clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
122,884 Commits 491 Branches 1,363 Tags 838 MiB
82ab29580e
Commit Graph

122884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christoph M. Becker
82ab29580e
[ci skip] Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
 2021-10-26 16:07:22 +02:00
Christoph M. Becker
5aaeeda744
[ci skip] Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
 2021-10-26 16:05:26 +02:00
Jakub Zelenka
f47798e685
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) 
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.

Signed-off-by: Stanislav Malyshev <stas@php.net>
(cherry picked from commit cb2021e5f6)

Closes GH-7614.
 2021-10-26 16:03:33 +02:00
Christoph M. Becker
2a51efc2a0
[ci skip] Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  [ci skip] Fix NEWS
 2021-10-25 12:50:20 +02:00
Christoph M. Becker
f4572d9e22
[ci skip] Fix NEWS 
Bug #81026 has already been fixed in PHP 7.4.25 and 8.0.12.
 2021-10-25 12:48:58 +02:00
Christoph M. Becker
6e6a8443a8
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #76167: mbstring may use pointer from some previous request
 2021-10-25 12:39:57 +02:00
Christoph M. Becker
d3d6d7906e
Fix #76167: mbstring may use pointer from some previous request 
We must not reuse per-request memory across multiple requests, so this
check triggered during RINIT makes no sense.  As explained in the bug
report[1], it can be even harmful, if some request startup fails, and
the pointers refer to already freed memory in the next request.

[1] <https://bugs.php.net/76167>

Closes GH-7604.
 2021-10-25 12:37:28 +02:00
Christoph M. Becker
5cc4088d69
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  fix for pcre2 10.38
 2021-10-25 11:59:37 +02:00
Dmitry Stogov
29c8c1e955 Tracing JIT: Fixed possible endless loop when escape from ZEND_CALL_TOP frame 2021-10-25 12:10:25 +03:00
Christopher Jones
3e9b53f2ec
Fix tests for method camel case change 2021-10-25 14:31:00 +11:00
Christopher Jones
51f1cacf7a
Fix tests for method camel case change 2021-10-25 14:17:28 +11:00
Dmitry Stogov
d3251632ad Tracing JIT: Fixed incorrect assumption about in-memeory zval type 2021-10-22 14:38:38 +03:00
Dmitry Stogov
c7e974fc4e Tracing JIT: Fixed incorrect assumtion about temporary variable types clobbered by *_ROPE instructions 2021-10-21 21:35:57 +03:00
Kamil Tekiela
c9d509b668
Revert "Fix bug GH-1 (mysqli_sql_exception->sqlstate is inaccessible)" 
This reverts commit 64fca5c5f0.
 2021-10-21 19:01:01 +01:00
Kamil Tekiela
64fca5c5f0
Fix bug GH-1 (mysqli_sql_exception->sqlstate is inaccessible) 2021-10-21 18:51:16 +01:00
Bob Weinand
345f46ff29 Fix weakmap API test 
Apparently under some targets the address can evaluate to an address with the most significant bit set. (displays as negative number)
 2021-10-21 19:31:37 +02:00
Remi Collet
a6f5c2dc8b
fix for pcre2 10.38 2021-10-21 13:37:26 +02:00
Bob Weinand
471102edcd Add ZEND_API for weakmap functionality via zend_weakrefs_hash_add/del 
Closes GH-7600.
 2021-10-21 13:34:22 +02:00
Remi Collet
56495ac031
fix for pcre2 10.38 2021-10-21 13:33:35 +02:00
Nikita Popov
decf906a90 Remove bug76738.phpt 
The test contains PII in the base64-encoded part and is way too
complicated to be useful. I'd try to reduce it, but I can't tell
what it's actually supposed to test.
 2021-10-21 10:40:12 +02:00
Dmitry Stogov
b69c6ba9df Use right frame 2021-10-20 23:50:33 +03:00
Dmitry Stogov
95c0dfc57f JIT: Fixed megamorphic call detection 2021-10-20 22:16:25 +03:00
Dmitry Stogov
38626dbaad JIT: Fixed memory leak 2021-10-20 10:38:47 +03:00
Stanislav Malyshev
23a607574e
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Add FPM fix news
  Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
 2021-10-18 15:07:13 -07:00
Jakub Zelenka
fadb1f8c1d
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) 
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.

Signed-off-by: Stanislav Malyshev <stas@php.net>
 2021-10-18 15:06:36 -07:00
Stanislav Malyshev
6ab9b3865a
Add FPM fix news 2021-10-18 15:04:46 -07:00
Dmitry Stogov
6bd5271c62 Fixed incorrect optimization that may cause JIT assertion 2021-10-18 23:18:52 +03:00
Dmitry Stogov
d3063c02c6 Tracing JIT: Fixed memory leak 2021-10-18 22:14:53 +03:00
Dmitry Stogov
e59d0a7151 JIT: Fixed DASM_S_RANGE_VREG error 2021-10-18 17:58:42 +03:00
Dmitry Stogov
13d1244575 Tracing JIT: Fixed ADD with two references to arrays 2021-10-18 17:26:36 +03:00
Dmitry Stogov
6021e72143 Tracinf JIT: Prevnt generation code for instruction that with cyclic dependency 
e.g. $a[] += $a is compiled into ASSIGN_DIM_OP+OP_DATA, where OP_DATA.op1_use depends on ASSIGN_DIM_OP.op1_def
 2021-10-18 16:53:45 +03:00
Nikita Popov
6974372fbb Fix bug #81510 
Make the used arrays larger, because the previous sizes were not
slow enough on some hardware.
 2021-10-18 12:45:26 +02:00
Nikita Popov
6e9b764920 Increase timeout on community job 
We're hitting the 60 minute limit occasionally.
 2021-10-18 11:08:40 +02:00
Jakub Zelenka
cb2021e5f6
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation) 
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.

Signed-off-by: Stanislav Malyshev <stas@php.net>
 2021-10-17 20:16:10 -07:00
Christoph M. Becker
fc886694d3
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #81500: Interval serialization regression since 7.3.14 / 7.4.2
 2021-10-15 19:11:26 +02:00
Christoph M. Becker
866adb122a
Fix #81500: Interval serialization regression since 7.3.14 / 7.4.2 
While it may not be desired, `DateInterval::$f` supports negative
values, at least with regard to calculations.  We still need to guard
from assigning double values which are out of range for signed 64bit
integers (which would be undefined behavior).  zend_dval_to_lval() does
this by returning `0` instead of triggering UB.  This way we can avoid
setting the invalid marker, which doesn't work as expected anyway.

We must not do that only for unserialization, but also when the property
is set in the first place.

We need to adapt some of the existing tests wrt. this behavior.  In
particular, we check for an arbitrary value in bug79015.phpt, to cater
to differences between 32bit and 64bit architectures.

Closes GH-7575.
 2021-10-15 19:08:07 +02:00
Remi Collet
9f98bc58c7
remove closing bracket in bad place 2021-10-15 16:46:35 +02:00
Christoph M. Becker
b7f3b67060
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #81518: Header injection via default_mimetype / default_charset
 2021-10-14 12:21:35 +02:00
Christoph M. Becker
365769366b
Fix #81518: Header injection via default_mimetype / default_charset 
We forbid setting these INI options to values containing NUL bytes, CR
or LF.

Closes GH-7574.
 2021-10-14 12:16:19 +02:00
Máté Kocsis
ca219d7d27
Fix 2nd param name of pg_send_execute() 
Closes GH-7576
 2021-10-13 14:14:47 +02:00
Remi Collet
6d0d5227d8
bump zip ext version 2021-10-13 11:53:02 +02:00
Nikita Popov
53f89219ab Fix bug #81521 
The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read().
 2021-10-12 16:42:32 +02:00
Nikita Popov
9ebe8494b8 Don't replace tmp with cv in YIELD argument 
For by-ref generators, these may have different behavior.

Fixes oss-fuzz 6059739298004992.
 2021-10-12 14:26:53 +02:00
Christoph M. Becker
845a67feb5
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix #81424: PCRE2 10.35 JIT performance regression
 2021-10-12 14:21:09 +02:00
Christoph M. Becker
788a701e22
Fix #81424: PCRE2 10.35 JIT performance regression 
We backport the respective upstream fix[1] to our bundled pcre2lib plus
the follow-up fix[2] for a functional regression.

[1] <dc5f966635>
[2] <e7af7efaa1>

Closes GH-7573.
 2021-10-12 14:19:22 +02:00
Christoph M. Becker
d130f90f72
[ci skip] Fix NEWS 
PHP 8.0.12RC1 has already been tagged a week ago, so later changes
target PHP 8.0.13.
 2021-10-12 14:14:37 +02:00
Nikita Popov
a2e3ca1f5b Don't free FETCH_W operand if GLOBAL_LOCK 
The error path performed the free unconditionally, while we should
not do it for GLOBAL_LOCK.

Fixes oss-fuzz #39868.
 2021-10-12 12:44:35 +02:00
Máté Kocsis
2127b49c65
String default values are enclosed in quotes rather than apostrophes 2021-10-12 09:51:20 +02:00
Máté Kocsis
17fa9b77bd
Fix the return type of imagecolorexactalpha() 2021-10-12 09:51:13 +02:00
Dmitry Stogov
a4c41d45cd Fixed type inference for COPY_TMP 2021-10-11 16:56:07 +03:00