area (e.g. stack overflow
on stream_filter_remove), but this addresses freeing the stream
during the filter callback invocation at least.