Christoph M. Becker
82ab29580e
[ci skip] Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
2021-10-26 16:07:22 +02:00
Christoph M. Becker
5aaeeda744
[ci skip] Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
2021-10-26 16:05:26 +02:00
Jakub Zelenka
f47798e685
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
...
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.
Signed-off-by: Stanislav Malyshev <stas@php.net>
(cherry picked from commit cb2021e5f6
)
Closes GH-7614.
2021-10-26 16:03:33 +02:00
Christoph M. Becker
2a51efc2a0
[ci skip] Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
[ci skip] Fix NEWS
2021-10-25 12:50:20 +02:00
Christoph M. Becker
f4572d9e22
[ci skip] Fix NEWS
...
Bug #81026 has already been fixed in PHP 7.4.25 and 8.0.12.
2021-10-25 12:48:58 +02:00
Christoph M. Becker
6e6a8443a8
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fix #76167 : mbstring may use pointer from some previous request
2021-10-25 12:39:57 +02:00
Christoph M. Becker
d3d6d7906e
Fix #76167 : mbstring may use pointer from some previous request
...
We must not reuse per-request memory across multiple requests, so this
check triggered during RINIT makes no sense. As explained in the bug
report[1], it can be even harmful, if some request startup fails, and
the pointers refer to already freed memory in the next request.
[1] <https://bugs.php.net/76167 >
Closes GH-7604.
2021-10-25 12:37:28 +02:00
Christoph M. Becker
5cc4088d69
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
fix for pcre2 10.38
2021-10-25 11:59:37 +02:00
Dmitry Stogov
29c8c1e955
Tracing JIT: Fixed possible endless loop when escape from ZEND_CALL_TOP frame
2021-10-25 12:10:25 +03:00
Christopher Jones
3e9b53f2ec
Fix tests for method camel case change
2021-10-25 14:31:00 +11:00
Christopher Jones
51f1cacf7a
Fix tests for method camel case change
2021-10-25 14:17:28 +11:00
Dmitry Stogov
d3251632ad
Tracing JIT: Fixed incorrect assumption about in-memeory zval type
2021-10-22 14:38:38 +03:00
Dmitry Stogov
c7e974fc4e
Tracing JIT: Fixed incorrect assumtion about temporary variable types clobbered by *_ROPE instructions
2021-10-21 21:35:57 +03:00
Kamil Tekiela
c9d509b668
Revert "Fix bug GH-1 (mysqli_sql_exception->sqlstate is inaccessible)"
...
This reverts commit 64fca5c5f0
.
2021-10-21 19:01:01 +01:00
Kamil Tekiela
64fca5c5f0
Fix bug GH-1 (mysqli_sql_exception->sqlstate is inaccessible)
2021-10-21 18:51:16 +01:00
Bob Weinand
345f46ff29
Fix weakmap API test
...
Apparently under some targets the address can evaluate to an address with the most significant bit set. (displays as negative number)
2021-10-21 19:31:37 +02:00
Remi Collet
a6f5c2dc8b
fix for pcre2 10.38
2021-10-21 13:37:26 +02:00
Bob Weinand
471102edcd
Add ZEND_API for weakmap functionality via zend_weakrefs_hash_add/del
...
Closes GH-7600.
2021-10-21 13:34:22 +02:00
Remi Collet
56495ac031
fix for pcre2 10.38
2021-10-21 13:33:35 +02:00
Nikita Popov
decf906a90
Remove bug76738.phpt
...
The test contains PII in the base64-encoded part and is way too
complicated to be useful. I'd try to reduce it, but I can't tell
what it's actually supposed to test.
2021-10-21 10:40:12 +02:00
Dmitry Stogov
b69c6ba9df
Use right frame
2021-10-20 23:50:33 +03:00
Dmitry Stogov
95c0dfc57f
JIT: Fixed megamorphic call detection
2021-10-20 22:16:25 +03:00
Dmitry Stogov
38626dbaad
JIT: Fixed memory leak
2021-10-20 10:38:47 +03:00
Stanislav Malyshev
23a607574e
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Add FPM fix news
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
2021-10-18 15:07:13 -07:00
Jakub Zelenka
fadb1f8c1d
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
...
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.
Signed-off-by: Stanislav Malyshev <stas@php.net>
2021-10-18 15:06:36 -07:00
Stanislav Malyshev
6ab9b3865a
Add FPM fix news
2021-10-18 15:04:46 -07:00
Dmitry Stogov
6bd5271c62
Fixed incorrect optimization that may cause JIT assertion
2021-10-18 23:18:52 +03:00
Dmitry Stogov
d3063c02c6
Tracing JIT: Fixed memory leak
2021-10-18 22:14:53 +03:00
Dmitry Stogov
e59d0a7151
JIT: Fixed DASM_S_RANGE_VREG error
2021-10-18 17:58:42 +03:00
Dmitry Stogov
13d1244575
Tracing JIT: Fixed ADD with two references to arrays
2021-10-18 17:26:36 +03:00
Dmitry Stogov
6021e72143
Tracinf JIT: Prevnt generation code for instruction that with cyclic dependency
...
e.g. $a[] += $a is compiled into ASSIGN_DIM_OP+OP_DATA, where OP_DATA.op1_use depends on ASSIGN_DIM_OP.op1_def
2021-10-18 16:53:45 +03:00
Nikita Popov
6974372fbb
Fix bug #81510
...
Make the used arrays larger, because the previous sizes were not
slow enough on some hardware.
2021-10-18 12:45:26 +02:00
Nikita Popov
6e9b764920
Increase timeout on community job
...
We're hitting the 60 minute limit occasionally.
2021-10-18 11:08:40 +02:00
Jakub Zelenka
cb2021e5f6
Fix bug #81026 (PHP-FPM oob R/W in root process leading to priv escalation)
...
The main change is to store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer.
Signed-off-by: Stanislav Malyshev <stas@php.net>
2021-10-17 20:16:10 -07:00
Christoph M. Becker
fc886694d3
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fix #81500 : Interval serialization regression since 7.3.14 / 7.4.2
2021-10-15 19:11:26 +02:00
Christoph M. Becker
866adb122a
Fix #81500 : Interval serialization regression since 7.3.14 / 7.4.2
...
While it may not be desired, `DateInterval::$f` supports negative
values, at least with regard to calculations. We still need to guard
from assigning double values which are out of range for signed 64bit
integers (which would be undefined behavior). zend_dval_to_lval() does
this by returning `0` instead of triggering UB. This way we can avoid
setting the invalid marker, which doesn't work as expected anyway.
We must not do that only for unserialization, but also when the property
is set in the first place.
We need to adapt some of the existing tests wrt. this behavior. In
particular, we check for an arbitrary value in bug79015.phpt, to cater
to differences between 32bit and 64bit architectures.
Closes GH-7575.
2021-10-15 19:08:07 +02:00
Remi Collet
9f98bc58c7
remove closing bracket in bad place
2021-10-15 16:46:35 +02:00
Christoph M. Becker
b7f3b67060
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fix #81518 : Header injection via default_mimetype / default_charset
2021-10-14 12:21:35 +02:00
Christoph M. Becker
365769366b
Fix #81518 : Header injection via default_mimetype / default_charset
...
We forbid setting these INI options to values containing NUL bytes, CR
or LF.
Closes GH-7574.
2021-10-14 12:16:19 +02:00
Máté Kocsis
ca219d7d27
Fix 2nd param name of pg_send_execute()
...
Closes GH-7576
2021-10-13 14:14:47 +02:00
Remi Collet
6d0d5227d8
bump zip ext version
2021-10-13 11:53:02 +02:00
Nikita Popov
53f89219ab
Fix bug #81521
...
The current error message is incorrect -- the problem here is not
that the property is invalid, but that these methods are unusable
prior to loading data, same as read().
2021-10-12 16:42:32 +02:00
Nikita Popov
9ebe8494b8
Don't replace tmp with cv in YIELD argument
...
For by-ref generators, these may have different behavior.
Fixes oss-fuzz 6059739298004992.
2021-10-12 14:26:53 +02:00
Christoph M. Becker
845a67feb5
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fix #81424 : PCRE2 10.35 JIT performance regression
2021-10-12 14:21:09 +02:00
Christoph M. Becker
788a701e22
Fix #81424 : PCRE2 10.35 JIT performance regression
...
We backport the respective upstream fix[1] to our bundled pcre2lib plus
the follow-up fix[2] for a functional regression.
[1] <dc5f966635
>
[2] <e7af7efaa1
>
Closes GH-7573.
2021-10-12 14:19:22 +02:00
Christoph M. Becker
d130f90f72
[ci skip] Fix NEWS
...
PHP 8.0.12RC1 has already been tagged a week ago, so later changes
target PHP 8.0.13.
2021-10-12 14:14:37 +02:00
Nikita Popov
a2e3ca1f5b
Don't free FETCH_W operand if GLOBAL_LOCK
...
The error path performed the free unconditionally, while we should
not do it for GLOBAL_LOCK.
Fixes oss-fuzz #39868 .
2021-10-12 12:44:35 +02:00
Máté Kocsis
2127b49c65
String default values are enclosed in quotes rather than apostrophes
2021-10-12 09:51:20 +02:00
Máté Kocsis
17fa9b77bd
Fix the return type of imagecolorexactalpha()
2021-10-12 09:51:13 +02:00
Dmitry Stogov
a4c41d45cd
Fixed type inference for COPY_TMP
2021-10-11 16:56:07 +03:00