]> granicus.if.org Git - php/log
php
4 years agoFix #80268: loadHTML() truncates at NUL bytes
Christoph M. Becker [Fri, 23 Oct 2020 09:06:30 +0000 (11:06 +0200)]
Fix #80268: loadHTML() truncates at NUL bytes

libxml2 has no particular issues parsing HTML strings with NUL bytes;
these just cause truncation of the current text content, but parsing
continues generally.  Since `::loadHTMLFile()` already supports NUL
bytes, `::loadHTML()` should as well.

Note that this is different from XML, which does not allow any NUL
bytes.

Closes GH-6368.

4 years agoDeclare may_retry_reparse_point on windows only
Nikita Popov [Mon, 26 Oct 2020 11:40:27 +0000 (12:40 +0100)]
Declare may_retry_reparse_point on windows only

4 years agoFix #62474: com_event_sink crashes on certain arguments
Christoph M. Becker [Thu, 22 Oct 2020 15:50:22 +0000 (17:50 +0200)]
Fix #62474: com_event_sink crashes on certain arguments

We have to make sure that the variant is of type `VT_DISPATCH` before
we access it as such.

Closes GH-6372.

4 years agoFix #80258: Windows Deduplication Enabled, randon permission errors
Christoph M. Becker [Mon, 19 Oct 2020 15:41:58 +0000 (17:41 +0200)]
Fix #80258: Windows Deduplication Enabled, randon permission errors

A recent bug fix regarding symlinks claimed:

> After resolving reparse points, the path still may be a reparse
> point; in that case we have to resolve that reparse point as well.

While that is basically correct, some reparse points may point to
inaccessible system folders (e.g. `IO_REPARSE_TAG_DEDUP` points to
"\System Volume Information").  Since we don't know details about
arbitrary reparse points, and are mainly interested in nested symlinks,
we take a step back, and only resolve `IO_REPARSE_TAG_SYMLINK` for now.

Close GH-6354.

4 years agoFix #80280: ADD_EXTENSION_DEP() fails for ext/standard and ext/date
Christoph M. Becker [Sat, 24 Oct 2020 14:08:02 +0000 (16:08 +0200)]
Fix #80280: ADD_EXTENSION_DEP() fails for ext/standard and ext/date

`ADD_EXTENSION_DEP()` relies on the `PHP_<extname>` config variables to
be set to `"yes"`, and since the standard and date extension are always
enabled, we define the respective variables uncoditionally.

Closes GH-6383.

4 years agoFix bug 76618
George Peter Banyard [Thu, 22 Oct 2020 16:01:48 +0000 (17:01 +0100)]
Fix bug 76618

Apply patch which was attached to the bug in July 2018

4 years agoDon't crash on uninitialized tidy object
Nikita Popov [Thu, 22 Oct 2020 14:04:22 +0000 (16:04 +0200)]
Don't crash on uninitialized tidy object

"Uninitialized" here means that the object was created ordinarily
-- no constructor skipping involved. Most tidy methods seem to
handle this fine, but these three need to be guarded.

4 years agoUpdated to version 2020.4 (2020d)
Derick Rethans [Thu, 22 Oct 2020 09:12:24 +0000 (10:12 +0100)]
Updated to version 2020.4 (2020d)

4 years agoFix #80242: imap_mail_compose() segfaults for multipart with rfc822
Christoph M. Becker [Tue, 20 Oct 2020 14:38:16 +0000 (16:38 +0200)]
Fix #80242: imap_mail_compose() segfaults for multipart with rfc822

libc-client expects `TYPEMESSAGE` with an explicit subtype of `RFC822`
to have a `nested.msg` (otherwise there will be a segfault during
free), but not to have any `contents.text.data` (this will leak
otherwise).

Closes GH-6345.

4 years agoAdd char* cast to avoid compiler warnings
Christoph M. Becker [Tue, 20 Oct 2020 14:25:00 +0000 (16:25 +0200)]
Add char* cast to avoid compiler warnings

In libc-client 2007f `data` is declared as `unsigned char *`; there may
be variants which declare it as `void *`, but in any case picky
compilers may warn about a pointer type mismatch in the conditional
(and error with `-W-error`), so we're adding a `char *` cast for good
measure.

4 years agoProperly fix #80220
Christoph M. Becker [Fri, 16 Oct 2020 09:58:50 +0000 (11:58 +0200)]
Properly fix #80220

The original fix for that bug[1] broke the formerly working composition
of message/rfc822 messages, which results in a segfault when freeing
the message body now.  While `imap_mail_compose()` does not really
support composition of meaningful message/rfc822 messages (although
libc-client appears to support that), some code may still use this to
compose partial messages, and using string manipulation to create the
final message.

The point is that libc-client expects `TYPEMESSAGE` with an explicit
subtype of `RFC822` to have a `nested.msg` (otherwise there will be a
segfault during free), but not to have any `contents.text.data` (this
will leak otherwise).

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0d022ddf03c5fabaaa22e486d1e4a367ed9170a7>

Closes GH-6343.

4 years agoUpdated to version 2020.3 (2020c)
Derick Rethans [Mon, 19 Oct 2020 08:31:02 +0000 (09:31 +0100)]
Updated to version 2020.3 (2020c)

4 years agoFix broken fix for #80239
Christoph M. Becker [Thu, 15 Oct 2020 11:18:34 +0000 (13:18 +0200)]
Fix broken fix for #80239

No idea why that `git am` failed that badly.

4 years agoFix #80239: imap_rfc822_write_address() leaks memory
Christoph M. Becker [Thu, 15 Oct 2020 10:51:10 +0000 (12:51 +0200)]
Fix #80239: imap_rfc822_write_address() leaks memory

We have to free the address when we're finished with it.

4 years agoFix leak in gmp_export()
Nikita Popov [Thu, 15 Oct 2020 08:16:22 +0000 (10:16 +0200)]
Fix leak in gmp_export()

4 years agoFix #64076: imap_sort() does not return FALSE on failure
Christoph M. Becker [Tue, 13 Oct 2020 14:20:55 +0000 (16:20 +0200)]
Fix #64076: imap_sort() does not return FALSE on failure

If unsupported `$search_criteria` are passed to `imap_sort()`, the
function returns an empty array, but there is also an error on the
libc-client error stack ("Unknown search criterion: UNSUPPORTED
(errflg=2)").  If, on the other hand, unsupported `$criteria` or
unsupported `$flags` are passed, the function returns `false`.  We
solve this inconsistency by returning `false` for unsupported
`$search_criteria` as well.

Closes GH-6332.

4 years ago7.3.25 is next
Christoph M. Becker [Tue, 13 Oct 2020 07:52:46 +0000 (09:52 +0200)]
7.3.25 is next

4 years agoFix #80226: imap_sort() leaks sortpgm memory
Christoph M. Becker [Mon, 12 Oct 2020 16:06:53 +0000 (18:06 +0200)]
Fix #80226: imap_sort() leaks sortpgm memory

We need to free what we have allocated.

Closes GH-6327.

4 years agoFix #80216: imap_mail_compose() does not validate types/encodings
Christoph M. Becker [Mon, 12 Oct 2020 12:04:18 +0000 (14:04 +0200)]
Fix #80216: imap_mail_compose() does not validate types/encodings

We need to check whether the given `type`s and `encoding`s are within
bounds to avoid segfaults and out-of-bound reads.

Closes GH-6323.

4 years agoFix #80223: imap_mail_compose() leaks envelope on malformed bodies
Christoph M. Becker [Mon, 12 Oct 2020 11:26:38 +0000 (13:26 +0200)]
Fix #80223: imap_mail_compose() leaks envelope on malformed bodies

We have to clean up even on failure.

Closes GH-6322.

4 years agoFix #80220: imap_mail_compose() may leak memory
Christoph M. Becker [Mon, 12 Oct 2020 08:36:18 +0000 (10:36 +0200)]
Fix #80220: imap_mail_compose() may leak memory

Unless `topbod` is of `TYPEMULTIPART`, `mail_free_body()` does not free
the `nested.part`; while we could do this ourselves, instead we just
ignore additional bodies in this case, i.e. we don't attach them in the
first place.

Closes GH-6321.

4 years agoDetect self-addition of array more accurately
Nikita Popov [Mon, 12 Oct 2020 09:22:39 +0000 (11:22 +0200)]
Detect self-addition of array more accurately

While the zvals may be different, they may still point to the
same array.

Fixes oss-fuzz #26245.

4 years agoDeindirect source elements in zend_hash_merge
Nikita Popov [Mon, 12 Oct 2020 09:03:39 +0000 (11:03 +0200)]
Deindirect source elements in zend_hash_merge

If the RHS has INDIRECT elements, we do not those to be added to
the LHS verbatim. As we're using UPDATE_INDIRECT, we might even
create a nested INDIRECT that way.

This is a side-quest of oss-fuzz #26245.

4 years agoFixed test for bug #48097 due to confirmed data changes in timelib
Derick Rethans [Sun, 11 Oct 2020 13:53:52 +0000 (14:53 +0100)]
Fixed test for bug #48097 due to confirmed data changes in timelib

4 years agoFix #80215: imap_mail_compose() may modify by-val parameters
Christoph M. Becker [Sat, 10 Oct 2020 15:16:41 +0000 (17:16 +0200)]
Fix #80215: imap_mail_compose() may modify by-val parameters

We separate the input arrays and all sub-arrays to avoid modification
of the passed parameters.

This should be rewritten to use `zend_string`s for the "master" branch.

Closes GH-6316.

4 years agoFix #80213: imap_mail_compose() segfaults on certain $bodies
Christoph M. Becker [Sat, 10 Oct 2020 12:09:07 +0000 (14:09 +0200)]
Fix #80213: imap_mail_compose() segfaults on certain $bodies

We have to cater to non-associative arrays where the key may be `NULL`;
we just skip these elements.

Closes GH-6315.

4 years agoMake iconv errno support test pass on Solaris.
Petr Sumbera [Wed, 7 Oct 2020 13:07:23 +0000 (15:07 +0200)]
Make iconv errno support test pass on Solaris.

Closes GH-6291.

4 years agoXFAIL test broken by timelib update
Nikita Popov [Fri, 9 Oct 2020 12:04:47 +0000 (14:04 +0200)]
XFAIL test broken by timelib update

I was expecting this to get fixed quickly, but it didn't.
XFAIL for now.

4 years agoUpdated to version 2020.2 (2020b)
Derick Rethans [Thu, 8 Oct 2020 14:19:46 +0000 (15:19 +0100)]
Updated to version 2020.2 (2020b)

4 years agoUpdated to version 2020.2 (2020b)
Derick Rethans [Thu, 8 Oct 2020 14:05:38 +0000 (15:05 +0100)]
Updated to version 2020.2 (2020b)

4 years agoFix too strict imap test expectations
Christoph M. Becker [Thu, 8 Oct 2020 10:04:02 +0000 (12:04 +0200)]
Fix too strict imap test expectations

4 years agoFix #77040: tidyNode::isHtml() is completely broken
Christoph M. Becker [Wed, 7 Oct 2020 10:45:43 +0000 (12:45 +0200)]
Fix #77040: tidyNode::isHtml() is completely broken

The documentation of `tidyNode::isHtml()` states that this method
"checks if a node is part of a HTML document".  That is, of course,
nonsense, since a tidyNode is "an HTML node in an HTML file, as
detected by tidy."

What this method is actually supposed to do is to check whether a node
is an element (unless it is the root element).  This has been broken by
commit d8eeb8e[1], which assumed that `enum TidyNodeType` would
represent flags of a bitmask, what it does not.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=d8eeb8e28673236bca3f066ded75037a5bdf6378>

Closes GH-6290.

4 years agoFix #80185: jdtounix() fails after 2037
Christoph M. Becker [Wed, 7 Oct 2020 08:38:30 +0000 (10:38 +0200)]
Fix #80185: jdtounix() fails after 2037

There is no such thing as the "end of the unix epoch", and if it was,
it would certainly not be 2037-10-11T02:00:00.  There is, however,
potential integer overflow which we need to avoid.

Closes GH-6288.

4 years agoFix #46050: odbc_next_result corrupts prepared resource
Christoph M. Becker [Mon, 5 Oct 2020 15:46:37 +0000 (17:46 +0200)]
Fix #46050: odbc_next_result corrupts prepared resource

When resetting the result's values, we also have to reset its numcols.

4 years agoFix -Wimplicit-function-declaration in configure
Nikita Popov [Mon, 5 Oct 2020 08:43:58 +0000 (10:43 +0200)]
Fix -Wimplicit-function-declaration in configure

As this is an error with xcode 12, see bug #80171.

4 years agoFix out-of-bounds write
K.Kosako [Mon, 21 Sep 2020 03:58:29 +0000 (12:58 +0900)]
Fix out-of-bounds write

Fixes CVE-2020-26159.

Backported from <https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0>.

4 years ago[ci skip] moved soap fix to 7.3.23
Matteo Beccati [Fri, 2 Oct 2020 07:32:52 +0000 (09:32 +0200)]
[ci skip] moved soap fix to 7.3.23

When committing I didn't notice that version had been just bumped

4 years agoBackport of a partial fix for bug Bug #76982 (memory leak declaring closure in includ...
Dmitry Stogov [Thu, 1 Oct 2020 10:18:21 +0000 (13:18 +0300)]
Backport of a partial fix for bug Bug #76982 (memory leak declaring closure in included file).

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Remi Collet [Wed, 30 Sep 2020 05:42:14 +0000 (07:42 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  bump version to 7.2.35-dev

4 years agoFixed incorrect error message
George Peter Banyard [Wed, 30 Sep 2020 05:37:16 +0000 (08:37 +0300)]
Fixed incorrect error message

4 years agobump version to 7.2.35-dev
Remi Collet [Wed, 30 Sep 2020 05:36:59 +0000 (07:36 +0200)]
bump version to 7.2.35-dev

4 years agoFixed incorrect logical condition
George Peter Banyard [Wed, 30 Sep 2020 05:29:00 +0000 (08:29 +0300)]
Fixed incorrect logical condition

4 years ago[ci skip] Add 7.3.23 security fixes to NEWS
Stanislav Malyshev [Tue, 29 Sep 2020 17:09:33 +0000 (10:09 -0700)]
[ci skip] Add 7.3.23 security fixes to NEWS

4 years ago[ci skip] Fix version
Christoph M. Becker [Tue, 29 Sep 2020 10:10:36 +0000 (12:10 +0200)]
[ci skip] Fix version

4 years agoFix #80152: odbc_execute() moves internal pointer of $params
Christoph M. Becker [Sat, 26 Sep 2020 11:14:40 +0000 (13:14 +0200)]
Fix #80152: odbc_execute() moves internal pointer of $params

As least intrusive fix, we separate the passed array argument.

Closes GH-6219.

4 years agoFix #80150: Failure to fetch error message
Christoph M. Becker [Fri, 25 Sep 2020 15:27:41 +0000 (17:27 +0200)]
Fix #80150: Failure to fetch error message

In case of statement related errors, we need to pass the respective
statement handle to `SQLError()`.

Closes GH-6217.

4 years agoFix bug #80137
Matthias Karbe [Wed, 23 Sep 2020 12:54:25 +0000 (14:54 +0200)]
Fix bug #80137

Skip getprotobyname() and getprotobynumber() tests on *nix if there
is no /etc/protocols file.

Closes GH-6193.

4 years agoFix bug #80138
Matthias Karbe [Wed, 23 Sep 2020 12:25:30 +0000 (14:25 +0200)]
Fix bug #80138

Skip getservbyname() and getservbyport() tests on *nix if there is
no /etc/services file.

Closes GH-6191.

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Remi Collet [Tue, 29 Sep 2020 06:50:14 +0000 (08:50 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  [ci skip] typo
  Update NEWS & UPGRADING
  Do not decode cookie names anymore
  Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)

4 years ago[ci skip] typo
Remi Collet [Tue, 29 Sep 2020 06:49:56 +0000 (08:49 +0200)]
[ci skip] typo

4 years agoDo not decode cookie names anymore
Stanislav Malyshev [Mon, 21 Sep 2020 01:08:55 +0000 (18:08 -0700)]
Do not decode cookie names anymore

4 years agoFix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
Stanislav Malyshev [Sun, 27 Sep 2020 05:08:52 +0000 (22:08 -0700)]
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)

4 years agoUpdate UPGRADING
Stanislav Malyshev [Tue, 29 Sep 2020 04:38:58 +0000 (21:38 -0700)]
Update UPGRADING

4 years agoUpdate NEWS & UPGRADING
Stanislav Malyshev [Tue, 29 Sep 2020 04:34:52 +0000 (21:34 -0700)]
Update NEWS & UPGRADING

4 years agoFix #67465: NULL Pointer dereference in odbc_handle_preparer
Christoph M. Becker [Mon, 28 Sep 2020 15:05:17 +0000 (17:05 +0200)]
Fix #67465: NULL Pointer dereference in odbc_handle_preparer

We have to initialize `stmt->driver_data` before we use it.

Closes GH-6225.

4 years agoDo not decode cookie names anymore
Stanislav Malyshev [Mon, 21 Sep 2020 01:08:55 +0000 (18:08 -0700)]
Do not decode cookie names anymore

4 years agoFix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)
Stanislav Malyshev [Sun, 27 Sep 2020 05:08:52 +0000 (22:08 -0700)]
Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV)

4 years agoFix logic error in PDO
George Peter Banyard [Fri, 25 Sep 2020 13:54:25 +0000 (14:54 +0100)]
Fix logic error in PDO

4 years agoFix #80147: BINARY strings may not be properly zero-terminated
Christoph M. Becker [Fri, 25 Sep 2020 09:25:02 +0000 (11:25 +0200)]
Fix #80147: BINARY strings may not be properly zero-terminated

We have to manually ensure that all strings fetched from a data source
are zero-terminated.

Closes GH-6213.

4 years agoUse proper skipif section
Christoph M. Becker [Thu, 24 Sep 2020 15:10:09 +0000 (17:10 +0200)]
Use proper skipif section

The ODBC tests have to be skipped if no connection to the server can be
established.

4 years agoFix #78470: odbc_specialcolumns() no longer accepts $nullable
Christoph M. Becker [Thu, 24 Sep 2020 08:30:41 +0000 (10:30 +0200)]
Fix #78470: odbc_specialcolumns() no longer accepts $nullable

It is mandatory to pass either `SQL_NO_NULLS` or `SQL_NULLABLE` as
tenth parameter to `SQLSpecialColumns()`; otherwise the function call
fails.  Therefore the user must be allowed to pass the desired value
as parameter to `odbc_specialcolumns()` again.

Closes GH-6200.

4 years agoFix #76735: Incorrect message in fopen on invalid mode
Christoph M. Becker [Tue, 22 Sep 2020 16:57:21 +0000 (18:57 +0200)]
Fix #76735: Incorrect message in fopen on invalid mode

We have to log errors in `stream_opener` callbacks to the wrapper's
error log, because otherwise we may pick up an unrelated `errno` or a
most generic message.

Closes GH-6187.

4 years agoFix #77493: curl_basic_009 fails with newer curl versions
Christoph M. Becker [Wed, 23 Sep 2020 08:38:59 +0000 (10:38 +0200)]
Fix #77493: curl_basic_009 fails with newer curl versions

libcurl 7.62.0 introduced a maximum protocol length of 8, so this test
case failed with `CURLE_URL_MALFORMAT`.  While this is lifted to 40 as
of libcurl 7.65.0, and this test case has already been fixed with
commit e27301c[1], we restore the original intention to check for a
`CURLE_UNSUPPORTED_PROTOCOL ` error.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=e27301c7b37f6a1643a0dc1966919bd62a32bc74>

4 years agoFix #76943: Inconsistent stream_wrapper_restore() errors
Christoph M. Becker [Tue, 22 Sep 2020 11:01:32 +0000 (13:01 +0200)]
Fix #76943: Inconsistent stream_wrapper_restore() errors

If restoring of any not registered built-in wrapper is requested, the
function is supposed to fail with a warning, so we have to check this
condition first.

Furthermore, to be able to detect whether a built-in wrapper has been
changed, it is not sufficient to check whether *any* userland wrapper
has been registered, but rather whether the specific wrapper has been
modified.

Closes GH-6183.

4 years agoFix #79423: copy command is limited to size of file it can copy
Christoph M. Becker [Wed, 9 Sep 2020 17:21:41 +0000 (19:21 +0200)]
Fix #79423: copy command is limited to size of file it can copy

Passing `NULL` as `lpFileSizeHigh` to `GetFileSize()` gives wrong
results for files larger than 0xFFFFFFFF bytes.  We fix this by using
`GetFileSizeEx()`, and let the mapping fail, if the file size is too
large for the architecture.

Closes GH-5319.

4 years agoFix memory leak in php_imap_mutf7()
Christoph M. Becker [Mon, 21 Sep 2020 09:21:46 +0000 (11:21 +0200)]
Fix memory leak in php_imap_mutf7()

We have to free the string which has been allocated by libc-client.

4 years agoFix #80114: parse_url does not accept URLs with port 0
Christoph M. Becker [Sun, 20 Sep 2020 11:45:09 +0000 (13:45 +0200)]
Fix #80114: parse_url does not accept URLs with port 0

URIs with a 0 port are generally valid, so `parse_url()` should
recognize such URIs, but still report the port as missing.

Co-authored-by: twosee <twose@qq.com>
Closes GH-6152.

4 years agoFix mysqli build with mysqlnd and without PDO
Bob Weinand [Sun, 20 Sep 2020 00:57:39 +0000 (02:57 +0200)]
Fix mysqli build with mysqlnd and without PDO

4 years agoFix #78179: mysqli/mysqlnd transaction extensions
Daniel Black [Tue, 21 Jul 2020 06:23:14 +0000 (16:23 +1000)]
Fix #78179: mysqli/mysqlnd transaction extensions

MariaDB versioning created a mess with regarding testing
features based on version. We sidestep the problem here
by assuming the extensions are present, and if a syntax
error occurs with a SQL mode TRANS_START_READ_WRITE |
TRANS_START_READ_ONLY enabled, then output the same
warning as before.

4 years agoSupport NO_BACKSLASH_ESCAPES with newer libmysqlclient
Nikita Popov [Fri, 18 Sep 2020 08:29:28 +0000 (10:29 +0200)]
Support NO_BACKSLASH_ESCAPES with newer libmysqlclient

Requires the use of mysql_real_escape_string_quote().

4 years agoUse MyISAM engine for new test
Nikita Popov [Fri, 18 Sep 2020 12:26:34 +0000 (14:26 +0200)]
Use MyISAM engine for new test

Travis on 7.3 is showing this error:

> The size of BLOB/TEXT data inserted in one transaction is greater
> than 10% of redo log size. Increase the redo log size using
> innodb_log_file_size.

Force MyISAM engine to avoid this.

4 years agoFix bug #80107: Handling of large compressed packets
Nikita Popov [Wed, 16 Sep 2020 14:18:29 +0000 (16:18 +0200)]
Fix bug #80107: Handling of large compressed packets

There's two layers of packet splitting going on. First, packets
need to be split into having a payload of exactly 2^24-1 bytes or
being the last packet. If the split packet has size between 2^24-5
and 2^24-1 bytes, the compressed packets also needs to be split,
though the choice of split doesn't matter here. I'm splitting off
the first 8192 bytes, as that's what I observe libmysqlclient to be
doing.

4 years agoBug #80107 Add test for mysqli_query() fails for ~16 MB long query when compression...
Máté Kocsis [Tue, 15 Sep 2020 17:14:57 +0000 (19:14 +0200)]
Bug #80107 Add test for mysqli_query() fails for ~16 MB long query when compression is enabled

4 years agoFix mysqli_release_savepoint() on mysqlnd
Nikita Popov [Thu, 17 Sep 2020 13:59:09 +0000 (15:59 +0200)]
Fix mysqli_release_savepoint() on mysqlnd

mysqli_release_savepoint() was not actually releasing a savepoint...

4 years agoFix #80115: mysqlnd.debug doesn't recognize absolute paths with slashes
Christoph M. Becker [Thu, 17 Sep 2020 10:37:02 +0000 (12:37 +0200)]
Fix #80115: mysqlnd.debug doesn't recognize absolute paths with slashes

4 years agopdo_mysql/mysqli (native) libmysqlclient_r no-longer used
Daniel Black [Sun, 13 Sep 2020 04:09:49 +0000 (14:09 +1000)]
pdo_mysql/mysqli (native) libmysqlclient_r no-longer used

The mysqlclient_r library exists in mysql-5.6 for compatibility only.

Later versions have it removed.

4 years agomysql: native mysql-8.0 uses _Bool
Daniel Black [Sat, 12 Sep 2020 05:29:23 +0000 (15:29 +1000)]
mysql: native mysql-8.0 uses _Bool

MySQL-8.0 removes option MYSQLI_OPT_SSL_VERIFY_SERVER_CERT

4 years agomysqli: use native api
Daniel Black [Sat, 29 Aug 2020 07:18:57 +0000 (17:18 +1000)]
mysqli: use native api

Tested with:
* mysql-5.6.49-linux-glibc2.12-x86_64
* mysql-5.7.31-linux-glibc2.12-x86_64
* mysql-8.0.21-linux-glibc2.17-x86_64
* mariadb-10.5.6

configure --with-mysqli=/usr/local/$version/bin/mysql_config   --with-pdo-mysql=/usr/local/$version

MySQL-8.0 removed my_bool
Some options where deprecated in mysql-8.0

MY_CHARSET_INFO used with exposed api mysql_get_character_set_info
rather than internal structures.

4 years agoext/soap: Compare Set-Cookie header case-insensitively
Gabríel Arthúr Pétursson [Wed, 16 Sep 2020 14:18:00 +0000 (14:18 +0000)]
ext/soap: Compare Set-Cookie header case-insensitively

Closes GH-6143.

4 years agoFixed bug #80083
Nikita Popov [Thu, 17 Sep 2020 08:12:10 +0000 (10:12 +0200)]
Fixed bug #80083

Add db2_execute() to the list of functions accessing the local
scope. Ideally the API wouldn't do that, but it seems most
pragmatic to address this on the opcache side at this point.

4 years ago7.3.24 is next
Christoph M. Becker [Tue, 15 Sep 2020 08:51:41 +0000 (10:51 +0200)]
7.3.24 is next

4 years agoAvoid segfault if module/extension version is not defined
Christoph M. Becker [Mon, 14 Sep 2020 20:31:15 +0000 (22:31 +0200)]
Avoid segfault if module/extension version is not defined

4 years agoFix #80067: Omitting the port in bindto setting errors
Christoph M. Becker [Wed, 9 Sep 2020 12:28:55 +0000 (14:28 +0200)]
Fix #80067: Omitting the port in bindto setting errors

A recent commit[1] which fixed a memory leak introduced a regression
regarding the formerly liberal handling of IP addresses to bind to.  We
fix this by reverting that commit, and fix the memory leak where it
actually occurs.  In other words, this fix is less intrusive than the
former fix.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0b8c83f5936581942715d14883cdebddc18bad30>

Closes GH-6104.

4 years agoFix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers
Sammy Kaye Powers [Fri, 10 Jul 2020 17:20:40 +0000 (10:20 -0700)]
Fix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers

Modules may have changed after restart which can cause dangling pointers from custom opcode handlers in the second-level cache files. This fix includes the installed module names and versions in the accel_system_id hash as entropy. Closes GH-5836

4 years agoFix #72941: Modifying bucket->data by-ref has no effect any longer
Christoph M. Becker [Tue, 8 Sep 2020 13:09:30 +0000 (15:09 +0200)]
Fix #72941: Modifying bucket->data by-ref has no effect any longer

To match the PHP 5 behavior, we have to explicitly cater to `buffer` or
`data` being references.

Closes GH-6096.

4 years agoFixed bug #80077
Nikita Popov [Tue, 8 Sep 2020 07:58:35 +0000 (09:58 +0200)]
Fixed bug #80077

Quoting from the bug report:

> The domain names passed to getmxrr() do not contain a trailing dot.
> DNS lookups which do not find records will (depending on the local
> resolver config) try again by adding the local domain to the end of
> the searched host/domain. In many environments there's an mx record
> for any subdomain of the local domain and the MX query will return
> a hit. But the test expects no hit. So the test fails when checking
> that "qa.php.net" does not have an MX record in DNS. In our local
> environment the resolver falls back to also check qa.php.net.kippdata.de
> which does have an MX record. Using "qa.php.net." instead of "qa.php.net"
> should fix this for everyone.

4 years agoAvoid duplicate octal warning during heredoc scan ahead
Nikita Popov [Fri, 4 Sep 2020 08:58:51 +0000 (10:58 +0200)]
Avoid duplicate octal warning during heredoc scan ahead

4 years agoFixed bug #80049
Nikita Popov [Thu, 3 Sep 2020 15:10:34 +0000 (17:10 +0200)]
Fixed bug #80049

Type checking may convert to refcounted values, so force freeing
of extra args.

4 years agoFix #80048: Bug #69100 has not been fixed for Windows
Christoph M. Becker [Thu, 3 Sep 2020 12:27:45 +0000 (14:27 +0200)]
Fix #80048: Bug #69100 has not been fixed for Windows

We fix the erroneous length calculation on Windows, too.

Closes GH-6067.

4 years agoSkip test if A: drive exists
Christoph M. Becker [Thu, 3 Sep 2020 08:26:05 +0000 (10:26 +0200)]
Skip test if A: drive exists

Otherwise the test case will fail for a very different reason.

4 years agoHandle memory limit error during string reallocation correctly
Nikita Popov [Thu, 3 Sep 2020 07:45:54 +0000 (09:45 +0200)]
Handle memory limit error during string reallocation correctly

Do not decrement the refcount before allocating the new string,
as the allocation operation may bail out and cause a use-after-free
lateron. We can only decrement the refcount once the allocation
has succeeded.

Fixes oss-fuzz #25384.

4 years agoFix binary-safety of parse_url
Nikita Popov [Wed, 2 Sep 2020 14:43:00 +0000 (16:43 +0200)]
Fix binary-safety of parse_url

php_parse_url() is intended to support strings that are not zero
terminated. We can't use strcspn in the implementation.

As we have two uses of strcspn, add a helper.

4 years agoFix throwing of yield from related exceptions into generator
Nikita Popov [Wed, 2 Sep 2020 08:50:14 +0000 (10:50 +0200)]
Fix throwing of yield from related exceptions into generator

Use the general zend_generator_throw_exception() helper for this.
Otherwise we don't handle the off-by-one opline correctly (should
we maybe just stop doing that?)

This is a followup to ad750c3bb6e7b48384c6265eb9d3bcf5b4000652,
which fixed a different yield from exception handling problem that
happened to show up in the same test case from oss-fuzz #25321.
Now both issues should be fixed.

4 years agoFix infinite loop on string offset during by-ref list assign
Nikita Popov [Wed, 2 Sep 2020 08:13:42 +0000 (10:13 +0200)]
Fix infinite loop on string offset during by-ref list assign

There is a deeper underlying issue here, in that the opcodes violate
VM write-fetch safety, but let's fix the infinite loop first.

This fixes oss-fuzz #25352.

4 years agoFix leak on assign concat of array and empty string
Nikita Popov [Mon, 31 Aug 2020 15:03:27 +0000 (17:03 +0200)]
Fix leak on assign concat of array and empty string

4 years agoFixed test case
Derick Rethans [Mon, 31 Aug 2020 11:31:23 +0000 (12:31 +0100)]
Fixed test case

4 years agoUpdate timelib to 2018.04
Derick Rethans [Mon, 31 Aug 2020 10:41:41 +0000 (11:41 +0100)]
Update timelib to 2018.04

4 years agoFix #80027 Terrible performance using $query->fetch on queries with many bind parameters
Matteo Beccati [Mon, 31 Aug 2020 08:45:36 +0000 (10:45 +0200)]
Fix #80027 Terrible performance using $query->fetch on queries with many bind parameters

Added new flags that allow skipping param_evt(s) that are not used by drivers,
in a backwards and forward compatible manner. Updated the pgsql, mysql, sqlite
and oci drivers to properly use the new flags. I've left out pdo_dblib, which
doesn't have a param_hook, and pdo_firebird, which seems to be using
PARAM_EVT_NORMALIZE in a wrong context (param type vs event type).

4 years agoFix handling of exception if valid() during yield from
Nikita Popov [Mon, 31 Aug 2020 08:51:00 +0000 (10:51 +0200)]
Fix handling of exception if valid() during yield from

Fixes oss-fuzz #25296.

4 years agoMake MAX_IFD_NESTING_LEVEL an actual nesting level
Nikita Popov [Wed, 12 Aug 2020 08:09:37 +0000 (10:09 +0200)]
Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
bug reports of it being exceeded. I think the intention behind this
limit was to prevent recursion stack overflow, and for that we only
need to check actual recursive usage. I've implemented that here,
and dropped the nesting limit down to a smaller value
(which still passes our tests).

However, it seems that we do also need to have a total limit on
the number of tags, as we don't catch some instances of infinite
looping otherwise. Add this as a separate limit with a higher
value, that should hopefully be sufficient.

This is expected to fix a number of bugs:

https://bugs.php.net/bug.php?id=78083
https://bugs.php.net/bug.php?id=78701
https://bugs.php.net/bug.php?id=79907
https://bugs.php.net/bug.php?id=80016