* PHP-8.2:
[ci skip] NEWS
fix: zend-max-execution-timers with negative or high timeout value (#13942)
Use return value of getpwuid_r(), not errno (#13969)
In the test cases, the compiler bails out due to a fatal error.
The data structures used by the compiler will contain stale values.
In particular, for the test case CG(loop_var_stack) will contain data.
The next compilation will incorrectly use elements from the previous
stack.
To solve this, we reset part of the compiler data structures.
We don't do a full re-initialization via init_compiler() because that will
also reset streams and resources.
Closes GH-13938.
Fix the following build failure without pthread raised since version
8.3.0 and
a11c8a3039:
/home/buildroot/instance-0/output-1/build/php-8.3.4/Zend/zend_call_stack.c:39:11: fatal error: pthread.h: No such file or directory
39 | # include <pthread.h>
| ^~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/a4ef648a9da50b26ed56d5d490e4cf5a1bfff970
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Close GH-13843
This fixes an edge case causing the GC to be triggered repeatedly.
Destructors might add potential garbage to the buffer, so it may happen that num_root it higher than gc_threshold after collection, thus triggering a GC run almost immediately. This can happen by touching enough objects in a destructor, e.g. by iterating over an array. If this happens again in the new run, and the threshold is not updated, the GC may be triggered again.
The edge case requires specific conditions to be triggered and it must happen rarely in practice:
* At least GC_THRESHOLD_TRIGGER (100) objects must be collected during each run for the threshold to not be updated
* At least GC_G(gc_threshold) (initially 10k) objects must be touched (decref'ed to n>0) by any destructor during each run to fill the buffer
The fix is to increase the threshold if GC_G(num_roots) >= GC_G(gc_threshold) after GC. The threshold eventually reaches a point at which the second condition is not met anymore.
The included tests trigger more than 200 GC runs before the fix, and 2 after the fix (dtors always trigger a second run).
A related issue is that zend_gc_check_root_tmpvars() may add potential garbage before the threshold is adjusted, which may trigger GC and exhaust the stack. This is fixed by setting GC_G(active)=1 around zend_gc_check_root_tmpvars().
Symfony relies on finding the exception handler in the handler stack. There's
currently no clean API to find it, so they pop all the handlers, and push them
again once the stack is empty. This PR attempts to minimize the BC break by
pushing the current handler onto the stack and clearing the current handler, and
restoring it once it has finished. This is essentially equivalent to
set_exception_handler(null) and restore_exception_handler().
restore_exception_handler() however is only called if the exception handler is
still unset. If the handler has pushed a new handler in the meantime, we assume
it knows what it's doing.
Fixes GH-13446
Closes GH-13686
Inherited methods regardless of source must share the original runtime cache. Traits were missed.
This adds ZEND_ACC_TRAIT_CLONE to internal functions as well to allow easy distinction of these.
autoconf/libtool generating code to test features missed `void` for
C calls prototypes w/o arguments.
Note that specific changes related to libtool have to be upstreamed.
Co-authored-by: Peter Kokot <petk@php.net>
close GH-13732
Inside `zend_object_std_dtor` the weakrefs are notified after the destruction
of properties already took place. In this test case, the destructor of an anon
class will be invoked due to the property destruction. That class has a
weak reference to its parent. This means that the destructor can access
parent properties that already have been destroyed, resulting in a UAF.
Fix this by notifying the weakrefs at the start of the object's
destruction.
Closes GH-13613.
For master (8.4-dev) I merged GH-13381. But that PR changes public API
of TSRM, so cannot be used on lower branches.
This patch is a safe workaround for the issue, in combination with a
pre-existing fix using `ifdef ZTS + if (module_started)` inside pgsql
and odbc. The idea is to delay unloading modules until the persistent
resources are destroyed. This will keep the destructor code accessible
in memory.
This is not a proper fix on its own, because we still need the
workaround of not accessing globals after module destruction.
The proper fix is in master.
Closes GH-13388.
Since PHP 8.3, object handlers may be changed by setting
ce->default_object_handlers, rather than in ce->create_object. Some checks need
to be extended to check for the default handlers.
Closes GH-13272
* Fix GH-13193: Significant performance degradation in 'foreach' starting from PHP 8.2.13 (caused by garbage collection)
* Don't run zend_gc_remove_root_tmpvars() if GC is not active or GC buffer is empty
When investigating another bug reported by GitHub user 'tstangner',
I discovered that PHP segfaults when the INI parameter
zend.script_encoding is set to "pass". This bug dates back to
December 2022 (caused by yours truly in 953864661a).
If any PHP users in the wild were actually setting zend.script_encoding
to "pass" (which would be an utterly useless thing to do), I expect that
someone would have filed a bug report by now. The absence of such bug
reports is evidence that nobody is doing this.
Hence, it seems that the best fix is simply to disallow "pass" as a
choice for zend.script_encoding. The internal function
'php_mb_zend_encoding_list_parser' which I am modifying to accomplish
this has no other in-tree callers, aside from the 'exif' extension.
Further, exif only calls the function with a few hard-coded values, and
none of them are the string "pass", so this change will not have any
impact on exif.
zend_compile has an exception to this rule for constructors using
`zend_is_constructor`, which compares the function name to
`__construct`. Sadly, `zend_is_constructor` is not a public API, but we
can just do the string compare ourselves.
Closes GH-13179.
* Arrays returned from range are never empty
* When step is a double value representable by a long, it is coerced implicitly.
As such, passing a double step no longer guarantees that the result is a
non-int array.
Closes GH-13166
Recentlty this insructions were updated to emit warning on inability to
convert double index to long. This may lead to exception.
This fixes memory leak on wordpress test suite (nightly workflow)
