We need to prevent integer overflow to eventually stop the iteration.
A test case doesn't appear sensible for this, because even on 32bit
architectures a respective test easily runs for a few minutes.
Closes GH-8447.
The fix for GH-7953 introduced a regression by being to deliberate
adding the respective headers. These must only be added, if the
handler starts, but is not finalizing.
Closes GH-8353.
We need to deref any references passed in the `$values` array. While
we could handle this in the type switch, doing it right away in the
foreach loop makes that more explicit, and also circumvents the missing
range checks for integers which are not passed as int or double.
Closes GH-8407.
This change introduces subsequent kill of the process when idle process quit
(SIGQUIT) does not succeed. It can happen in some situations and means that FPM
is not able to scale down in dynamic pm. Using SIGKILL fixes the issue.
In 7502c86342, I adjusted the number of error markers emitted on
invalid UTF-8 text to be more consistent with mbstring's behavior on
other text encodings (generally, it emits one error marker for one
unexpected byte). I didn't expect that anybody would actually care one
way or the other, but felt that it was better to be consistent than
not.
Later, Martin Auswöger kindly pointed out that the WHATWG encoding
specification, which governs how various text encodings are handled
by web browsers, does actually specify how many error markers should
be generated for any given piece of invalid UTF-8 text.
Until now, we have never really paid much attention to the WHATWG
specification, but we do want to comply with as many relevant
specifications as possible. And since PHP is commonly used for web
applications, compatibility with the behavior of web browsers is
obviously a good thing.
The fix introduces early locking of scoreboard when it is updated
which prevents the race condition causing an incorrect number of
active processes being set.
Instead of using the unsupported `%I64u` and `%I64d` format specifiers
on Windows, we use the portable `PRIu64` and `PRId64` specifiers.
The `L64()` macro and the `my_longlong` typedef should be adapted as
well, as the `i64` literal suffix is still supported by MSVC, but using
`LL` or `ll` is recommended[1], and the standard `int64_t` is available
there anyway. This is not urgent, though.
[1] <https://docs.microsoft.com/en-us/cpp/cpp/numeric-boolean-and-pointer-literals-cpp?view=msvc-170#integer-literals>
Closes GH-8268.
We must not allow to serialize already finalized `HashContext`s, since
the internal context is already freed. Since there is not much point
in serializing finalized `HashContext`s, we just bail out in that case.
Closes GH-8265.
Apparently, this has been forgotten when PHP 8.0.17RC1 and 8.0.18RC1
had been tagged.
We also fix the version of the fix for GH-8253, which didn't make it
into PHP 8.0.18RC1.
Integer parameters are stored in `zend_long` values, which have 64 bits
on LLP64, but `long` has only 32 bits there.
Adding a test might be overkill, because the broken behavior could
already be observed when running pg_select_001.phpt on Windows debug
builds, which report the stack corruption.
Closes GH-8263.
When fetching into objects, we need to create object style hash tables,
i.e. where numeric column names are stored as string keys instead of
integer keys. Instead of the slightly more efficient alternative to
create the desired hash table in the first place, we go for the more
readable implementation and convert the array style hash table using
`zend_symtable_to_proptable()`.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
Closes GH-8189.
First, we must not free the current line before we call
`spl_filesystem_file_read_csv()`, because then the `current_line` will
not be properly updated. Since the EOF check is superfluous here, we
move that part of the code to the branch for subtypes. This issue has
been introduced by the fix for bug 75917.
Second, we only must increase the `current_line` if we're not reading
ahead. This issue has been introduced by the fix for bug 62004.
Closes GH-8138.
==109253== 280 (56 direct, 224 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
==109253== at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==109253== by 0x6D9FA2: __zend_malloc (zend_alloc.c:3068)
==109253== by 0x745138: zend_add_attribute (zend_attributes.c:226)
==109253== by 0x6680D1: zend_add_parameter_attribute (zend_attributes.h:102)
==109253== by 0x66B787: zm_startup_zend_test (test.c:478)
==109253== by 0x7224CD: zend_startup_module_ex (zend_API.c:2202)
==109253== by 0x72252C: zend_startup_module_zval (zend_API.c:2217)
==109253== by 0x734288: zend_hash_apply (zend_hash.c:2011)
==109253== by 0x722C30: zend_startup_modules (zend_API.c:2328)
==109253== by 0x67409B: php_module_startup (main.c:2256)
==109253== by 0x88EDDE: php_cli_startup (php_cli.c:409)
==109253== by 0x890F61: main (php_cli.c:1334)
This is achieved by tracking the observers on the run_time_cache (with a fixed amount of slots, 2 for each observer).
That way round, if the run_time_cache is freed all associated observer data is as well.
This approach has been chosen, as to avoid any ABI or API breakage.
Future versions may for example choose to provide a hookable API for run_time_cache freeing or similar.
When we need to evaluate constant ASTs, we always have to do that in
the scope where the constant has been defined, which may be a parent
of the `ReflectionClass`'s scope.
Closes GH-8106.
If either the first or second operand of `range()` may be a string, we
must not exclude the possibility that the result may be an array of
longs.
Closes GH-8131.
fpm_scoreboard_copy locks the scoreboard while copying the scoreboard and all
proc scoreboards. proc scoreboards are locked one by one while copying each
struct. The old implementation (inside fpm_handle_status_request) only briefly
locked the scoreboard while copying the scorebard.
Closes GH-7931
Co-authored-by: Jakub Zelenka <bukka@php.net>
We need to reset the shift state right after conversion, to cater to
potenially following plain encodings. Also, there is no need to reset
the shift for plain encodings, because these are not state-dependent.
Closes GH-8025.
If an output handler has not yet been started, calling `ob_clean()`
causes it to start. If that happens, we must not forget to set the
`Content-Encoding` and `Vary` headers.
Closes GH-7960.
When bug 77574[1] has been fixed, the fix only catered to variables
retrieved via `getenv()` with a `$varname` passed, but neither to
`getenv()` without arguments nor to the general import of environment
variables into `$_ENV` and `$_SERVER`. We catch up on this by using
`GetEnvironmentStringsW()` in `_php_import_environment_variables()` and
converting the encoding to whatever had been chosen by the user.
[1] <https://bugs.php.net/bug.php?id=75574>
Closes GH-7928.
We explicitly check for an exception after the logging attempt, and
bail out in that case.
Co-authored-by: Tim Düsterhus <timwolla@googlemail.com>
Closes GH-7878.
Casting from pointer to array is special, so we must not fall back to
the general FFI casting. There is a particular issue regarding the
size comparison, namely that the pointer size is always 8 for 64bit
architectures, but the size of an array is determined by its
declaration, so as is casting a pointer to an array with more than 8
elements would fail, but casting to an array with less than 9 elements
succeeds, but the internal pointer would point to some arbitrary
memory.
We fix this by properly supporting the cast. An alternative would be
to deny this kind of cast generally, since it is not necessarily safe.
However, FFI isn't necessarily safe anyway.
We also check pointer/array type compatibility when casting.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
Closes GH-7876.
By switching attribute constructor stackframe to be called via
trampoline the stack allocation is not causing dangling pointers
in the zend_observer API anymore.
Co-Authored-By: Florian Sowade <f.sowade@suora.com>
Co-Authored-By: Christopher Becker <cmbecker69@gmx.de>
Co-Authored-By: Dmitry Stogov <dmitry@zend.com>
Closes GH-7885.
Unless stringified results are requested, we need to parse large
bigints as unsigned, to avoid wrap-around behavior.
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>
Closes GH-7837.
This may happen, when the execute_data was allocated on the stack. We
ensure that the runtime cache pointer is not NULL before dereferencing
it.
This is a partial fix for bug 81430.
Closes GH-7665.
Like `hash_file()`, `hash_hmac_file()` expects a filename, and not some
string data. Fixing this now, constitutes a (hopefully small) BC break
though.
Closes GH-7828.
While the `path` is not supposed to be `NULL` for normal operation, it
is possible to create `SplFileInfo` objects where that is the case, and
we must not follow the null pointer.
Closes GH-7814.
On NetBSD, ifconf.ifc_buf member, unlike most of platforms, is a void
pointer.
We also fix the cpuinfo declarations with empty parameter lists.
Closes GH-7819.
`2001:10::/28` is a reserved IPv6 range. But there's a typo in GH-7476,
which caused IPv6 address like `240b:0010::1` will be filtered by the
flag `FILTER_FLAG_NO_RES_RANGE`.
http://www.faqs.org/rfcs/rfc6890.html
Closes GH-7790.
When a new process reattaches to OPcache, tracing JIT causes segfaults,
because each new process allocates its own `zend_jit_traces` and
`zend_jit_exit_groups` in SHM, although these need to be shared between
all processes.
We solve that by only allocating these structs for the first process,
and store the pointers in `accel_shared_globals`, so we can reassign
them when a new process reattaches.
Closes GH-7776.
We must not use the TSRM accessor macros in GINIT and GSHUTDOWN, but
rather use the passed pointers directly. For simplicity, we inline
`php_oci_cleanup_global_handles()`, and also the `PHP_OCI_CALL()`
macros; the latter are unlikely to be needed here, but don't hurt.
Closes GH-7766.
`hash()` and `hash_hmac()` never return `false`; only `hash_file()` and
`hash_hmac_file()` return `false` in case the data cannot be read.
Closes GH-7760.
The amount of allocated system memory is kept in `real_size`, including
the allocated `cached_chunks`. Thus, we need to keep the proper count
at the end of the shutdown.
Closes GH-7745.
Unfortunately, libedit is locale based and does not accept UTF-8
input when the C locale is used. This patch switches the default
locale to C.UTF-8 instead (if it is available). This makes libedit
work and I believe it shouldn't affect behavior of single-byte
locale-dependent functions that PHP otherwise uses.
Closes GH-7635.
`php_mb_check_encoding()` now uses conversion to `mbfl_encoding_wchar`.
Since `mbfl_encoding_7bit` has no `input_filter`, no filter can be
found. Since we don't actually need to convert to wchar, we encode to
8bit.
Closes GH-7712.
Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow; we make sure that this
doesn't happen by catering to the maximal overhead of a `zend_string`.
Closes GH-7597.
Since we're going to read from the current stream position anyway, the
`max_len` should be the size of the file minus the current position
(still catering to potentially filtered streams). We must, however,
make sure to cater to the file position being beyond the actual file
size.
While we're at, we also fix the step size in the comment, which is 8K.
A further optimization could be done for unfiltered streams, thus
saving that step size, but 8K might not be worth it.
Closes GH-7693.
Modify dns_get_record to test for records result based on dns_errno to
accommodate modern FreeBSD, for which res_nsearch() does not update
h_errno directly. Add new php_dns_errno macro, and have it consult
statp->res_h_errno when OS has res_nsearch().
Closes GH-7655.
Zero-initialize the sa4/sa6 structures. On musl sin6_scope_id is
used by getnameinfo() without NI_NUMERICHOST flag. In the interest
of being conservative simply zero out everything.
We can't take ownership of the delayed autoload table here. It is
important that pending classes get loaded before resolving variance
of any nested classed, as they might actually be lower in the
hierarchy.
AIX assembler is a bit more strict than GNU assembler. Thus, adjust
the XCOFF asm files to be able to accept both assembler.
This pulls in upstream boost context changes from
https://github.com/boostorg/context/pull/191.
Closes GH-7579.
iterator_funcs_ptr may be null for Iterators with custom
get_iterator. Ideally MultipleIterator would make use of get_iterator,
but this would require a large implementation change.
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.
Signed-off-by: Stanislav Malyshev <stas@php.net>
(cherry picked from commit cb2021e5f6)
Closes GH-7614.
We must not reuse per-request memory across multiple requests, so this
check triggered during RINIT makes no sense. As explained in the bug
report[1], it can be even harmful, if some request startup fails, and
the pointers refer to already freed memory in the next request.
[1] <https://bugs.php.net/76167>
Closes GH-7604.
While it may not be desired, `DateInterval::$f` supports negative
values, at least with regard to calculations. We still need to guard
from assigning double values which are out of range for signed 64bit
integers (which would be undefined behavior). zend_dval_to_lval() does
this by returning `0` instead of triggering UB. This way we can avoid
setting the invalid marker, which doesn't work as expected anyway.
We must not do that only for unserialization, but also when the property
is set in the first place.
We need to adapt some of the existing tests wrt. this behavior. In
particular, we check for an arbitrary value in bug79015.phpt, to cater
to differences between 32bit and 64bit architectures.
Closes GH-7575.
The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read().
We backport the respective upstream fix[1] to our bundled pcre2lib plus
the follow-up fix[2] for a functional regression.
[1] <dc5f966635>
[2] <e7af7efaa1>
Closes GH-7573.
Use the proper error reporting mechanism rather than throwing a
warning. This requires something of a hack because we don't have
direct access to the connection object at this point.
Allow $tag to be null. This is the value that openssl_encrypt()
sets it to for non-AEAD ciphers, so we should also accept this
as an input to openssl_decrypt().
Prior to PHP 8.1, null was accepted in weak mode due to the special
treatment of null arguments to internal functions.
Objects reuse the GC_PERSISTENT flag as IS_OBJ_WEAKLY_REFERENCED,
which we did not account for in ZVAL_COPY_OR_DUP. To make things
worse the incorrect zval_copy_ctor_func() invocation silently did
nothing. To avoid that, add an assertion that it should only be
called with arrays and strings (unlike the normal zval_copy_ctor()
which can be safely called on any zval).
Don't allow calling fclose() on the stream while in the user
filter callback. This is basically the same protection as xp_ssl
streams use during callback invocations.
There are more issues in this general area (e.g. stack overflow
on stream_filter_remove), but this addresses freeing the stream
during the filter callback invocation at least.
When making the relative path, we must not stop on a `:\` sequence in
the middle of the filename. This is only significant on Windows as it
may indicate an absolute filename, but this is already checked at the
beginning of the function.
Note that the bug and this patch affects all systems. However, on
Windows the file is no longer extracted at all, since Windows NTSF does
not allow filenames containing colons.
Closes GH-7528.
We must not free the read line, if the `READ_AHEAD` flag is set. This
also restores the expectations of SplFileObject_next_variation002.phpt.
Closes GH-7518.
Change error message of sprintf/printf for missing/invalid position
specifier to make it clear that this is talking about the specifier,
not the number of arguments passed to the function. Also mention
the upper limit of INT_MAX.
Closes GH-7515.
We address the `::setSize(0)` case by setting `array->element = NULL`
and `array->size = 0` before we destroy the elements.
Co-authored-by: Tyson Andre <tyson.andre@uwaterloo.ca>
Closes GH-7503.
BetterReflection would like to extend these classes to provide
adaptors. As our other Reflector classes are non-final, I think
it makes sense to make these non-final as well.
Closes GH-7520.
Latest linux kernel use large number (12 bits for major device, 20
bits for minor device). Current code only supports previous standard
(5 chars), which means 8 bits for major and 8 bits for minor device.
It will fail if device number is out of that range. So this patch
increases device number read from /proc/self/maps file.
Closes GH-7512.