php-src

mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00

Author	SHA1	Message	Date
Dmitry Stogov	0c65b396d6	Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048 )	2023-04-10 23:19:17 +03:00
Kamil Tekiela	1be99faeff	Fix strlen error message param name	2023-03-04 23:25:42 +00:00
Ilija Tovilo	7b68ff46da	Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv" This reverts commit `71ddede565`.	2023-02-16 14:07:17 +01:00
Niels Dossche	71ddede565	Fix GH-10168: heap-buffer-overflow at zval_undefined_cv The problem is that we're using the variable_ptr in the opcode handler after it has already been destroyed. The solution is to create a specialised version of zend_assign_to_variable which takes in two destination zval pointers. Closes GH-10524	2023-02-08 01:06:50 +01:00
Niels Dossche	b5e9bf7775	Fix incorrect check condition in ZEND_YIELD The condition `UNEXPECTED(Z_TYPE_P(key)) == IS_REFERENCE` always returned false, because `UNEXPECTED(expression)` always returns 0 or 1. Move the parens so the comparison is executed properly. Closes GH-10332.	2023-01-18 16:23:38 +01:00
Derick Rethans	233ffccc35	Fix GH-10072: PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code	2022-12-23 16:34:57 +00:00
Arnaud Le Blanc	ebe58459aa	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: [ci skip] NEWS Fix compilation warning Fix crash when memory limit is exceeded during generator initialization	2022-10-22 10:44:06 +02:00
Arnaud Le Blanc	26c7c82d32	Fix crash when memory limit is exceeded during generator initialization	2022-10-22 10:40:28 +02:00
Dmitry Stogov	c083efb779	Fix memory leak Fixes oss-fuzz #51622	2022-09-26 12:02:03 +03:00
Dmitry Stogov	b20568d4fa	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix memory leak	2022-09-26 11:44:38 +03:00
Dmitry Stogov	8258b7731b	Fix memory leak Fixes oss-fuzz #51622	2022-09-26 11:43:38 +03:00
George Peter Banyard	c36a1ea1ae	Merge branch 'PHP-8.0' into PHP-8.1	2022-08-19 12:52:58 +01:00
Tim Starling	ba029fce68	Fix GH-9323: crash when the VM enters userspace code via the GC Closes GH-9323	2022-08-19 12:50:02 +01:00
Dmitry Stogov	4f18dbeb97	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: JIT: Fix array clobbering by user error handler	2022-04-04 16:37:17 +03:00
Dmitry Stogov	c489e360a6	JIT: Fix array clobbering by user error handler Fixes oss-fuzz #46336	2022-04-04 16:36:25 +03:00
Dmitry Stogov	8e2406c59b	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix memory leak	2022-02-01 16:25:03 +03:00
Dmitry Stogov	a60a9b4a89	Fix memory leak Fixes oss-fuzz #44222	2022-02-01 16:24:22 +03:00
Dmitry Stogov	75b2973974	Fix array clobbering by user error handler Fixes oss-fuzz #42363	2021-12-15 12:20:37 +03:00
Dmitry Stogov	b16fc350a4	Move common code into helper	2021-12-14 15:31:53 +03:00
Dmitry Stogov	1e56b64759	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Combine ADDREF/DELREF	2021-12-13 22:54:45 +03:00
Dmitry Stogov	c787f42ceb	Combine ADDREF/DELREF	2021-12-13 22:38:23 +03:00
Dmitry Stogov	76075823e7	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix array clobering by user error handler	2021-12-13 15:20:16 +03:00
Dmitry Stogov	cbc0b1afeb	Fix array clobering by user error handler Fixes oss-fuzz #42234	2021-12-13 14:59:30 +03:00
Dmitry Stogov	08f1d470fb	Separate "cold" code	2021-12-07 11:46:32 +03:00
Dmitry Stogov	5459ed4c2f	Fix use after free because of data clobbering by user error handler Fixes oss-fuzz #41692	2021-12-06 13:08:27 +03:00
Dmitry Stogov	731ce6be01	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix array object clobbering by user error handler	2021-12-03 13:36:33 +03:00
Dmitry Stogov	1d054b3fa7	Fix array object clobbering by user error handler Fixes oss-fuss #41605 and #41610	2021-12-03 13:35:28 +03:00
Dmitry Stogov	9786eac9a3	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix clobering of operand by error handler in assignment to string offset	2021-12-02 00:46:27 +03:00
Dmitry Stogov	09547c64c2	Fix clobering of operand by error handler in assignment to string offset In some cases new code requires two reallocations insead of one. Fixes oss-fuzz #31716, #36196, #39739 and #40002	2021-12-02 00:24:05 +03:00
Nikita Popov	70cb37243e	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fixed bug #81631	2021-11-17 16:06:50 +01:00
Nikita Popov	4d4fe7639f	Fixed bug #81631 We need to save the opline before fetching the operand, as it may throw an undef var warning.	2021-11-17 16:06:25 +01:00
Dmitry Stogov	271cbe527c	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Partially fix handling of exceptions thrown in interrupt handlers	2021-11-11 21:01:40 +03:00
Dmitry Stogov	fa0b84a06b	Partially fix handling of exceptions thrown in interrupt handlers	2021-11-11 20:59:56 +03:00
Nikita Popov	e4f1083a6d	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix finally exception chaining on recursion	2021-11-01 11:45:00 +01:00
Nikita Popov	1a2fb90bf4	Fix finally exception chaining on recursion In this case zend_exception_set_previous() would destroy the fast_call exception and further accesses on ex would be invalid. We should only update ex if we update EG(exception). Fixes oss-fuzz #40464.	2021-11-01 11:44:32 +01:00
Nikita Popov	22b6aac66f	Fix inc/dec of undef var with error handler Set the variable to null after emitting the undef var notice rather than before. This avoids an assertion failure if the var is unset by the error handler. The flip side is that this may cause a leak instead, but that's the more harmless outcome. Fixes oss-fuzz #36604.	2021-10-19 14:19:22 +02:00
Nikita Popov	7b0710695b	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Don't free FETCH_W operand if GLOBAL_LOCK	2021-10-12 12:45:49 +02:00
Nikita Popov	a2e3ca1f5b	Don't free FETCH_W operand if GLOBAL_LOCK The error path performed the free unconditionally, while we should not do it for GLOBAL_LOCK. Fixes oss-fuzz #39868.	2021-10-12 12:44:35 +02:00
Nikita Popov	02c5f7f927	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix duplicate undef warning in assign_dim_op	2021-10-05 15:51:30 +02:00
Nikita Popov	11a9b036a8	Fix duplicate undef warning in assign_dim_op In case of auto-vivification we were fetching dim twice and as such also emitting the undef var warning twice.	2021-10-05 15:51:11 +02:00
Nikita Popov	02244d5ee6	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Create reference wrappers in SEND_UNPACK if necessary	2021-09-30 14:56:44 +02:00
Nikita Popov	e11faad233	Create reference wrappers in SEND_UNPACK if necessary Even if we can't actually pass by reference, we still need to create the REFERENCE wrapper to satisfy the calling convention. The particular test case would crash with JIT, because the existence of the reference was assumed. Fixes oss-fuzz #39440.	2021-09-30 14:55:48 +02:00
Nikita Popov	9346da8964	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Handle throwing destructor in BIND_STATIC	2021-09-29 10:17:22 +02:00
Nikita Popov	ec54ffad1e	Handle throwing destructor in BIND_STATIC Fixes oss-fuzz #39406.	2021-09-29 10:17:05 +02:00
Nikita Popov	92f808b8bc	Merge branch 'PHP-8.0' into PHP-8.1 * PHP-8.0: Fix SEND_USER with ref arg	2021-09-17 12:18:16 +02:00
Nikita Popov	01453a0af7	Fix SEND_USER with ref arg Even though the input is not a reference (or not treated as such), we still need to create a reference to satisfy the function signature. Various code relies on reference arguments actually being references. In this particular case, it would result in a JIT crash. The zend_call_function() implementation already handled this correctly.	2021-09-17 12:17:33 +02:00
Nikita Popov	260d2acdb4	Fix memory leak in array unpack with refcounted numeric string key	2021-09-14 12:14:12 +02:00
Nikita Popov	a40ccd758c	Fixed bug #81377 BP_VAR_UNSET should not result in undefined warnings.	2021-08-24 15:05:53 +02:00
Christoph M. Becker	7c53e7def8	Merge branch 'PHP-8.0' * PHP-8.0: Fix #73122: Integer Overflow when concatenating strings	2021-08-18 14:54:29 +02:00
Christoph M. Becker	d71a0dcc76	Merge branch 'PHP-7.4' into PHP-8.0 * PHP-7.4: Fix #73122: Integer Overflow when concatenating strings	2021-08-18 14:52:59 +02:00

1 2 3 4 5 ...

2258 commits