PHP 8.1 introduced a seemingly unintentional BC break in ca94d55a19 by
blocking the (un)serialization of DOM objects.
This was done because the serialization never really worked and just
resulted in an empty object, which upon unserialization just resulted in
an object that you can't use.
Users can however implement their own serialization methods, but the
commit made that impossible as the ACC flag gets passed down to the
child class. An approach was tried in #10307 with a new ACC flag to
selectively allow serialization with subclasses if they implement the
right methods. However, that was found to be too ad hoc.
Instead, let's abuse how the __sleep and __wakeup methods work to throw
the exception instead. If the child class implements the __serialize /
__unserialize method, then the throwing methods won't be called.
Similarly, if the child class implements __sleep and __wakeup, then
they're overridden and it doesn't matter that they throw.
For the user, this PR has the exact same behaviour for (sub)classes that
don't implement the serialization methods: an exception will be thrown.
For code that previously implemented subclasses with these methods, this
approach will make that code work again. This approach should be both BC
preserving and unbreak user's code.
Closes GH-12388.
For the test:
Co-authored-by: wazelin <contact@sergeimikhailov.com>
After preloading has executed, the executor globals for class_table and
function_table are still referring to the values during preloading.
If no request happens after that then these values will remain dangling
pointers. If then the -v option on CLI or -h option (and possibly
others) on CGI is provided, there is a double free.
Fix it by nulling the pointers explicitly after preloading has finished
to fix it for all SAPIs.
Closes GH-12311.
Many methods in SimpleXML reset the iterator when called. This has the
consequence that mixing these operations with loops can cause infinite
loops, or the loss of iteration data.
Some people may however rely on the resetting behaviour. To prevent
unintended breaks in stable branches, let's only apply the fix to master.
This reverts GH-12193, GH-12229, GG-12247 for stable branches while
keeping them on master, adding a note in UPGRADING as well.
This test triggers narrowing for two ops: first ZEND_ADD_ARRAY_ELEMENT,
and then ZEND_ASSIGN.
The type inference happens in the following order:
1) The ZEND_ADD_ARRAY_ELEMENT infers type 0x40e04080 (packed flag is set),
arr_type=0 at this point because it hasn't been set by ZEND_INIT_ARRAY yet.
2) The ZEND_INIT_ARRAY infers type 0x40804080
3) The ZEND_ADD_ARRAY_ELEMENT infers type 0x40e04080, arr_type=0x40804080,
which does not have the packed flag set while the existing result of
ZEND_ADD_ARRAY_ELEMENT has the packed flag set.
This seems to occur because of the phi node introduced by the while
loop. If I remove the loop the problem goes away.
As Arnaud noted, this seems to be caused by a too wide type inference
for arr_type==0. We should keep the invariant that if x>=y then
key_type(x) >= key_type(y).
If we write the possible results down in a table we get:
```
arr_type resulting key type
--------------- --------------------------------------------------------------------------
HASH_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH
PACKED_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG)
HASH || PACKED -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG)
0 -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG)
```
As we can see, `HASH_ONLY > 0` but
`MAY_BE_ARRAY_NUMERIC_HASH < MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED`,
which violates the invariant.
Instead if we modify the zero case to have MAY_BE_ARRAY_NUMERIC_HASH instead,
we get the following table which satisfies the invariant.
```
arr_type resulting key type
--------------- --------------------------------------------------------------------------
HASH_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH
PACKED_ONLY -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG)
HASH || PACKED -> MAY_BE_ARRAY_NUMERIC_HASH | MAY_BE_ARRAY_PACKED (== MAY_BE_ARRAY_KEY_LONG)
0 -> MAY_BE_ARRAY_NUMERIC_HASH
```
Broke in 1ffbb73.
Closes GH-10294.
The return type is wrong. You can also use this method with SimpleXML.
In fact, PHP provides a way that even third party libraries can hook
into its XML handling. Therefore, we cannot even use the
SimpleXML|DOMDocument|false union type as third party extensions may
extend the possibilities.
Broke in 8.1 in 1b35056a33.
Closes GH-12315.
The xmlDOMWrapReconcileNamespaces method we used to fix the namespace
corruption issues in 8.1.21/8.2.8 caused regressions.
Primarily, there is a similar corruption that the xmlReconciliateNs method
used to have in which a namespace is suddenly shifted
(SAML-Toolkits/php-saml#562) and the side-effect of removing redundant
namespaces causes problems when a specific serialization is required.
Closes GH-12308.
Currently, a common function is used where a function pointer gets
passed to check the character class type. If we instead use a macro, the
macro version of these character class type checkers can be used. While
this gives only a minor speed-up for glibc-based systems, on Alpine this
gives a multi-facor speed-up
This is essentially a manual revert of dc80ea7e38.
Full discussion in GH-11997.
Closes GH-12300.
On some configurations, the COMPILE_DL_MYSQLND must come from config.h.
If it isn't set, the get_module function won't be exposed, resulting in
a failure when trying to load the library.
It's the same issue ext/fileinfo had a while back that was fixed in
b0ba368d5.
Closes GH-12299.
Prior to the 8.1 rewrite, inet_aton was used for ipv4 addresses
therefore addresses like `0` passed.
For the bindto's case where both ip and port are set as such, we discard
the address binding.
Close GH-12195
* support running testsuite with negative niceness
a bug in the regex would break getNice() if the current niceness was negative, which would make the whole test fail.
Previously:
this would fail:
time sudo nice --adjustment=-19 ./php run-tests.php -j$(nproc) -x --offline ext/standard/tests/general_functions/proc_nice_basic.phpt --color --show-all
and this would work:
time sudo ./php run-tests.php -j$(nproc) -x --offline ext/standard/tests/general_functions/proc_nice_basic.phpt --color --show-all
* Update ext/standard/tests/general_functions/proc_nice_basic.phpt
Co-authored-by: Michael Voříšek <mvorisek@mvorisek.cz>
---------
Co-authored-by: Michael Voříšek <mvorisek@mvorisek.cz>
When we try to load an extension multiple times, we still overwrite the
type, module number, and handle. If the module number is used to
indicate module boundaries (e.g. in reflection and in dom, see e.g.
dom_objects_set_class_ex), then all sorts of error can happen.
In the case of ext/dom, OP's error happens because the following
happens:
- The property handler is set up incorrectly in
dom_objects_set_class_ex() because the wrong module number is
specified. The class highest in the hierarchy is DOMNode, so the
property handler is incorrectly set to that of DOMNode instead of
DOMDocument.
- The documentElement property doesn't exist on DOMNode, it only exists
on DOMDocument, so it tries to read using zend_std_read_property().
As there is no user property called documentElement, that read
operation returns an undef value.
However, the type is still checked, resulting in the strange exception.
Closes GH-12219.
The code in the attached test used to work correctly in PHP 8.0, but not
in 8.1+. This is because PHP 8.1+ uses a more modern version of pcre2
than PHP 8.0, and that pcre2 versions has a regression.
While upgrading pcre2lib seems to be only done for the master branch, it
is possible to backport upstream fixes to stable branches. This has been
already done in the past in for JIT regressions [1], so it is not
unprecedented.
We backport the upstream pcre2 fix [2].
[1] 788a701e22
[2] https://github.com/PCRE2Project/pcre2/pull/135
Closes GH-12108.
This happens because getName() resets the iterator to the start because
it overwrites the iterator data.
We add a version of get_first_node that does not overwrite the iterator
data.
Closes GH-12193.
For some reason, FILTER_CALLBACK disables the FILTER_REQUIRE_SCALAR flag that is
normally set by default. While surprising, this is not something we can change.
However, even specifying FILTER_REQUIRE_SCALAR explicitly does not corrently set
this flag. This is because FILTER_CALLBACK zeroes the flags after they have been
populated from the parameters.
We reverse the checks to make explicitly specifying the flag behave as expected.
Closes GH-12203
In this test file, the free_obj handler is called with a refcount of 2,
caused by the fact we do a GC_ADDREF() to increase its refcount while
its refcount is still 1 because the Foo object hasn't been destroyed yet
(due to the cycle caused by the sqlite function callback).
Solve this by introducing a get_gc handler.
Closes GH-11881.
`ext/odbc/tests/config.inc` overrides the INIs used for the ODBC driver
manager pointlessly. It's not pointing to some custom PHP test suite
specific one, but the system one in `/etc/odbc(inst).ini`. Which
doesn't necessarily exist, on i.e. NixOS, MacPorts, etc.
Closes GH-12133
Signed-off-by: George Peter Banyard <girgias@php.net>
Like oci8, procedural ODBC uses an apply function on the hash list to
enumerate persistent connections and close the specific one. However,
this function take zvals, not resources. However, it was getting casted
as such, causing it to interpret the pointer incorrectly. This could
have caused other issues, but mostly manifested as failing to close the
connection even fi it matched.
The function now takes a zval and gets the resource from that. In
addition, it also removes the cast of the function pointer and moves
casting to the function body, to avoid possible confusion like this in
refactors again. It also cleans up style and uses constants in the
function body.
Closes GH-12132
Signed-off-by: George Peter Banyard <girgias@php.net>
Passing NULL as the pointer to intl_error* will use the global error stack.
This is what we need to do instead of pushing it onto the temporary format object that is released.
When you do an assignment between two zvals (no, not zval*), you copy
all fields. This includes the additional u2 data. So that means for
example the Z_NEXT index gets copied, which in some cases can therefore
cause a cycle in zend_hash lookups.
Instead of doing an assignment, we should be doing a ZVAL_COPY (or
ZVAL_COPY_VALUE for non-refcounting cases). This avoids copying u2.
Closes GH-12086.
