In the test cases, the compiler bails out due to a fatal error.
The data structures used by the compiler will contain stale values.
In particular, for the test case CG(loop_var_stack) will contain data.
The next compilation will incorrectly use elements from the previous
stack.
To solve this, we reset part of the compiler data structures.
We don't do a full re-initialization via init_compiler() because that will
also reset streams and resources.
Closes GH-13938.
php_socket_errno() may return a stale value when recv returns a
value >= 0. As such, the liveness check is wrong.
This is the same bug as #70198 (fixed in GH-1456). So we fix it in the
same way.
Closes GH-13895.
MAPPHAR_FAIL will call the destructor of the manifest, mounted_dirs, and
virtual_dirs tables. When a new phar object is allocated using (p)ecalloc,
the bytes are zeroed, but the flag for an uninitialized table is
non-zero. So we have to manually set the flag in case that we have a
code path that can destroy the tables without first initializing them at
least once.
Closes GH-13847.
If the destination already exists, then the `add` function on the
manifest will return NULL, resulting in a NULL entry and therefore a
NULL deref. As `copy()` (not `Phar::copy`) chooses to succeed and
overwrite the destination if it already exists, we should do the same.
Therefore the fix is as simple as changing `add` to `update`.
Closes GH-13840.
This fixes the issue with unbounded waiting on SSL_peek which can happen
when only part of the record is fetched. It makes socket non blocking so
it is possible to verify if OpenSSL is expecting some more data or if
there is an error.
This also fixes bug #79501
Closes GH-13487
Inherited methods regardless of source must share the original runtime cache. Traits were missed.
This adds ZEND_ACC_TRAIT_CLONE to internal functions as well to allow easy distinction of these.
In commit 85e5635a, a feature test for the various libgd image formats
was added. That test however erroneously omits the GDLIB_CFLAGS (from
pkg-config) during compilation. This can lead to build failures and
therefore false negatives from the test.
Here, we add $GDLIB_CFLAGS to $CFLAGS for the duration of the test.
Closes GH-12019
autoconf/libtool generating code to test features missed `void` for
C calls prototypes w/o arguments.
Note that specific changes related to libtool have to be upstreamed.
Co-authored-by: Peter Kokot <petk@php.net>
close GH-13732
Regressed in 6fbf81c.
There is a missing error check on spl_filesystem_file_read_line(), which
means that if the line could not be read (e.g. because we're at the end
of the file), it will not set intern->u.file.current_line, which will
cause a NULL pointer deref later on.
Fix it by adding a check, and reintroducing the silent flag partially to
be able to throw an exception like it did in the past.
Closes GH-13692.
This is not just an issue due to missing initialization since moving the state
struct directly into the module globals. In earlier versions changing the mode
to `MT_RAND_PHP` within a single request would also affect the mode for
subsequent requests.
Original commit message follows:
This is a follow-up fix for GH-13579. The issue was detected in the nightly
MSAN build.
(cherry picked from commit bf0abd1629)
It's illegal to return from a bailout because that doesn't restore the
original bailout data. Return outside of it.
Test by YuanchengJiang
Closes GH-13689.
Inside `zend_object_std_dtor` the weakrefs are notified after the destruction
of properties already took place. In this test case, the destructor of an anon
class will be invoked due to the property destruction. That class has a
weak reference to its parent. This means that the destructor can access
parent properties that already have been destroyed, resulting in a UAF.
Fix this by notifying the weakrefs at the start of the object's
destruction.
Closes GH-13613.
the man page states `the locale facet is determined by the category argument, which should be
one of the LC_xxx constants defined in the <locale.h> header, excluding LC_ALL`,
since the 0.22.5 release, sanity checks had been strenghtened leading to
an abort with the Zend/tests/arginfo_zpp_mismatch.phpt test setting the
category to 0 which is LC_ALL on macOs.
close GH-13555
