George Peter Banyard
fa8d9b1183
Improve type declarations for Zend APIs
...
Voidification of Zend API which always succeeded
Use bool argument types instead of int for boolean arguments
Use bool return type for functions which return true/false (1/0)
Use zend_result return type for functions which return SUCCESS/FAILURE as they don't follow normal boolean semantics
Closes GH-6002
2020-08-28 15:41:27 +02:00
Dmitry Stogov
7690439edd
Don't load IP when entering inlined function
2020-08-28 13:27:35 +03:00
Nikita Popov
5db44e39b1
Fix tracked_realloc
...
We should only drop the information about the old allocation after
checking the memory limit. This makes the code a bit more awkward...
2020-08-28 11:37:42 +02:00
Nikita Popov
32315c247f
Promote incomplete class to modification to Error
...
In line with engine diagnostic promotions, property writes throw
an Error exception, while reads throw a warning.
2020-08-28 11:14:43 +02:00
Nikita Popov
f965e20059
Promote ArrayObject modification during sorting to Error exception
2020-08-28 10:42:14 +02:00
Nikita Popov
99c5e083ca
Throw Error instead of E_ERROR when calling method on incomplete class
...
There's no reason for this to abort execution completely.
2020-08-28 10:34:21 +02:00
Nikita Popov
4ce38304bb
Remove unused BG(str_ebuf) global
...
Also change BG(strtok_len) to size_t. This stores a string length,
so it should be size_t rather than zend_ulong.
2020-08-28 10:14:41 +02:00
Nikita Popov
df5011f56c
Export and reuse zend_is_valid_class_name API
...
Unserialization does the same check as zend_lookup_class, so let's
share the same optimized implementation.
2020-08-28 10:06:01 +02:00
Nikita Popov
c47011ba05
Use zend_string when storing incomplete class name
...
No need to copy the string here...
2020-08-28 10:01:46 +02:00
Nikita Popov
1d0f55315e
Store incomplete_class entry as normal global
...
I don't see any reason why this needs to live in a thread-safe
global, unlikely all other class entries.
2020-08-28 09:57:54 +02:00
Dmitry Stogov
1c1165f8cd
Avoid useless IP load
2020-08-28 00:53:09 +03:00
Dmitry Stogov
0866208988
Remove useless register allocations
2020-08-28 00:02:10 +03:00
Dmitry Stogov
972041d68d
Replace "mov %eax, %ecx; shl $1, $ecx" by "lea (%eax,%eax), %ecx"
2020-08-27 22:59:30 +03:00
Nikita Popov
bb1d0319d7
Fix typo
...
This was supposed to include the header, not the C file...
2020-08-27 16:57:09 +02:00
Nikita Popov
a88226d116
Generate execute corpus in generate_all.php
...
And add crypt() to the function blacklist, it can be very slow.
2020-08-27 16:34:36 +02:00
Nikita Popov
ac98ac7225
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Don't assert when comparing uninit DateTimeZone objects
2020-08-27 16:20:24 +02:00
Nikita Popov
5ae657b296
Don't assert when comparing uninit DateTimeZone objects
...
Nothing guarantees that the objects are initialized here... just
check as usual.
2020-08-27 16:18:45 +02:00
Nikita Popov
e083cfaf6d
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Require non-negative length in stream_get_contents()
2020-08-27 15:51:58 +02:00
Nikita Popov
8daf79215d
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Require non-negative length in stream_get_contents()
2020-08-27 15:51:35 +02:00
Nikita Popov
62dce97973
Require non-negative length in stream_get_contents()
...
If the length is not -1, require it to be non-negative.
Using such lengths doesn't make sense (as only -1 is special-case
to read in chunks, anything else will end up doing a huge upfront
allocation) and can lead to string allocation overflow.
A similar check is already in place for file_get_contents(). That
one does not allow -1 (and uses null instead), but this function
is explicitly specified to accept -1, so stick to that behavior.
2020-08-27 15:50:49 +02:00
Nikita Popov
a3d0d947bd
Use zend_dval_to_lval() in spl_offset_convert_to_long()
...
Avoid fptoi UB and use the standard PHP conversion behavior.
2020-08-27 14:53:56 +02:00
Nikita Popov
a2bbd8f01f
Fix leak in typed reference assignment
...
We're only creating tmp here to compare against the existing
coerced_value. We need to destroy it in all cases.
2020-08-27 14:40:35 +02:00
Dmitry Stogov
e701146070
Update operands range information accoring to the taken branches and use this indormation to eliminate useless overflow checks.
2020-08-27 15:29:11 +03:00
Nikita Popov
c29838c561
Add experimental "execute" fuzzer
...
This is an end-to-end fuzzer that executes arbitrary PHP code.
We replace the executor with a finite-step executor to avoid
getting stuck in loops or recursion.
2020-08-27 13:06:24 +02:00
Nikita Popov
988fc94bbb
Fix leak on failed DatePeriod initialization
...
We need to free not only p here, but also b and e.
2020-08-27 12:54:43 +02:00
Nikita Popov
614c0b846e
Allow removing non-existing key from WeakMap
...
In line with usual PHP semantics. This previously triggered an
assertion failure.
2020-08-27 12:42:08 +02:00
Nikita Popov
ce83ec8790
Clean up strtok implementation
...
Store the zend_string instead of performing a copy and storing
in a zval. Also make sure the string is released immediately if
it's no longer needed. Finally, avoid null pointer offset UB if
no string has been set -- though I'm wondering if this case
shouldn't be generating a warning?
2020-08-27 12:24:58 +02:00
Nikita Popov
0026d8a783
Fix use-after-free is WeakMap key and value are the same
...
Drop the object from the WeakMap as the last step, as this might
end up destroying the object.
2020-08-27 12:05:06 +02:00
Dmitry Stogov
9d409f2c1e
Eliminate ZSTR_IS_INTERNED() check
2020-08-27 11:38:15 +03:00
Christoph M. Becker
f956434df2
Merge branch 'PHP-7.4' into master
...
* PHP-7.4:
Catch potential exceptions during to string conversion
2020-08-27 10:26:15 +02:00
Christoph M. Becker
296030119c
Catch potential exceptions during to string conversion
...
As of PHP 7.4.0, exceptions are allowed to be thrown from inside
`__toString()` methods; we have to cater to that, and catch these
exceptions early.
Closes GH-6042
2020-08-27 10:23:18 +02:00
Nikita Popov
bd6feb7b12
Enforce memory limit in tracked allocation mode
...
A very basic limit (for single allocations) was already enforced.
This extends it to count the total memory allocations.
This is useful to avoid out of memory conditions while fuzzing.
2020-08-27 10:18:18 +02:00
Dmitry Stogov
3ead24ecfa
Check interrupt only if the link is a part of the loop.
2020-08-27 11:04:23 +03:00
Dmitry Stogov
c4fc453771
Rename zend_jit_var_may_be_modified_indirectly() into zend_jit_var_may_alias()
2020-08-27 10:31:39 +03:00
Dmitry Stogov
16b3b339ed
Check reference guard once
2020-08-27 00:40:55 +03:00
Dmitry Stogov
b9e3de0a32
Use "movaps" instead of "movsd" to copy the whole %xmm register.
2020-08-26 21:13:55 +03:00
Dmitry Stogov
c1f14b8a49
Fixed reference-counting
2020-08-26 18:56:54 +03:00
Nikita Popov
e069032e5c
Merge branch 'PHP-7.4'
...
* PHP-7.4:
Property handle read_property exception in fetch_property_address
2020-08-26 16:13:10 +02:00
Nikita Popov
247105ae1a
Property handle read_property exception in fetch_property_address
...
Otherwise we leak (and corrupt uninitialized_zval).
2020-08-26 16:12:34 +02:00
Christoph M. Becker
00edc3f4bc
Merge branch 'PHP-7.4' into master
...
* PHP-7.4:
Fix com_safearray_proxy related memory management issues
2020-08-26 15:43:43 +02:00
Christoph M. Becker
8e2f219fad
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix com_safearray_proxy related memory management issues
2020-08-26 15:40:57 +02:00
Christoph M. Becker
1b7ee6db88
Fix com_safearray_proxy related memory management issues
2020-08-26 15:39:32 +02:00
Nikita Popov
55798e0e39
Lowercase method name in zend_call_method()
2020-08-26 15:19:23 +02:00
Nikita Popov
86cd009718
Fix pass by ref error for named params
2020-08-26 15:10:08 +02:00
Christoph M. Becker
2f9e9d4d97
Merge branch 'PHP-7.4' into master
...
* PHP-7.4:
Separate COM::__construct()s $server_name array
2020-08-26 15:02:34 +02:00
Christoph M. Becker
b087bd2404
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Separate COM::__construct()s $server_name array
2020-08-26 15:01:22 +02:00
Christoph M. Becker
75ac3f1cba
Separate COM::__construct()s $server_name array
...
This may otherwise be modified.
2020-08-26 15:00:02 +02:00
Christoph M. Becker
fc4a6cda4b
Merge branch 'PHP-7.4' into master
...
* PHP-7.4:
Fix #64130 : COM obj parameters passed by reference are not updated
2020-08-26 14:55:34 +02:00
Christoph M. Becker
1ff981d7a6
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix #64130 : COM obj parameters passed by reference are not updated
2020-08-26 14:53:46 +02:00
Christoph M. Becker
5ff15e2651
Fix #64130 : COM obj parameters passed by reference are not updated
...
`ITypeInfo_GetIDsOfNames()` is supposed to fail with `E_NOTIMPL` for
out-of-process servers, thus we should not remove the already available
typeinfo of the object in this case.
We also properly free the `byref_vals`.
2020-08-26 14:50:04 +02:00