This hack not only breaks the handling of custom allocators, but also
breaks if zend_alloc is compiled with USE_CUSTOM_MM.
This hack is just no good, if you want leak information then use ASAN.
Closes GH-18813.
This fixes null dereference error when calling fpm_get_status() and one
of the children is just being created.
Closes GH-18662
Co-authored-by: Jakub Zelenka <bukka@php.net>
The ctrl_handler is never destroyed. We have to destroy it at request
end so we avoid leaking it and also avoid keeping a reference to
previous request memory in a next request. The latter can result in a
crash and can be demonstrated with this script and `--repeat 2`:
```php
class Test {
public function set() {
sapi_windows_set_ctrl_handler(self::cb(...));
}
public function cb() {
}
}
$test = new Test;
$test->set();
sleep(3);
```
When you hit CTRL+C in the second request you can crash.
This patch resolves both the leak and crash by destroying the
ctrl_handler after a request.
Closes GH-18231.
This fixes a ZEND_RC_MOD_CHECK() assertion failure when building with
"-DZEND_RC_DEBUG=1 --enable-debug --enable-zts". php_dl() is called after
startup, and manipulates the refcount of persistent strings, which is not
allowed at this point of the lifecycle.
The dl() function disables the ZEND_RC_MOD_CHECK() assertion before calling
php_dl(). This change applies the same workaround in FPM.
Closes GH-18075
Internal function won't need their refcount increased as they outlive
the debugger session, and userland functions won't be unloaded either.
So no refcount management is necessary for registered functions.
The reason this breaks is because of a type mismatch.
The following line uses fields of the timeval struct which are both 8 bytes on
Alpine 32-bit, which results in a computed value of also 8 bytes:
b09ed9a0f2/sapi/fpm/fpm/fpm_status.c (L611)
However, it is passed to a format string which expects 4 bytes
(`unsigned long` and thus the `%lu` format specifier is 4 bytes on Alpine 32-bit),
resulting in argument corruption.
Since the value is generally small, truncating to 4 bytes is sufficient to fix this.
Closes GH-17286.
It crashes because it's gonna try accessing the breakpoint which was cleared
by user code in `phpdbg_clear();`. Not all breakpoint data was properly
cleaned.
Closes GH-16953.
