We must not attempt to access arbitrary union members when retrieving
debug info, because that may not be valid. Therefore we do no longer
dereference pointer types inside of unions, but report their address as
string in `%p` format instead.
We map the POSIX semantics of `IPC_PRIVATE` by creating unnamed file
mapping objects on Windows. While that is not particularly useful for
ext/shmop, which is the only bundled extension which uses `shmget()`,
it may be useful for external extensions.
Partially reverts 846b647953: instead of
throwing, this skips uninitialized typed properties when serializing objects.
This makes serialize with __sleep() behave the same as serialize()
without __sleep().
As in the non-__sleep() case, unserialize(serialize($x)) identity
may not be preserved due to replacement of uninitialized/unset
properties with default values. Fixing this will require changes to
the serialization format.
Closes GH-5396.
When ArrayObject is round-tripped through serialize() and unserialize(),
it forgets any iterator class name which was set using ::setIteratorClass().
Fix that.
The `start` parameter of `php_cgi_ini_activate_user_config` is supposed
to hold the byte offset of the doc root in the given `path`. However,
the current expression which fixes a potential type incompatibility
will ever only evaluate to zero or one, because it uses the *logical*
and operator (`&&`). Furthermore we notice that subtracting one from
`doc_root_len` is not necessary, so there is even no need for the
`start` parameter at all.
I stumbled upon this while debugging a strange issue with
stream_socket_client() where it randomly throws out errors when
the connection timeout is set to below 1s. The logic to calculate
time difference in php_openssl_subtract_timeval() is wrong when
a.tv_usec < b.tv_usec, causing connection errors before the timeout
is reached.
The DO_INIT flag, which will skip the first resume on a primed
generator, should always be set when starting to yield from a
new generator, not only when the yield from happens during priming.
We actually implement `::__debugInfo()` and drop the `get_debug_info()`
handlers of all relevant SPL classes. This is cleaner and gives more
flexibility regarding overriding the functionality in descendant
classes.
The comment on `PS_VALIDATE_SID_FUNC(files)` is very clear that the
function is supposed to return `SUCCESS` if the session already exists.
So to detect a collision, we have to check for `SUCCESS`, not
`FAILURE`.
We also fix the wrong condition in session_regenerate_id() as well.
Since `DateTimeZone` does not implement a `compare_objects` handler,
nor has any properties, two `DateTimeZone` instances always compare as
being equal, even if they designate totally different timezones. Even
worse, after calling `var_dump()` on these objects, the actual
comparison may yield a correct result.
We therefore introduce a `compare_objects` handlers, which prevents
different behavior before/after `var_dump()`, and which allows us to
clearly define the intended semantics.
To cater to potentially state-dependent encodings, we have to reset the
conversion descriptor into its initial shift state to properly finish
the conversion. Furthermore, state-dependent encodings may not show
progress when comparing `in_left` before and after the conversion; we
rather have to see whether `out_left` has decreased. Also we have to
cater to the fact that the final potentially state resetting call does
not signal failure, but we still have to break respective loops
afterwards.
This is actually about three distinct issues:
* If an empty string is passed as $address to `stream_socket_sendto()`,
the `sa` is not initialized, so we must not pass it as `addr` to
`php_stream_xport_sendto()`.
* On POSIX, `recvfrom()` truncates messages which are too long to fit
into the specified buffer (unless `MSG_PEEK` is given), discards the
excessive bytes, and returns the buffer length. On Windows, the same
happens, but `recvfrom()` returns `SOCKET_ERROR` with the error code
`WSAEMSGSIZE`. We have to catch this for best POSIX compatibility.
* In `php_network_parse_network_address_with_port()`, we have to zero
`in6` (not only its alias `sa`) to properly support IPv6.
Co-Authored-By: Nikita Popov <nikita.ppv@googlemail.com>
Even though `SplStack::unserialize()` is not supposed to be called on
an already constructed instance, it is probably better if the method
clears the stack before actually unserializing.
Unfortunately, some Webservers (e.g. IIS) do not implement the (F)CGI
specifications correctly wrt. chunked uploads (i.e. Transfer-encoding:
chunked), but instead pass -1 as CONTENT_LENGTH to the CGI
application. However, our (F)CFI SAPIs (i.e. cgi and cgi-fcgi) do not
support this.
Therefore we try to retrieve the stream size in advance and pass it to
`curl_mime_data_cb()` to prevent libcurl from doing chunked uploads.
This is basically the same approach that `curl_mime_filedata()`
implements, except that we are keeping already opened streams open for
the `read_cb()`.
We have to free the `ansiname`s, regardless of whether they have been
put into the hashtable or not.
Since bug79299.phpt already shows the leak when run with a leak
checker, there is no need for another regression test.
Releasing the `com_dotnet_istream_wrapper` in `istream_destructor()` is
pointless, since `istream_destructor()` is only called when the
resource is going to be released. This recursion is not a real issue,
though, since the resource is never exposed to userland, and has at
most refcount 1, so due to well defined unsigned integer underflow, it
never is released twice. However, returning early in this case causes
a memory leak which needs to be fixed.
For obvious reasons, we must not assign a `size_t` value to an `int`
variable using memcpy(). However, there is actually no need for the
intermediate `n_sugg_st` here, if we use the proper types in the first
place.
A regression test is not necessary, because dict_suggest.phpt already
exhibits the erroneous behavior on big endian architectures.
While `mysqli_get_client_version()` calls `mysql_get_client_version()`
to retrieve the client version, `mysql::$client_version` is initialized
to `MYSQL_VERSION_ID`. Both should match though, and since the former
is the more useful information, we fix `mysql::$client_version`.
We do not add a regression test, because it would usually succeed
anyway, and we already have several tests with respective `assert()`s.
Always push the current user_error/exception_handler to the stack,
even when it is empty, so restore_error_handler() always works as
expected.
The user_error_handler is especially temporarily empty when we are inside
the error handler, which caused inconsistent behaviour before.
The fix for feature request #53466 did not properly handle resetting of
the corresponding statement; the problem with this is that the
statement does not know about its result sets. But even if we could
fix this, the `complete` handling still appears to be brittle, since
the `sqlite3_column_type()`docs[1] state:
| If the SQL statement does not currently point to a valid row, or if
| the column index is out of range, the result is undefined.
Fortunately, we can use `sqlite3_data_count()` instead, since[2]:
| If prepared statement P does not have results ready to return (via
| calls to the sqlite3_column() family of interfaces) then
| sqlite3_data_count(P) returns 0.
Thus, we guard `SQLite3::columnType()` with `sqlite3_data_count()`, and
completely drop updating the `php_sqlite3_result_object.complete`
field, but keep it for ABI BC purposes.
[1] <https://www.sqlite.org/c3ref/column_blob.html>
[2] <https://www.sqlite.org/c3ref/data_count.html>
Firstly, we must not rely on `stmt->column_count` when freeing the
driver specific column values, but rather store the column count in
the driver data. Since the column count is a `short`, 16 bit are
sufficient, so we can store it in reserved bits of `pdo_odbc_stmt`.
Furthermore, we must not allocate new column value storage when the
statement is not executed, but rather when the column value storage has
not been allocated.
Finally, we have to introduce a driver specific `cursor_closer` to
avoid that `::closeCursor()` calls `odbc_stmt_next_rowset()` which then
frees the column value storage, because it may be still needed for
bound columns.
To be able to see changes done only with `SetEnvironmentVariable()`, we
have to use `GetEnvironmentStrings()` instead of `environ`, because the
latter sees only changes done with `putenv()`.
For best backward compatibility we're using `GetEnvironmentStringsA()`;
switching to the wide string version likely makes sense for master,
though.
Cherry-picked the fix(not sure why this wasn't merged to 7.4) for:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections)
Section name should not be typed(NULL, FALSE, TRUE etc)
Conflicts:
Zend/zend_ini_scanner.c
If the `VT_ARRAY` is empty, i.e. its upperbound is less than its lower
bound, we must not call `php_com_safearray_get_elem()`, because that
function throws in this case.
variant objects have no (declared) properties, so the `get_properties`
handlers returns a pointer to constant storage for efficiency reasons.
This pointer must not be returned from the `get_gc` handler, though;
instead we set up an own `get_gc` handler and return NULL from it, to
signal that there are no properties to collect.
Because a `HRESULT` is a `LONG`[1], no special treatment is required on
x86 platforms to get appropriate values. On x64 platforms we prefer
positive values, what we could accomplish by casting the `HRESULT`
value to `ULONG` and then to `zend_long`, but since the current
behavior is correct and the performance improvement is negligible, we
defer that to master.
[1] <https://docs.microsoft.com/en-us/windows/win32/winprog/windows-data-types#hresult>
PCRE only validates the string starting from the start offset
(minus maximum look-behind, but let's ignore that), so we can
only remember that the string is fully valid UTF-8 is the original
start offset is zero.
To cater to `curl_copy_handle()` of cURL handles with attached
`CURLFile`s, we must not attach the opened stream, because the stream
may not be seekable, so that we could rewind, when the same stream is
going to be uploaded multiple times. Instead, we're opening the stream
lazily in the read callback.
Since `curl_multi_perfom()` processes easy handles asynchronously, we
have no control of the operation sequence. Since duplicated cURL
handles may be used with multi handles, we cannot use a single arg
structure, but actually have to rebuild the whole mime structure on
handle duplication and attach this to the new handle.
In order to better test this behavior, we extend the test responder to
print the size of the upload, and patch the existing tests accordingly.
Not all systems support the discard protocol (TCP port 9), and since
there is no particular reason to use it, we switch to using actual
server testing.
The culprit is the too restrictive fix for bug #71536, which prevents
`php_libxml_streams_IO_write()` from properly executing when unclean
shutdown is flagged. A *more* suitable solution is to move the
`xmlwriter_free_resource_ptr()` call from the `free_obj` handler to an
added `dtor_obj` handler, to avoid to write to a closed stream in case
of late object freeing. This makes the `EG(active)` guard superfluous.
We also fix bug79029.phpt which has to use different variables for the
three parts to actually check the original shutdown issue.
Thanks to bwoebi and daverandom for helping to investigate this issue.
We have to convert to number *before* detecting the type, to cater to
internal objects implementing `cast_object`.
We also get rid of the fallback behavior of using `FORMAT_TYPE_INT32`,
because that can no longer happen; after `convert_scalar_to_number_ex`
the type is either `IS_LONG` or `IS_DOUBLE`. We cater explicitly to
the `IS_ARRAY` case what also avoids triggering a type confusion when
`::TYPE_INT64` is passed as `$type`.
Unlink the current stack frame before freeing CVs or extra args.
This means it will no longer show up in back traces that are
generated during CV destruction.
We already did this prior to destructing the object/closure,
presumably for the same reason.
The fix for bug #49634 solved a double-free by copying the node with
`xmlDocCopyNodeList()`, but the copied node is later freed by calling
`xmlFreeNode()` instead of `xmlFreeNodeList()`, thus leaking memory.
However, there is no need to treat the node as node list, i.e. to copy
also the node's siblings; just creating a recursive copy of the node
with `xmlDocCopyNode()` is sufficient, while that also avoids the leak.
The fix for bug #78929 disabled the conversion of spaces in cookie
values to plus signs, but failed to adapt `php_setcookie()`
accordingly, so that it uses raw URL encoding as well.
Always operate on copies of the functions, so we don't reference
temporary trait methods that have gone out of scope.
This could be more efficient, but doing an allocated copy only when
strictly necessary turned out to be somewhat tricky.
We need to extend the hash table before performing raw append
operations.
This doesn't matter if preloading happens in the same process,
as the tables will be large enough to hold all entries as a
side-effect of the preloading process. However, if preloading
happens in a different process, we need to reserve space here.
auth_plugin_data_len here is 21, including the trailing null byte.
Directly use SCRAMBLE_LENGTH instead. Also add a sanity check that
the provided scramble is long enough.
In the buildconf and configure batch files, Windows' cscript utility was being
run without the /e:jscript flag. This works on systems that have not had the
default .js file association changed, but if .js has been re-associated to
(say) an IDE, the batch files fail with the error message:
Input Error: There is no script engine for file extension ".js".
Remove the check of PHP_OPENSSL inside SETUP_OPENSSL. It's the
responsibility of the caller to determine whether they want to
enable openssl or not. This makes SSL detection in IMAP work,
which uses a different option.
Additionally also clarify that --with-openssl-dir cannot actually
be used to specify an OpenSSL directory -- these options just
serve as a way to enable OpenSSL in extensions without also
enabling the OpenSSL extension. They need to be renamed to
something clearer in master.
Closes GH-5091.
This is a backport of fcdc0a6db0
to the PHP-7.3 branch. We need to make sure that OnUpdateString
is also called for a NULL value, otherwise the reset of the encoding
at the end of the request will not work.
I believe I already tried to land this before once, but it didn't
actually end up on the PHP-7.3 branch due to a push conflict that
I only noticed just now.
We must not assume that the size of a function's return value is at
most `sizeof(ffi_arg)`, but rather have to use the size which already
has been determined for the return type if it is larger than
`sizeof(ffi_arg)`.
To be able to have a regression test, we export the required test
function from the zend-test extension, and make sure that the test
can be run on different platforms regardless of whether zend-tests was
built statically or dynamically.
Due to ASLR restrictions, preloading on Windows does not work with
any code that has preloading dependencies on internal classes.
This effectively makes it unusable for any non-trivial codebase.
Instead of pretending like preloading is going to work, only to
make people realize that it really doesn't once they get beyond
a dummy example, we disable support for preloading on Windows
entirely.
Closes GH-4999.
Previously this generated a notice, but would likely generate an
Error when unserializing.
Now we treat it with the same distinction as direct property
accesses, i.e. referencing an unset/undefined normal property
stays a notice, while a typed property becomes an Error exception.
This fixed bug #79002.
Closes GH-5050.
We implement support for a fifth parameter, which allows to specify the
mapsize. The parameter defaults to zero, in which case the compiled in
default mapsize (usually 1048576) will be used. The mapsize should be
a multiple of the page size of the OS.
We check that the given microsecond fraction is in the valid range
[0, 1000000[, and otherwise mark it as invalid. We also drop the
useless do loop; a plain block is sufficient here.
Fix file cache serialization of property types. I'm changing the
overall type serialization format to perform additional adjustments
in order to yield a plausible pointer for zend_type, rather than
using an entirely separate serialization format, as was previously
done. That would have been annoying to extend to the case of CE
pointers.
We must not use the same shared memory OPcache instance for different
SAPIs, since their memory layout is different. To avoid this, we add
the SAPI name (truncated to at most 20 characters) to the names of the
memory base file, the mutex and the file mapping.
We backport the fix PHP 7.3, since this branch is affected as well.
(cherry picked from commit b5e0043796)
(cherry picked from commit e36daa6927)
(cherry picked from commit 2704ee6844)
We no longer try to retrieve the filename of a given stream when
fstat'ing, because this is very slow. Since we neither didn't do that
in PHP 7.3 and earlier, we regard this as sensible trade-off.
Don't report EAGAIN/EWOULDBLOCK as errors for fwrite on
non-blocking socket streams. This matches behavior for fread,
as well as behavior for plain file streams.
Closes GH-5026.
Some functions in libmagic (distributed with fileinfo extension) perform this sequence of calls:
func() {
setlocale(LC_TYPE, "C")
.. do some work ..
setlocale(LC_TYPE, "")
}
It effectively resets LC_TYPE if it that was set before the function call.
To avoid manipulations with current locale at all, the problematic functions
were modified to use locale-independent functions.
`php_stream_write()` returns `-1` on failure now, which has to be
catered to by `SplFileObject::fputcsv()` which still is supposed to
return `false` on failure.
Also generate a fatal error if a collision occurs in zend_compile.
This is not perfect, because collisions might still be introduced
via opcache, if one file is included multiple times during a request,
invalidate in the meantime and recompiled by different processes.
This still needs to be addressed, but this patch fixes the much
more common case of collisions occuring when opcache is not used.
Fixes bug #78903.
We switch the cookie value parsing function from `php_url_decode()` to
`php_raw_url_decode()`, so that cookie values are now parsed according
to RFC 6265, section 4.1.1. We also refactor to remove duplicate code
without changing the execution flow.
We need to make sure that trait methods with static variables
allocate a separate MAP slot for the static variables pointer,
rather than working in-place.
I wasn't able to create a simple reproducer for this. General approach
is the same as for anonymous classes: If the key is already used, reuse
the old definition.
During preloading, check that all classes that have been included
as part of the preload script itself (rather than through opcache_compile_file)
can actually be preloaded, i.e. satisfy Windows restrictions, have
resolved initializers and resolved property types. When resolving
initializers and property types, also autoload additional classes.
Because of this, the resolution runs in a loop.
