Make is_file() and friends return false when path contains 0-byte
These functions now return false silently:
is_writable, is_readable, is_executable, is_file, is_dir, is_link,
file_exists
These functions now throw a warning an return false (rather than
throwing a ValueError):
fileperms, fileinode, filesize, fileowner, filegroup, filetype,
fileatime, filemtime, filectime, lstat, stat
Nikita Popov [Wed, 2 Dec 2020 09:40:57 +0000 (10:40 +0100)]
Ensure consistent error message in phpdbg parser
This would be either $end or "end of file" depending on bison
version. Explicitly specify "end of command" instead, which seems
more appropriate in context.
Nikita Popov [Wed, 2 Dec 2020 09:51:55 +0000 (10:51 +0100)]
Don't throw from imagecreatefromstring() with too short string
If the string is too short, we should treat this the same way as
an unrecognized image type. This function should be usable to
determine whether something is a valid image without doing any
checks beforehand.
Phar signatures practically are of limited size; for the MD5 and SHA
hashes the size is fixed (at most 64 bytes for SHA512); for OpenSSL
public keys there is no size limit in theory, but "64 KiB ought to be
good enough for anybody". So we check for that limit, to avoid fatal
errors due to out of memory conditions.
Since it is neither possible to have the signature compressed in the
ZIP archive, nor is it possible to manually add a signature via Phar,
we use ZipArchive to create a suitable archive for the test on the fly.
Nikita Popov [Tue, 1 Dec 2020 09:22:36 +0000 (10:22 +0100)]
Don't mark cpu_supports functions as always inline
The use of no-sanitize may result in an inlining failure, which
will be promoted into a compile error by always-inline. Use a
normal inlining hint without enforcing it.
Fix #62004: SplFileObject: fgets after seek returns wrong line
As it is, `::seek(0)` sets the file pointer to the beginning of the
file, but `::seek($n)` where `$n > 0` sets the file pointer to the
beginning of the following line, having line `$n` already read into the
line buffer. This is pretty inconsistent; we fix it by always seeking
to the beginning of the line.
We also add a test case for the duplicate bug #46569.
Nikita Popov [Mon, 30 Nov 2020 14:15:59 +0000 (15:15 +0100)]
Next attempt to fix bug #80368
Apparently treating LibreSSL as OpenSSL 1.1 is not just something
we did in our code, it's something that upstream LibreSSL claims,
despite not actually being compatible. Duh.
Check for EVP_CIPH_OCB_MODE instead, which should reliably
determine support...
* PHP-8.0:
Fix Bug #80438: imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8.0.0
Rename XmlParser to XMLParser for consistency with XMLWriter/XMLReader
Fix Bug #80438: imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8.0.0
Checking for a valid Unique ID (UID) cannot use the convenience macro as they might
be larger than the message number which has for maximum value the total number of
current messages available in the mailbox.
Nikita Popov [Thu, 26 Nov 2020 11:30:17 +0000 (12:30 +0100)]
Suppress stream errors in mysqlnd
mysqlnd currently sets error_reporting=0 to suppress errors while
writing to streams. Unfortunately these errors are still visible
to userland error handlers, which is a source of confusion.
See for example https://bugs.php.net/bug.php?id=80412.
Instead add a stream flag that suppresses the emission of
read/write errors in the first place, and set it in mysqlnd.
I think it might be useful to have this option for userland as
well in the future, but for now this is just an internal
mechanism.
Nikita Popov [Mon, 30 Nov 2020 10:09:28 +0000 (11:09 +0100)]
Only replace IN_ARRAY result type for JMPZ/JMPNZ
Replacing the result type in the general case is dangerous,
because not all opcodes support both VAR and TMP. One common case
is the in_array() result being passed to SEND_VAR, which would
have to be changed to SEND_VAL.
Rather than complicating this logic, reduce the scope to only
doing the type replacement for JMPZ and JMPNZ. The only reason
we're doing this in the first place is to enable the smart branch
optimization, so we can limit it to the relevant opcodes. Replacing
the result type may be marginally useful in other cases as well
(as it may avoid reference checks), but not worth the bother.
Nikita Popov [Fri, 27 Nov 2020 16:40:34 +0000 (17:40 +0100)]
Don't check for throwing calls in sccp function evaluation
We only need to reject functions that could warn (or have runtime
dependent behavior). If a function can throw in some cases, just
let it and discard the result.
Nikita Popov [Fri, 27 Nov 2020 16:43:24 +0000 (17:43 +0100)]
Fix handling of sccp exceptions
We should clear the exception *before* we destroy the execute_data.
Add a variation of the test that indirects through another file,
and would crash otherwise.