Merge tag 'php-8.2.24' into was-8.2.x

Tag for php-8.2.24

Author: MaxKellermann

.github/actions/build-libmysqlclient/action.yml

@@ -15,10 +15,9 @@ runs:
         set -x
         LIBMYSQL=${{ inputs.libmysql }}
         MYSQL_BASE=${LIBMYSQL%%-linux-*}
-        MYSQL_VERSION=${MYSQL_BASE#*-}
         MYSQL_DIR=$HOME/$MYSQL_BASE
         mkdir -p $MYSQL_DIR
-        URL=https://cdn.mysql.com/Downloads/MySQL-${MYSQL_VERSION%.*}/$LIBMYSQL
+        URL=https://downloads.mysql.com/archives/get/p/23/file/$LIBMYSQL
         wget -nv $URL
         tar -xf $LIBMYSQL --strip-components=1 -C $MYSQL_DIR
         PDO_MYSQL=${MYSQL_DIR}

NEWS

@@ -1,5 +1,67 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+26 Sep 2024, PHP 8.2.24
+
+- CGI:
+  . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
+    Vulnerability). (CVE-2024-8926) (nielsdos)
+  . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
+    bypassable due to the environment variable collision). (CVE-2024-8927)
+    (nielsdos)
+
+- Core:
+  . Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer).
+    (zeriyoshi)
+  . Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)
+  . Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)
+  . Fixed bug GH-15565 (--disable-ipv6 during compilation produces error
+    EAI_SYSTEM not found). (nielsdos)
+  . Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
+    (Bernd Kuhls, Thomas Petazzoni)
+  . Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)
+  . Fixed uninitialized lineno in constant AST of internal enums. (ilutov)
+
+- Curl:
+  . FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
+    (David Carlier)
+
+- DOM:
+  . Fixed bug GH-15551 (Segmentation fault (access null pointer) in
+    ext/dom/xml_common.h). (nielsdos)
+
+- Fileinfo:
+  . Fixed bug GH-15752 (Incorrect error message for finfo_file
+    with an empty filename argument). (DanielEScherzer)
+
+- FPM:
+  . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
+    (CVE-2024-9026) (Jakub Zelenka)
+
+- MySQLnd:
+  . Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb,
+    Kamil Tekiela)
+
+- Opcache:
+  . Fixed bug GH-15661 (Access null pointer in
+    Zend/Optimizer/zend_inference.c). (nielsdos)
+  . Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
+    (nielsdos)
+
+- SAPI:
+  . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
+    (CVE-2024-8925) (Arnaud)
+
+- SOAP:
+  . Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP
+    headers in array form). (nielsdos)
+
+- Standard:
+  . Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)
+
+- Streams:
+  . Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated).
+    (cmb)
+
 29 Aug 2024, PHP 8.2.23
 
 - Core:
@@ -51,6 +113,10 @@ PHP                                                                        NEWS
     (zend_hash_num_elements() Zend/zend_hash.h)). (nielsdos)
   . Fixed bug GH-15210 use-after-free on watchpoint allocations. (nielsdos)
 
+- Random:
+  . Fixed part of bug GH-15381, checking getrandom availability on solaris.
+    (David Carlier)
+
 - Soap:
   . Fixed bug #55639 (Digest autentication dont work). (nielsdos)
   . Fix SoapFault property destruction. (nielsdos)
@@ -60,6 +126,7 @@ PHP                                                                        NEWS
 - Standard:
   . Fix passing non-finite timeout values in stream functions. (nielsdos)
   . Fixed GH-14780 p(f)sockopen timeout overflow. (David Carlier)
+  . Fixed GH-15653 overflow on fgetcsv length parameter. (David Carlier)
 
 - Streams:
   . Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). (nielsdos)

Zend/Optimizer/zend_inference.c

@@ -4912,7 +4912,7 @@ ZEND_API bool zend_may_throw_ex(const zend_op *opline, const zend_ssa_op *ssa_op
 			return 0;
 		case ZEND_BIND_GLOBAL:
 			if ((opline+1)->opcode == ZEND_BIND_GLOBAL) {
-				return zend_may_throw(opline + 1, ssa_op + 1, op_array, ssa);
+				return zend_may_throw(opline + 1, ssa_op ? ssa_op + 1 : NULL, op_array, ssa);
 			}
 			return 0;
 		case ZEND_ADD:

Zend/tests/gh15330-001.phpt

@@ -0,0 +1,38 @@
+--TEST--
+GH-15330 001: Do not scan generator frames more than once
+--FILE--
+<?php
+
+class It implements \IteratorAggregate
+{
+    public function getIterator(): \Generator
+    {
+        yield 'foo';
+        Fiber::suspend();
+        var_dump("not executed");
+    }
+}
+
+function f() {
+    var_dump(yield from new It());
+}
+
+$iterable = f();
+
+$fiber = new Fiber(function () use ($iterable) {
+    var_dump($iterable->current());
+    $iterable->next();
+    var_dump("not executed");
+});
+
+$ref = $fiber;
+
+$fiber->start();
+
+gc_collect_cycles();
+
+?>
+==DONE==
+--EXPECT--
+string(3) "foo"
+==DONE==

Zend/tests/gh15330-002.phpt

@@ -0,0 +1,33 @@
+--TEST--
+GH-15330 002: Do not scan generator frames more than once
+--FILE--
+<?php
+
+function g() {
+    yield 'foo';
+    Fiber::suspend();
+}
+
+function f() {
+    var_dump(yield from g());
+}
+
+$iterable = f();
+
+$fiber = new Fiber(function () use ($iterable) {
+    var_dump($iterable->current());
+    $iterable->next();
+    var_dump("not executed");
+});
+
+$ref = $fiber;
+
+$fiber->start();
+
+gc_collect_cycles();
+
+?>
+==DONE==
+--EXPECT--
+string(3) "foo"
+==DONE==

Zend/tests/gh15330-003.phpt

@@ -0,0 +1,57 @@
+--TEST--
+GH-15330 003: Do not scan generator frames more than once
+--FILE--
+<?php
+
+class It implements \IteratorAggregate
+{
+    public function getIterator(): \Generator
+    {
+        yield 'foo';
+        Fiber::suspend();
+        var_dump("not executed");
+    }
+}
+
+class Canary {
+    public function __construct(public mixed $value) {}
+    public function __destruct() {
+        var_dump(__METHOD__);
+    }
+}
+
+function f($canary) {
+    var_dump(yield from new It());
+}
+
+$canary = new Canary(null);
+
+$iterable = f($canary);
+
+$fiber = new Fiber(function () use ($iterable, $canary) {
+    var_dump($canary, $iterable->current());
+    $iterable->next();
+    var_dump("not executed");
+});
+
+$canary->value = $fiber;
+
+$fiber->start();
+
+$iterable->current();
+
+$fiber = $iterable = $canary = null;
+
+gc_collect_cycles();
+
+?>
+==DONE==
+--EXPECTF--
+object(Canary)#%d (1) {
+  ["value"]=>
+  object(Fiber)#%d (0) {
+  }
+}
+string(3) "foo"
+string(18) "Canary::__destruct"
+==DONE==

Zend/tests/gh15330-004.phpt

@@ -0,0 +1,52 @@
+--TEST--
+GH-15330 004: Do not scan generator frames more than once
+--FILE--
+<?php
+
+class Canary {
+    public function __construct(public mixed $value) {}
+    public function __destruct() {
+        var_dump(__METHOD__);
+    }
+}
+
+function g() {
+    yield 'foo';
+    Fiber::suspend();
+}
+
+function f($canary) {
+    var_dump(yield from g());
+}
+
+$canary = new Canary(null);
+
+$iterable = f($canary);
+
+$fiber = new Fiber(function () use ($iterable, $canary) {
+    var_dump($canary, $iterable->current());
+    $iterable->next();
+    var_dump("not executed");
+});
+
+$canary->value = $fiber;
+
+$fiber->start();
+
+$iterable->current();
+
+$fiber = $iterable = $canary = null;
+
+gc_collect_cycles();
+
+?>
+==DONE==
+--EXPECTF--
+object(Canary)#%d (1) {
+  ["value"]=>
+  object(Fiber)#%d (0) {
+  }
+}
+string(3) "foo"
+string(18) "Canary::__destruct"
+==DONE==

Zend/tests/gh15330-005.phpt

@@ -0,0 +1,53 @@
+--TEST--
+GH-15330 005: Do not scan generator frames more than once
+--FILE--
+<?php
+
+class Canary {
+    public function __construct(public mixed $value) {}
+    public function __destruct() {
+        var_dump(__METHOD__);
+    }
+}
+
+function g() {
+    yield 'foo';
+    Fiber::suspend();
+}
+
+function f($canary) {
+    var_dump(yield from g());
+}
+
+$canary = new Canary(null);
+
+$iterable = f($canary);
+
+$fiber = new Fiber(function () use ($iterable, $canary) {
+    var_dump($canary, $iterable->current());
+    $f = $iterable->next(...);
+    $f();
+    var_dump("not executed");
+});
+
+$canary->value = $fiber;
+
+$fiber->start();
+
+$iterable->current();
+
+$fiber = $iterable = $canary = null;
+
+gc_collect_cycles();
+
+?>
+==DONE==
+--EXPECTF--
+object(Canary)#%d (1) {
+  ["value"]=>
+  object(Fiber)#%d (0) {
+  }
+}
+string(3) "foo"
+string(18) "Canary::__destruct"
+==DONE==