archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
133893 commits 526 branches 1434 tags 865 MiB
Commit graph

2370 commits

Author SHA1 Message Date
Ilija Tovilo
b7a468cd06
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix leak of call->extra_named_params on internal __call
 2023-12-01 16:50:49 +01:00
Ilija Tovilo
f203edd3c5
Fix leak of call->extra_named_params on internal __call 
Fixes GH-12835
Closes GH-12836
 2023-12-01 16:49:16 +01:00
Bob Weinand
88537c55b5 Merge branch 'PHP-8.2' into PHP-8.3 2023-11-25 01:01:56 +01:00
Bob Weinand
50ccea31f2 Merge branch 'PHP-8.1' into PHP-8.2 2023-11-25 00:59:26 +01:00
Florian Engelhardt
8d2df86b06
Fix invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC (#12768) 
* fix segfault in `ZEND_BIND_STATIC`

In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full,
the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as
the opline might be a dangling pointer.

* add missing test

* `assert()`ing seems easier than trying to make the compiler to not optimize

* moved from function call to INI setting, so we can use this in other places as well

* make `assert()` work no NDEBUG builds

* document magic number

* fix segfault in `ZEND_FUNC_GET_ARGS`

In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is
full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash,
as the opline might be a dangling pointer.

---------

Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>
 2023-11-25 00:54:02 +01:00
Ilija Tovilo
1fdcfa4ebe
Fix use-after-free of name in var-var with malicious error handler 
Fixes oss-fuzz #54325
Closes GH-12732
 2023-11-22 21:08:55 -06:00
Ilija Tovilo
88d012f360
Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fix use-after-free of name in var-var with malicious error handler
 2023-11-20 14:06:25 +01:00
Ilija Tovilo
ea52706a2a
Fix use-after-free of name in var-var with malicious error handler 
Fixes oss-fuzz #54325
Closes GH-12732
 2023-11-20 14:05:46 +01:00
Ilija Tovilo
cb1e842929
Fix inference of COPY_TMP 
Since GH-11592 COPY_TMP may receive and thus define references. Unfortunately,
the name COPY_TMP is no longer accurate.

Closes GH-12619
 2023-11-07 12:02:45 +01:00
Ilija Tovilo
ddabe89add
Fix OP1 leak in error path of post inc/dec 
Fixes oss-fuzz #63802
Closes GH-12599
 2023-11-02 19:30:59 +01:00
Dmitry Stogov
b4ce171aa2 Merge branch 'PHP-8.2' into PHP-8.3 
* PHP-8.2:
  Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)
 2023-09-05 10:13:47 +03:00
Dmitry Stogov
ab6d564a7e Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash)
 2023-09-05 10:13:22 +03:00
Dmitry Stogov
f1f608bf53 Fixed uninitialized EX(opline) access (possible Zend/tests/gh12073.phpt crash) 2023-09-05 10:11:54 +03:00
Ilija Tovilo
73c5f36f5b
Assert ptr_ptr value of TMP|CONST isn't used (#11865) 
We require valid code for compilation to succeed, but these paths should always
be guarded by OPx_TYPE checks and never execute. Add an assertion to verify.
 2023-08-03 15:28:19 +02:00
Ilija Tovilo
120ae1719d
Add typed specialization for ZEND_COUNT (#11825) 2023-08-03 12:33:32 +02:00
George Peter Banyard
fc3df283fb
Zend: Fix memory leak in ++/-- when overloading fetch access 
Closes GH-11859
 2023-08-02 18:47:08 +01:00
George Peter Banyard
2fbec0974f Fix OSS Fuzz #60734: use-after-free visible in ASAN build 2023-08-01 16:40:25 +01:00
Máté Kocsis
1126232053 Deprecate calling get_class() and get_parent_class() without arguments 2023-07-18 12:59:21 +02:00
Ilija Tovilo
1a0ef2c1cc
Revert "Remove name field from the zend_constant struct (#10954)" 
This reverts commit f42992f580.

Closes GH-11604
 2023-07-17 22:32:41 +02:00
George Peter Banyard
d8696f9216
[RFC] Path to Saner Increment/Decrement operators (#10358) 
* Add behavioural tests for incdec operators

* Add support to ++/-- for objects castable to _IS_NUMBER

* Add str_increment() function

* Add str_decrement() function

RFC: https://wiki.php.net/rfc/saner-inc-dec-operators

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
Co-authored-by: Arnaud Le Blanc <arnaud.lb@gmail.com>
 2023-07-17 15:51:24 +01:00
George Peter Banyard
3e2dbbf9c2 Add support for deprecating class constants 2023-07-17 05:01:13 +01:00
Ilija Tovilo
ad1b70d67e
Revert "Revert "Remove name field from the zend_constant struct (#10954)"" 
This reverts commit 9f4bd3040d.
 2023-07-04 16:42:40 +02:00
Máté Kocsis
9f4bd3040d
Revert "Remove name field from the zend_constant struct (#10954)" 
This reverts commit f42992f580.

Fix GH-11423
 2023-07-03 15:16:24 +02:00
Dmitry Stogov
962a777a37 Merge branch 'PHP-8.2' 
* PHP-8.2:
  Keep consistent EG(current_execute_data) after return from generator (#11380)
 2023-06-08 14:55:56 +03:00
Dmitry Stogov
42619b2378 Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Keep consistent EG(current_execute_data) after return from generator (#11380)
 2023-06-08 14:55:43 +03:00
Dmitry Stogov
06d68738b7
Keep consistent EG(current_execute_data) after return from generator (#11380) 2023-06-08 14:55:18 +03:00
George Peter Banyard
99fa740acb
Use common function for TypeError on illegal offset access (#10544) 
This merges all usages of emitting an offset TypeError into a new ZEND_API function
zend_illegal_container_offset(const zend_string* container, const zval *offset, int type);

Where the container should represent the type on which the access is attempted (e.g. string, array)
The offset zval that is used, where the error message will display its type
The type of access, which should be a BP_VAR_* constant, to get special message for isset/empty/unset
 2023-06-06 11:28:19 +01:00
Ilija Tovilo
0b1d750d91
Allow arbitrary expressions in static variable initializer 
Closes GH-9301
 2023-05-24 20:17:31 +02:00
Máté Kocsis
414f71a902
Typed class constants (#10444) 
RFC: https://wiki.php.net/rfc/typed_class_constants

Co-Authored-By: Ben <7127204+moliata@users.noreply.github.com>
Co-Authored-By: Bob Weinand <3154871+bwoebi@users.noreply.github.com>
Co-Authored-By: Ilija Tovilo <ilija.tovilo@me.com>
 2023-04-16 22:20:26 +02:00
Dmitry Stogov
0660fb5282 Merge branch 'PHP-8.2' 
* PHP-8.2:
  Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
 2023-04-10 23:25:42 +03:00
Dmitry Stogov
e14ac1caee Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048)
 2023-04-10 23:25:08 +03:00
Dmitry Stogov
0c65b396d6
Allow FETCH_OBJ_W and FETCH_STATIC_PROP_W to return INDIRECT/UNDEF zval for uninitialized typed properties (#11048) 2023-04-10 23:19:17 +03:00
Niels Dossche
ede8adb2e2
Fix GH-11016: Heap buffer overflow in ZEND_ADD_ARRAY_UNPACK_SPEC_HANDLER (#11021) 
Not enough space was reserved for the packed resulting array because of
some confusion in the meaning of nr of used slots vs nr of elements.

Co-authored-by: Ilija Tovilo <ilija.tovilo@me.com>
 2023-04-06 21:55:11 +02:00
Ilija Tovilo
fdbea4f39e
Add GC_DTOR/GC_DTOR_NO_REF macros 2023-04-04 18:55:47 +02:00
Dmitry Stogov
24acb4f134
Delay destructor for zend_std_write_property 2023-04-04 18:55:47 +02:00
Dmitry Stogov
915b2837f7
Delay freeing of overwritten values in assignments 
Fixes GH-10168
 2023-04-04 18:55:46 +02:00
Máté Kocsis
f42992f580
Remove name field from the zend_constant struct (#10954) 
As global constant names are case-sensitive now, we don't have to store them separately above the constant table.
 2023-04-03 22:13:47 +02:00
George Peter Banyard
d7c351ea54
Propagate UTF-8 flag during Rope operations (#10915) 2023-03-26 14:18:46 +01:00
Kamil Tekiela
69ec3c6bc6
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Fix strlen error message param name

Closes GH-10784
 2023-03-10 12:52:28 +00:00
Kamil Tekiela
e223bf2015
Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix strlen error message param name
 2023-03-10 12:48:46 +00:00
Kamil Tekiela
1be99faeff
Fix strlen error message param name 2023-03-04 23:25:42 +00:00
Max Kellermann
d5c649b36b
zend_compiler, ...: use uint8_t instead of zend_uchar (#10621) 
`zend_uchar` suggests that the value is an ASCII character, but here,
it's about very small integers.  This is misleading, so let's use a
C99 integer instead.

On all architectures currently supported by PHP, `zend_uchar` and
`uint8_t` are identical.  This change is only about code readability.
 2023-02-23 14:56:54 +00:00
Max Kellermann
413844d626
Zend/zend_types.h: deprecate zend_bool, zend_intptr_t, zend_uintptr_t (#10597) 
These types are standard C99.

For compatibility with out-of-tree extensions, keep the typedefs
in main/php.h.
 2023-02-18 19:31:28 +00:00
Ilija Tovilo
bb7dca3c68
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Revert "Remove useless UNEXPECTED around RETURN_VALUE_USED in specialized RETVAL handler"
 2023-02-17 00:28:52 +01:00
Ilija Tovilo
81f3fcd5cc
Revert "Remove useless UNEXPECTED around RETURN_VALUE_USED in specialized RETVAL handler" 
This reverts commit 5b801612cb.
 2023-02-17 00:28:33 +01:00
Ilija Tovilo
a3e44bbb9d
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"
 2023-02-16 14:18:24 +01:00
Ilija Tovilo
efb9181a98
Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv"
 2023-02-16 14:13:17 +01:00
Ilija Tovilo
7b68ff46da
Revert "Fix GH-10168: heap-buffer-overflow at zval_undefined_cv" 
This reverts commit 71ddede565.
 2023-02-16 14:07:17 +01:00
Marcos Marcolin
641fe23e3a
Improve illegal offset error messages (#10504) 
Co-authored-by: Marcos Marcolin <marcos@ixcsoft.com.br>
 2023-02-08 12:11:41 +00:00
Ilija Tovilo
e3179a0955
Merge branch 'PHP-8.2' 
* PHP-8.2:
  Fix GH-10168: heap-buffer-overflow at zval_undefined_cv
 2023-02-08 01:21:28 +01:00