clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
120,324 Commits 491 Branches 1,363 Tags 837 MiB
fa8d9b1183
Commit Graph

120324 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
George Peter Banyard
fa8d9b1183 Improve type declarations for Zend APIs 
Voidification of Zend API which always succeeded
Use bool argument types instead of int for boolean arguments
Use bool return type for functions which return true/false (1/0)
Use zend_result return type for functions which return SUCCESS/FAILURE as they don't follow normal boolean semantics

Closes GH-6002
 2020-08-28 15:41:27 +02:00
Dmitry Stogov
7690439edd Don't load IP when entering inlined function 2020-08-28 13:27:35 +03:00
Nikita Popov
5db44e39b1 Fix tracked_realloc 
We should only drop the information about the old allocation after
checking the memory limit. This makes the code a bit more awkward...
 2020-08-28 11:37:42 +02:00
Nikita Popov
32315c247f Promote incomplete class to modification to Error 
In line with engine diagnostic promotions, property writes throw
an Error exception, while reads throw a warning.
 2020-08-28 11:14:43 +02:00
Nikita Popov
f965e20059 Promote ArrayObject modification during sorting to Error exception 2020-08-28 10:42:14 +02:00
Nikita Popov
99c5e083ca Throw Error instead of E_ERROR when calling method on incomplete class 
There's no reason for this to abort execution completely.
 2020-08-28 10:34:21 +02:00
Nikita Popov
4ce38304bb Remove unused BG(str_ebuf) global 
Also change BG(strtok_len) to size_t. This stores a string length,
so it should be size_t rather than zend_ulong.
 2020-08-28 10:14:41 +02:00
Nikita Popov
df5011f56c Export and reuse zend_is_valid_class_name API 
Unserialization does the same check as zend_lookup_class, so let's
share the same optimized implementation.
 2020-08-28 10:06:01 +02:00
Nikita Popov
c47011ba05 Use zend_string when storing incomplete class name 
No need to copy the string here...
 2020-08-28 10:01:46 +02:00
Nikita Popov
1d0f55315e Store incomplete_class entry as normal global 
I don't see any reason why this needs to live in a thread-safe
global, unlikely all other class entries.
 2020-08-28 09:57:54 +02:00
Dmitry Stogov
1c1165f8cd Avoid useless IP load 2020-08-28 00:53:09 +03:00
Dmitry Stogov
0866208988 Remove useless register allocations 2020-08-28 00:02:10 +03:00
Dmitry Stogov
972041d68d Replace "mov %eax, %ecx; shl $1, $ecx" by "lea (%eax,%eax), %ecx" 2020-08-27 22:59:30 +03:00
Nikita Popov
bb1d0319d7 Fix typo 
This was supposed to include the header, not the C file...
 2020-08-27 16:57:09 +02:00
Nikita Popov
a88226d116 Generate execute corpus in generate_all.php 
And add crypt() to the function blacklist, it can be very slow.
 2020-08-27 16:34:36 +02:00
Nikita Popov
ac98ac7225 Merge branch 'PHP-7.4' 
* PHP-7.4:
  Don't assert when comparing uninit DateTimeZone objects
 2020-08-27 16:20:24 +02:00
Nikita Popov
5ae657b296 Don't assert when comparing uninit DateTimeZone objects 
Nothing guarantees that the objects are initialized here... just
check as usual.
 2020-08-27 16:18:45 +02:00
Nikita Popov
e083cfaf6d Merge branch 'PHP-7.4' 
* PHP-7.4:
  Require non-negative length in stream_get_contents()
 2020-08-27 15:51:58 +02:00
Nikita Popov
8daf79215d Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Require non-negative length in stream_get_contents()
 2020-08-27 15:51:35 +02:00
Nikita Popov
62dce97973 Require non-negative length in stream_get_contents() 
If the length is not -1, require it to be non-negative.

Using such lengths doesn't make sense (as only -1 is special-case
to read in chunks, anything else will end up doing a huge upfront
allocation) and can lead to string allocation overflow.

A similar check is already in place for file_get_contents(). That
one does not allow -1 (and uses null instead), but this function
is explicitly specified to accept -1, so stick to that behavior.
 2020-08-27 15:50:49 +02:00
Nikita Popov
a3d0d947bd Use zend_dval_to_lval() in spl_offset_convert_to_long() 
Avoid fptoi UB and use the standard PHP conversion behavior.
 2020-08-27 14:53:56 +02:00
Nikita Popov
a2bbd8f01f Fix leak in typed reference assignment 
We're only creating tmp here to compare against the existing
coerced_value. We need to destroy it in all cases.
 2020-08-27 14:40:35 +02:00
Dmitry Stogov
e701146070 Update operands range information accoring to the taken branches and use this indormation to eliminate useless overflow checks. 2020-08-27 15:29:11 +03:00
Nikita Popov
c29838c561 Add experimental "execute" fuzzer 
This is an end-to-end fuzzer that executes arbitrary PHP code.

We replace the executor with a finite-step executor to avoid
getting stuck in loops or recursion.
 2020-08-27 13:06:24 +02:00
Nikita Popov
988fc94bbb Fix leak on failed DatePeriod initialization 
We need to free not only p here, but also b and e.
 2020-08-27 12:54:43 +02:00
Nikita Popov
614c0b846e Allow removing non-existing key from WeakMap 
In line with usual PHP semantics. This previously triggered an
assertion failure.
 2020-08-27 12:42:08 +02:00
Nikita Popov
ce83ec8790 Clean up strtok implementation 
Store the zend_string instead of performing a copy and storing
in a zval. Also make sure the string is released immediately if
it's no longer needed. Finally, avoid null pointer offset UB if
no string has been set -- though I'm wondering if this case
shouldn't be generating a warning?
 2020-08-27 12:24:58 +02:00
Nikita Popov
0026d8a783 Fix use-after-free is WeakMap key and value are the same 
Drop the object from the WeakMap as the last step, as this might
end up destroying the object.
 2020-08-27 12:05:06 +02:00
Dmitry Stogov
9d409f2c1e Eliminate ZSTR_IS_INTERNED() check 2020-08-27 11:38:15 +03:00
Christoph M. Becker
f956434df2 Merge branch 'PHP-7.4' into master 
* PHP-7.4:
  Catch potential exceptions during to string conversion
 2020-08-27 10:26:15 +02:00
Christoph M. Becker
296030119c Catch potential exceptions during to string conversion 
As of PHP 7.4.0, exceptions are allowed to be thrown from inside
`__toString()` methods; we have to cater to that, and catch these
exceptions early.

Closes GH-6042
 2020-08-27 10:23:18 +02:00
Nikita Popov
bd6feb7b12 Enforce memory limit in tracked allocation mode 
A very basic limit (for single allocations) was already enforced.
This extends it to count the total memory allocations.

This is useful to avoid out of memory conditions while fuzzing.
 2020-08-27 10:18:18 +02:00
Dmitry Stogov
3ead24ecfa Check interrupt only if the link is a part of the loop. 2020-08-27 11:04:23 +03:00
Dmitry Stogov
c4fc453771 Rename zend_jit_var_may_be_modified_indirectly() into zend_jit_var_may_alias() 2020-08-27 10:31:39 +03:00
Dmitry Stogov
16b3b339ed Check reference guard once 2020-08-27 00:40:55 +03:00
Dmitry Stogov
b9e3de0a32 Use "movaps" instead of "movsd" to copy the whole %xmm register. 2020-08-26 21:13:55 +03:00
Dmitry Stogov
c1f14b8a49 Fixed reference-counting 2020-08-26 18:56:54 +03:00
Nikita Popov
e069032e5c Merge branch 'PHP-7.4' 
* PHP-7.4:
  Property handle read_property exception in fetch_property_address
 2020-08-26 16:13:10 +02:00
Nikita Popov
247105ae1a Property handle read_property exception in fetch_property_address 
Otherwise we leak (and corrupt uninitialized_zval).
 2020-08-26 16:12:34 +02:00
Christoph M. Becker
00edc3f4bc Merge branch 'PHP-7.4' into master 
* PHP-7.4:
  Fix com_safearray_proxy related memory management issues
 2020-08-26 15:43:43 +02:00
Christoph M. Becker
8e2f219fad Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix com_safearray_proxy related memory management issues
 2020-08-26 15:40:57 +02:00
Christoph M. Becker
1b7ee6db88 Fix com_safearray_proxy related memory management issues 2020-08-26 15:39:32 +02:00
Nikita Popov
55798e0e39 Lowercase method name in zend_call_method() 2020-08-26 15:19:23 +02:00
Nikita Popov
86cd009718 Fix pass by ref error for named params 2020-08-26 15:10:08 +02:00
Christoph M. Becker
2f9e9d4d97 Merge branch 'PHP-7.4' into master 
* PHP-7.4:
  Separate COM::__construct()s $server_name array
 2020-08-26 15:02:34 +02:00
Christoph M. Becker
b087bd2404 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Separate COM::__construct()s $server_name array
 2020-08-26 15:01:22 +02:00
Christoph M. Becker
75ac3f1cba Separate COM::__construct()s $server_name array 
This may otherwise be modified.
 2020-08-26 15:00:02 +02:00
Christoph M. Becker
fc4a6cda4b Merge branch 'PHP-7.4' into master 
* PHP-7.4:
  Fix #64130: COM obj parameters passed by reference are not updated
 2020-08-26 14:55:34 +02:00
Christoph M. Becker
1ff981d7a6 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #64130: COM obj parameters passed by reference are not updated
 2020-08-26 14:53:46 +02:00
Christoph M. Becker
5ff15e2651 Fix #64130: COM obj parameters passed by reference are not updated 
`ITypeInfo_GetIDsOfNames()` is supposed to fail with `E_NOTIMPL` for
out-of-process servers, thus we should not remove the already available
typeinfo of the object in this case.

We also properly free the `byref_vals`.
 2020-08-26 14:50:04 +02:00