]> granicus.if.org Git - php/log
php
4 years agoFix #80007: Potential type confusion in unixtojd() parameter parsing
Andy Postnikov [Fri, 21 Aug 2020 23:44:48 +0000 (02:44 +0300)]
Fix #80007: Potential type confusion in unixtojd() parameter parsing

Also it fixes test on 32-bit armv7 and x86
- Test unixtojd() function : error conditions [ext/calendar/tests/unixtojd_error1.phpt]

Closes GH-6033

4 years agoFix wrong datatype
Manuel Mausz [Fri, 21 Aug 2020 11:53:40 +0000 (11:53 +0000)]
Fix wrong datatype

ini_entry->modifiable is of type uint8_t and so should be the temp. variable. Especially important after 4b77a158.

Closes GH-6028

4 years agoFix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"
Matteo Beccati [Tue, 18 Aug 2020 16:10:39 +0000 (18:10 +0200)]
Fix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"

4 years ago7.3.23 is next
Christoph M. Becker [Tue, 18 Aug 2020 07:55:37 +0000 (09:55 +0200)]
7.3.23 is next

4 years agoFix HTTP response status code
Christoph M. Becker [Mon, 17 Aug 2020 16:36:02 +0000 (18:36 +0200)]
Fix HTTP response status code

4 years agoNull terminate the sodium_crypto_kx_keypair() result
Nikita Popov [Fri, 14 Aug 2020 13:51:00 +0000 (15:51 +0200)]
Null terminate the sodium_crypto_kx_keypair() result

4 years agoFix #64705 errorInfo property of PDOException is null when PDO::__construct() fails
Ahmed Abdou [Sun, 17 Feb 2019 21:59:00 +0000 (22:59 +0100)]
Fix #64705 errorInfo property of PDOException is null when PDO::__construct() fails

PDO driver constructors are throwing PdoException without setting
errorInfo, so create a new reusable function that throws exceptions
for PDO and will also set the errorInfo. Use this function in
pdo_mysql, pdo_sqlite, and pdo_pgsql.

4 years agoFix bug #75785 by attempt switching endianness on Maker's Note
Nawarian [Sun, 12 Jul 2020 19:53:52 +0000 (21:53 +0200)]
Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big refactor and a gigantic lookup
table, this commit simply attempts to switch the
endianness and proceed when values are acceptable.

Closes GH-5849.

4 years agoFix #48585: com_load_typelib holds reference, fails on second call
Christoph M. Becker [Tue, 4 Aug 2020 16:25:50 +0000 (18:25 +0200)]
Fix #48585: com_load_typelib holds reference, fails on second call

Whether the type library is cached is actually irrelevant here; what
matters is that the symbols are imported, and since these are not
cached, we have to import them for every request.  And we cannot cache
the symbols, because the import depends on the current codepage, but
the codepage is a `PHP_INI_ALL` setting.

4 years agoFixed bug #79951
Nikita Popov [Tue, 11 Aug 2020 08:33:59 +0000 (10:33 +0200)]
Fixed bug #79951

One branch did not release tmp_replace_entry_str.

Also reduce the scope of some variables.

4 years agoMake sure string is NUL byte terminated.
George Wang [Mon, 10 Aug 2020 23:11:03 +0000 (19:11 -0400)]
Make sure string is NUL byte terminated.

4 years agoCheck the correct list
Nikita Popov [Mon, 10 Aug 2020 19:52:36 +0000 (21:52 +0200)]
Check the correct list

This was supposed to check mx_list, not weight_list... oops.

4 years agoFix bug #79944
Nikita Popov [Mon, 10 Aug 2020 14:53:31 +0000 (16:53 +0200)]
Fix bug #79944

Only return true from dns_get_mx if we actually found any MX record.

4 years agoFix #79922: Crash after multiple calls to xml_parser_free()
Christoph M. Becker [Mon, 10 Aug 2020 08:40:31 +0000 (10:40 +0200)]
Fix #79922: Crash after multiple calls to xml_parser_free()

We must not call `zend_list_delete()` in resource closer functions
exposed to userland, because decreasing the refcount there leads to
use-after-free scenarios.  In this case, commit 4a42fbb worked for
typical use-cases where `xml_parser_free()` has been called exactly
once for the resource, because there is an internal zval (`->index`)
referencing the same resource which already increased the refcount by
one.  However, when `xml_parser_free()` is called multiple times on the
same XML parser resource, the resource would be freed prematurely.

Instead we forcefully close the resource in `xml_parser_free()`.  We
also could decrease the refcount of the resource there, but that would
require to call `xml_parser_free()` which is somewhat uncommon, and
would be particularly bad wrt. PHP 8 where that function is a NOP, and
as such doesn't have to be called.  So we do no longer increase the
refcount of the resource when copying it to the internal zval, and let
the usualy refcounting semantics take care of the resource destruction.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=4a42fbbbc73aad7427aef5c89974d1833636e082>

4 years agoFix bug #70574: Move files to proper locale dir
Florian Engelhardt [Wed, 5 Aug 2020 11:33:52 +0000 (13:33 +0200)]
Fix bug #70574: Move files to proper locale dir

Closes GH-5940.

4 years agoFix #79934: CRLF-only line in heredoc causes parsing error
Pieter van den Ham [Wed, 5 Aug 2020 18:21:26 +0000 (20:21 +0200)]
Fix #79934: CRLF-only line in heredoc causes parsing error

Fixes the function `next_newline()` in zend_language_scanner.l. The
function now correctly returns a newline_len of 2 for "\r\n".

Closes GH-5944.

4 years agoFix memory leak on socket_sendmsg() / socket_recvmsg() error
Nikita Popov [Wed, 5 Aug 2020 08:55:41 +0000 (10:55 +0200)]
Fix memory leak on socket_sendmsg() / socket_recvmsg() error

4 years agoFixed bug #79930
Nikita Popov [Wed, 5 Aug 2020 13:41:42 +0000 (15:41 +0200)]
Fixed bug #79930

We're inserting src_zval, so that's what we should addref.

4 years agoFix iov_base pointer type for illumos
David Carlier [Wed, 5 Aug 2020 09:09:18 +0000 (10:09 +0100)]
Fix iov_base pointer type for illumos

These systems has two versions of the iovec interface dependent on
compiler flags passed, the legacy version causing little build issue.

Closes GH-5939.

4 years ago[ci skip] Fix 7.3.21 release date
Christoph M. Becker [Tue, 4 Aug 2020 10:31:08 +0000 (12:31 +0200)]
[ci skip] Fix 7.3.21 release date

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Remi Collet [Tue, 4 Aug 2020 07:55:40 +0000 (09:55 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  bump version to 7.2.34-dev
  Update NEWS

4 years agobump version to 7.2.34-dev
Remi Collet [Tue, 4 Aug 2020 07:50:07 +0000 (09:50 +0200)]
bump version to 7.2.34-dev

4 years agoRemoved space from bug55086.phpt
Graham Campbell [Sun, 2 Aug 2020 11:04:11 +0000 (12:04 +0100)]
Removed space from bug55086.phpt

Closes GH-5923.

4 years agoset -ex on travis/compile.sh
Santiago M. Mola [Sat, 1 Aug 2020 15:43:08 +0000 (17:43 +0200)]
set -ex on travis/compile.sh

-e to fail early: ./configure may fail and further errors from make bury
the original problem in the logs.

-x for easier debugging

4 years ago[ci skip] Add missing NEWS entries
Christoph M. Becker [Mon, 3 Aug 2020 09:08:31 +0000 (11:08 +0200)]
[ci skip] Add missing NEWS entries

4 years agoUpdate NEWS
Stanislav Malyshev [Mon, 3 Aug 2020 08:14:38 +0000 (01:14 -0700)]
Update NEWS

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Stanislav Malyshev [Mon, 3 Aug 2020 06:56:37 +0000 (23:56 -0700)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Fix #79877: getimagesize function silently truncates after a null byte
  Fix #79797: Use of freed hash key in the phar_parse_zipfile function

4 years agoFix #79877: getimagesize function silently truncates after a null byte
Christoph M. Becker [Tue, 21 Jul 2020 09:07:43 +0000 (11:07 +0200)]
Fix #79877: getimagesize function silently truncates after a null byte

We have to check for NUL bytes if `getimagesize()` has been called.

4 years agoFix #79797: Use of freed hash key in the phar_parse_zipfile function
Christoph M. Becker [Tue, 14 Jul 2020 15:04:24 +0000 (17:04 +0200)]
Fix #79797: Use of freed hash key in the phar_parse_zipfile function

We must not use heap memory after we freed it.

4 years agoFix #79919: Stack use-after-scope in define()
Christoph M. Becker [Fri, 31 Jul 2020 07:12:22 +0000 (09:12 +0200)]
Fix #79919: Stack use-after-scope in define()

Instead of the temporary `rv`, we use the `val_free` which is there for
this purpose.

4 years agoAmendment to OPcache base file removal
Christoph M. Becker [Wed, 29 Jul 2020 16:06:42 +0000 (18:06 +0200)]
Amendment to OPcache base file removal

We fix the erroneous segment size.  We also keep the segment pointer at
the allocated address, but increase the position instead.

4 years agoConsider op1 literal of FETCH_OBJ_R
Nikita Popov [Wed, 29 Jul 2020 15:04:23 +0000 (17:04 +0200)]
Consider op1 literal of FETCH_OBJ_R

FETCH_OBJ_R may have an op1 CONST operand, even though it will
always error. We should take this into account when compacting
literals.

4 years agoFix test
Nikita Popov [Wed, 29 Jul 2020 13:04:05 +0000 (15:04 +0200)]
Fix test

4 years agoFix #79895: support = in PHP_CHECK_GCC_ARG m4 macro
Santiago M. Mola [Fri, 24 Jul 2020 20:46:11 +0000 (22:46 +0200)]
Fix #79895: support = in PHP_CHECK_GCC_ARG m4 macro

Closes GH-5890.

4 years agoHandle bindto error
twosee [Wed, 29 Jul 2020 04:59:44 +0000 (12:59 +0800)]
Handle bindto error

Closes GH-5903.

4 years agoFix #73060: php failed with error after temp folder cleaned up
Christoph M. Becker [Tue, 28 Jul 2020 12:40:04 +0000 (14:40 +0200)]
Fix #73060: php failed with error after temp folder cleaned up

Instead of storing the mapping base address and the address of
`execute_ex()` in a separate file in the temporary folder, we store
them right at the beginning of the memory mapping.

4 years agoFix #79806: realpath() erroneously resolves link to link
Christoph M. Becker [Tue, 28 Jul 2020 09:22:57 +0000 (11:22 +0200)]
Fix #79806: realpath() erroneously resolves link to link

After resolving reparse points, the path still may be a reparse point;
in that case we have to resolve that reparse point as well.

4 years agofix memory leaks in ext/ldap/ldap.c
Paweł Tomulik [Fri, 10 Jul 2020 19:55:42 +0000 (21:55 +0200)]
fix memory leaks in ext/ldap/ldap.c

4 years agoRevert "Fix #79806: realpath() erroneously resolves link to link"
Christoph M. Becker [Mon, 27 Jul 2020 15:50:41 +0000 (17:50 +0200)]
Revert "Fix #79806: realpath() erroneously resolves link to link"

This reverts commit d5b59b4303642adac91df2c93969a72bc0f5fa7d.

4 years agoFix #79806: realpath() erroneously resolves link to link
Christoph M. Becker [Wed, 15 Jul 2020 16:37:27 +0000 (18:37 +0200)]
Fix #79806: realpath() erroneously resolves link to link

After resolving reparse points, the path still may be a reparse point;
in that case we have to resolve that reparse point as well.

4 years agoFix #77932: File extensions are case-sensitive
Christoph M. Becker [Mon, 27 Jul 2020 08:13:52 +0000 (10:13 +0200)]
Fix #77932: File extensions are case-sensitive

The file extension to mime type mapping *must* not depend on the file
extension's case for case-insensitive file systems, and *should* not
for case-sensitive file systems.

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
George Wang [Thu, 23 Jul 2020 19:36:35 +0000 (15:36 -0400)]
Merge branch 'PHP-7.2' into PHP-7.3

4 years agoSecurity: update to LiteSpeed SAPI v7.7 to address an buffer overflow, and some log...
George Wang [Thu, 23 Jul 2020 19:35:32 +0000 (15:35 -0400)]
Security: update to LiteSpeed SAPI v7.7 to address an buffer overflow, and some log message tunings.

4 years agoFix #79884: PHP_CONFIG_FILE_PATH is meaningless
Christoph M. Becker [Wed, 22 Jul 2020 08:48:15 +0000 (10:48 +0200)]
Fix #79884: PHP_CONFIG_FILE_PATH is meaningless

It does not make sense to make assumptions about `PHP_CONFIG_FILE_PATH`
during build time, since that value is never used during run time on
Windows.  Since there is no `--with-config-file-path` on Windows
either, we define `PHP_CONFIG_FILE_PATH` as `""`.

4 years agoFix brittle test
Christoph M. Becker [Wed, 22 Jul 2020 18:45:55 +0000 (20:45 +0200)]
Fix brittle test

This test fails occasionally due to timing issues, because the session
file may have been unlinked by the first `session_start()`'s GC.  We
adapt the test expectation to this reality.

4 years ago7.3 is now 7.3.22-dev
Christoph M. Becker [Tue, 21 Jul 2020 07:18:07 +0000 (09:18 +0200)]
7.3 is now 7.3.22-dev

4 years agoFix #63527: DCOM does not work with Username, Password parameter
Christoph M. Becker [Fri, 10 Jul 2020 13:43:32 +0000 (15:43 +0200)]
Fix #63527: DCOM does not work with Username, Password parameter

We must not mix multibyte and wide character strings in the
`COAUTHIDENTITY` structure.  Using wide character strings throughout
would have the advantage that the remote connection can be established
regardless of the code page of the server, but that would more likely
break BC, so we just drop the wide character string conversion of the
username.

4 years agoFix bug #78008: dns_check_record() always return true on Alpine
Andy Postnikov [Tue, 14 Jul 2020 01:14:05 +0000 (04:14 +0300)]
Fix bug #78008: dns_check_record() always return true on Alpine

- free handle before return result
- cleaned up remaining usage of MAXPACKET
- update dns_get_mx() to use the same approach

Closes GH-5854.

4 years agoFixed bug #79849
Evgeny Stepanischev [Mon, 13 Jul 2020 12:16:39 +0000 (15:16 +0300)]
Fixed bug #79849

Closes GH-5853.

4 years agoFixed BC break of php_debug_zval_dump
twosee [Sat, 11 Jul 2020 10:30:28 +0000 (18:30 +0800)]
Fixed BC break of php_debug_zval_dump

It introduced by fixing bug #79830

4 years agoFixed bug #79830 introduced by fixing bug #79821
twosee [Sat, 11 Jul 2020 06:37:25 +0000 (14:37 +0800)]
Fixed bug #79830 introduced by fixing bug #79821

This also fixes memory error in debug_zval_dump and var_export.

4 years agoFixed bug #79821
twosee [Fri, 10 Jul 2020 22:14:22 +0000 (06:14 +0800)]
Fixed bug #79821

HashTable was reallocated (zend_hash_packed_grow) during php_var_dump, so we should call GC_ADDREF to make SEPARATE_ARRAY work.

Closes GH-5837.

4 years agoFixed bug #79817
Nikita Popov [Fri, 10 Jul 2020 12:06:41 +0000 (14:06 +0200)]
Fixed bug #79817

Use *_IND macros in a few places in string.c.

4 years agoFix some memory bugs in ldap.c
Paweł Tomulik [Fri, 3 Jul 2020 00:11:44 +0000 (02:11 +0200)]
Fix some memory bugs in ldap.c

4 years agoFix bug #79787
XXiang [Sat, 4 Jul 2020 14:12:57 +0000 (22:12 +0800)]
Fix bug #79787

Closes GH-5807.

4 years agoReport len as -1 instead of INT_MAX
Nikita Popov [Wed, 3 Jun 2020 08:15:54 +0000 (10:15 +0200)]
Report len as -1 instead of INT_MAX

Per docs it should be -1. And would be on 32-bit systems, but
not on 64-bit systems.

(cherry picked from commit 39111585a2f8e40e72bdc662eb8b2e3c19e93615)

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Sara Golemon [Tue, 7 Jul 2020 19:33:11 +0000 (19:33 +0000)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Prep for 7.2.33
  Prep NEWS for 7.2.32 release

4 years agoPrep for 7.2.33
Sara Golemon [Tue, 7 Jul 2020 19:31:32 +0000 (19:31 +0000)]
Prep for 7.2.33

4 years agoPrep NEWS for 7.2.32 release PHP-7.2.32
Sara Golemon [Tue, 7 Jul 2020 19:31:05 +0000 (19:31 +0000)]
Prep NEWS for 7.2.32 release

4 years agoDon't use deprecated curly brace offset syntax
Christoph M. Becker [Tue, 7 Jul 2020 11:21:26 +0000 (13:21 +0200)]
Don't use deprecated curly brace offset syntax

(cherry picked from commit 7ec3aa1871074f5de25865af42c984a7668eb85f)

Better safe than sorry in case someone ever builds PHP 7.3 with a
future version of PHP SDK with bundled PHP 8.

4 years agoFixed bug #79792
Nikita Popov [Tue, 7 Jul 2020 09:57:01 +0000 (11:57 +0200)]
Fixed bug #79792

We need to remove the iterators even if the array is empty (we
will not create one if the first place, but the array may become
empty after the fact).

4 years agoFixed bug #79778
Nikita Popov [Tue, 7 Jul 2020 08:11:34 +0000 (10:11 +0200)]
Fixed bug #79778

In the interest of avoiding side-effects during dumping, I'm
replacing the value with a <constant ast> string instead of
performing an update constant operation.

4 years agoRemove bogus generator iterator dtor
Nikita Popov [Tue, 30 Jun 2020 15:28:47 +0000 (17:28 +0200)]
Remove bogus generator iterator dtor

Fixes a use-after-free encountered in Symfony's SecurityBundle.
I don't have a reproducer for this, and believe the issue can only
occur if we leak an iterator (the leak is a separate issue).

We should not free the generator iterator here, because we do not
own it. The code that fetched the iterator is responsible for
releasing it. In the rare case where we do hit this code-path,
we cause a use-after-free.

4 years agoFix leak when setting cyclic previous exception in finally
Nikita Popov [Tue, 30 Jun 2020 10:22:41 +0000 (12:22 +0200)]
Fix leak when setting cyclic previous exception in finally

A curious exception handling pattern found in Symfony's HttpClient.

4 years agoFix #70362: Can't copy() large 'data://' with open_basedir
Christoph M. Becker [Thu, 5 Mar 2020 11:20:04 +0000 (12:20 +0100)]
Fix #70362: Can't copy() large 'data://' with open_basedir

open_basedir is only relevant for plain files, so there is no need to
check it for other URL wrappers.

4 years agoFix #63208: BSTR to PHP string conversion not binary safe
Christoph M. Becker [Mon, 29 Jun 2020 15:38:14 +0000 (17:38 +0200)]
Fix #63208: BSTR to PHP string conversion not binary safe

A `BSTR` is similar to a `zend_string`; it stores the length of the
string just before the actual string, and thus the string may contain
NUL bytes.  However, `php_com_olestring_to_string()` is supposed to
deal with arbitrary `OLECHAR*`s which may not be `BSTR`s, so we
introduce `php_com_bstr_to_string()` and use it for the only case where
we actually have to deal with `BSTR`s which may contain NUL bytes.

Contrary to `php_com_olestring_to_string()` we return a `zend_string`,
so we can save the re-allocation when converting to a `zval`.

We also cater to `php_com_string_to_olestring()` not being binary safe,
with basically the same fix we did for `php_com_olestring_to_string()`.

4 years agoFix #79756: finfo_file crash (FILEINFO_MIME)
Christoph M. Becker [Mon, 29 Jun 2020 14:10:33 +0000 (16:10 +0200)]
Fix #79756: finfo_file crash (FILEINFO_MIME)

If `ctime` or `asctime` return `NULL`, we must not attempt to copy the
buffer, but rather return `NULL` as well.

4 years agoFixed bug #79741
Nikita Popov [Fri, 26 Jun 2020 10:26:46 +0000 (12:26 +0200)]
Fixed bug #79741

4 years agoFixed bug #79030 Use usec from apache request time
Herbert256 [Wed, 24 Jun 2020 07:44:35 +0000 (09:44 +0200)]
Fixed bug #79030 Use usec from apache request time

Don't unnecessarily truncate to milliseconds.

Closes GH-5760.

4 years agoFix #55857: ftp_size on large files
Christoph M. Becker [Tue, 23 Jun 2020 13:17:31 +0000 (15:17 +0200)]
Fix #55857: ftp_size on large files

`atol()` returns a `long` which is not the same as `zend_long` on
LLP64; we use `ZEND_ATOL()` instead.

There is no need for a new test case, since filesize_large.phpt already
tests for that behavior; unfortunately, the FTP test suite relies on
`pcntl_fork()` and therefore cannot be run on Windows.

4 years ago7.3 is now 7.3.21-dev
Christoph M. Becker [Tue, 23 Jun 2020 08:29:42 +0000 (10:29 +0200)]
7.3 is now 7.3.21-dev

4 years agoFixed bug #79570
Böszörményi Zoltán [Fri, 19 Jun 2020 12:31:28 +0000 (14:31 +0200)]
Fixed bug #79570

Use the same logic for getgrgid_r, getpwnam_r and getpwuid_r
as for getgrnam_r in #75696

Closes GH-5740.

4 years agoFixed bug #79710
Nikita Popov [Fri, 19 Jun 2020 08:46:02 +0000 (10:46 +0200)]
Fixed bug #79710

Make sure we don't use zresource after the stream has been destroyed.

4 years agoFix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes
Christoph M. Becker [Sat, 13 Jun 2020 12:09:28 +0000 (14:09 +0200)]
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes

Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or because our
expectations do not quite match reality), there is no need to let
parsing fail; we can still go on parsing the other meta information.

4 years agoFix #79676: imagescale adds black border with IMG_BICUBIC
Christoph M. Becker [Fri, 5 Jun 2020 14:36:00 +0000 (16:36 +0200)]
Fix #79676: imagescale adds black border with IMG_BICUBIC

We have to loop over all image pixels to avoid the black border.  This
is also done in external libgd in `_gdScaleOneAxis` and `_gdScalePass`.

4 years agoFix possibly unsupported timercmp() usage
Christoph M. Becker [Tue, 9 Jun 2020 08:12:32 +0000 (10:12 +0200)]
Fix possibly unsupported timercmp() usage

The `timercmp()` manpage[1] points out that some systems have a broken
implementation which does not support `>=`.  This is definitely the
case for the Windows SDK, which only supports `<` and `>`.

[1] <https://linux.die.net/man/3/timercmp>

4 years agoFix #62890: default_socket_timeout=-1 causes connection to timeout
Christoph M. Becker [Tue, 9 Jun 2020 10:42:02 +0000 (12:42 +0200)]
Fix #62890: default_socket_timeout=-1 causes connection to timeout

While unencrypted connections ignore negative timeouts, SSL/TLS
connections did not special case that, and so always failed due to
timeout.

4 years ago[ci skip] Update NEWS
Christoph M. Becker [Tue, 9 Jun 2020 14:37:17 +0000 (16:37 +0200)]
[ci skip] Update NEWS

4 years agoFix #74267: segfault with streams and invalid data
Christoph M. Becker [Mon, 8 Jun 2020 21:19:43 +0000 (23:19 +0200)]
Fix #74267: segfault with streams and invalid data

If the current character is a line break character, it cannot be a tab
or space character, so we would always fail with an invalid sequence
error.  Obviously, these `scan_stat == 4` conditions are meant to be
exclusive.

Furthermore, if `in_pp == NULL || in_left_p == NULL` is true, we hit a
segfault if we are not returning right away.  Obviously, the additional
constraints don't make sense, so we remove them.

4 years agoFix #73527: Invalid memory access in php_filter_strip
Christoph M. Becker [Thu, 4 Jun 2020 09:49:59 +0000 (11:49 +0200)]
Fix #73527: Invalid memory access in php_filter_strip

4 years agoFix #79668: get_defined_functions(true) may miss functions
Christoph M. Becker [Wed, 3 Jun 2020 10:05:00 +0000 (12:05 +0200)]
Fix #79668: get_defined_functions(true) may miss functions

Instead of some brittle and unefficient string matching, we can just
check for the function handler.

4 years agoFix #79664: PDOStatement::getColumnMeta fails on empty result set
Christoph M. Becker [Tue, 2 Jun 2020 07:36:39 +0000 (09:36 +0200)]
Fix #79664: PDOStatement::getColumnMeta fails on empty result set

As its name suggests, `sqlite3_data_count` returns the number of
columns in the current row of the result set; we are interested in the
number of columns regardless of the current row, so we have to use
`sqlite3_column_count` instead.

4 years agoFix #79650: php-win.exe 100% cpu lockup
Christoph M. Becker [Sun, 31 May 2020 11:28:09 +0000 (13:28 +0200)]
Fix #79650: php-win.exe 100% cpu lockup

As of PHP 7.3.0, `sapi_cli_single_write()` is supposed to return `< 0`
on failure, but `fwrite()` returns a `size_t`, and signals error by
setting the stream's error indicator.  We have to cater to that.

4 years agoFix PVS-Studio integration
Christoph M. Becker [Thu, 28 May 2020 13:20:06 +0000 (15:20 +0200)]
Fix PVS-Studio integration

Without this configuration option, PVS-Studio looks for preprocessed
files (*.i), but these do not exists.

4 years agoFixed possible usage of uninitialized value
Dmitry Stogov [Wed, 27 May 2020 08:25:18 +0000 (11:25 +0300)]
Fixed possible usage of uninitialized value

4 years ago7.3.20 will be next
Christoph M. Becker [Tue, 26 May 2020 08:53:22 +0000 (10:53 +0200)]
7.3.20 will be next

4 years agoFix #79615: Wrong GIF header written in GD GIFEncode
Christoph M. Becker [Fri, 22 May 2020 07:11:28 +0000 (09:11 +0200)]
Fix #79615: Wrong GIF header written in GD GIFEncode

The color resolution is expected in bits 4-6 of the packed fields byte
of the logical screen descriptor (byte 10 of the GIF data stream),
according to the specification[1], section 18.

[1] <https://www.w3.org/Graphics/GIF/spec-gif89a.txt>

4 years agoFix INI setting member name
Christoph M. Becker [Mon, 18 May 2020 14:07:16 +0000 (16:07 +0200)]
Fix INI setting member name

Since the member is not used in `OnUpdateEol()` that's not really an
issue, but still it's confusing to apparently have two INI settings
targeting the same member.

4 years agoPut Xdebug 3 into 'off' mode for run-tests.php
Derick Rethans [Mon, 18 May 2020 12:49:12 +0000 (13:49 +0100)]
Put Xdebug 3 into 'off' mode for run-tests.php

4 years agoFix #79596: MySQL FLOAT truncates to int some locales
Christoph M. Becker [Fri, 15 May 2020 07:09:41 +0000 (09:09 +0200)]
Fix #79596: MySQL FLOAT truncates to int some locales

We must not do locale aware float to string conversion here; instead
we using our `snprintf()` implementation with the `F` specifier.

4 years agoFix #79588: Boolean opcache settings ignore on/off values
Christoph M. Becker [Tue, 12 May 2020 14:14:54 +0000 (16:14 +0200)]
Fix #79588: Boolean opcache settings ignore on/off values

We should display boolean INI settings as boolean.

4 years agoFix #79489: .user.ini does not inherit
Christoph M. Becker [Tue, 5 May 2020 08:36:16 +0000 (10:36 +0200)]
Fix #79489: .user.ini does not inherit

On Windows, PATH_TRANSLATED may contain backslashes as well as slashes,
so we must not only check for `DEFAULT_SLASH`.

4 years ago[ci skip] Update NEWS
Christoph M. Becker [Tue, 12 May 2020 09:16:55 +0000 (11:16 +0200)]
[ci skip] Update NEWS

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Remi Collet [Tue, 12 May 2020 07:19:11 +0000 (09:19 +0200)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  bump version to 7.2.32-dev
  Update NEWS

4 years agobump version to 7.2.32-dev
Remi Collet [Tue, 12 May 2020 07:16:01 +0000 (09:16 +0200)]
bump version to 7.2.32-dev

4 years agoUpdate NEWS
Stanislav Malyshev [Mon, 11 May 2020 21:28:51 +0000 (14:28 -0700)]
Update NEWS

4 years agoMerge branch 'PHP-7.2' into PHP-7.3
Stanislav Malyshev [Mon, 11 May 2020 21:20:41 +0000 (14:20 -0700)]
Merge branch 'PHP-7.2' into PHP-7.3

* PHP-7.2:
  Fix #78876: Long variables cause OOM and temp files are not cleaned
  Fix #78875: Long filenames cause OOM and temp files are not cleaned
  Update NEWS for 7.2.31
  Update CREDITS for PHP 7.2.30
  Update NEWS for PHP 7.2.30

4 years agoFix #78876: Long variables cause OOM and temp files are not cleaned
Christoph M. Becker [Wed, 18 Mar 2020 09:57:42 +0000 (10:57 +0100)]
Fix #78876: Long variables cause OOM and temp files are not cleaned

We use the proper type for size calculations, which is `size_t`.

4 years agoFix #78875: Long filenames cause OOM and temp files are not cleaned
Christoph M. Becker [Wed, 18 Mar 2020 09:26:53 +0000 (10:26 +0100)]
Fix #78875: Long filenames cause OOM and temp files are not cleaned

We must not cast `size_t` to `int` (unless the `size_t` value is
guaranteed to be less than or equal to `INT_MAX`).  In this case we can
declare `array_len` as `size_t` in the first place.

4 years agoFix default sendmail path when not found during build
Indrek Ardel [Sat, 9 May 2020 00:08:14 +0000 (03:08 +0300)]
Fix default sendmail path when not found during build

Closes GH-5548.