Due to a deliberate change in libcurl, the expiration is now capped to
at most 400 days. We could solve this by choosing another date roughly
a year in the future, but would need to update the test next year.
This would be especially annoying for security branches.
Another option would be to actually parse the cookie list lines, but
that might not be worth the trouble. Instead we just ignore the exact
timestamp created by libcurl.
[1] <https://github.com/curl/curl/pull/15937>
Closes GH-17709.
Conversion of floating point to integer values is undefined if the
integral part of the float value cannot be represented by the integer
type. We need to cater to that explicitly (in a manner similar to
`zend_dval_to_lval_cap()`).
Closes GH-17689.
These warnings are about conversion from `size_t` to a smaller type[1],
and in this case because `gdIOCtx` works with `int` lengths. Two of
these warnings are harmless, and we resolve them by using `size_t` in
the first place, and adding a cast (plus an assertion), respectively.
The others actually hint at potential issues when reading image data
with more than `INT_MAX` bytes; we catch that upfront, and throw a
`ValueError` and a warning, respectively.
[1] <https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4267>
When a guard check is created for a variable to check if it's a packed array,
it is possible that there was no prior type check for that variable.
This happens in the global scope for example when the variable aliases.
In the test, this causes a dereference of address 8 because the integer
element in `$a` is interpreted as an array address.
This patch adds a check to see if the guard is handled.
If we were not able to determine or guard the type then we also cannot know the array is packed.
Closes GH-17584.
This test has two classes that use the same trait. In function JIT mode
the same cache slot will be used. This causes problems because it is
primed for the first class and then reused for the second class,
resulting in an incorrect type check failure.
The current check for a megamorphic trait call requires current_frame to
not be NULL, but this is only set in tracing mode and not in function
mode.
This patch corrects the check.
Closes GH-17660.
Apparently, some ICU versions report "America/Los_Angeles" for the `ZZ`
case, what matches the behavior of ICU 76.1 (on Windows). Possibly,
there has been some bug fix backport on some systems. Anyhow, either
seems fine, so we're not picky about that.
Closes GH-17669.
To call the constructor we now only store the CE and a HashTable for the arguments.
This reduces the size of the _pdo_stmt_t struct from 320 bytes to 232 bytes.
Moreover, this now means that the constructor argument array follows the usual CUFA semantics.
This change is a BC break, as string keys now act like named arguments.
Moreover, the automatic wrapping of by-value arguments for by-ref parameters has been dropped, and the usual E_WARNING is now emitted in those cases.
The do_fetch() is heavily refactored to simplify the execution flow, which also makes it easier to understand.
Additionally we add a new bitflag in_fetch to prevent modification of the fetch flags by userland when PDO is fetching from the DB.
The fix for GH-17481 introduced a regression that can cause the read of
uninitialized padding data when going over a chunk boundary during HTML
parsing of UTF-8.
The wrong offset was computed with respect to the input buffer, the
length of the error-corrected UTF-8 code point is not necessarily the
same as the input code point length.
This was not noticed because no CI jobs run with Valgrind nor I do it
regularly, and ASAN doesn't catch uninitialized accesses.
