This fixes issues causing buffer over-read that leak heap content:
- RESP packet field default left over for COM_LIST
- RESP packet upsert filename
- OK packet message
- RESP packet for stmt row data
- ps_fetch_from_1_to_8_bytes
- ps_fetch_float
- ps_fetch_double
- ps_fetch_time
- ps_fetch_date
- ps_fetch_datetime
- ps_fetch_string
- ps_fetch_bit
- RESP packet for query row data (just possible overflow on 32bit)
It also adds various protocol tests using a new fake server.
* PHP-8.4:
Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
* PHP-8.3:
Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
When the current data is invalid, NULL must be returned. At least that's
how the check in SPL works and how other extensions do this as well.
If we don't do this, an UNDEF value gets propagated to a return value
(misprinted as null); leading to issues.
Closes GH-16825.
There is no such dependency; only libxml2 depends on libiconv. So when
php_libxml.dll is built, it needs to be linked against libiconv, or,
when ext/iconv has been configured as static extension, against
php8.dll.
zend_is_callable_ex() can unfortunately emit a deprecation, and then
a user error handler can throw an exception. This causes an assert
failure at ZEND_VM_NEXT_OPCODE(). We fix this by checking if there's an
exception after zend_is_callable_ex().
Closes GH-16803.
FreeBSD 13.2 is no longer supported[1], and apparently the respective
Cirrus CI image has been removed. We update to FreeBSD 13.3.
This also requires to disable some compiler warnings now, and adapt a
test case.
[1] <https://www.freebsd.org/security/#sup>
[2] <https://github.com/php/php-src/runs/33044888209>
Co-authored-by: David Carlier <devnexen@gmail.com>
Closes GH-16817.
PHP-8.1 is not ready for ICU >= 75.1 which requires C++17 support.
Thus we force the usage of icu4c@74, what is scheduled for removal in
May 2025, though.
Closes GH-16789.
When returning an UNDEF value, it actually becomes NULL.
The following code took this into account:
28344e0445/ext/opcache/jit/zend_jit_trace.c (L2196-L2199)
But the stack does not update the type to NULL, causing a mismatch.
Closes GH-16784.
Co-authored-by: Dmitry Stogov <dmitry@zend.com>
