archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
133616 commits 526 branches 1434 tags 864 MiB
Commit graph

2289 commits

Author SHA1 Message Date
Ilija Tovilo
88d012f360
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix use-after-free of name in var-var with malicious error handler
 2023-11-20 14:06:25 +01:00
Ilija Tovilo
ea52706a2a
Fix use-after-free of name in var-var with malicious error handler 
Fixes oss-fuzz #54325
Closes GH-12732
 2023-11-20 14:05:46 +01:00
Ilija Tovilo
cb1e842929
Fix inference of COPY_TMP 
Since GH-11592 COPY_TMP may receive and thus define references. Unfortunately,
the name COPY_TMP is no longer accurate.

Closes GH-12619
 2023-11-07 12:02:45 +01:00
Ilija Tovilo
ddabe89add
Fix OP1 leak in error path of post inc/dec 
Fixes oss-fuzz #63802
Closes GH-12599
 2023-11-02 19:30:59 +01:00
Dmitry Stogov
b4ce171aa2 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)
 2023-09-05 10:13:47 +03:00
Dmitry Stogov
ab6d564a7e Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)
 2023-09-05 10:13:22 +03:00
Dmitry Stogov
f1f608bf53 Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash) 2023-09-05 10:11:54 +03:00
Ilija Tovilo
120ae1719d
Add typed specialization for ZEND_COUNT (#11825) 2023-08-03 12:33:32 +02:00
George Peter Banyard
fc3df283fb
Zend: Fix memory leak in ++/-- when overloading fetch access 
Closes GH-11859
 2023-08-02 18:47:08 +01:00
George Peter Banyard
2fbec0974f Fix OSS Fuzz #60734: use-after-free visible in ASAN build 2023-08-01 16:40:25 +01:00
Máté Kocsis
1126232053 Deprecate calling get_class() and get_parent_class() without arguments 2023-07-18 12:59:21 +02:00
Ilija Tovilo
1a0ef2c1cc
Revert "Remove name field from the zend_constant struct (#10954)" 
This reverts commit f42992f580.

Closes GH-11604
 2023-07-17 22:32:41 +02:00
George Peter Banyard
d8696f9216
[RFC] Path to Saner Increment/Decrement operators (#10358) 
* Add behavioural tests for incdec operators

* Add support to ++/-- for objects castable to _IS_NUMBER

* Add str_increment() function

* Add str_decrement() function

RFC: https://wiki.php.net/rfc/saner-inc-dec-operators

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
Co-authored-by: Arnaud Le Blanc <arnaud.lb@gmail.com>
 2023-07-17 15:51:24 +01:00
George Peter Banyard
3e2dbbf9c2 Add support for deprecating class constants 2023-07-17 05:01:13 +01:00
Ilija Tovilo
ad1b70d67e
Revert "Revert "Remove name field from the zend_constant struct (#10954)"" 
This reverts commit 9f4bd3040d.
 2023-07-04 16:42:40 +02:00
Máté Kocsis
9f4bd3040d
Revert "Remove name field from the zend_constant struct (#10954)" 
This reverts commit f42992f580.

Fix GH-11423
 2023-07-03 15:16:24 +02:00
Dmitry Stogov
962a777a37 Merge branch 'PHP-8.2' 
* PHP-8.2:
  Keep consistent EG(current_execute_data) after return from generator (#11380)
 2023-06-08 14:55:56 +03:00
Dmitry Stogov
42619b2378 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Keep consistent EG(current_execute_data) after return from generator (#11380)
 2023-06-08 14:55:43 +03:00
Dmitry Stogov
06d68738b7
Keep consistent EG(current_execute_data) after return from generator (#11380) 2023-06-08 14:55:18 +03:00
George Peter Banyard
99fa740acb
Use common function for TypeError on illegal offset access (#10544) 
This merges all usages of emitting an offset TypeError into a new ZEND_API function
zend_illegal_container_offset(const zend_string* container, const zval *offset, int type);

Where the container should represent the type on which the access is attempted (e.g. string, array)
The offset zval that is used, where the error message will display its type
The type of access, which should be a BP_VAR_* constant, to get special message for isset/empty/unset
 2023-06-06 11:28:19 +01:00
Ilija Tovilo
0b1d750d91
Allow arbitrary expressions in static variable initializer 
Closes GH-9301
 2023-05-24 20:17:31 +02:00
Máté Kocsis
414f71a902
Typed class constants (#10444) 
RFC: https://wiki.php.net/rfc/typed_class_constants

Co-Authored-By: Ben <7127204+moliata@users.noreply.github.com>
Co-Authored-By: Bob Weinand <3154871+bwoebi@users.noreply.github.com>
Co-Authored-By: Ilija Tovilo <ilija.tovilo@me.com>
 2023-04-16 22:20:26 +02:00
Dmitry Stogov
0660fb5282 Merge branch 'PHP-8.2' 
* PHP-8.2:
  Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
 2023-04-10 23:25:42 +03:00
Dmitry Stogov
e14ac1caee Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
 2023-04-10 23:25:08 +03:00
Dmitry Stogov
0c65b396d6
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048) 2023-04-10 23:19:17 +03:00
Niels Dossche
ede8adb2e2
Fix GH-11016: Heap buffer overflow in ZEND_ADD_ARRAY_UNPACK_SPEC_HANDLER (#11021) 
Not enough space was reserved for the packed resulting array because of
some confusion in the meaning of nr of used slots vs nr of elements.

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
 2023-04-06 21:55:11 +02:00
Ilija Tovilo
fdbea4f39e
Add GC_DTOR/GC_DTOR_NO_REF macros 2023-04-04 18:55:47 +02:00
Dmitry Stogov
24acb4f134
Delay destructor for zend_std_write_property 2023-04-04 18:55:47 +02:00
Dmitry Stogov
915b2837f7
Delay freeing of overwritten values in assignments 
Fixes GH-10168
 2023-04-04 18:55:46 +02:00
Máté Kocsis
f42992f580
Remove name field from the zend_constant struct (#10954) 
As global constant names are case-sensitive now, we don't have to store them separately above the constant table.
 2023-04-03 22:13:47 +02:00
George Peter Banyard
d7c351ea54
Propagate UTF-8 flag during Rope operations (#10915) 2023-03-26 14:18:46 +01:00
Kamil Tekiela
69ec3c6bc6
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Fix strlen error message param name

Closes GH-10784
 2023-03-10 12:52:28 +00:00
Kamil Tekiela
e223bf2015
Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix strlen error message param name
 2023-03-10 12:48:46 +00:00
Kamil Tekiela
1be99faeff
Fix strlen error message param name 2023-03-04 23:25:42 +00:00
Max Kellermann
d5c649b36b
zend_compiler, ...: use uint8_t instead of zend_uchar (#10621) 
`zend_uchar` suggests that the value is an ASCII character, but here,
it's about very small integers.  This is misleading, so let's use a
C99 integer instead.

On all architectures currently supported by PHP, `zend_uchar` and
`uint8_t` are identical.  This change is only about code readability.
 2023-02-23 14:56:54 +00:00
Ilija Tovilo
bb7dca3c68
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Revert "Remove useless UNEXPECTED around RETURN_VALUE_USED in specialized RETVAL handler"
 2023-02-17 00:28:52 +01:00
Ilija Tovilo
81f3fcd5cc
Revert "Remove useless UNEXPECTED around RETURN_VALUE_USED in specialized RETVAL handler" 
This reverts commit 5b801612cb.
 2023-02-17 00:28:33 +01:00
Ilija Tovilo
a3e44bbb9d
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"
 2023-02-16 14:18:24 +01:00
Ilija Tovilo
efb9181a98
Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"
 2023-02-16 14:13:17 +01:00
Ilija Tovilo
7b68ff46da
Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv" 
This reverts commit 71ddede565.
 2023-02-16 14:07:17 +01:00
Marcos Marcolin
641fe23e3a
Improve illegal offset error messages (#10504) 
Co-authored-by: Marcos Marcolin <marcos@ixcsoft.com.br>
 2023-02-08 12:11:41 +00:00
Ilija Tovilo
e3179a0955
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Fix GH-10168: heap-buffer-overflow at zval_undefined_cv
 2023-02-08 01:21:28 +01:00
Ilija Tovilo
972a5a02bd
Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix GH-10168: heap-buffer-overflow at zval_undefined_cv
 2023-02-08 01:12:03 +01:00
Niels Dossche
71ddede565
Fix GH-10168: heap-buffer-overflow at zval_undefined_cv 
The problem is that we're using the variable_ptr in the opcode handler
*after* it has already been destroyed. The solution is to create a
specialised version of zend_assign_to_variable which takes in two
destination zval pointers.

Closes GH-10524
 2023-02-08 01:06:50 +01:00
Niels Dossche
99b86141ae Introduce convenience macros for copying flags that hold when concatenating two strings 
This abstracts away, and cleans up, the flag handling for properties of
strings that hold when concatenating two strings if they both hold that
property. (These macros also work with simply copies of strings because
a copy of a string can be considered a concatenation with the empty
string.) This gets rid of some branches and some repetitive code, and
leaves room for adding more flags like these in the future.
 2023-02-05 14:32:50 +00:00
Ilija Tovilo
35a36b13e5
Fix comp-time and constant evaluation of dynamic class constant fetch 
Fixes GH-10486
Fixes oss-fuzz #55436
Fixes oss-fuzz #55472
Closes GH-10487
 2023-02-02 19:18:17 +01:00
George Peter Banyard
64127b66c6 Concatenating two valid UTF-8 strings produces a valid UTF-8 string 
The UTF-8 valid flag needs to be copied upon interning,
otherwise strings that are concatenated at compile time lose this information.

However, if previously this string was interned without the flag it is not added
E.g. in the case the string is an existing class name.

Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
 2023-02-02 12:02:36 +00:00
Ilija Tovilo
02bd52b5a8
Implement dynamic class const fetch 
https://wiki.php.net/rfc/dynamic_class_constant_fetch

Closes GH-9793
 2023-01-26 16:46:34 +01:00
Máté Kocsis
7936c8085e
Fix GH-8329 Print true/false instead of bool in error and debug messages (#8385) 2023-01-23 10:52:14 +01:00
Arnaud Le Blanc
95ccce3c13 Merge branch 'PHP-8.2' 
* PHP-8.2:
  [ci skip] NEWS
  [ci skip] NEWS
  Fix GH-10248: Assertion `!(zval_get_type(&(*(property))) == 10)' failed.
 2023-01-20 16:55:11 +01:00