* fix segfault in `ZEND_BIND_STATIC`
In case a `ZEND_BIND_STATIC` is being executed, while the current chunk is full,
the `zend_array_dup()` call will trigger a OOM in ZendMM which will crash, as
the opline might be a dangling pointer.
* add missing test
* `assert()`ing seems easier than trying to make the compiler to not optimize
* moved from function call to INI setting, so we can use this in other places as well
* make `assert()` work no NDEBUG builds
* document magic number
* fix segfault in `ZEND_FUNC_GET_ARGS`
In case a `ZEND_FUNC_GET_ARGS` is being executed, while the current chunk is
full, the `zend_new_array()` call will trigger a OOM in ZendMM which will crash,
as the opline might be a dangling pointer.
---------
Co-authored-by: Florian Engelhardt <florian@engelhardt.tc>
php_strip_url_passwd modifies url in-place. We cannot assume from
php_message_handler_for_zend that data is a temporary, modifiable string.
Fixes oss-fuzz #64209
Closes GH-12733
This pulls only the changes made to CertificateGenerator.inc in the PHP-8.2
branch from commit 505e8d2a04.
Co-authored-by: Jakub Zelenka <bukka@php.net>
The namespace data is freed and set to NULL, but there remain references
to the namespace declaration nodes. This (rightfully) confuses libxml2
because its invariants are broken. We also have to remove all remaining
references from the subtree. This fixes the data corruption bug.
Closes GH-12681.
005_variation2.phpt creates files with special names, and
filesize_variation5.phpt checks for filesize of inexistent files with special
names. Create the files in a separate directory to avoid these tests clashing.
Closes GH-12692
Have to use file_put_contents() instead of --FILE-- because we have to
actually load it using the exec command, *and* have to make multiple
files, and note that we can only load files relative from the current
directory, so we can't rely on files being in the sapi/phpdbg/tests
folder.
Closes GH-12680.
The temporary HashTable has a destructor that releases the string held
by the entry's value. However, browscap_intern_str(_ci) only incremented
the refcount for the reference created by the return value. As the
HashTable is only used during parsing, we don't need to manage the
reference count of the value anyway, so get rid of the destructor.
This is triggerable in two cases:
- When using php_admin_value to set the ini at the activation stage
- When running out of space for the opcache-interned strings
Closes GH-12634.
