Since the mysqlnd result set is arena allocated, we must not simply
free it, but rather call the appropriate `free_result` method.
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
To fix part of GH-15381.
gcc nor clang provides a constant to distinguish illumos and solaris
not the system provides a kernel version stamp like the BSD.
thus, we simply check the symbol and remaing purposely conservative in
the existing logic, using it only for solaris to avoid unexpected
breakages for other systems. would need a different fix for higher
branches.
Close GH-15390
As of PHP 8.1.0, passing `null` to an `int` parameter is deprecated,
and as such the deprecation notice breaks the test. So we instead pass
an integer, and to avoid hard-coding a value we just add the two
supported constants (which are supposed to have the values `1` and `2`,
respectively).
Closes GH-15254.
Two issues:
1) We should not modify the object when we pass invalid values
2) We should reset the properties to their default value otherwise we
get a UAF.
Regressed in df219ccf9d
Closes GH-15248.
This is an old bug, but this is pretty easy to fix.
It's basically applying the same fix as I did for e878b9f.
Reported by YuanchengJiang.
Closes GH-15143.
This partially reverts 0956267c08, which
introduced a type incompatibility where an `int` function is assigned
to a `zend_result` function. That yields a level 1 C4133 warning on
MSVC, and usually (e.g. in CI) level 1 warnings are elevated to errors,
so the build fails.[1]
The PHP-8.3 branch and up are uneffected by this, so the upward merges
should be empty.
[1] <0956267c08 (r144587696)>
This fixes -Winline errors where the functions are not ever inlined.
Also fixes some signature mismatches which were fixed previously but
for whatever reason were not ported to all maintained branches:
/usr/local/src/php/ext/session/session.c:1299:20:
warning:conflicting types for 'php_session_send_cookie' due to enum/integer mismatch;
have 'zend_result(void)' {aka 'ZEND_RESULT_CODE(void)'} [-Wenum-int-mismatch]
1299 | static zend_result php_session_send_cookie(void) /* {{{ */
| ^~~~~~~~~~~~~~~~~~~~~~~
/usr/local/src/php/ext/session/session.c💯12:
note: previous declaration of 'php_session_send_cookie' with type 'int(void)'
100 | static int php_session_send_cookie(void);
| ^~~~~~~~~~~~~~~~~~~~~~~
Avoid missing possible candidates due to the large address range of the free segment.
Eg,
48000000-49400000 r-xs 08000000 00:0f 39322841 segment1
7ffff2ec8000-7ffff2f49000 rw-p 00000000 00:00 0 segment2
7ffff6fae000-7ffff735c000 r-xp 00200000 08:02 11538515 /usr/local/sbin/php-fpm
original code will miss the opportunity between [7ffff2ec** - 7ffff2ec8000].
Fix issue #11265.
Signed-off-by: Long, Tao <tao.long@intel.com>
Signed-off-by: Dmitry Stogov <dmitrystogov@gmail.com>
Instead of fixing up temporaries count in between observer steps, just apply the additional temporary in the two affected observer steps.
Closes GH-14018.
For top-level anonymous type definition we never store the declaration anywhere
else nor the type anywhere else.
The declaration keeps owning the type and it goes out of scope.
For anonymous fields this gets handled by the add_anonymous_field code that
removes the type from the declaration.
This patch does something similar in the parsing code when it is
detected we're dealing with an anonymous enum in a top-level declaration.
Closes GH-14839.
Older GCC versions (< 7.0) don't support the -Wno-implicit-fallthrough
compiler flag. This adds the flag conditionally in case some other
compiler will run into same issue.
Fixes GH-13330
We were using atoi, which is only for integers. When the size does not
fit in an integer this breaks. Use ZEND_STRTOUL instead. Also make sure
invalid data isn't accidentally parsed into a file size.
Closes GH-15035.
TIDY_APPLY_CONFIG can early return because it's a macro, but then the
cleanup paths are not executed. Transform this to a real function and
handle the cleanups correctly at the callsites.
Closes GH-15046.
This reverts commit 4b22c3e3ad.
As quick measure for GH-10753, that test was skipped on Windows.
However, it seems that there are no longer performance issues with
newer cURL versions, so we run that test again on Windows.
Fixes GH-10753.
Closes GH-14998.
RFC 2617 and 7616 describe that for the "Authorization" header we should
not put the qop nor nc value inside quotes. This differs from the
WWW-Authenticate header, which may have been the source of the confusion
in the implementation. While the version with quotes seems to work fine
in some cases, clearly not all servers accept the non-standard form.
To fix the issue, simply removing the quotes of those two header fields
of the client request to be in line with the RFC suffices.
I refer further to example 3.5 in RFC 2617 and example 3.9.1 in
RFC 7616.
RFC 2617: https://datatracker.ietf.org/doc/html/rfc2617
RFC 7616: https://datatracker.ietf.org/doc/html/rfc7616
Closes GH-14328.
Besides demonstrating the new behavior, this test also ensures that the
bundled and external libgd now behave the same. It has to be noted,
though, that we only test one of the five code paths.
Closes GH-14945.
According to the docs (https://www.php.net/manual/en/function.imagecreatefromwebp.php and https://www.php.net/manual/en/function.imagewebp.php), `false` should be returned on errors (similar to other functions of the `gd` extension), but actually all errors result in a `Fatal Error`. It doesn't look normal when trying to read an empty file or a file in the wrong format causes the program to stop. The problem seems to be related to a mega-patch that replaced `zend_error` with `zend_error_noreturn` almost everywhere. My patch fixes this behavior by switching from `zend_error_noerror` to `gd_error` (i.e. to `E_WARNING` level). All necessary memory cleanup is already in the code (as it was before the "zend_error_noreturn" patch).
Close GH-13774
The create_obj handler of InternalIterator is overwritten, but not the
clone_obj handler. This is not allowed.
In PHP 8.2 this didn't cause a segfault because the standard object
handler was used for the clone instead of the internal handler.
So then it allocates and frees the object using the standard object handlers.
In 8.3 however, the object is created using the standard object handler and
freed using the custom handler, resulting in the buffer overflow.
Even though bisect points to 1e1ea4f this only reveals the bug.
Closes GH-14882.
When dealing with a file, we must free the contents if the function
fails. While here, also fix the error message because previously it
sounded like the filename was too long while in fact the file itself
is too large.
Closes GH-14862.
`spl_object_storage_attach_handle` creates an entry already, but only
fills it in at the end with `spl_object_storage_create_element` which
allocates memory. In this case the allocation fails and we're left with
a NULL slot. Doing the allocation first isn't an option because we want
to check whether the slot is occupied before allocating memory.
The simplest solution is to set the entry to NULL and check for a NULL
pointer upon destruction.
Closes GH-14849.
libxml2 2.13 makes changes to how the parsing state is set, update our
code accordingly. In particular, it started reporting entities within
attributes, while it should only report entities inside text nodes.
Closes GH-14837.
It turns out that on a 32-bit system, this test can produce either the
"usual" expected output from the 64-bit test, OR the 32-bit-only
integer overflow message. We copy the dual expected outputs from
chunk_split_variation1_32bit.phpt to handle both cases.
This fixes an earlier commit that split the two tests based only on
the size of an int (32-bit versus 64-bit). The CI reveals that, at
least on a debug/zts build, the "64-bit" memory limit error (and not
the integer overflow error) is still produced.
