From 00a772bf9473ca3f76ba5423e4e72f87384f5e14 Mon Sep 17 00:00:00 2001 From: Eric Mann Date: Tue, 25 Feb 2025 09:20:39 -0800 Subject: [PATCH 1/2] PHP-8.3 is now for PHP 8.3.19-dev --- NEWS | 5 ++++- Zend/zend.h | 2 +- configure.ac | 2 +- main/php_version.h | 6 +++--- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index e644f7c0358..86d23228c20 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? ????, PHP 8.3.18 +?? ??? ????, PHP 8.3.19 + + +27 Feb 2025, PHP 8.3.18RC1 - BCMath: . Fixed bug GH-17398 (bcmul memory leak). (SakiTakamachi) diff --git a/Zend/zend.h b/Zend/zend.h index a3e833da7ef..e795ac967a2 100644 --- a/Zend/zend.h +++ b/Zend/zend.h @@ -20,7 +20,7 @@ #ifndef ZEND_H #define ZEND_H -#define ZEND_VERSION "4.3.18-dev" +#define ZEND_VERSION "4.3.19-dev" #define ZEND_ENGINE_3 diff --git a/configure.ac b/configure.ac index af4a1b3fc64..0e986138542 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ dnl Basic autoconf initialization, generation of config.nice. dnl ---------------------------------------------------------------------------- AC_PREREQ([2.68]) -AC_INIT([PHP],[8.3.18-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) +AC_INIT([PHP],[8.3.19-dev],[https://github.com/php/php-src/issues],[php],[https://www.php.net]) AC_CONFIG_SRCDIR([main/php_version.h]) AC_CONFIG_AUX_DIR([build]) AC_PRESERVE_HELP_ORDER diff --git a/main/php_version.h b/main/php_version.h index 32d4dae3d7b..8b508aaa335 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.ac to change version number */ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 3 -#define PHP_RELEASE_VERSION 18 +#define PHP_RELEASE_VERSION 19 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "8.3.18-dev" -#define PHP_VERSION_ID 80318 +#define PHP_VERSION "8.3.19-dev" +#define PHP_VERSION_ID 80319 From 8cbc0c57b7953a3b3c56d60fffdefd576186f9be Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 25 Feb 2025 05:08:12 +0000 Subject: [PATCH 2/2] Fix GH-17921 socket_read/socket_recv overflows on buffer size. update the existing checks to be more straightforward instead of counting on undefined behavior. close GH-17923 --- NEWS | 4 ++++ ext/sockets/sockets.c | 4 ++-- ext/sockets/tests/gh17921.phpt | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 ext/sockets/tests/gh17921.phpt diff --git a/NEWS b/NEWS index 86d23228c20..0294db412d2 100644 --- a/NEWS +++ b/NEWS @@ -65,6 +65,10 @@ PHP NEWS . Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c). (DanielEScherzer) +- Sockets: + . Fixed bug GH-17921 (socket_read/socket_recv overflow on buffer size). + (David Carlier) + - Standard: . Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths). (Jakub Zelenka) diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c index e6e231e2e5e..c252dc6e07a 100644 --- a/ext/sockets/sockets.c +++ b/ext/sockets/sockets.c @@ -884,7 +884,7 @@ PHP_FUNCTION(socket_read) ENSURE_SOCKET_VALID(php_sock); /* overflow check */ - if ((length + 1) < 2) { + if (length <= 0 || length == ZEND_LONG_MAX) { RETURN_FALSE; } @@ -1326,7 +1326,7 @@ PHP_FUNCTION(socket_recv) ENSURE_SOCKET_VALID(php_sock); /* overflow check */ - if ((len + 1) < 2) { + if (len <= 0 || len == ZEND_LONG_MAX) { RETURN_FALSE; } diff --git a/ext/sockets/tests/gh17921.phpt b/ext/sockets/tests/gh17921.phpt new file mode 100644 index 00000000000..d038ed04bc9 --- /dev/null +++ b/ext/sockets/tests/gh17921.phpt @@ -0,0 +1,18 @@ +--TEST-- +GH-16267 - overflow on socket_strerror argument +--EXTENSIONS-- +sockets +--FILE-- + +--EXPECT-- +bool(false) +bool(false) +bool(false) +bool(false)