Fix #79294: ::columnType() may fail after SQLite3Stmt::reset()
The fix for feature request #53466 did not properly handle resetting of
the corresponding statement; the problem with this is that the
statement does not know about its result sets. But even if we could
fix this, the `complete` handling still appears to be brittle, since
the `sqlite3_column_type()`docs[1] state:
| If the SQL statement does not currently point to a valid row, or if
| the column index is out of range, the result is undefined.
Fortunately, we can use `sqlite3_data_count()` instead, since[2]:
| If prepared statement P does not have results ready to return (via
| calls to the sqlite3_column() family of interfaces) then
| sqlite3_data_count(P) returns 0.
Thus, we guard `SQLite3::columnType()` with `sqlite3_data_count()`, and
completely drop updating the `php_sqlite3_result_object.complete`
field, but keep it for ABI BC purposes.
Bishop Bettini [Wed, 19 Feb 2020 16:30:32 +0000 (11:30 -0500)]
Improve comment on RFC 1867 filename handling
It was pointed out on the internals ML[1] that the basename comment
around RFC 1867 file handling was confusing. The comment seemed to
say that the basename handling was only necessary because of some
esoteric bug in Windows IE. In fact that comment applied to earlier
versions of the code and was, therefore, misleading. The comment
needs to clear that basename is required per RFC 7578[2].
Nikita Popov [Wed, 19 Feb 2020 09:22:54 +0000 (10:22 +0100)]
Create memory stream in exif fuzzer
At least one segfault observed because temp file creation failed.
Switch to using a memory stream, which should be more robust, and
more efficient for that matter.
Nikita Popov [Tue, 17 Dec 2019 11:21:05 +0000 (12:21 +0100)]
Handle EXIF offsets in a principled manner
exif_process_IFD_TAG() currently accepts a dir_entry, offset_base
and IFDlength. However, it's very hard to follow how these values
are related to each other and the addressable memory region. As we
add additional bounds check, this gets further confused.
One of the basic cases is where dir_entry is in
[offset_base, offset_base+IFDlength), in which case the memory
[dir_entry, offset_base+IFDlength) is valid, but the memory
[offset_base, dir_entry) is not necessarily valid. I wasn't able
to understand what exactly is valid if dir_entry is outside
[offset_base, offset_base+IFDlength)
This patch changes everything to use a struct that separately stores
offset_base and the valid memory region and adds helpers to fetch
offsets and check that pointers are in-bounds.
Nikita Popov [Thu, 9 Jan 2020 11:21:02 +0000 (12:21 +0100)]
Deprecate required param after optional
As an exception, we allow "Type $foo = null" to occur before a
required parameter, because this pattern was used as a replacement
for nullable types in PHP versions older than 7.1.
Nikita Popov [Tue, 18 Feb 2020 09:01:17 +0000 (10:01 +0100)]
Fix zpp in mysqli_warning::next()
This only exists as a method, so using zend_parse_method_parameters
doesn't make sense. Also make sure that zpp is always called, not
only conditionally.
Make quoting of cmd execution functions consistent
While the `$command` passed to `proc_open()` had to be wrapped in
double-quotes manually, that was implicitly done for all other
program execution functions. This could easily introduce bugs and
even security issues when switching from one to another program
execution function.
Furthermore we ensure that the additional quotes are always
unwrapped regardless of what is passed as `$command` by passing
the `/s` flag to cmd.exe. As it was, `shell_exec('path with
spaces/program.exe')` did execute program.exe, but adding an
argument (`shell_exec('path with spaces/program.exe -h)`) failed
to execute program.exe, because cmd.exe stripped the additional
quotes.
While these changes obviously can cause BC breaks, we feel that in
the long run the benefits of having consistent behavior for all
program execution functions outweighs the drawbacks of potentially
breaking some code now.
Firstly, we must not rely on `stmt->column_count` when freeing the
driver specific column values, but rather store the column count in
the driver data. Since the column count is a `short`, 16 bit are
sufficient, so we can store it in reserved bits of `pdo_odbc_stmt`.
Furthermore, we must not allocate new column value storage when the
statement is not executed, but rather when the column value storage has
not been allocated.
Finally, we have to introduce a driver specific `cursor_closer` to
avoid that `::closeCursor()` calls `odbc_stmt_next_rowset()` which then
frees the column value storage, because it may be still needed for
bound columns.
* PHP-7.4:
Fix # 79171: heap-buffer-overflow in phar_extract_file
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
Mark bug76348.phpt as online test
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
* PHP-7.3:
Fix # 79171: heap-buffer-overflow in phar_extract_file
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
Mark bug76348.phpt as online test
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
* PHP-7.2:
Mark bug76348.phpt as online test
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
Create a new console for each test worker on Windows
The primary motivation to have each test worker running its own console
is to allow the windows_mb_path tests to run in parallel. A nice side
effect is that this also prevents changing the code page of the
tester's console window (which can even cause its font to be changed).
To be able to do so, we introduce the `create_new_console` option for
`proc_open()`, which might occasionally be useful for other purposes
than testing.
Nikita Popov [Thu, 6 Feb 2020 10:13:13 +0000 (11:13 +0100)]
Improve generated names for anonymous classes
In order of preference, the generated name will be:
new class extends ParentClass {};
// -> ParentClass@anonymous
new class implements FirstInterface, SecondInterface {};
// -> FirstInterface@anonymous
new class {};
// -> class@anonymous
This is intended to display a more useful class name in error messages
and stack traces, and thus make debugging easier.
Nikita Popov [Tue, 7 Jan 2020 14:06:36 +0000 (15:06 +0100)]
Add static return type
RFC: https://wiki.php.net/rfc/static_return_type
The "static" type is represented as MAY_BE_STATIC, rather than
a class type like "self" and "parent", as it has special
resolution semantics, and cannot be cached in the runtime cache.
Dmitry Stogov [Mon, 17 Feb 2020 09:54:11 +0000 (12:54 +0300)]
Merge branch 'PHP-7.4'
* PHP-7.4:
Disable instantiation of zero size FFI\CData objects
Fix # 79171: heap-buffer-overflow in phar_extract_file
Fix bug #79082 - Files added to tar with Phar::buildFromIterator have all-access permissions
Fix bug #79221 - Null Pointer Dereference in PHP Session Upload Progress
Constrain number parameter of numfmt_format to int|float
This is inline with similar changes to the math functions. Especially,
array to number conversion makes no sense here, and is likely to hide
a programming error.
To make that feasible, we introduce the `n` specifier for classic ZPP
so we can stick with `zend_parse_method_parameters()`.
We also remove a test case, which has been degenerated to a ZPP test.
projects / php / log