According to the WBMP specification[1], the first field (type) of a
WBMP is a multi-byte integer, but only type `0` is supported. Thus
there is no need to read a multi-byte integer. The second field (fix
header) is a single byte; reading a multi-byte integer is not really
wrong, since the fix header field is laid out in a way which allows it
to be treated as such, but the check whether the MBI is greater than
or equal to zero is pretty useless, because negative values could only
be returned if overflow occurs (MBIs are unsigned).
So the only useful assumption we can make is that the first byte is
zero; we let `gdImageCreateFromWBMPCtx()` figure out the rest.
[1] <https://www.wapforum.org/what/technical/SPEC-WAESpec-19990524.pdf> section 6
This was originally meant to distinguish between libcurl 7.59.0 and
earlier; only the latter would need to be linked against normalize.lib,
libssh2.lib and nghttp2.lib[1]. That would only have catered to our
builds, and might not have been correct anyway. However, the version
check was wrong (paren error), and has been removed in the meantime[2].
Given that cURL 7.59.0 is rather old, we do not reinstate the version
check, but rather drop the now superfluous (and improper) determination
of the cURL version. A nice bonus is that we get rid of some global
variables.
[1] <a1ba3007a4>
[2] <94a12d5b31>
This requirements bump should rarely affect anybody in practice. All
major distros already ship more recent ICU versions, and even for
Solaris 11, ICU 57.1 is available via OpenCSW. Note that ICU 57.1 has
been released on 2016-03-23[1].
[1] <https://icu.unicode.org/download/57>
Closes GH-16688.
This is only defined as of PHP-8.4; alternatively we could also inline
the `brew --prefix` call, but that makes it harder for upward merges.
Closes GH-16785.
cURL 8.11.0 added a couple of packages to `Requires.private`, but these
packages are irrelevant when building against a shared libcurl. For
some reason, these private requirements are checked when we're doing
`pkg-config --cflags` (that happens with the preinstalled pkg-config
0.29.2, as well as with pkgconf 2.3.0). To avoid further messing with
these packages, we just drop the `Requires.private` line from
libcurl.pc.
See GH-16741 for more details.
Closes GH-16783.
Is to create socket for Internet Control Message Protocol context.
Due to their nature, they are meant to be used via
raw sockets rather than TCP/UDP.
close GH-16737
Reproducer: https://github.com/php/php-src/issues/16727#issuecomment-2466256317
The root cause is a data race between two different threads:
1) We allocate a lower cased name for an anonymous class here:
f97353f228/Zend/zend_compile.c (L8109)
2) This gets looked up as an interned string here:
f97353f228/Zend/zend_compile.c (L8112)
Assuming that there are uppercase symbols in the string and therefore
`lcname != name` and that `lcname` is not yet in the interned string table,
the pointer value of `lcname` won't change.
3) Here we add the string into the interned string table:
f97353f228/Zend/zend_compile.c (L8223)
However, in the meantime another thread could've added the string into the interned string table.
This means that the following code will run, indirectly called via the `LITERAL_STR` macro,
freeing `lcname`: 62e53e6f49/ext/opcache/ZendAccelerator.c (L572-L575)
4) In the reproducer we then access the freed `lcname` string here:
f97353f228/Zend/zend_compile.c (L8229)
This is solved in my patch by retrieving the interned string pointer
and putting it in `lcname`.
Closes GH-16748.
