Bugfix #76524: Free up zip internal state and adjust the tests for Windows
Bugfix #76524: Fix possible use after free for libzip 1.3.1
Bugfix #76524: Make the test independent of platform
C++11 puts isfinite, isinf, isnan and a lot of other stuff into the
std namespace. Thus, if a C++11 or newer source is compiled, these
symbols won't be available. A good solution would be to include cmath,
but depending on a particular compiler that might remove even more
stuff from the global namespace, so such a fix should only target master.
For now, just keep these defines same for C++11 and upper, as the actual
C++ code should use symbols from the std namespace anyway. This
especially concerns older GCC versions like at least 4 and 5, which are
used by default in the LTS Linux distros.
The log header can be saved in the globals on startup. At the same
time, the log header can be changed per request. In case that
happened, wrong pointer will be free'd on shutdown. It can happen at
any point when zend_error() or similar is called at startup, like for
example in the case of the ini deprecation warnings. Thus, ZMM cannot
be used here.
Validate that "C" serialization payload is followed by "}" prior to
calling the unserialize() handler. This mitigates issues caused by
unserialize() not correctly handling strings that are not NUL
terminated. Making sure that there is a "}" at the end avoids the
problem.
Some JFIF images contain empty APP segments, i.e. those which consist
only of the marker bytes and the length, but without actual content.
It appears to be doubtful to have empty APP segments, but we should
apply the robustness principle, and accept these, instead of simply
failing in this case.
We choose to add empty APP segments to $imageinfo with an empty string
as value, instead of NULL, or even to omit these segments altogether.
This patch also fixes the potential issue that php_stream_read() might
not read the supposed number of bytes, which could result in garbage to
be added to the read value.
