Also remove the hack where scope is set to NULL in order to make
free_internal_arg_info work. Instead explicitly call it for class
methods.
This fixes the asan build for Zend/tests/bug77494.phpt.
Keep track of delayed variance obligations and check them after
linking a class is otherwise finished. Obligations may either be
unresolved method compatibility (because the necessecary classes
aren't available yet) or open parent/interface dependencies. The
latter occur because we allow the use of not fully linked classes
as parents/interfaces now.
An important aspect of the implementation is we do not require
classes involved in variance checks to be fully linked in order for
the class to be fully linked. Because the involved types do have to
exist in the class table (as partially linked classes) and we do
check these for correct variance, we have the guarantee that either
those classes will successfully link lateron or generate an error,
but there is no way to actually use them until that point and as
such no possibility of violating the variance contract. This is
important because it ensures that a class declaration always either
errors or will produce an immediately usable class afterwards --
there are no cases where the finalization of the class declaration
has to be delayed until a later time, as earlier variants of this
patch did.
Because variance checks deal with classes in various stages of
linking, we need to use a special instanceof implementation that
supports this, and also introduce finer-grained flags that tell us
which parts have been linked already and which haven't.
Class autoloading for variance checks is delayed into a separate
stage after the class is otherwise linked and before delayed
variance obligations are processed. This separation is needed to
handle cases like A extends B extends C, where B is the autoload
root, but C is required to check variance. This could end up
loading C while the class structure of B is in an inconsistent
state.
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
Now that set() is gone, there is little point in keeping get(), as
it is essentially just a different way of writing cast_object()
now.
Closes GH-4202.
FOREACH_END_DEL() does not call the destructor by itself, we need to
explicitly call it. Due to the missing dtor call the functions were
not unregistered early, which resulted in later shutdown segfaults.
Export zend_release_fcall_info_cache(). It is only necessary to
call it if the fcc may not have been used -- if it is passed to
zend_call_function() and friends, then they will take care of
freeing trampolines.
Previously zend_parse_parameters (and FastZPP) would handle invalid
arguments depending on strict_types: With strict_types=1, a TypeError
is thrown, with strict_types=0 a warning is thrown and (usually) NULL
is returned. Additionally, some functions (constructors always and
other methods sometimes) opt-it to throwing regardless of strict_types.
This commit changes zpp to always generate a TypeError exception in
PHP 8.
This avoids writing this cache at runtime, which is illegal if
preloading is used.
Not every serialize/unserialize function actually belongs to the
Serializable interface, but I think it's not a problem to assign
these anyway -- whether they are used ultimately depends on whether
Serializable is implemented.
Alternatively it might make sense to just drop these entirely. I
don't think this is performance critical functionality.
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
RFC: https://wiki.php.net/rfc/typed_properties_v2
This is a squash of PR #3734, which is a squash of PR #3313.
Co-authored-by: Bob Weinand <bobwei9@hotmail.com>
Co-authored-by: Joe Watkins <krakjoe@php.net>
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
Removed useless filename and lineno arguments, used in DEBUG build.
The patch doesn't break source compatibility of public API (only binary compatibility).
zval_dtor() doesn't make a lot of sense in PHP-7.* and it's used incorrectly in some places.
Its occurances should be replaced by zval_ptr_dtor() or zval_ptr_dtor_nogc(), or even more specialized destructors.
In PHP static properties are shared between inheriting classes,
unless they are explicitly overwritten. However, because this
functionality was implemented using reference, it was possible
to break the implementation by reassigning the static property
reference.
This is fixed by switching the implementation from using references
to using INDIRECTs, which cannot be affected by userland code.
PHP requires boolean typehints to be written "bool" and disallows
"boolean" as an alias. This changes the error messages to match
the actual type name and avoids confusing messages like "must be
of type boolean, boolean given".
This a followup to ce1d69a1f6, which
implements the same change for integer->int.
PHP requires integer typehints to be written "int" and does not
allow "integer" as an alias. This changes type error messages to
match the actual type name and avoids confusing messages like
"must be of the type integer, integer given".
convert_scalar_to_number() will now call cast_object() with an
_IS_NUMBER argument, in which case the cast handler should return
either an integer or floating point number, whichever is more
appropriate.
Previously convert_scalar_to_number() unconditionally converted
objects to integers instead.
Fixes bug #53033.
Fixes bug #54973.
Fixes bug #73108.
zend_get_parameters_ex() has been marked as deprecated for a long
time already. What zend_get_paramers() does is even more
questionable under PHP7. Both functions are obsoleted by the ZPP
mechanism, so I'm dropping them.
New macro ZVAL_COPY_OR_DUP() is used perform duplication, if necessary.
This should eliminate related race-coditions in ZTS build and prevent reference-counting bugs after unclean shutdown.
Instead of interleaving this inside zend_is_callable(), implement
this in a separate function instead.
Also add _deref() hash APIs. I've wanted these for a while, and
this is another place where they're useful, so finally do it...
Hereby, interned strings are supported in thread safe PHP. The patch
implements two types of interned strings
- interning per process, strings are not freed till process end
- interning per request, strings are freed at request end
There is no runtime interning.
With Opcache, all the permanent iterned strings are copied into SHM on
startup, additional copying into SHM might happen on demand.
If this does not break the Unix system somehow, I'll be amazed. This should get most of it out, apologies for any errors this may cause on non-Windows ends which I cannot test atm.
Squashed commit of the following:
commit e05d3b6732
Author: Andrea Faulds <ajf@ajf.me>
Date: Wed Mar 30 01:43:35 2016 +0100
UPGRADING and NEWS
commit 6caf1d4585
Author: Andrea Faulds <ajf@ajf.me>
Date: Sun Mar 20 21:18:33 2016 +0000
Fixes
commit 6dadb1b0ef
Author: Andrea Faulds <ajf@ajf.me>
Date: Sun Feb 14 02:15:01 2016 +0000
Add test for numeric string errors in assignment
commit bd5f04e8dd
Author: Andrea Faulds <ajf@ajf.me>
Date: Sat Feb 13 23:53:05 2016 +0000
Add test for numeric string errors
commit c72e92f16d
Author: Andrea Faulds <ajf@ajf.me>
Date: Tue Jan 26 23:28:33 2016 +0000
Add test for scientific notation in integer operations
commit d94c08852d
Author: Andrea Faulds <ajf@ajf.me>
Date: Sun Feb 14 01:25:57 2016 +0000
Disable optimiser evaluation for numeric string errors
commit 30ee954ed1
Author: Andrea Faulds <ajf@ajf.me>
Date: Sun Feb 14 01:46:25 2016 +0000
fixup
commit a6403b79e0
Author: Andrea Faulds <ajf@ajf.me>
Date: Sat Feb 13 22:00:27 2016 +0000
Do not convert error-causing numeric strings ahead-of-time
commit f9dc354014
Author: Andrea Faulds <ajf@ajf.me>
Date: Sat Feb 13 19:15:38 2016 +0000
Disable compile-time evaluation for numeric string errors
commit e05b0cc849
Author: Andrea Faulds <ajf@ajf.me>
Date: Fri Feb 5 11:42:26 2016 +0000
Make _zval_get_long_func_noisy function for inlining
commit 84d66321a5
Author: Andrea Faulds <ajf@ajf.me>
Date: Tue Jan 26 23:10:00 2016 +0000
Update tests
commit 5ac4a0cc4b
Author: Andrea Faulds <ajf@ajf.me>
Date: Tue Jan 26 22:08:19 2016 +0000
Use is_numeric_string_ex for zval_get_long etc.
commit c21f088485
Author: Andrea Faulds <ajf@ajf.me>
Date: Thu Jan 7 21:13:04 2016 +0000
Update tests
commit 63e214cf81
Author: Andrea Faulds <ajf@ajf.me>
Date: Wed Jan 6 00:28:01 2016 +0000
Warn on non-/bad numeric strings in arithmetic
Squashed commit of the following:
commit f11ca0e7a5
Author: Dmitry Stogov <dmitry@zend.com>
Date: Tue Dec 8 12:38:42 2015 +0300
Fixed test expectation
commit 211f873f54
Author: Dmitry Stogov <dmitry@zend.com>
Date: Tue Dec 8 12:28:38 2015 +0300
Embed zend_class_constant.flags into zend_class_constants.value.u2.access_flags
commit 51deab84b2
Author: Dmitry Stogov <dmitry@zend.com>
Date: Mon Dec 7 11:18:55 2015 +0300
Fixed issues found by Nikita
commit 544dbd5b47
Author: Dmitry Stogov <dmitry@zend.com>
Date: Sat Dec 5 02:41:05 2015 +0300
Refactored immplementation of https://wiki.php.net/rfc/class_const_visibility
@reeze created an RFC here and I emailed internals here and didn't get any responses positive/negative.
We didn't have zend_internal_function.reserved[] in PHP5, but we always allocated space for zend_function union, and extensions were able to reuse zend_function.op_array.reserved[] even for internal function. Now this is not possible. And extensions have to use zend_function.op_array.reserved[] for user functions and zend_function.internal_function.reserved[] for internal.
* PHP-5.6: (21 commits)
fix unit tests
update NEWS
add NEWS for fixes
Improve fix for #70172
Fix bug #70312 - HAVAL gives wrong hashes in specific cases
fix test
add test
Fix bug #70366 - use-after-free vulnerability in unserialize() with SplDoublyLinkedList
Fix bug #70365 - use-after-free vulnerability in unserialize() with SplObjectStorage
Fix bug #70172 - Use After Free Vulnerability in unserialize()
Fix bug #70388 - SOAP serialize_function_call() type confusion
Fixed bug #70350: ZipArchive::extractTo allows for directory traversal when creating directories
Improve fix for #70385
Fix bug #70345 (Multiple vulnerabilities related to PCRE functions)
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
Fix bug #70219 (Use after free vulnerability in session deserializer)
Fix bug ##70284 (Use after free vulnerability in unserialize() with GMP)
Fix for bug #69782
Add CVE IDs asigned (post release) to PHP 5.4.43
Add CVE IDs asigned to #69085 (PHP 5.4.39)
...
Conflicts:
ext/exif/exif.c
ext/gmp/gmp.c
ext/pcre/php_pcre.c
ext/session/session.c
ext/session/tests/session_decode_variation3.phpt
ext/soap/soap.c
ext/spl/spl_observer.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/xsl/xsltprocessor.c
Squashed commit of the following:
commit d96eab8d79
Author: Francois Laupretre <francois@tekwire.net>
Date: Fri Jun 26 01:23:31 2015 +0200
Use the new 'ZSTR' macros in the rest of the code.
Does not change anything to the generated code (thanks to compat macros) but cleaner.
commit b352643910
Author: Francois Laupretre <francois@tekwire.net>
Date: Thu Jun 25 13:45:06 2015 +0200
Improve zend_string API
Add missing methods