| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
Backport from https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
(cherry picked from commit 1258303e66d8dede4f02347334b9f6576e98a21b)
|
|
|
|
|
|
|
| |
* PHP-7.2:
Fix #75457: heap-use-after-free in php7.0.25
(cherry picked from commit 5d25ebb0dd30cdf4e8c7e83d1f0788e8fdb1c4ef)
|
|
|
|
|
|
|
| |
$this should only be included in the generator GC buffer, if it
will be released on destruction.
(cherry picked from commit fcabe7e5e44067319f9c4123d71a7cea6a823af4)
|
| |
|
| |
|
|
|
|
| |
This should have been done four weeks ago already.
|
|\ |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
As the properties array can also be a GC root, it might have
already been destroyed.
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is likely going to end up interned lateron at some point
when the new_name is referenced somewhere. However, it may be
that there are some uses that do not get interned before that.
In this case we will intern a string that already have zval
users, without updating the refcounted flag on those zvals.
In particular this can happen with something like [Foo::class],
where Foo is an imported symbol. The string it resolves to won't
get interned right away, but may be interned later.
use Foo as Bar;
$x = [Bar::class];
var_dump(Bar::X);
debug_zval_dump($x); // Will show negative refcount
class Foo {
const X = 1;
}
However, this doesn't really fix the root cause, there are probably
other situations where something similar can occur.
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
Fixed handling of references in nested data of objects with destructor
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
Fixed second part of the bug #78379 (Cast to object confuses GC, causes crash)
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
Added asserts to catch GC errors when refcount goes below zero.
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
Skip test when SIGKILL is not defined
|
| | |
|
| |
| |
| |
| |
| | |
Due to the GC changes in 7.3 we stopped tracing most of the
interesting coloring changes...
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
Fixed bug #78379 (Cast to object confuses GC, causes crash)
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
Fix #78282: atime and mtime mismatch
|
| |
| |
| |
| |
| |
| |
| |
| | |
The fix for bug #78241 assumed that `time_t` would always be 64bit, but
actually is 32bit for x86. We therefore enforce 64bit arithmetic to
avoid wrapping.
(cherry picked from commit bf242d58e77d50d4d8fdaaaca7ede686ec4467c0)
|
| |
| |
| |
| |
| |
| | |
When the strip tags state machine has been flattened, an if statement
has mistakenly been treated as else if. We fix this, and also simplify
a bit right away.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
Fix #78179: MariaDB server version incorrectly detected
|
| |
| |
| |
| |
| |
| |
| |
| | |
As of MariaDB 10.0.2, the server reports a fake version number as work-
around for replication issues[1]. We apply the same "fix" as in the
MariaDB client to cater to this.
[1] <https://github.com/MariaDB/server/commit/c50ee6c23dbeb090963580754bec2f0a96ac0557#diff-5b45fa673c88c06a9651c7906364f592>
|
| | |
|
|\ \
| |/ |
|
| | |
|
| |
| |
| |
| |
| | |
This script has not been updated for PCRE2, and it's mostly useless
anyway. Therefore we remove it altogether.
|
| |
| |
| |
| |
| | |
We have to ensure that we don't create an arena which is smaller than
its header, regardless of the configured alignment.
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.2:
add security NEW entries + reorder [ci skip]
|
| | |
|
| |
| |
| |
| | |
We backport r1092 from pcre2.
|
|\ \
| |/
| |
| |
| |
| |
| |
| | |
* PHP-7.2:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.1:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We have to properly clean up in case phar_flush() is failing.
We also make the expectation of the respective test case less liberal
to avoid missing such bugs in the future.
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| |/ / |
|
| | |
| | |
| | |
| | |
| | | |
Similar to what fread() does, truncate the stream_get_contents()
result if the original buffer was way too large.
|
|\ \ \
| |/ / |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There are a few parts here:
* opcache should not be blocking signals while invoking compile_file,
otherwise signals may remain blocked on a compile error. While at
it, also protect SHM memory during compile_file.
* We should deactivate Zend signals at the end of the request, to make
sure that we gracefully recover from a missing unblock and signals
don't remain blocked forever.
* We don't use a critical section in deactivation, because it should
not be necessary. Additionally we want to clean up the signal queue,
if it is non-empty.
* Enable SIGG(check) in debug builds so we notice issues in the future.
|
| | |
| | |
| | |
| | |
| | | |
The fix has been cherry-picked into PHP-7.3.8, so the bug will be fixed
already there.
|