When performing an RW modification of an array offset, the undefined
offset warning may call an error handler / OB callback, which may
destroy the array we're supposed to change. Detect this by temporarily
incrementing the reference count. If we find that the array has been
modified/destroyed in the meantime, we do nothing -- the execution
model here would be that the modification has happened on the destroyed
version of the array.
In the interest of avoiding side-effects during dumping, I'm
replacing the value with a <constant ast> string instead of
performing an update constant operation.
Fixes a use-after-free encountered in Symfony's SecurityBundle.
I don't have a reproducer for this, and believe the issue can only
occur if we leak an iterator (the leak is a separate issue).
We should not free the generator iterator here, because we do not
own it. The code that fetched the iterator is responsible for
releasing it. In the rare case where we do hit this code-path,
we cause a use-after-free.
In module startup stage, we should not initiliaze
EG(modified_ini_directives) as it use zend MM, the zend MM will be
restart at the end of modules startup stage,
by say "partial", because this issue still exists if altering ZEND_USER
inis, we should add a zend_ini_deactive at the end of modules startup
stage, but it brings some new cost, and I think no one would do things
like that
* Properly initialize PHPDBG_G(watch_tmp)
Otherwise that may cause segfaults in ZTS builds.
* Deactivate potentially remaining watchpoints after REPL
Otherwise the memory could still be protected, resulting in segfaults
during shutdown.
* NULL zend_handlers_table after freeing
As of commit 4130fe4[1], the `zend_handlers_table` is explicitly
freed in the `zend_vm_dtor()`. Since phpdbg (and maybe some other
SAPIs) may restart the engine afterwards, we have to make sure that
the table is also NULLed.
* Only set context option if there is a context
In other words, we must not follow the null pointer.
* Cater to file handles without attached console
File handles do not necessarily have an attached console (for
instance, pipes do not), in which case `GetConsoleScreenBufferInfo()`
fails. In this case we set a default value (`40`) for lines like on
other systems.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=4130fe437a5db7ead1444d3748bd0fbad9829cb2>
On startup, PHP deliberately changes the floating point control word to
enforce binary64 format for the calculations for best consistency
across platforms. However, this is unnessary for x86_64 architectures,
because in this case SSE instructions are used by default, and there is
no good reason to pass `-mfpmath=i387` or such.
Therefore, we can skip the modification, which has the benefit that
system libraries are free to work in the mode of their liking.
I decided to null out EG(exception) early here, which means only
the exception from the dtor / ref assign is preserved, and the
previous exception is not chained in. This is more robust, and
I don't think this situation is common enough to be bothered about
the precise behavior.
There was some confusion going on here regarding the original
value vs the copied value.
I've dropped the needs_copy variable, because this code is not
inlined, so it would always be true anyway.
What we need to do is perform a move-assignment of the copied
value (in which case we don't care about performing the assignment
before destroying garbage), and destroying the original value
for the VAR/TMP cases. This is a bit complicated by the fact that
references are passed in via a separate ref variable, so we can't
just ptr_dtor the original variable.
On startup, PHP deliberately changes the floating point control word to
enforce binary64 format for the calculations for best consistency
across platforms. However, this is unnessary when compiling under
`__SSE__`, because in this case the x87 instructions are not used.
Therefore, we can skip the modification, which has the benefit that
system libraries are free to work in the mode of their liking.
* 'PHP-7.4' of git.php.net:/php-src:
Fix#79532: sizeof off_t can be wrong
Make 045.phpt busy wait
Revert "Fix #79065: DOM classes do not expose properties to Reflection"
Bump version
Fix#79065: DOM classes do not expose properties to Reflection
Fix#79470: PHP incompatible with 3rd party file system on demand
The DO_INIT flag, which will skip the first resume on a primed
generator, should always be set when starting to yield from a
new generator, not only when the yield from happens during priming.
