archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
137134 commits 526 branches 1434 tags 866 MiB
Commit graph

1980 commits

Author SHA1 Message Date
Dmitry Stogov
718478377b Prevent array modification if it's captured by user error handler during 
index conversion

Fixes oss-fuzz #44235
 2022-02-01 17:22:18 +03:00
Dmitry Stogov
aab52968a3 micro-optimization 2021-12-23 18:31:45 +03:00
Dmitry Stogov
79fac32d6b Don't call zend_attach/detach_symbol_table() for op_arrays without local variables 2021-12-16 17:37:01 +03:00
Dmitry Stogov
623b3fc83f Merge branch 'PHP-8.1' 
* PHP-8.1:
  Move common code into helper
 2021-12-14 15:32:20 +03:00
Dmitry Stogov
b16fc350a4 Move common code into helper 2021-12-14 15:31:53 +03:00
Dmitry Stogov
1959bbfc1b Merge branch 'PHP-8.1' 
* PHP-8.1:
  Combine ADDREF/DELREF
 2021-12-13 22:54:57 +03:00
Dmitry Stogov
1e56b64759 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Combine ADDREF/DELREF
 2021-12-13 22:54:45 +03:00
Dmitry Stogov
c787f42ceb Combine ADDREF/DELREF 2021-12-13 22:38:23 +03:00
Dmitry Stogov
d9926a109d Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix array clobering by user error handler
 2021-12-13 15:20:24 +03:00
Dmitry Stogov
76075823e7 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix array clobering by user error handler
 2021-12-13 15:20:16 +03:00
Dmitry Stogov
cbc0b1afeb Fix array clobering by user error handler 
Fixes oss-fuzz #42234
 2021-12-13 14:59:30 +03:00
Dmitry Stogov
90e5eed9db Merge branch 'PHP-8.1' 
* PHP-8.1:
  Separate "cold" code
 2021-12-07 11:47:01 +03:00
Dmitry Stogov
08f1d470fb Separate "cold" code 2021-12-07 11:46:32 +03:00
Dmitry Stogov
fe1f613b75 Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix use after free because of data clobbering by user error handler
 2021-12-06 13:09:26 +03:00
Dmitry Stogov
5459ed4c2f Fix use after free because of data clobbering by user error handler 
Fixes oss-fuzz #41692
 2021-12-06 13:08:27 +03:00
Dmitry Stogov
1195ab8969 Merge branch 'PHP-8.1' 
* PHP-8.1:
  Add test
  ws
  Fix array object clobbering by user error handler
 2021-12-03 13:41:12 +03:00
Dmitry Stogov
731ce6be01 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix array object clobbering by user error handler
 2021-12-03 13:36:33 +03:00
Dmitry Stogov
1d054b3fa7 Fix array object clobbering by user error handler 
Fixes oss-fuss #41605 and #41610
 2021-12-03 13:35:28 +03:00
Dmitry Stogov
da0d4bf7fc Merge branch 'PHP-8.1' 
* PHP-8.1:
  Add missing zend_string_release_ex(tmp, 0) and cleanup
 2021-12-02 11:22:24 +03:00
Dmitry Stogov
b9ff359a99 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Add missing zend_string_release_ex(tmp, 0) and cleanup
 2021-12-02 11:21:04 +03:00
Dmitry Stogov
37ac707cac Add missing zend_string_release_ex(tmp, 0) and cleanup 
- use GC_DELREF() instead of zend_string_release_ex()
- add expectations for exceptional cases
- replace IS_ARRAY_IMMUTABLE by IS_STR_INTERNED
 2021-12-02 11:18:08 +03:00
Dmitry Stogov
17fac12ed4 Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fixed ext/bz2/tests/005.phpt test failure introduesed by 09547c64c2
 2021-12-02 10:35:44 +03:00
Dmitry Stogov
4eaba3e2ed Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fixed ext/bz2/tests/005.phpt test failure introduesed by 09547c64c2
 2021-12-02 10:34:14 +03:00
Dmitry Stogov
df16da3697 Fixed ext/bz2/tests/005.phpt test failure introduesed by 09547c64c2 2021-12-02 10:32:45 +03:00
Dmitry Stogov
2384112ec8 Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix clobering of operand by error handler in assignment to string offset (optimization and JIT support)
 2021-12-02 01:22:27 +03:00
Dmitry Stogov
c8dca00d15 Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix clobering of operand by error handler in assignment to string offset
 2021-12-02 01:22:15 +03:00
Dmitry Stogov
e833e5cfa0 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix clobering of operand by error handler in assignment to string offset (optimization and JIT support)
 2021-12-02 01:20:48 +03:00
Dmitry Stogov
4595a57e99 Fix clobering of operand by error handler in assignment to string offset (optimization and JIT support) 2021-12-02 01:20:17 +03:00
Dmitry Stogov
9786eac9a3 Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix clobering of operand by error handler in assignment to string offset
 2021-12-02 00:46:27 +03:00
Dmitry Stogov
09547c64c2 Fix clobering of operand by error handler in assignment to string offset 
In some cases new code requires two reallocations insead of one.

Fixes oss-fuzz #31716, #36196, #39739 and #40002
 2021-12-02 00:24:05 +03:00
Dmitry Stogov
bdf6779c7d Merge branch 'PHP-8.1' 
* PHP-8.1:
  Use proper functions
 2021-12-01 22:45:26 +03:00
Dmitry Stogov
10cfe9f13b Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Use proper functions
 2021-12-01 22:45:15 +03:00
Dmitry Stogov
9f6ab78610 Use proper functions 2021-12-01 22:43:19 +03:00
Dmitry Stogov
db806d70ed Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fixed crash in ZEND_ASSIGN_DIM_OP because of array cloberring by user error handler
 2021-11-30 23:34:50 +03:00
Dmitry Stogov
b594a95a2f Fixed crash in ZEND_ASSIGN_DIM_OP because of array cloberring by user error handler 
Fixes oss-fuzz #36214
 2021-11-30 23:33:34 +03:00
Dmitry Stogov
532f2ca7ff Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix crash after indirect modification of string by user error handler
 2021-11-30 16:10:11 +03:00
Dmitry Stogov
afd881718e Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix crash after indirect modification of string by user error handler
 2021-11-30 16:09:58 +03:00
Dmitry Stogov
df434f056f Fix crash after indirect modification of string by user error handler 
Fixes oss-fuzz #39346
 2021-11-30 16:07:38 +03:00
Nikita Popov
16e9e666ba Encode string offset error reason in extended_value 
For FETCH_DIM_W etc encode the context it is being used in
(dim, obj, ref or incdec) so we can throw an appropriate error
message for invalid string offset use, in a way that does not
require inspecting neighboring opcodes. The implementation is
similar to the flags used for FETCH_OBJ.

This means that we do not have to be careful about preserving
following opcodes during optimization.

Closes GH-7599.
 2021-10-21 09:52:09 +02:00
Nikita Popov
a38bad87d5 Consolidate UNSET_DIM handling for string offset error 
The immediate error here is the nested indexing in write context,
the fact that it's ultimately wrapped in an unset() doesn't matter.
Same as $str[0][0] += 1 will throw "Cannot use string offset as an
array", so should this case.
 2021-10-20 13:05:38 +02:00
Nikita Popov
ca7a11c9cf Consolidate string offset by reference errors 
Use the same error message for all scenarios where a reference to
a string offset is acquired.
 2021-10-20 13:00:48 +02:00
Nikita Popov
a58201369c Remove impossible cases from string offset error handling 
As far as I can see, these cases should not be reachable.
 2021-10-20 12:51:42 +02:00
Nikita Popov
3ce472d1a6 Fix message for some string offset uses as object 
Even if the object property is incremented afterwards, the
immediate error is the use as object, not the increment.

Also consolidate tests for this error message. Previously they
were spread across a number of bug-specific tests.
 2021-10-20 12:44:05 +02:00
Nikita Popov
da0d246e19 Drop FREE_OP_VAR_PTR() distinction 
FREE_OP_VAR_PTR() is like FREE_OP(), but only frees VAR, rather
than VARs and TMPs. I don't think this distinction makes sense
anymore, as opcodes using FREE_OP_VAR_PTR() generally only accept
VAR or CV. For the cases where other op types are accepted and
only freeing VAR is desired we already have FREE_OP_IF_VAR().

This drops FREE_OP_VAR_PTR(), leaving only FREE_OP() and
FREE_OP_IF_VAR().
 2021-10-20 12:02:09 +02:00
Dmitry Stogov
ddaf64b56c Avoid non-immutable map_ptr indirection 2021-10-14 12:16:18 +03:00
Nikita Popov
b14076a845 Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix build without global registers
 2021-10-05 16:46:10 +02:00
Nikita Popov
dab6527352 Fix build without global registers 2021-10-05 16:45:44 +02:00
Nikita Popov
fef61a8e11 Merge branch 'PHP-8.1' 
* PHP-8.1:
  Reuse wrong string offset logic in jit
 2021-10-05 16:33:39 +02:00
Nikita Popov
a4fa00ead3 Reuse wrong string offset logic in jit 
JIT contains a copy of this function that effectively only differs
by fetching current_execute_data from EG. We can do that in the VM
version as well, as this is just used to throw an error.

Export the VM function and reuse it in JIT.
 2021-10-05 16:33:31 +02:00
codinghuang
5bda4cd25a Support specifying start position in compile_string 
Add additional zend_compile_position argument, which can be either
AT_SHEBANG, AT_OPEN_TAG or AFTER_OPEN_TAG. The previous behavior
corresponds to AFTER_OPEN_TAG.

Closes GH-7462.
 2021-09-30 10:21:33 +02:00