Currently we treat paths with null bytes as a TypeError, which is
incorrect, and rather inconsistent, as we treat empty paths as
ValueError. We do this because the error is generated by zpp and
it's easier to always throw TypeError there.
This changes the zpp implementation to throw a TypeError only if
the type is actually wrong and throw ValueError for null bytes.
The error message is also split accordingly, to be more precise.
The only thing that can promoted are the path-related checked.
Everything else is input dependent and error-suppressing these
functions is both the typical and the recommended usage.
> The domain names passed to getmxrr() do not contain a trailing dot.
> DNS lookups which do not find records will (depending on the local
> resolver config) try again by adding the local domain to the end of
> the searched host/domain. In many environments there's an mx record
> for any subdomain of the local domain and the MX query will return
> a hit. But the test expects no hit. So the test fails when checking
> that "qa.php.net" does not have an MX record in DNS. In our local
> environment the resolver falls back to also check qa.php.net.kippdata.de
> which does have an MX record. Using "qa.php.net." instead of "qa.php.net"
> should fix this for everyone.
Otherwise the assignment will have the same number as the default arm
which will 1. mis-trigger a breakpoint and 2. mark the line as covered
even when it isn't.
crypt() without salt generates a weak $1$ MD5 hash. It has been
throwing a notice since 2013 and we provide a much better alternative
in password_hash() (which can auto-generate salts for strong
password hashes), so keeping this is just a liability.
Create a separate general context that uses ZMM as allocator and
use it to allocate temporary PCRE match data (there is still one
global match data). There is no requirement that the match data
and the compiled regex / match context use the same general context.
This makes sure that we do not leak persistent memory on bailout
and fixes oss-fuzz #25296, on which half the libfuzzer runs
currently get stuck.
While we limit the size of the main compilation input, the size
of eval inputs was not limited. This could result in stack
overflows, e.g. oss-fuzz #25464.
To allow exporting the php_curl.h header containing curl class
entries, split off a separate curl_private.h header with all the
implementation details.
We may move or expose additional APIs in php_curl.h on an as-needed
basis.
A recurring pattern in old extension: Putting the whole source
code behind HAVE_EXTNAME. This is pointless, as the code is only
compiled if the extension is enabled.
Tyson Andre [Sat, 5 Sep 2020 20:52:14 +0000 (16:52 -0400)]
Improve handling of `#[` in `php -a`
PHP treats `#ini_setting=value` as a call to
`ini_set('ini_setting', 'value')`,
and silently skips undeclared settings.
This is a problem due to `#[` becoming supported attribute syntax:
- `#[Attr] const X = 123;` (this is not a valid place to put an attribute)
This does not create a constant.
- `#[Attr] function test($x=false){}` also contains `=`.
This does not create a function.
Instead, only treat lines starting with `#` as a special case
when the next character isn't `[`
When using zpp 'f' or Z_PARAM_FUNC, if the fcc points to a call
trampoline release it immediately and force zend_call_function
to refetch it. This may require additional callability checks
if __call is used, but avoids the need to carefully free fcc
values in all internal functions -- in some cases this is not
simple, as a type error might be triggered by a later argument
in the same zpp call.
Alex Dowad [Thu, 16 Jul 2020 07:15:56 +0000 (09:15 +0200)]
Remove unneeded function mbfl_filt_conv_common_dtor
This is a default destructor for mbfl_convert_filter structs. The thing is: there
isn't really anything that needs to be done to those structs before freeing them.
The default destructor just zeroed out some fields, but there's no reason why
we should actually do that.
This fixes a way it was possible to trigger an Internel Error
by disabling function (via the INI setting) when SPL was acting
as a proxy to the function call.
Fix flock_compat layer as it needs to used in SPL now.
For php-ast interning the file name is an effective memory leak,
see php-ast#134.
I don't think there's any reason to do this. At some point this
was needed due to bugs in the interned string mechanism that
caused issues if the string was later interned, e.g. through a
__FILE__ reference. These issues have since been resolved.
In conjunction with the filenames_table removal in c4016ecd446ef26bb3dc77735b6e441e151ea985
this means that filenames now need to be refcounted like normal
strings. In particular the filename reference in op_arrays and CEs
are refcounted.
Applying the obvious fix ... however, I think we may need to
rething how we handle trampoline fcc for "f" zpp. It might make
sense to use fcc->function_handler == NULL for that case and
force it to be fetched in zend_call_function instead (it will
be reset to that after the call anyway). Otherwise we will keep
chasing these leaks, as it's the only instance where it's
necessary to free a zpp result.
Handle memory limit error during string reallocation correctly
Do not decrement the refcount before allocating the new string,
as the allocation operation may bail out and cause a use-after-free
lateron. We can only decrement the refcount once the allocation
has succeeded.
projects / php / log