]> granicus.if.org Git - php/log
php
4 years agoFix memory leak in php_imap_mutf7()
Christoph M. Becker [Mon, 21 Sep 2020 09:21:46 +0000 (11:21 +0200)]
Fix memory leak in php_imap_mutf7()

We have to free the string which has been allocated by libc-client.

4 years agoFix #80114: parse_url does not accept URLs with port 0
Christoph M. Becker [Sun, 20 Sep 2020 11:45:09 +0000 (13:45 +0200)]
Fix #80114: parse_url does not accept URLs with port 0

URIs with a 0 port are generally valid, so `parse_url()` should
recognize such URIs, but still report the port as missing.

Co-authored-by: twosee <twose@qq.com>
Closes GH-6152.

4 years agoFix mysqli build with mysqlnd and without PDO
Bob Weinand [Sun, 20 Sep 2020 00:57:39 +0000 (02:57 +0200)]
Fix mysqli build with mysqlnd and without PDO

4 years agoFix #78179: mysqli/mysqlnd transaction extensions
Daniel Black [Tue, 21 Jul 2020 06:23:14 +0000 (16:23 +1000)]
Fix #78179: mysqli/mysqlnd transaction extensions

MariaDB versioning created a mess with regarding testing
features based on version. We sidestep the problem here
by assuming the extensions are present, and if a syntax
error occurs with a SQL mode TRANS_START_READ_WRITE |
TRANS_START_READ_ONLY enabled, then output the same
warning as before.

4 years agoSupport NO_BACKSLASH_ESCAPES with newer libmysqlclient
Nikita Popov [Fri, 18 Sep 2020 08:29:28 +0000 (10:29 +0200)]
Support NO_BACKSLASH_ESCAPES with newer libmysqlclient

Requires the use of mysql_real_escape_string_quote().

4 years agoUse MyISAM engine for new test
Nikita Popov [Fri, 18 Sep 2020 12:26:34 +0000 (14:26 +0200)]
Use MyISAM engine for new test

Travis on 7.3 is showing this error:

> The size of BLOB/TEXT data inserted in one transaction is greater
> than 10% of redo log size. Increase the redo log size using
> innodb_log_file_size.

Force MyISAM engine to avoid this.

4 years agoFix bug #80107: Handling of large compressed packets
Nikita Popov [Wed, 16 Sep 2020 14:18:29 +0000 (16:18 +0200)]
Fix bug #80107: Handling of large compressed packets

There's two layers of packet splitting going on. First, packets
need to be split into having a payload of exactly 2^24-1 bytes or
being the last packet. If the split packet has size between 2^24-5
and 2^24-1 bytes, the compressed packets also needs to be split,
though the choice of split doesn't matter here. I'm splitting off
the first 8192 bytes, as that's what I observe libmysqlclient to be
doing.

4 years agoBug #80107 Add test for mysqli_query() fails for ~16 MB long query when compression...
Máté Kocsis [Tue, 15 Sep 2020 17:14:57 +0000 (19:14 +0200)]
Bug #80107 Add test for mysqli_query() fails for ~16 MB long query when compression is enabled

4 years agoFix mysqli_release_savepoint() on mysqlnd
Nikita Popov [Thu, 17 Sep 2020 13:59:09 +0000 (15:59 +0200)]
Fix mysqli_release_savepoint() on mysqlnd

mysqli_release_savepoint() was not actually releasing a savepoint...

4 years agoFix #80115: mysqlnd.debug doesn't recognize absolute paths with slashes
Christoph M. Becker [Thu, 17 Sep 2020 10:37:02 +0000 (12:37 +0200)]
Fix #80115: mysqlnd.debug doesn't recognize absolute paths with slashes

4 years agopdo_mysql/mysqli (native) libmysqlclient_r no-longer used
Daniel Black [Sun, 13 Sep 2020 04:09:49 +0000 (14:09 +1000)]
pdo_mysql/mysqli (native) libmysqlclient_r no-longer used

The mysqlclient_r library exists in mysql-5.6 for compatibility only.

Later versions have it removed.

4 years agomysql: native mysql-8.0 uses _Bool
Daniel Black [Sat, 12 Sep 2020 05:29:23 +0000 (15:29 +1000)]
mysql: native mysql-8.0 uses _Bool

MySQL-8.0 removes option MYSQLI_OPT_SSL_VERIFY_SERVER_CERT

4 years agomysqli: use native api
Daniel Black [Sat, 29 Aug 2020 07:18:57 +0000 (17:18 +1000)]
mysqli: use native api

Tested with:
* mysql-5.6.49-linux-glibc2.12-x86_64
* mysql-5.7.31-linux-glibc2.12-x86_64
* mysql-8.0.21-linux-glibc2.17-x86_64
* mariadb-10.5.6

configure --with-mysqli=/usr/local/$version/bin/mysql_config   --with-pdo-mysql=/usr/local/$version

MySQL-8.0 removed my_bool
Some options where deprecated in mysql-8.0

MY_CHARSET_INFO used with exposed api mysql_get_character_set_info
rather than internal structures.

4 years agoext/soap: Compare Set-Cookie header case-insensitively
Gabríel Arthúr Pétursson [Wed, 16 Sep 2020 14:18:00 +0000 (14:18 +0000)]
ext/soap: Compare Set-Cookie header case-insensitively

Closes GH-6143.

4 years agoFixed bug #80083
Nikita Popov [Thu, 17 Sep 2020 08:12:10 +0000 (10:12 +0200)]
Fixed bug #80083

Add db2_execute() to the list of functions accessing the local
scope. Ideally the API wouldn't do that, but it seems most
pragmatic to address this on the opcache side at this point.

4 years ago7.3.24 is next
Christoph M. Becker [Tue, 15 Sep 2020 08:51:41 +0000 (10:51 +0200)]
7.3.24 is next

4 years agoAvoid segfault if module/extension version is not defined
Christoph M. Becker [Mon, 14 Sep 2020 20:31:15 +0000 (22:31 +0200)]
Avoid segfault if module/extension version is not defined

4 years agoFix #80067: Omitting the port in bindto setting errors
Christoph M. Becker [Wed, 9 Sep 2020 12:28:55 +0000 (14:28 +0200)]
Fix #80067: Omitting the port in bindto setting errors

A recent commit[1] which fixed a memory leak introduced a regression
regarding the formerly liberal handling of IP addresses to bind to.  We
fix this by reverting that commit, and fix the memory leak where it
actually occurs.  In other words, this fix is less intrusive than the
former fix.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0b8c83f5936581942715d14883cdebddc18bad30>

Closes GH-6104.

4 years agoFix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers
Sammy Kaye Powers [Fri, 10 Jul 2020 17:20:40 +0000 (10:20 -0700)]
Fix #79825: opcache.file_cache causes SIGSEGV with custom opcode handlers

Modules may have changed after restart which can cause dangling pointers from custom opcode handlers in the second-level cache files. This fix includes the installed module names and versions in the accel_system_id hash as entropy. Closes GH-5836

4 years agoFix #72941: Modifying bucket->data by-ref has no effect any longer
Christoph M. Becker [Tue, 8 Sep 2020 13:09:30 +0000 (15:09 +0200)]
Fix #72941: Modifying bucket->data by-ref has no effect any longer

To match the PHP 5 behavior, we have to explicitly cater to `buffer` or
`data` being references.

Closes GH-6096.

4 years agoFixed bug #80077
Nikita Popov [Tue, 8 Sep 2020 07:58:35 +0000 (09:58 +0200)]
Fixed bug #80077

Quoting from the bug report:

> The domain names passed to getmxrr() do not contain a trailing dot.
> DNS lookups which do not find records will (depending on the local
> resolver config) try again by adding the local domain to the end of
> the searched host/domain. In many environments there's an mx record
> for any subdomain of the local domain and the MX query will return
> a hit. But the test expects no hit. So the test fails when checking
> that "qa.php.net" does not have an MX record in DNS. In our local
> environment the resolver falls back to also check qa.php.net.kippdata.de
> which does have an MX record. Using "qa.php.net." instead of "qa.php.net"
> should fix this for everyone.

4 years agoAvoid duplicate octal warning during heredoc scan ahead
Nikita Popov [Fri, 4 Sep 2020 08:58:51 +0000 (10:58 +0200)]
Avoid duplicate octal warning during heredoc scan ahead

4 years agoFixed bug #80049
Nikita Popov [Thu, 3 Sep 2020 15:10:34 +0000 (17:10 +0200)]
Fixed bug #80049

Type checking may convert to refcounted values, so force freeing
of extra args.

4 years agoFix #80048: Bug #69100 has not been fixed for Windows
Christoph M. Becker [Thu, 3 Sep 2020 12:27:45 +0000 (14:27 +0200)]
Fix #80048: Bug #69100 has not been fixed for Windows

We fix the erroneous length calculation on Windows, too.

Closes GH-6067.

4 years agoSkip test if A: drive exists
Christoph M. Becker [Thu, 3 Sep 2020 08:26:05 +0000 (10:26 +0200)]
Skip test if A: drive exists

Otherwise the test case will fail for a very different reason.

4 years agoHandle memory limit error during string reallocation correctly
Nikita Popov [Thu, 3 Sep 2020 07:45:54 +0000 (09:45 +0200)]
Handle memory limit error during string reallocation correctly

Do not decrement the refcount before allocating the new string,
as the allocation operation may bail out and cause a use-after-free
lateron. We can only decrement the refcount once the allocation
has succeeded.

Fixes oss-fuzz #25384.

4 years agoFix binary-safety of parse_url
Nikita Popov [Wed, 2 Sep 2020 14:43:00 +0000 (16:43 +0200)]
Fix binary-safety of parse_url

php_parse_url() is intended to support strings that are not zero
terminated. We can't use strcspn in the implementation.

As we have two uses of strcspn, add a helper.

4 years agoFix throwing of yield from related exceptions into generator
Nikita Popov [Wed, 2 Sep 2020 08:50:14 +0000 (10:50 +0200)]
Fix throwing of yield from related exceptions into generator

Use the general zend_generator_throw_exception() helper for this.
Otherwise we don't handle the off-by-one opline correctly (should
we maybe just stop doing that?)

This is a followup to ad750c3bb6e7b48384c6265eb9d3bcf5b4000652,
which fixed a different yield from exception handling problem that
happened to show up in the same test case from oss-fuzz #25321.
Now both issues should be fixed.

4 years agoFix infinite loop on string offset during by-ref list assign
Nikita Popov [Wed, 2 Sep 2020 08:13:42 +0000 (10:13 +0200)]
Fix infinite loop on string offset during by-ref list assign

There is a deeper underlying issue here, in that the opcodes violate
VM write-fetch safety, but let's fix the infinite loop first.

This fixes oss-fuzz #25352.

4 years agoFix leak on assign concat of array and empty string
Nikita Popov [Mon, 31 Aug 2020 15:03:27 +0000 (17:03 +0200)]
Fix leak on assign concat of array and empty string

4 years agoFixed test case
Derick Rethans [Mon, 31 Aug 2020 11:31:23 +0000 (12:31 +0100)]
Fixed test case

4 years agoUpdate timelib to 2018.04
Derick Rethans [Mon, 31 Aug 2020 10:41:41 +0000 (11:41 +0100)]
Update timelib to 2018.04

4 years agoFix #80027 Terrible performance using $query->fetch on queries with many bind parameters
Matteo Beccati [Mon, 31 Aug 2020 08:45:36 +0000 (10:45 +0200)]
Fix #80027 Terrible performance using $query->fetch on queries with many bind parameters

Added new flags that allow skipping param_evt(s) that are not used by drivers,
in a backwards and forward compatible manner. Updated the pgsql, mysql, sqlite
and oci drivers to properly use the new flags. I've left out pdo_dblib, which
doesn't have a param_hook, and pdo_firebird, which seems to be using
PARAM_EVT_NORMALIZE in a wrong context (param type vs event type).

4 years agoFix handling of exception if valid() during yield from
Nikita Popov [Mon, 31 Aug 2020 08:51:00 +0000 (10:51 +0200)]
Fix handling of exception if valid() during yield from

Fixes oss-fuzz #25296.

4 years agoMake MAX_IFD_NESTING_LEVEL an actual nesting level
Nikita Popov [Wed, 12 Aug 2020 08:09:37 +0000 (10:09 +0200)]
Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
bug reports of it being exceeded. I think the intention behind this
limit was to prevent recursion stack overflow, and for that we only
need to check actual recursive usage. I've implemented that here,
and dropped the nesting limit down to a smaller value
(which still passes our tests).

However, it seems that we do also need to have a total limit on
the number of tags, as we don't catch some instances of infinite
looping otherwise. Add this as a separate limit with a higher
value, that should hopefully be sufficient.

This is expected to fix a number of bugs:

https://bugs.php.net/bug.php?id=78083
https://bugs.php.net/bug.php?id=78701
https://bugs.php.net/bug.php?id=79907
https://bugs.php.net/bug.php?id=80016

4 years agoImprove error_handing replacement functions
twosee [Thu, 27 Aug 2020 16:54:46 +0000 (00:54 +0800)]
Improve error_handing replacement functions

We explicitly skip calls to user_error_handler in EH_THROW mode

Closes GH-6050.

4 years agoRequire non-negative length in stream_get_contents()
Nikita Popov [Thu, 27 Aug 2020 13:49:33 +0000 (15:49 +0200)]
Require non-negative length in stream_get_contents()

If the length is not -1, require it to be non-negative.

Using such lengths doesn't make sense (as only -1 is special-case
to read in chunks, anything else will end up doing a huge upfront
allocation) and can lead to string allocation overflow.

A similar check is already in place for file_get_contents(). That
one does not allow -1 (and uses null instead), but this function
is explicitly specified to accept -1, so stick to that behavior.

4 years agoFix com_safearray_proxy related memory management issues
Christoph M. Becker [Wed, 26 Aug 2020 13:31:26 +0000 (15:31 +0200)]
Fix com_safearray_proxy related memory management issues

4 years agoSeparate COM::__construct()s $server_name array
Christoph M. Becker [Tue, 25 Aug 2020 11:48:50 +0000 (13:48 +0200)]
Separate COM::__construct()s $server_name array

This may otherwise be modified.

4 years agoFix #64130: COM obj parameters passed by reference are not updated
Christoph M. Becker [Wed, 26 Aug 2020 12:45:13 +0000 (14:45 +0200)]
Fix #64130: COM obj parameters passed by reference are not updated

`ITypeInfo_GetIDsOfNames()` is supposed to fail with `E_NOTIMPL` for
out-of-process servers, thus we should not remove the already available
typeinfo of the object in this case.

We also properly free the `byref_vals`.

4 years agoFix memory leak when yielding from non-iterable
Nikita Popov [Wed, 26 Aug 2020 09:32:01 +0000 (11:32 +0200)]
Fix memory leak when yielding from non-iterable

4 years agoAvoid double-free
Christoph M. Becker [Tue, 25 Aug 2020 11:07:29 +0000 (13:07 +0200)]
Avoid double-free

As of commit b2e3fd1[1] the `authid.User` is no longer newly allocated,
so we must not free it.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=b2e3fd1e691b1dc82aaaf4150461db97bd5acf4a>

4 years agoRemove bogus REGISTER_LONG_CONSTANT
Nikita Popov [Tue, 25 Aug 2020 10:34:32 +0000 (12:34 +0200)]
Remove bogus REGISTER_LONG_CONSTANT

This shouldn't be in this function, probably a copy/paste mistake...

4 years agoFix potential integer overflow detected by oss-fuzz
Christoph M. Becker [Mon, 24 Aug 2020 15:32:06 +0000 (17:32 +0200)]
Fix potential integer overflow detected by oss-fuzz

We port the respective fix from upstream[1].

[1] <https://github.com/libgd/libgd/commit/9ed642764cf0b4585d135eb738812a43265cb2d3>

4 years agoFix #79986: str_ireplace bug with diacritics characters
Christoph M. Becker [Tue, 18 Aug 2020 11:24:17 +0000 (13:24 +0200)]
Fix #79986: str_ireplace bug with diacritics characters

`tolower()` returns an `int`, so we must not convert to `char` which
may be `signed` and as such may be subject to overflow (actually,
implementation defined behavior).

Closes GH-6007

4 years agoFix #80002: calc free space for new interned string is wrong
Christoph M. Becker [Thu, 20 Aug 2020 09:20:03 +0000 (11:20 +0200)]
Fix #80002: calc free space for new interned string is wrong

We need to calculate the free size in bytes.

Patch contributed by t-matsuno.

Closes GH-6024

4 years agoFix #80007: Potential type confusion in unixtojd() parameter parsing
Andy Postnikov [Fri, 21 Aug 2020 23:44:48 +0000 (02:44 +0300)]
Fix #80007: Potential type confusion in unixtojd() parameter parsing

Also it fixes test on 32-bit armv7 and x86
- Test unixtojd() function : error conditions [ext/calendar/tests/unixtojd_error1.phpt]

Closes GH-6033

4 years agoFix wrong datatype
Manuel Mausz [Fri, 21 Aug 2020 11:53:40 +0000 (11:53 +0000)]
Fix wrong datatype

ini_entry->modifiable is of type uint8_t and so should be the temp. variable. Especially important after 4b77a158.

Closes GH-6028

4 years agoFix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"
Matteo Beccati [Tue, 18 Aug 2020 16:10:39 +0000 (18:10 +0200)]
Fix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"

4 years ago7.3.23 is next
Christoph M. Becker [Tue, 18 Aug 2020 07:55:37 +0000 (09:55 +0200)]
7.3.23 is next

4 years agoFix HTTP response status code
Christoph M. Becker [Mon, 17 Aug 2020 16:36:02 +0000 (18:36 +0200)]
Fix HTTP response status code

4 years agoNull terminate the sodium_crypto_kx_keypair() result
Nikita Popov [Fri, 14 Aug 2020 13:51:00 +0000 (15:51 +0200)]
Null terminate the sodium_crypto_kx_keypair() result

4 years agoFix #64705 errorInfo property of PDOException is null when PDO::__construct() fails
Ahmed Abdou [Sun, 17 Feb 2019 21:59:00 +0000 (22:59 +0100)]
Fix #64705 errorInfo property of PDOException is null when PDO::__construct() fails

PDO driver constructors are throwing PdoException without setting
errorInfo, so create a new reusable function that throws exceptions
for PDO and will also set the errorInfo. Use this function in
pdo_mysql, pdo_sqlite, and pdo_pgsql.

4 years agoFix bug #75785 by attempt switching endianness on Maker's Note
Nawarian [Sun, 12 Jul 2020 19:53:52 +0000 (21:53 +0200)]
Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big refactor and a gigantic lookup
table, this commit simply attempts to switch the
endianness and proceed when values are acceptable.

Closes GH-5849.

4 years agoFix #48585: com_load_typelib holds reference, fails on second call
Christoph M. Becker [Tue, 4 Aug 2020 16:25:50 +0000 (18:25 +0200)]
Fix #48585: com_load_typelib holds reference, fails on second call

Whether the type library is cached is actually irrelevant here; what
matters is that the symbols are imported, and since these are not
cached, we have to import them for every request.  And we cannot cache
the symbols, because the import depends on the current codepage, but
the codepage is a `PHP_INI_ALL` setting.

4 years agoFixed bug #79951
Nikita Popov [Tue, 11 Aug 2020 08:33:59 +0000 (10:33 +0200)]
Fixed bug #79951

One branch did not release tmp_replace_entry_str.

Also reduce the scope of some variables.

4 years agoMake sure string is NUL byte terminated.
George Wang [Mon, 10 Aug 2020 23:11:03 +0000 (19:11 -0400)]
Make sure string is NUL byte terminated.

4 years agoCheck the correct list
Nikita Popov [Mon, 10 Aug 2020 19:52:36 +0000 (21:52 +0200)]
Check the correct list

This was supposed to check mx_list, not weight_list... oops.

4 years agoFix bug #79944
Nikita Popov [Mon, 10 Aug 2020 14:53:31 +0000 (16:53 +0200)]
Fix bug #79944

Only return true from dns_get_mx if we actually found any MX record.

4 years agoFix #79922: Crash after multiple calls to xml_parser_free()
Christoph M. Becker [Mon, 10 Aug 2020 08:40:31 +0000 (10:40 +0200)]
Fix #79922: Crash after multiple calls to xml_parser_free()

We must not call `zend_list_delete()` in resource closer functions
exposed to userland, because decreasing the refcount there leads to
use-after-free scenarios.  In this case, commit 4a42fbb worked for
typical use-cases where `xml_parser_free()` has been called exactly
once for the resource, because there is an internal zval (`->index`)
referencing the same resource which already increased the refcount by
one.  However, when `xml_parser_free()` is called multiple times on the
same XML parser resource, the resource would be freed prematurely.

Instead we forcefully close the resource in `xml_parser_free()`.  We
also could decrease the refcount of the resource there, but that would
require to call `xml_parser_free()` which is somewhat uncommon, and
would be particularly bad wrt. PHP 8 where that function is a NOP, and
as such doesn't have to be called.  So we do no longer increase the
refcount of the resource when copying it to the internal zval, and let
the usualy refcounting semantics take care of the resource destruction.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=4a42fbbbc73aad7427aef5c89974d1833636e082>

4 years agoFix bug #70574: Move files to proper locale dir
Florian Engelhardt [Wed, 5 Aug 2020 11:33:52 +0000 (13:33 +0200)]
Fix bug #70574: Move files to proper locale dir

Closes GH-5940.

4 years agoFix #79934: CRLF-only line in heredoc causes parsing error
Pieter van den Ham [Wed, 5 Aug 2020 18:21:26 +0000 (20:21 +0200)]
Fix #79934: CRLF-only line in heredoc causes parsing error

Fixes the function `next_newline()` in zend_language_scanner.l. The
function now correctly returns a newline_len of 2 for "\r\n".

Closes GH-5944.

4 years agoFix memory leak on socket_sendmsg() / socket_recvmsg() error
Nikita Popov [Wed, 5 Aug 2020 08:55:41 +0000 (10:55 +0200)]
Fix memory leak on socket_sendmsg() / socket_recvmsg() error

4 years agoFixed bug #79930
Nikita Popov [Wed, 5 Aug 2020 13:41:42 +0000 (15:41 +0200)]
Fixed bug #79930

We're inserting src_zval, so that's what we should addref.

4 years agoFix iov_base pointer type for illumos
David Carlier [Wed, 5 Aug 2020 09:09:18 +0000 (10:09 +0100)]
Fix iov_base pointer type for illumos

These systems has two versions of the iovec interface dependent on
compiler flags passed, the legacy version causing little build issue.

Closes GH-5939.

4 years ago[ci skip] Fix 7.3.21 release date
Christoph M. Becker [Tue, 4 Aug 2020 10:31:08 +0000 (12:31 +0200)]
[ci skip] Fix 7.3.21 release date

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Remi Collet [Tue, 4 Aug 2020 07:55:40 +0000 (09:55 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  bump version to 7.2.34-dev
  Update NEWS

4 years agobump version to 7.2.34-dev
Remi Collet [Tue, 4 Aug 2020 07:50:07 +0000 (09:50 +0200)]
bump version to 7.2.34-dev

4 years agoRemoved space from bug55086.phpt
Graham Campbell [Sun, 2 Aug 2020 11:04:11 +0000 (12:04 +0100)]
Removed space from bug55086.phpt

Closes GH-5923.

4 years agoset -ex on travis/compile.sh
Santiago M. Mola [Sat, 1 Aug 2020 15:43:08 +0000 (17:43 +0200)]
set -ex on travis/compile.sh

-e to fail early: ./configure may fail and further errors from make bury
the original problem in the logs.

-x for easier debugging

4 years ago[ci skip] Add missing NEWS entries
Christoph M. Becker [Mon, 3 Aug 2020 09:08:31 +0000 (11:08 +0200)]
[ci skip] Add missing NEWS entries

4 years agoUpdate NEWS
Stanislav Malyshev [Mon, 3 Aug 2020 08:14:38 +0000 (01:14 -0700)]
Update NEWS

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Stanislav Malyshev [Mon, 3 Aug 2020 06:56:37 +0000 (23:56 -0700)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Fix #79877: getimagesize function silently truncates after a null byte
  Fix #79797: Use of freed hash key in the phar_parse_zipfile function

4 years agoFix #79877: getimagesize function silently truncates after a null byte
Christoph M. Becker [Tue, 21 Jul 2020 09:07:43 +0000 (11:07 +0200)]
Fix #79877: getimagesize function silently truncates after a null byte

We have to check for NUL bytes if `getimagesize()` has been called.

4 years agoFix #79797: Use of freed hash key in the phar_parse_zipfile function
Christoph M. Becker [Tue, 14 Jul 2020 15:04:24 +0000 (17:04 +0200)]
Fix #79797: Use of freed hash key in the phar_parse_zipfile function

We must not use heap memory after we freed it.

4 years agoFix #79919: Stack use-after-scope in define()
Christoph M. Becker [Fri, 31 Jul 2020 07:12:22 +0000 (09:12 +0200)]
Fix #79919: Stack use-after-scope in define()

Instead of the temporary `rv`, we use the `val_free` which is there for
this purpose.

4 years agoAmendment to OPcache base file removal
Christoph M. Becker [Wed, 29 Jul 2020 16:06:42 +0000 (18:06 +0200)]
Amendment to OPcache base file removal

We fix the erroneous segment size.  We also keep the segment pointer at
the allocated address, but increase the position instead.

4 years agoConsider op1 literal of FETCH_OBJ_R
Nikita Popov [Wed, 29 Jul 2020 15:04:23 +0000 (17:04 +0200)]
Consider op1 literal of FETCH_OBJ_R

FETCH_OBJ_R may have an op1 CONST operand, even though it will
always error. We should take this into account when compacting
literals.

4 years agoFix test
Nikita Popov [Wed, 29 Jul 2020 13:04:05 +0000 (15:04 +0200)]
Fix test

4 years agoFix #79895: support = in PHP_CHECK_GCC_ARG m4 macro
Santiago M. Mola [Fri, 24 Jul 2020 20:46:11 +0000 (22:46 +0200)]
Fix #79895: support = in PHP_CHECK_GCC_ARG m4 macro

Closes GH-5890.

4 years agoHandle bindto error
twosee [Wed, 29 Jul 2020 04:59:44 +0000 (12:59 +0800)]
Handle bindto error

Closes GH-5903.

4 years agoFix #73060: php failed with error after temp folder cleaned up
Christoph M. Becker [Tue, 28 Jul 2020 12:40:04 +0000 (14:40 +0200)]
Fix #73060: php failed with error after temp folder cleaned up

Instead of storing the mapping base address and the address of
`execute_ex()` in a separate file in the temporary folder, we store
them right at the beginning of the memory mapping.

4 years agoFix #79806: realpath() erroneously resolves link to link
Christoph M. Becker [Tue, 28 Jul 2020 09:22:57 +0000 (11:22 +0200)]
Fix #79806: realpath() erroneously resolves link to link

After resolving reparse points, the path still may be a reparse point;
in that case we have to resolve that reparse point as well.

4 years agofix memory leaks in ext/ldap/ldap.c
Paweł Tomulik [Fri, 10 Jul 2020 19:55:42 +0000 (21:55 +0200)]
fix memory leaks in ext/ldap/ldap.c

4 years agoRevert "Fix #79806: realpath() erroneously resolves link to link"
Christoph M. Becker [Mon, 27 Jul 2020 15:50:41 +0000 (17:50 +0200)]
Revert "Fix #79806: realpath() erroneously resolves link to link"

This reverts commit d5b59b4303642adac91df2c93969a72bc0f5fa7d.

4 years agoFix #79806: realpath() erroneously resolves link to link
Christoph M. Becker [Wed, 15 Jul 2020 16:37:27 +0000 (18:37 +0200)]
Fix #79806: realpath() erroneously resolves link to link

After resolving reparse points, the path still may be a reparse point;
in that case we have to resolve that reparse point as well.

4 years agoFix #77932: File extensions are case-sensitive
Christoph M. Becker [Mon, 27 Jul 2020 08:13:52 +0000 (10:13 +0200)]
Fix #77932: File extensions are case-sensitive

The file extension to mime type mapping *must* not depend on the file
extension's case for case-insensitive file systems, and *should* not
for case-sensitive file systems.

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
George Wang [Thu, 23 Jul 2020 19:36:35 +0000 (15:36 -0400)]
Merge branch 'PHP-7.2' into PHP-7.3

4 years agoSecurity: update to LiteSpeed SAPI v7.7 to address an buffer overflow, and some log...
George Wang [Thu, 23 Jul 2020 19:35:32 +0000 (15:35 -0400)]
Security: update to LiteSpeed SAPI v7.7 to address an buffer overflow, and some log message tunings.

4 years agoFix #79884: PHP_CONFIG_FILE_PATH is meaningless
Christoph M. Becker [Wed, 22 Jul 2020 08:48:15 +0000 (10:48 +0200)]
Fix #79884: PHP_CONFIG_FILE_PATH is meaningless

It does not make sense to make assumptions about `PHP_CONFIG_FILE_PATH`
during build time, since that value is never used during run time on
Windows.  Since there is no `--with-config-file-path` on Windows
either, we define `PHP_CONFIG_FILE_PATH` as `""`.

4 years agoFix brittle test
Christoph M. Becker [Wed, 22 Jul 2020 18:45:55 +0000 (20:45 +0200)]
Fix brittle test

This test fails occasionally due to timing issues, because the session
file may have been unlinked by the first `session_start()`'s GC.  We
adapt the test expectation to this reality.

4 years ago7.3 is now 7.3.22-dev
Christoph M. Becker [Tue, 21 Jul 2020 07:18:07 +0000 (09:18 +0200)]
7.3 is now 7.3.22-dev

4 years agoFix #63527: DCOM does not work with Username, Password parameter
Christoph M. Becker [Fri, 10 Jul 2020 13:43:32 +0000 (15:43 +0200)]
Fix #63527: DCOM does not work with Username, Password parameter

We must not mix multibyte and wide character strings in the
`COAUTHIDENTITY` structure.  Using wide character strings throughout
would have the advantage that the remote connection can be established
regardless of the code page of the server, but that would more likely
break BC, so we just drop the wide character string conversion of the
username.

4 years agoFix bug #78008: dns_check_record() always return true on Alpine
Andy Postnikov [Tue, 14 Jul 2020 01:14:05 +0000 (04:14 +0300)]
Fix bug #78008: dns_check_record() always return true on Alpine

- free handle before return result
- cleaned up remaining usage of MAXPACKET
- update dns_get_mx() to use the same approach

Closes GH-5854.

4 years agoFixed bug #79849
Evgeny Stepanischev [Mon, 13 Jul 2020 12:16:39 +0000 (15:16 +0300)]
Fixed bug #79849

Closes GH-5853.

4 years agoFixed BC break of php_debug_zval_dump
twosee [Sat, 11 Jul 2020 10:30:28 +0000 (18:30 +0800)]
Fixed BC break of php_debug_zval_dump

It introduced by fixing bug #79830

4 years agoFixed bug #79830 introduced by fixing bug #79821
twosee [Sat, 11 Jul 2020 06:37:25 +0000 (14:37 +0800)]
Fixed bug #79830 introduced by fixing bug #79821

This also fixes memory error in debug_zval_dump and var_export.

4 years agoFixed bug #79821
twosee [Fri, 10 Jul 2020 22:14:22 +0000 (06:14 +0800)]
Fixed bug #79821

HashTable was reallocated (zend_hash_packed_grow) during php_var_dump, so we should call GC_ADDREF to make SEPARATE_ARRAY work.

Closes GH-5837.

4 years agoFixed bug #79817
Nikita Popov [Fri, 10 Jul 2020 12:06:41 +0000 (14:06 +0200)]
Fixed bug #79817

Use *_IND macros in a few places in string.c.

4 years agoFix some memory bugs in ldap.c
Paweł Tomulik [Fri, 3 Jul 2020 00:11:44 +0000 (02:11 +0200)]
Fix some memory bugs in ldap.c