Inside `zend_object_std_dtor` the weakrefs are notified after the destruction
of properties already took place. In this test case, the destructor of an anon
class will be invoked due to the property destruction. That class has a
weak reference to its parent. This means that the destructor can access
parent properties that already have been destroyed, resulting in a UAF.
Fix this by notifying the weakrefs at the start of the object's
destruction.
Closes GH-13613.
Ending with fiber stack mapped in hugepages will affect performance
badly.
Until < Linux 6.8-rc2 MAP_STACK was a noop, now it implies no THP, older releases
need madvise.
When AC_DEFINE is called after some macro that has already defined the
symbol with description (help text), it can be called with two arguments
to make things easier.
[ci skip]
For master (8.4-dev) I merged GH-13381. But that PR changes public API
of TSRM, so cannot be used on lower branches.
This patch is a safe workaround for the issue, in combination with a
pre-existing fix using `ifdef ZTS + if (module_started)` inside pgsql
and odbc. The idea is to delay unloading modules until the persistent
resources are destroyed. This will keep the destructor code accessible
in memory.
This is not a proper fix on its own, because we still need the
workaround of not accessing globals after module destruction.
The proper fix is in master.
Closes GH-13388.
This macro defines the inline keyword to be `__inline__`, `__inline`,
or empty, based on the compiler inline support. Since PHP requires C99,
which has the inline keyword definition and all current compilers
support it, this check is redundant and not needed anymore.
for threaded context, it solely uses a new api only available on
illumos.
Here using a common older api to get the stack info for the current
thread.
while at it, completing stack_limit_010 test for these platforms.
On shutdown in ZTS the following happens:
- https://github.com/php/php-src/blob/master/Zend/zend.c#L1124-L1125
gets executed. This destroys global persistent resources and destroys
the modules. Furthermore, the modules are unloaded too.
- Further down, `ts_free_id(executor_globals_id)` gets executed, which
calls `executor_globals_dtor`. This function destroys persistent
resources for each thread.
Notice that in the last step, the modules that the persistent resource
belong to may already have been destroyed. This means that accessing
globals will cause a crash (I previously fixed this with ifdef magic),
or when the module is dynamically loaded we'll try jumping to a
destructor that is no longer loaded in memory. These scenarios cause
crashes.
It's not possible to move the `ts_free_id` call upwards, because that
may break assumptions of callers, and furthermore this would deallocate
the executor globals structure, which means that any access to those
will cause a segfault.
This patch adds a new API to the TSRM that allows running a callback on
a certain resource type. We use this API to destroy the persistent
resources in all threads prior to the module destruction, and keep the
rest of the resource dtor intact.
I verified this fix on Apache with postgres, both dynamically and
statically.
Fixes GH-12974.
- Change `http://` links to `https://` for php.net and zend.com
- Remove `<img border=0` attributes as they are no longer in the HTML standard
- Replace `<font>` tags with `<span>` tags (used for highlight.* INI color value display previews)
RFC: https://wiki.php.net/rfc/rfc1867-non-post
This function allows populating the $_POST and $_FILES globals for non-post
requests. This avoids manual parsing of RFC1867 requests.
Fixes#55815
Closes GH-11472
When targeting Darwin systems (macOS, etc.), the compiler defines the
__APPLE__ symbol, which should be sufficient and a more established
detection method practice in these cases.
clang 18 is going to be released and in the meantime the counted_by
attribute usage had been constrained to true flexible arrays,
typical cases such as type name[1] ZEND_ELEMENT_COUNT(size) no longer
build.
