This is related to Zend VM regression bug #75881. The regression was fixed in the VM, so there is no user visible change from the termination correction.
Fix #66828: iconv_mime_encode Q-encoding longer than it should be
Before the fix for bug 48289 has been applied, the algorithm to
construct a Q-encoded-word has been optimistic, i.e. try to encode as
many bytes that *may* fit in the remaining space, calculate the actual
length of the Q-encoded word, and if it's too long, try again with a
reduced size. However, the fix for the mentioned bug replaced this by
a pessimistic algorithm, which always terminates[1] the for loop[2]
during the first iteration (which renders the following 3 lines as dead
code), and as such easily produces unnecessarily short encoded-words.
Instead the proper fix for the bug would have been to make sure that
`out_size` is always decremented, if the space isn't sufficient for the
encoded-word.
Newer MySQL versions are stricter about invalid values. Three issues
are fixed:
* Don't use negative values with ZEROFILL. ZEROFILL implies UNSIGNED.
* Use a legal TIMESTAMP value. TIMESTAMP does not accept a Unix timestamp.
* Specify BIGINT values as strings, to avoid overflows.
Fix intermittent failures in mysqli_stmt_bind_result_format.phpt
There were two distinct issues here:
* $trend was compared against 'NULL' using !=, which does not work
as intended in the case where $trend==0.0.
* current_targets was declared as double(17,0), which means that
the fractional part was rounded, so that the same comparison in
SQL (rounded) and in PHP (not rounded) did not necessarily
match.
Please don't write mt_rand based tests, it takes ages to debug this
crap...
get_method() may modify the object pointer passed to it if method
forwarding is used. In this case we do not want to modify the
passed zval, so make sure that we copy the object into a temporary
first.
Fix #75273: php_zlib_inflate_filter() may not update bytes_consumed
Whenever we return with `PSFS_PASS_ON`, we need to update
`bytes_consumed` to not mislead the caller. Instead of fixing the
respective `if` clauses, we eschew the early bail-outs to simplify the
code a bit.
Fix #75696: posix_getgrnam fails to print details of group
According to the POSIX specification of `getgrnam_r()` the result of
`sysconf(_SC_GETGR_R_SIZE_MAX)` is an initial value suggested for the
size of the buffer, and `ERANGE` signals that insufficient storage was
supplied. So if we get `ERANGE`, we try again with a buffer twice as
big, and so on, instead of failing.
Anatol Belski [Mon, 6 Aug 2018 20:35:11 +0000 (22:35 +0200)]
Fix stack underflow in phar
The checks can issue reads below and above the temporary buffer. A read
itself doesn't seem dangerous, but the condition result can be
arbitrary. Such reads have to be avoided. Likely this patch should be
backported.
Fix #68180: iconv_mime_decode can return extra characters in a header
Basically, the algorithm to append a converted string to an existing
`smart_str` works by increasing the `smart_str` buffer, to let `iconv`
convert characters until there is no more space, to set the new length
of the `smart_str` and to repeat until there is no more input.
Formerly, the new length calculation has been wrong, though, since we
would have to take the old `out_len` into account (`buf_growth -
old_out_len - out_len`). However, since there is no need to take the
old `out_len` into account when increasing the `smart_str` buffer, we
can simplify the fix, avoiding an additional variable.
Fix #60494: iconv_mime_decode does ignore special characters
We must not ignore erroneous characters in mime headers, but rather let
iconv_mime_decode() fail in this case, issuing the usual notice
regarding illegal characters.
Fix #63839: iconv_mime_decode_headers function is skipping headers
We have to cater to the possibility that `=?` is not the start of an
encoded-word, but rather a literal `=?`. If a line break is found
while we're still looking for the charset, we can safely assume that
it's a literal `=?`, and act accordingly.
Fix #55146: iconv_mime_decode_headers() skips some headers
If we're expecting the start of an encoded word (`=?`), but instead of
the question mark get a line break (CR or LF), we must not append it to
the `pretval`.
There's no need to actually try to trigger an out-of-memory condition
to proof the leak; instead we can simply rely on the Zend MM to report
the memory leaks in debug mode (at least on Linux). Therefore we
simplify the regression test, which also makes it run much faster.
Kevin Abel [Mon, 9 Jul 2018 01:37:21 +0000 (20:37 -0500)]
Fix bug 76595: Update phpdbg man page
Send phpdbg.1 man page through configure replacements
Update phpdbg.1 man page to include all options
Fixes formatting to be more consistent with php.1
Fix paragraph whitespace and ignore phpdbg.1
Fix #52974: jewish.c: compile error under Windows with GBK charset
jewish.c includes ISO-8859-8 encoded Hebrew Hebrew month names, which
may cause compile errors, and is generally confusing. We replace the
literal month names with appropriate escape sequences.