Commit Graph

16435 Commits

Author SHA1 Message Date
Bob Weinand
f095d2c91b Fix freeing of internal attribute arguments 2022-03-07 22:04:16 +01:00
Bob Weinand
e6cf583160 Fix GH-8082: Prevent leaking memory on observed transient run_time_caches
This is achieved by tracking the observers on the run_time_cache (with a fixed amount of slots, 2 for each observer).
That way round, if the run_time_cache is freed all associated observer data is as well.

This approach has been chosen, as to avoid any ABI or API breakage.
Future versions may for example choose to provide a hookable API for run_time_cache freeing or similar.
2022-03-01 14:49:44 +01:00
Dmitry Stogov
01702a851b Fix use after free
Fixes oss-fuzz #44885
2022-03-01 01:33:22 +03:00
Dmitry Stogov
84a638a346 Fix memory leak
Fixes oss-fuzz #44685
2022-02-18 12:20:40 +03:00
Dmitry Stogov
c035298eb2 Free cached chunks when the requested memory limit is above real usage 2022-02-08 15:45:40 +03:00
Sara Golemon
8a46311dbd
Bump for 8.0.17-dev 2022-02-02 23:44:02 +00:00
Dmitry Stogov
a60a9b4a89 Fix memory leak
Fixes oss-fuzz #44222
2022-02-01 16:24:22 +03:00
Dmitry Stogov
464e725bb5 Fix typo (wrong string length)
Fixes oss-fuzz #44110
2022-01-28 11:04:51 +03:00
Christoph M. Becker
ee610947ce
Revert "Fix zend_observer_fcall_end_all() accessing dangling pointers"
This reverts commit 76e2a8380e.  Cf.
<76e2a8380e (r62560239)>.
2021-12-27 21:08:51 +01:00
Florian Sowade
76e2a8380e
Fix zend_observer_fcall_end_all() accessing dangling pointers
This may happen, when the execute_data was allocated on the stack.  We
ensure that the runtime cache pointer is not NULL before dereferencing
it.

This is a partial fix for bug 81430.

Closes GH-7665.
2021-12-27 18:19:13 +01:00
David Carlier
3f0bb67361
Avoid void* arithmetic in sockets/multicast.c on NetBSD
On NetBSD, ifconf.ifc_buf member, unlike most of platforms, is a void
pointer.

We also fix the cpuinfo declarations with empty parameter lists.

Closes GH-7819.
2021-12-23 16:17:30 +01:00
David CARLIER
62bcb31706
zend gdb detection fix on FreeBSD. 2021-12-21 07:19:33 +01:00
Dmitry Stogov
c787f42ceb Combine ADDREF/DELREF 2021-12-13 22:38:23 +03:00
Dmitry Stogov
cbc0b1afeb Fix array clobering by user error handler
Fixes oss-fuzz #42234
2021-12-13 14:59:30 +03:00
Christoph M. Becker
5675ebe649
Fix #81585: cached_chunks are not counted to real_size on shutdown
The amount of allocated system memory is kept in `real_size`, including
the allocated `cached_chunks`.  Thus, we need to keep the proper count
at the end of the shutdown.

Closes GH-7745.
2021-12-10 12:24:06 +01:00
Dmitry Stogov
8d7d87cdc4 Add test 2021-12-03 13:40:17 +03:00
Dmitry Stogov
1d054b3fa7 Fix array object clobbering by user error handler
Fixes oss-fuss #41605 and #41610
2021-12-03 13:35:28 +03:00
Dmitry Stogov
94286cd596 Fix yet another indirect string modification by error handler problem 2021-12-02 16:16:54 +03:00
Dmitry Stogov
37ac707cac Add missing zend_string_release_ex(tmp, 0) and cleanup
- use GC_DELREF() instead of zend_string_release_ex()
- add expectations for exceptional cases
- replace IS_ARRAY_IMMUTABLE by IS_STR_INTERNED
2021-12-02 11:18:08 +03:00
Dmitry Stogov
df16da3697 Fixed ext/bz2/tests/005.phpt test failure introduesed by 09547c64c2 2021-12-02 10:32:45 +03:00
Sara Golemon
999c6f2c5d
Bump for 8.0.15 2021-12-02 05:09:07 +00:00
Dmitry Stogov
4595a57e99 Fix clobering of operand by error handler in assignment to string offset (optimization and JIT support) 2021-12-02 01:20:17 +03:00
Dmitry Stogov
09547c64c2 Fix clobering of operand by error handler in assignment to string offset
In some cases new code requires two reallocations insead of one.

Fixes oss-fuzz #31716, #36196, #39739 and #40002
2021-12-02 00:24:05 +03:00
Dmitry Stogov
9f6ab78610 Use proper functions 2021-12-01 22:43:19 +03:00
Dmitry Stogov
df434f056f Fix crash after indirect modification of string by user error handler
Fixes oss-fuzz #39346
2021-11-30 16:07:38 +03:00
Christoph M. Becker
816aa20391
Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fix #74604: Out of bounds in php_pcre_replace_impl
2021-11-29 19:15:20 +01:00
Christoph M. Becker
712fc54e85
Fix #74604: Out of bounds in php_pcre_replace_impl
Trying to allocate a `zend_string` with a length only slighty smaller
than `SIZE_MAX` causes an integer overflow; we make sure that this
doesn't happen by catering to the maximal overhead of a `zend_string`.

Closes GH-7597.
2021-11-29 19:12:55 +01:00
Nikita Popov
be271f277e Fix bug #81652
We need to check not only for defs but also for uses of the
variable.
2021-11-24 15:18:31 +01:00
Tyson Andre
241bd3f454 Fix use after free when WeakMap is modified during field write
(When a value's destructor triggers a resizing or rehashing of the WeakMap)

Closes GH-7671
2021-11-20 16:52:25 -05:00
Nikita Popov
4d4fe7639f Fixed bug #81631
We need to save the opline before fetching the operand, as it may
throw an undef var warning.
2021-11-17 16:06:25 +01:00
Nikita Popov
9e25c4b3a6 Merge branch 'PHP-7.4' into PHP-8.0
* PHP-7.4:
  Fixed bug #81626
2021-11-16 12:46:20 +01:00
Nikita Popov
d26965b247 Fixed bug #81626
Backport of a8926474cb to 7.4.
2021-11-16 12:45:33 +01:00
Dmitry Stogov
fa0b84a06b Partially fix handling of exceptions thrown in interrupt handlers 2021-11-11 20:59:56 +03:00
Nikita Popov
8c4a7f20f5 Fix COPY_TMP live range construction with optimization
The use may be optimized away, leaving us only with the free use.
Also fix off-by-one error in the other optimization case.
2021-11-11 10:35:34 +01:00
Nikita Popov
a551b08307 Add string return type to __toString() of internal classes
Same as with userland classes, automatically add a string return
type to __toString() methods in internal classes, so the signature
is compatible with Stringable.
2021-11-09 10:17:26 +01:00
Nikita Popov
53df29bc29 Drop pi nodes for both old/new pred in replace_predecessor
We also need to drop pi nodes for new_pred here, as the pi node
restriction for new_pred is not necessarily true for control
coming from old_pred as well.

Fixes oss-fuzz #40782.
2021-11-08 14:56:42 +01:00
Nikita Popov
b302bfabe7 Implement Stringable automatically for internal classes
Requiring all internal classes (including those from 3rd-party
extensions) to implement Stringable if they provide __toString()
is too error prone. Case in point, our _ZendTestClass test class
was not doing so, resulting in preloading test failures after
recent changes.

Instead we automatically implement Stringable, the same as we do
for userland classes. We still allow explicit implementations,
but ignore them (normally they would result in an error due to
duplicate interface implementation). Finally, we need to be
careful about not trying to implement Stringable on Stringable
itself.

In some cases this changes the interface order, in particular the
automatic Stringable implementation will now come first.
2021-11-05 10:22:04 +01:00
Nikita Popov
d478ae73b1 Don't implement Stringable on traits
Traits do not support interfaces, so we should not implement
Stringable on them.

Also check the __toString() return type in the same way other
magic methods do, otherwise we would now miss the check in the
trait case.
2021-11-05 09:42:58 +01:00
Nikita Popov
7e67366a9b Remove unnecessary assertion
zend_class_implements_interface works fine if the "class" is an
interface, so simply drop this assertion. This avoids the need to
special case this situation.
2021-11-04 17:00:17 +01:00
Nikita Popov
4c171ed5eb Fix bug #81591: ignore_repeated_errors broken
We should suppress the error if the message is the same, not if
it's different. Apparently we had no test coverage for these
options.
2021-11-04 16:23:55 +01:00
Nikita Popov
462271c7e0 Fix typo
[ci skip]
2021-11-04 15:05:43 +01:00
Nikita Popov
ee37774466 Suppress unused label warnings in SWITCH VM
While we avoid emitting labels for handlers that are not referenced
from anywhere else, we do not perform a fine-grained analysis on
used specializations, so some of the specialization labels may not
be used. Use ATTRIBUTE_UNUSED_LABEL to suppress the warning. Drop
"cold" from the definition of this attribute, as it is completely
unrelated.
2021-11-04 14:50:54 +01:00
Nikita Popov
d3932682e7 Fixed bug #81582
If __toString() comes from a trait, implement Stringable during
inheritance.
2021-11-04 11:58:33 +01:00
Nikita Popov
546e55864d Fix WeakReference uniquing is TAG_HT is used 2021-11-03 10:06:22 +01:00
Sara Golemon
2d4bfcfd3b
Prep for 8.0.14 2021-11-02 15:55:12 +00:00
Nikita Popov
2e29817005 Handle FETCH_DIM_R after FETCH_DIM_FUNC_ARG in inference
This can happen if a call is optimized, but FETCH_DIM_FUNC_ARG
cannot be converted to FETCH_DIM_R because it uses an UNUSED op2,
which is not supported by FETCH_DIM_R.

Fixes oss-fuzz 6144185837682688.
2021-11-01 14:26:36 +01:00
Nikita Popov
1a2fb90bf4 Fix finally exception chaining on recursion
In this case zend_exception_set_previous() would destroy the
fast_call exception and further accesses on ex would be invalid.
We should only update ex if we update EG(exception).

Fixes oss-fuzz #40464.
2021-11-01 11:44:32 +01:00
Bob Weinand
471102edcd Add ZEND_API for weakmap functionality via zend_weakrefs_hash_add/del
Closes GH-7600.
2021-10-21 13:34:22 +02:00
Nikita Popov
6974372fbb Fix bug #81510
Make the used arrays larger, because the previous sizes were not
slow enough on some hardware.
2021-10-18 12:45:26 +02:00
Nikita Popov
9ebe8494b8 Don't replace tmp with cv in YIELD argument
For by-ref generators, these may have different behavior.

Fixes oss-fuzz 6059739298004992.
2021-10-12 14:26:53 +02:00