Nikita Popov [Mon, 7 Oct 2019 15:29:33 +0000 (17:29 +0200)]
Fix leak when include fails in a read operation
Usually it will already fail when opening, but reads can also
fail since PHP 7.4, in which case we still need to place the
file handle in open_files to make sure the destructor will run
on it.
Nikita Popov [Mon, 7 Oct 2019 09:42:22 +0000 (11:42 +0200)]
Fix number of required arguments in arginfo
* pack() only requires one argument
* stream_context_set_option() only requires two arguments
* ReflectionMethod::getClosure() accepts no args for static methods
* DOMDocument::createProcessingInstruction() only requires one arg
* DOMImplementation::createDocument() only requires two arguments
* DOMDocument::importNode() only requires one arg
* mysql_get_client_version() doesn't accept any args,
despite what the docs say...
Otherwise we would try to access an array element of `false`, which
issues a notice as of PHP 7.4.0. This would happen, for instance, for
bug63447_001.phpt if CGI is not available.
Nikita Popov [Mon, 7 Oct 2019 10:40:21 +0000 (12:40 +0200)]
Don't test default serialize max_depth
The default depth is large enough to cause stack overflows in
msan builds, though apparently only on old clang versions. Avoiding
a stack overflow there requires making the depth *much* smaller,
less than 1000. As I don't think that's reasonable for all the other
setups where 4k works fine, I'm just dropping this part of the test.
Commit 5649267[1] changed run-tests.php to only delete .post files for
passing tests. However, that code wouldn't be exercised at all, since
`run_test()` already returned, so we move the deletion upwards.
Nikita Popov [Mon, 7 Oct 2019 08:49:34 +0000 (10:49 +0200)]
Limit retry_limit test to oniguruma >= 6.9.3
This test is somewhat fragile in that it depends on how well a
particular regex is optimized. Apparently on 6.9.1 this regex
would hit the default retry_limit of 1000000 already. I'm limiting
this to 6.9.3 because that's the version that works for me.
Nikita Popov [Wed, 2 Oct 2019 10:42:46 +0000 (12:42 +0200)]
Add support for mbstring.regex_retry_limit
This is very similar to the existing mbstring.regex_stack_limit,
but for backtracking. The default value matches pcre.backtrack_limit.
Only used on libonig >= 2.8.0.
Because this particular error condition did not return T_ERROR,
EG(exception) was set while performing binary operation constant
evaluation, which checks exceptions for cast failures.
Instead of adding this indirect test case, I'm adding an assertion
that the lexer has to return T_ERROR if EG(exception) is set.
Nikita Popov [Fri, 4 Oct 2019 14:01:10 +0000 (16:01 +0200)]
Improve diagnostic on PCRE JIT mmap failure
Print a more informative message that indicates that this is
likely a permission issue, and also indicate that pcre.jit=0
can be used to work around it.
Also automatically disable the JIT, so that this message is
only shown once.
Nikita Popov [Fri, 4 Oct 2019 10:38:18 +0000 (12:38 +0200)]
Fixed bug #78632
I'm going for a very conservative fix here, where the previous
logic is restored for the case where an object is passed to
method_exists(). We might want to check against EG(scope) instead,
but this seems like a safer choice.
This means that behavior in PHP 7.4 changes only for
method_exists('C', 'privateMethodNotOnC'), which should be sensible.
Fix #76859 stream_get_line skips data if used with data-generating filter
stream_get-line repeatedly calls php_stream_fill_read_buffer until
enough data is accumulated in buffer. However, when stream contains
filters attached to it, then each call to fill buffer essentially
resets buffer read/write pointers and new data is written over old.
This causes stream_get_line to skip parts of data from stream
This patch fixes such behavior, so fill buffer call will append.
Nikita Popov [Tue, 1 Oct 2019 10:58:26 +0000 (12:58 +0200)]
Remove func copy optimization for private method with static vars
Not NULLing the static_variables pointer for shadow methods during
static var shutdown would be a way to avoid this leak, but unless
there's evidence that inherited private methods with static vars are
actually a common use-case, I don't think we should keep this kind
of fragile edge-case optimization.
Skip tests for old versions instead of marking them XFAIL
According to commit 0eea9a6[1], these tests fail with old Oniguruma
versions; we are not sure which version of Oniguruma is required to let
them pass, but at least 6.9.3 is sufficient.
Sergei Turchanov [Wed, 28 Aug 2019 04:37:52 +0000 (14:37 +1000)]
Fix #78413: php-fpm request_terminate_timeout does not take effect after fastcgi_finish_request
To retain legacy behavior I decided to add an option to control request
termination logic. If request_terminate_timeout_track_finished is set,
then request will be tracked for time limits even after
fastcgi_finish_request was called.
This patch depends on the fix provided in BUG 78469 (otherwise php-fpm
workers listening on named pipes on Windows will be erroneously terminated)
(PR #4636)
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value is 4096.
This option is intended to prevent stack overflows during the
unserialization of deeply nested structures.
This fixes bug #78549 and addresses oss-fuzz #17581, #17589, #17664,
and #17788.
projects / php / log