libpcre2 can return the special value -1 for a non-match.
In this case we get pointer overflow, although it doesn't matter in
practice because the pointer will be in bounds and the copy length will
be 0. Still, we should fix the UBSAN warning.
Closes GH-16205.
There are two related issues, each tested.
First problem:
What happens is that on the CLI SAPI we have a per-request pcre cache,
and on there the request shutdown for the pcre module happens prior to
the remaining live object destruction. So when the SPL object wants to
clean up the regular expression object it gets a use-after-free.
Second problem:
Very similarly, the non-persistent resources are destroyed after request
shutdown, so on the CLI SAPI the pcre request cache is already gone, but
if a userspace stream references a regex in the pcre cache, this breaks.
Two things that come immediately to mind:
- We could fix it by no longer treating the CLI SAPI special and just use
the same lifecycle as the module. This simplifies the pcre module code
a bit too. I wonder why we even have the separation in the first place.
The downside here is that we're using more the system allocator
than Zend's allocator for cache entries.
- We could modify the shutdown code to not remove regular expressions
with a refcount>0 and modify php_pcre_pce_decref code such that it
becomes php_pcre_pce_decref's job to clean up when the refcount
becomes 0 during shutdown. However, this gets nasty quickly.
I chose the first solution here as it should be reliable and simple.
Closes GH-15064.
Older GCC versions (< 7.0) don't support the -Wno-implicit-fallthrough
compiler flag. This adds the flag conditionally in case some other
compiler will run into same issue.
Fixes GH-13330
- Check message moved to 2nd argument of PHP_ARG_WITH
- AH_TEMPLATE takes care of help message defined on one place for both
defines
- AS_VAR_IF used and CS sycned a bit
- Cache variables renamed to php_cv_*
- Redundant AC_CANONICAL_HOST call removed. The host_cpu is set together
with a triplet in PHP_CANONICAL_HOST_TARGET
- Over-quoted arguments reduced
When Valgrind is enabled and not found on the system, default error can
be thrown by PKG_CHECK_MODULES instead of writing a manual error step.
- This uses less redundant variables and has synced CS.
- AS_VAR_IF used instead of raw shell ifs
- Added some basic help descriptions for macro definitions
This isn't reachable since ab32d36, because since then the library
itself checks this condition during compilation. The compilation failure
that results of it makes this code not reachable.
This is split off of GH-14424.
PCRE2_EXTRA_CASELESS_RESTRICT is only available as of pcre2 10.43.
Note: no check is necessary for pcre2_set_compile_extra_options because
it is available since pcre2 10.30, which is the minimum version PHP
requires.
The memmove() function is C99 standard function [1] and check was left for
the PCRE2 bundled library. It can be simplified by passing the compile
option instead of checking always available function on current systems.
External PCRE2 library on the system doesn't need this.
[1]: https://port70.net/~nsz/c/c99/n1256.html#7.21.2.2
Adds support for "Caseless restricted" matching added in PCRE2lib
10.43 with the "r" modifier.
This is `PCRE2_EXTRA_CASELESS_RESTRICT` in PCRE2. This is an "extra"
option, which means it is not possible to pass this option as
pcre2_compile() function parameter.
This option is passed in a pcre2_set_compile_extra_options() call.
Previously, these extra options are set at php_pcre_init_pcre2(),
but after this change, it is possible to customize the options
by adding bits to `eoptions` in pcre_get_compiled_regex_cache_ex().
The tests for this change are ported from upstream test suite[^1].
[^1]: c13d54f658 (diff-8c8312e4eb2d35bb16485404b7b5cc0eaef0bca1aa95ff5febf6a1890048305c)
While __php_mempcpy is only used by ext/standard/crypt_sha*, the
mempcpy "pattern" is used everywhere.
This commit removes __php_mempcpy, adds zend_mempcpy and transforms
open-coded parts into function calls.
* Update signature of pcre API
This changes the variables that are bools to actually be bools instead
of ints, which allows some additional optimization by the compiler (e.g.
removing some ternaries and move extensions).
It also gets rid of the use_flags argument because that's just the same
as flags == 0. This reduces the call frame.
* Use zend_string_release_ex where possible
* Remove duplicate symbols from strchr
* Avoid useless value conversions
* Use a raw HashTable* instead of a zval
* Move condition
* Make for loop cheaper by reusing a recently used value as start iteration index
* Remove useless condition
This can't be true if the second condition is true because it would
require the string to occupy the entire address space.
* Upgrading + remark
* Always inline populate_match_value and fix argument type
The call overhead of this function is quite large.
* Use _new variant of zend_hash in some places to avoid additional check
* Move allocation of match_sets down to simplify and reduce code size
* Move pcre2_get_ovector_pointer out of the loop
This is allocated together with the match data and stays loop invariant:
the pointer is always the same (the values not however).
* Mark error condition as cold block
* Simplify condition: subpats is already checked
* Move array size preallocation to use allocate the up-to-date size
* Simplify condition
* Rework internal functions to avoid repeated unwrapping
* Remember Z_ARRVAL_P(return_value)
The lookup is loop invariant.
* Mark some pointers as const
