From b7a158a19bc7939d6c73f6c95d2e44ac964ba52d Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Mon, 23 Jan 2023 22:11:08 +0100
Subject: [PATCH 1/3] Fix incorrect page_size check

The current check always evaluated to false because if `!page_size`
is true, then `page_size & (page_size - 1)` equals `0 & (0 - 1)` which
is always 0. The if condition is meant to check if page_size is zero or
not a power of two, thus we must change the AND to an OR to fix this
issue.

Closes GH-10427

Signed-off-by: George Peter Banyard <girgias@php.net>
---
 NEWS                          | 3 +++
 ext/opcache/ZendAccelerator.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index ebd284b87f2..f7eaef05355 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ PHP                                                                        NEWS
 - FFI:
   . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos)
 
+- Opcache:
+  . Fix incorrect page_size check. (nielsdos)
+
 - Standard:
   . Fixed bug GH-10292 (Made the default value of the first param of srand() and
     mt_srand() unknown). (kocsismate)
diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c
index 99bb33573f3..1ffd6cb3e5d 100644
--- a/ext/opcache/ZendAccelerator.c
+++ b/ext/opcache/ZendAccelerator.c
@@ -3197,7 +3197,7 @@ static zend_result accel_post_startup(void)
 			size_t page_size;
 
 			page_size = zend_get_page_size();
-			if (!page_size && (page_size & (page_size - 1))) {
+			if (!page_size || (page_size & (page_size - 1))) {
 				zend_accel_error_noreturn(ACCEL_LOG_FATAL, "Failure to initialize shared memory structures - can't get page size.");
 				abort();
 			}

From a8c8fb2564f46be7832f994717b0b4653bdf744a Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sat, 21 Jan 2023 13:50:36 +0100
Subject: [PATCH 2/3] Fix incorrect check in cs_8559_5 in map_from_unicode()

The condition `code == 0x0450 || code == 0x045D` is always false because
of an incorrect range check on code.
According to the BMP coverage in the encoding spec for ISO-8859-5
(https://encoding.spec.whatwg.org/iso-8859-5-bmp.html) the range of
valid characters is 0x0401 - 0x045F (except for 0x040D, 0x0450, 0x045D).
The current check has an upper bound of 0x044F instead of 0x045F.
Fix this by changing the upper bound.

Closes GH-10399

Signed-off-by: George Peter Banyard <girgias@php.net>
---
 NEWS                                          |  1 +
 ext/standard/html.c                           |  2 +-
 .../strings/html_entity_decode_iso8859-5.phpt | 28 +++++++++----------
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/NEWS b/NEWS
index f7eaef05355..d8028bf92a6 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ PHP                                                                        NEWS
 - Standard:
   . Fixed bug GH-10292 (Made the default value of the first param of srand() and
     mt_srand() unknown). (kocsismate)
+  . Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos)
 
 02 Feb 2023, PHP 8.1.15
 
diff --git a/ext/standard/html.c b/ext/standard/html.c
index b93ce95df19..14ccd71a236 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -477,7 +477,7 @@ static inline int map_from_unicode(unsigned code, enum entity_charset charset, u
 			*res = 0xF0; /* numero sign */
 		} else if (code == 0xA7) {
 			*res = 0xFD; /* section sign */
-		} else if (code >= 0x0401 && code <= 0x044F) {
+		} else if (code >= 0x0401 && code <= 0x045F) {
 			if (code == 0x040D || code == 0x0450 || code == 0x045D)
 				return FAILURE;
 			*res = code - 0x360;
diff --git a/ext/standard/tests/strings/html_entity_decode_iso8859-5.phpt b/ext/standard/tests/strings/html_entity_decode_iso8859-5.phpt
index 46e6dc4dfe3..0616827c548 100644
--- a/ext/standard/tests/strings/html_entity_decode_iso8859-5.phpt
+++ b/ext/standard/tests/strings/html_entity_decode_iso8859-5.phpt
@@ -358,47 +358,47 @@ CYRILLIC SMALL LETTER YA: &#x44F; => ef
 NUMERO SIGN: &#x2116; => f0
 &#xF0; => &#xF0;
 
-CYRILLIC SMALL LETTER IO: &#x451; => 2623783435313b
+CYRILLIC SMALL LETTER IO: &#x451; => f1
 &#xF1; => &#xF1;
 
-CYRILLIC SMALL LETTER DJE: &#x452; => 2623783435323b
+CYRILLIC SMALL LETTER DJE: &#x452; => f2
 &#xF2; => &#xF2;
 
-CYRILLIC SMALL LETTER GJE: &#x453; => 2623783435333b
+CYRILLIC SMALL LETTER GJE: &#x453; => f3
 &#xF3; => &#xF3;
 
-CYRILLIC SMALL LETTER UKRAINIAN IE: &#x454; => 2623783435343b
+CYRILLIC SMALL LETTER UKRAINIAN IE: &#x454; => f4
 &#xF4; => &#xF4;
 
-CYRILLIC SMALL LETTER DZE: &#x455; => 2623783435353b
+CYRILLIC SMALL LETTER DZE: &#x455; => f5
 &#xF5; => &#xF5;
 
-CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I: &#x456; => 2623783435363b
+CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I: &#x456; => f6
 &#xF6; => &#xF6;
 
-CYRILLIC SMALL LETTER YI: &#x457; => 2623783435373b
+CYRILLIC SMALL LETTER YI: &#x457; => f7
 &#xF7; => &#xF7;
 
-CYRILLIC SMALL LETTER JE: &#x458; => 2623783435383b
+CYRILLIC SMALL LETTER JE: &#x458; => f8
 &#xF8; => &#xF8;
 
-CYRILLIC SMALL LETTER LJE: &#x459; => 2623783435393b
+CYRILLIC SMALL LETTER LJE: &#x459; => f9
 &#xF9; => &#xF9;
 
-CYRILLIC SMALL LETTER NJE: &#x45A; => 2623783435413b
+CYRILLIC SMALL LETTER NJE: &#x45A; => fa
 &#xFA; => &#xFA;
 
-CYRILLIC SMALL LETTER TSHE: &#x45B; => 2623783435423b
+CYRILLIC SMALL LETTER TSHE: &#x45B; => fb
 &#xFB; => &#xFB;
 
-CYRILLIC SMALL LETTER KJE: &#x45C; => 2623783435433b
+CYRILLIC SMALL LETTER KJE: &#x45C; => fc
 &#xFC; => &#xFC;
 
 SECTION SIGN: &#xA7; => fd
 &#xFD; => &#xFD;
 
-CYRILLIC SMALL LETTER SHORT U: &#x45E; => 2623783435453b
+CYRILLIC SMALL LETTER SHORT U: &#x45E; => fe
 &#xFE; => &#xFE;
 
-CYRILLIC SMALL LETTER DZHE: &#x45F; => 2623783435463b
+CYRILLIC SMALL LETTER DZHE: &#x45F; => ff
 &#xFF; => &#xFF;

From 972c74c300368caa614a78dbeb1d272760354538 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 22 Jan 2023 21:51:52 +0100
Subject: [PATCH 3/3] Fix incorrect check in zend_internal_call_should_throw()

This debug code is part of arginfo validation. This validation will
never trigger properly because the OR operation makes the first if
always true. Fix it by changing to an AND.

Closes GH-10417

Signed-off-by: George Peter Banyard <girgias@php.net>
---
 NEWS                | 1 +
 Zend/zend_execute.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index b2abc9d506d..b1abfcaf440 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ PHP                                                                        NEWS
 - Core:
   . Fixed incorrect check condition in ZEND_YIELD. (nielsdos)
   . Fixed incorrect check condition in type inference. (nielsdos)
+  . Fix incorrect check in zend_internal_call_should_throw(). (nielsdos)
 
 - FFI:
   . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos)
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index de32aab8af9..14d52e70be8 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -1210,7 +1210,7 @@ static zend_never_inline ZEND_ATTRIBUTE_UNUSED bool zend_verify_internal_arg_typ
  * trust that arginfo matches what is enforced by zend_parse_parameters. */
 ZEND_API bool zend_internal_call_should_throw(zend_function *fbc, zend_execute_data *call)
 {
-	if (fbc->internal_function.handler == ZEND_FN(pass) || (fbc->internal_function.fn_flags | ZEND_ACC_FAKE_CLOSURE)) {
+	if (fbc->internal_function.handler == ZEND_FN(pass) || (fbc->internal_function.fn_flags & ZEND_ACC_FAKE_CLOSURE)) {
 		/* Be lenient about the special pass function and about fake closures. */
 		return 0;
 	}