We avoid `YYCURSOR` becoming `NULL` by initializing `YYMARKER`, and add
a default rule for `<NORMAL>` where we catch unexpected input.
We also fix the only superficially related issue regarding empty input
followed by `T_SEPARATOR` and command, which caused another segfault.
Closes GH-6464.
This is an annoying edge case that regularly gets broken. As we're
not aware of significant users of this API, and there are other
ways to hook this, remove support for EXT_NOP.
Otherwise the assignment will have the same number as the default arm
which will 1. mis-trigger a breakpoint and 2. mark the line as covered
even when it isn't.
Closes GH-6083
While we limit the size of the main compilation input, the size
of eval inputs was not limited. This could result in stack
overflows, e.g. oss-fuzz #25464.
To perform fast shutdown without full table cleanup we need all
internal functions to be in one continuous chunk. This was
violated when functions were deleted via disable_functions.
This drops the zend_disable_function() API in favor of
zend_disable_functions(), which disables the given list of
functions and performs the necessary rehash afterwards.
Also drop PG(disabled_functions), which is no longer used.
This is an end-to-end fuzzer that executes arbitrary PHP code.
We replace the executor with a finite-step executor to avoid
getting stuck in loops or recursion.
The fpm code actually uses aa_change_profile(), not change_hat(). Test
for the correct function. (libapparmor always has both, so this is just
a correctness fix.)
Closes GH-6037.
The Apache MIME type map is not actively maintained anymore, so
this switches to jshttp/mime-db, which seems to be the de-facto
standard in this area now. This avoid the need to patch in our
own MIME types over time.
The preference algorithm is based on:
47b62ac45e/index.js (L154)
Closes GH-5764.
We might just want to drop this completely, but at least don't
enable it by default. It already gets disabled by a number of
SAPIs, but we should make that the default state.
The primary issue was already resolved in 7c3e487289,
but the particular example used in this bug report ran into an
additional issue on PHP 8, because I forgot to drop a number of
zend_bailout calls when switch require failure to throw.
Make sure we don't execute further scripts if one of them encountered
an exit exception.
Also make sure that we free file handles that end up unused due to
an early abort in php_execute_scripts(), which turned up as an
issue in the added test case.
Finally, make use of EG(exit_status) in the places where we
zend_eval_string_ex, instead of unconditionally assigning exit
code 254. If an error occurs, the error handler will already set
exit status 255.
Unconditionally strip shebang lines when using the CLI SAPI,
independently of whether they occur in the primary or non-primary
script. It's unlikely that someone intentionally wants to print
that shebang line when including a script, and this regularly
causes issues when scripts are used in multiple contexts, e.g.
for direct invocation and as a phar bootstrap.
