[pull] master from php:master #1805
Open
+967,414
−768,177
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
dstogov
force-pushed
the
master
branch
2 times, most recently
from
63c8ce8 to
7dc352e
Compare
iluuu1994
force-pushed
the
master
branch
4 times, most recently
from
49b8168 to
6d3d4df
Compare
* PHP-8.3: Fix inline zend_string using struct padding
* PHP-8.4: Fix inline zend_string using struct padding
This has been removed from upstream years ago[1], and PHP generally dropped NetWare support even earlier. [1] <libgd/libgd@e6bb110> [2] <https://externals.io/message/96838>
Make sure we have a unique test file to work with, and increase the time for the nojit version to match the default version. Closes GH-17600
* Drop superfluous php_com_dotnet_object.ce This is readily available via the `zend_object` (i.e. `zo.ce`), so there is no need to duplicate it. There is also no need to assign the ce to the std object, since this is done be `zend_object_std_init()` anyway.
* PHP-8.1: Fix cve-2014-3538 test
* PHP-8.2: Fix cve-2014-3538 test
* PHP-8.3: Fix cve-2014-3538 test
* PHP-8.4: Fix cve-2014-3538 test
The whole point of using `proc_open()` to execute `openssl s_client` is that we can terminate the process when we're done. However, when going through the shell on Windows, we get a handle to the shell process, and if we terminate that, the grandchild will stay open. Since the pipes of the grandchild will stay open, the PHP process will not terminate either, so the test stalls. We solve this by simply bypassing the shell.
* PHP-8.1: [skip ci] Another flaky macOS phar test
* PHP-8.2: [skip ci] Another flaky macOS phar test
* PHP-8.3: [skip ci] Another flaky macOS phar test
* PHP-8.4: [skip ci] Another flaky macOS phar test
* PHP-8.3: Fix missing GC_PERSISTENT_LOCAL flag on accel_globals.key
* PHP-8.4: Fix missing GC_PERSISTENT_LOCAL flag on accel_globals.key
* PHP-8.1: [skip ci] Another flaky macOS phar test
* PHP-8.1: [skip ci] Fix phpize for Windows 11 (24H2)
* PHP-8.2: [skip ci] Fix phpize for Windows 11 (24H2)
* PHP-8.3: [skip ci] Fix phpize for Windows 11 (24H2)
* PHP-8.4: [skip ci] Fix phpize for Windows 11 (24H2)
The 32bit implementation seems to be okay, but we rather should avoid falling back to the double (pun intended) calculation for non `__GNUC__` systems. We use the intsafe.h intrinsics instead for MSVC and compatible compilers.
C4018[1] is about unsigned/signed comparisons; C4267[2] is about conversion from `size_t` to a "smaller" type. We likely should resolve these warnings in the long run, but for now, it seems like a no brainer to elevate to `/W3` even if we have to exempt two additional categories of warnings, since we can catch some others. And we no longer need to elevate C4010[3] to a higher level to catch it. [1] <https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4018> [2] <https://learn.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4267> [3] <https://learn.microsoft.com/de-de/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4013>
The `$module_name` of `com::__construct()` can be a ProgID, ClassID or moniker. We first try `CLSIDFromString()`, and if that fails, we go ahead and try to treat the `$module_name` as a moniker. If that also fails, we throw an exception with the result of `MkParseDisplayName()` what would just be `MK_E_SYNTAX` if given a ProgID. This result is highly confusing for the common case where a ProgID is given, which is not registered (e.g. due to a typo). In this case, we use the original `HRESULT` (`CO_E_CLASSSTRING`) instead.
On overflow, only the array is freed, but not the strings. Closes GH-17789.
gzread() and gzwrite() have effectively a 4GiB limit at the moment
because the APIs of the zlib library use unsigned ints.
For example, this means that the count argument of gzread() and gzwrite()
& co effectively are modulo 2**32.
Fix this by adding a loop to handle all bytes.
As for automated testing, I didn't find an easy way to write a phpt for
this that wouldn't use a lot of memory or requires a large file.
For instance, the gzread() test that I manually ran requires a 4MiB
input file (and I can't shrink it because zlib has a max window size).
Here are the testing instructions, run on 64-bit:
To test for gzwrite():
```php
$f = gzopen("out.txt.gz", "w");
gzwrite($f, str_repeat('a', 4*1024*1024*1024+64)); // 4GiB + 64 bytes
```
Then use `zcat out.txt.gz|wc -c` to check that all bytes were written
(should be 4294967360).
To test for gzread():
Create a file containing all a's for example that is 4GiB + 64 bytes.
Then compress it into out.txt.gz using the gzip command.
Then run:
```php
$f = gzopen("out.txt.gz", "r");
$str = gzread($f, 4*1024*1024*1024+64);
var_dump(strlen($str)); // 4294967360
var_dump(substr($str, -3)); // string (3) "aaa"
```
Closes GH-17775.
* PHP-8.3: Fix zlib support for large files Fix memory leak on overflow in _php_stream_scandir()
* PHP-8.4: Fix zlib support for large files Fix memory leak on overflow in _php_stream_scandir()
When looking for the last slash of the script path, it leads to underflow being promoted to SIZE_MAX being way beyond MAXPATHLEN. close GH-17801
These were introduced in 6747068, but they don't seem to be in upstream (anymore). For the entry in rpm it may have even been a mixup with the two sections in the rpm file: there's a "10 string" entry but only in the delta part.
PharFileInfo just takes a pointer from the manifest without refcounting anything. If the entry is then removed from the manifest while the PharFileInfo object still exists, we get a UAF. We fix this by using the fp_refcount field. This is technically a behaviour change as the unlinking is now blocked, and potentially file modifications can be blocked as well. The alternative would be to have a field that indicates whether deletion is blocked, but similar corruption bugs may occur as well with file overwrites, so we increment fp_refcount instead. This also fixes an issue where a destructor called multiple times resulted in a UAF as well, by moving the NULL'ing of the entry field out of the if. Closes GH-17811.
* PHP-8.3: Fix GH-17808: PharFileInfo refcount bug
* PHP-8.4: Fix GH-17808: PharFileInfo refcount bug
We don't need to duplicate these strings from the resource, we can just use them with an offset. To prove this was safe, I had to make the arguments const and then propagate that everywhere, so this patch also introduces some more constness.
Move more tests into existing directories Work towards GH-15631
Otherwise we may not notice Windows CI build failures. Fixes GH-17818.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )