Merge tag 'php-8.4.3' into was-8.4.x

Tag for php-8.4.3

Author: MaxKellermann

.gitignore

@@ -177,6 +177,9 @@ php
 /ext/*/configure.ac
 /ext/*/run-tests.php
 
+# Generated by ./configure if libc might be musl
+/ext/gettext/tests/locale/en_US
+
 # ------------------------------------------------------------------------------
 # Generated by Windows build system
 # ------------------------------------------------------------------------------

NEWS

@@ -1,94 +1,183 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-19 Dec 2024, PHP 8.4.2
+16 Jan 2025, PHP 8.4.3
 
 - BcMath:
-  . Fixed bug GH-16978 (Avoid unnecessary padding with leading zeros)
+  . Fixed bug GH-17049 (Correctly compare 0 and -0). (Saki Takamachi)
+  . Fixed bug GH-17061 (Now Number::round() does not remove trailing zeros).
     (Saki Takamachi)
+  . Fixed bug GH-17064 (Correctly round rounding mode with zero edge case).
+    (Saki Takamachi)
+  . Fixed bug GH-17275 (Fixed the calculation logic of dividend scale).
+    (Saki Takamachi)
+
+- Core:
+  . Fixed bug OSS-Fuzz #382922236 (Duplicate dynamic properties in hooked object
+    iterator properties table). (ilutov)
+  . Fixed unstable get_iterator pointer for hooked classes in shm on Windows.
+    (ilutov)
+  . Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization). (ilutov)
+  . Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF).
+    (nielsdos)
+  . Fixed bug GH-17101 (AST->string does not reproduce constructor property
+    promotion correctly). (nielsdos)
+  . Fixed bug GH-17200 (Incorrect dynamic prop offset in hooked prop iterator).
+    (ilutov)
+  . Fixed bug GH-17216 (Trampoline crash on error). (nielsdos)
+
+- DBA:
+  . Skip test if inifile is disabled. (orlitzky)
+
+- DOM:
+  . Fixed bug GH-17145 (DOM memory leak). (nielsdos)
+  . Fixed bug GH-17201 (Dom\TokenList issues with interned string replace).
+    (nielsdos)
+  . Fixed bug GH-17224 (UAF in importNode). (nielsdos)
+
+- Embed:
+  . Make build command for program using embed portable. (dunglas)
+
+- FFI:
+  . Fixed bug #79075 (FFI header parser chokes on comments). (nielsdos)
+  . Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure. (nielsdos)
+  . Fixed bug GH-16013 and bug #80857 (Big endian issues). (Dmitry, nielsdos)
+
+- Fileinfo:
+  . Fixed bug GH-17039 (PHP 8.4: Incorrect MIME content type). (nielsdos)
 
-- Calendar:
-  . Fixed jdtogregorian overflow. (David Carlier)
-  . Fixed cal_to_jd julian_days argument overflow. (David Carlier)
+- FPM:
+  . Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already
+    locked)). (Jakub Zelenka)
+  . Fixed bug GH-17112 (Macro redefinitions). (cmb, nielsdos)
+  . Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits).
+    (nielsdos)
+
+- GD:
+  . Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c).
+    (nielsdos, cmb)
+  . Ported fix for libgd bug 276 (Sometimes pixels are missing when storing
+    images as BMPs). (cmb)
+
+- Gettext:
+  . Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c
+    bindtextdomain()). (Michael Orlitzky)
+
+- Iconv:
+  . Fixed bug GH-17047 (UAF on iconv filter failure). (nielsdos)
+
+- LDAP:
+  . Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes).
+    (nielsdos)
+
+- LibXML:
+  . Fixed bug GH-17223 (Memory leak in libxml encoding handling). (nielsdos)
+
+- MBString:
+  . Fixed bug GH-17112 (Macro redefinitions). (nielsdos, cmb)
+
+- Opcache:
+  . opcache_get_configuration() properly reports jit_prof_threshold. (cmb)
+  . Fixed bug GH-17140 (Assertion failure in JIT trace exit with
+    ZEND_FETCH_DIM_FUNC_ARG). (nielsdos, Dmitry)
+  . Fixed bug GH-17151 (Incorrect RC inference of op1 of FETCH_OBJ and
+    INIT_METHOD_CALL). (Dmitry, ilutov)
+  . Fixed bug GH-17246 (GC during SCCP causes segfault). (Dmitry)
+  . Fixed bug GH-17257 (UBSAN warning in ext/opcache/jit/zend_jit_vm_helpers.c).
+    (nielsdos, Dmitry)
+
+- PCNTL:
+  . Fix memory leak in cleanup code of pcntl_exec() when a non stringable
+    value is encountered past the first entry. (Girgias)
+
+- PgSql:
+  . Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError
+    Message when Called With 1 Argument). (nielsdos)
+  . Fixed further ArgumentCountError for calls with flexible
+    number of arguments. (David Carlier)
+
+- Phar:
+  . Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c). (nielsdos)
+
+- SimpleXML:
+  . Fixed bug GH-17040 (SimpleXML's unset can break DOM objects). (nielsdos)
+  . Fixed bug GH-17153 (SimpleXML crash when using autovivification on
+    document). (nielsdos)
+
+- Sockets:
+  . Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN).
+    (David Carlier / cmb)
+  . Fixed overflow on SO_LINGER values setting, strengthening values check
+    on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option().
+    (David Carlier)
+
+- SPL:
+  . Fixed bug GH-17198 (SplFixedArray assertion failure with get_object_vars).
+    (nielsdos)
+  . Fixed bug GH-17225 (NULL deref in spl_directory.c). (nielsdos)
+
+- Streams:
+  . Fixed bug GH-17037 (UAF in user filter when adding existing filter name due
+    to incorrect error handling). (nielsdos)
+  . Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value).
+    (David Carlier)
+  . Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds).
+    (cmb)
+
+- Windows:
+  . Hardened proc_open() against cmd.exe hijacking. (cmb)
+
+- XML:
+  . Fixed bug GH-1718 (unreachable program point in zend_hash). (nielsdos)
+
+05 Dec 2024, PHP 8.4.2
+
+- BcMath:
+  . Fixed bug GH-16978 (Avoid unnecessary padding with leading zeros).
+    (Saki Takamachi)
 
 - COM:
   . Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
     (cmb)
 
 - Core:
-  . Fail early in *nix configuration build script. (hakre)
   . Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and
     skipLazyInitialization() may change initialized proxy). (Arnaud)
-  . Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm
-    (frankenphp)). (nielsdos)
-  . Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
-    (nielsdos)
-  . Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
-    (nielsdos)
   . Fix is_zend_ptr() huge block comparison. (nielsdos)
   . Fixed potential OOB read in zend_dirname() on Windows. (cmb)
   . Fixed bug GH-15964 (printf() can strip sign of -INF). (divinity76, cmb)
 
 - Curl:
-  . Fixed bug GH-16802 (open_basedir bypass using curl extension). (nielsdos)
   . Fix various memory leaks in curl mime handling. (nielsdos)
 
 - DBA:
   . Fixed bug GH-16990 (dba_list() is now zero-indexed instead of using
     resource ids) (kocsismate)
 
 - DOM:
-  . Fixed bug GH-16777 (Calling the constructor again on a DOM object after it
-    is in a document causes UAF). (nielsdos)
   . Fixed bug GH-16906 (Reloading document can cause UAF in iterator).
     (nielsdos)
 
 - FPM:
-  . Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). (Jakub Zelenka)
   . Fixed bug GH-16932 (wrong FPM status output). (Jakub Zelenka, James Lucas)
 
-- GD:
-  . Fixed GH-16776 (imagecreatefromstring overflow). (David Carlier)
-
 - GMP:
   . Fixed bug GH-16890 (array_sum() with GMP can loose precision (LLP64)).
     (cmb)
 
-- Hash:
-  . Fixed GH-16711: Segfault in mhash(). (Girgias)
-
 - Opcache:
   . Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
     (dktapps)
   . Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). (nielsdos)
   . Fixed bug GH-16879 (JIT dead code skipping does not update call_level).
     (nielsdos)
 
-- OpenSSL:
-  . Prevent unexpected array entry conversion when reading key. (nielsdos)
-  . Fix various memory leaks related to openssl exports. (nielsdos)
-  . Fix memory leak in php_openssl_pkey_from_zval(). (nielsdos)
-
-- PDO:
-  . Fixed memory leak of `setFetchMode()`. (SakiTakamachi)
-
-- Phar:
-  . Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
-    (nielsdos, Hans Krentel)
+- SAPI:
+  . Fixed bug GH-16998 (UBSAN warning in rfc1867). (nielsdos)
 
 - PHPDBG:
   . Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()).
     (nielsdos)
 
-- SAPI:
-  . Fixed bug GH-16998 (UBSAN warning in rfc1867). (nielsdos)
-
-- SimpleXML:
-  . Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator
-    ->current() with a xml element input). (nielsdos)
-
-- SOAP:
-  . Fix make check being invoked in ext/soap. (Ma27)
-
 - Standard:
   . Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF
     properties). (nielsdos)

Zend/Optimizer/zend_inference.c

@@ -1970,6 +1970,10 @@ static uint32_t get_ssa_alias_types(zend_ssa_alias_kind alias) {
 					/* TODO: support for array keys and ($str . "")*/   \
 					__type |= MAY_BE_RCN;                               \
 				}                                                       \
+				if ((__type & MAY_BE_RC1) && (__type & MAY_BE_OBJECT)) {\
+					/* TODO: object may be captured by magic handlers */\
+					__type |= MAY_BE_RCN;                               \
+				}                                                       \
 				if (__ssa_var->alias) {									\
 					__type |= get_ssa_alias_types(__ssa_var->alias);	\
 				}														\

Zend/Optimizer/zend_optimizer.c

@@ -640,6 +640,7 @@ bool zend_optimizer_replace_by_const(zend_op_array *op_array,
 				case ZEND_SWITCH_LONG:
 				case ZEND_SWITCH_STRING:
 				case ZEND_MATCH:
+				case ZEND_MATCH_ERROR:
 				case ZEND_JMP_NULL: {
 					zend_op *end = op_array->opcodes + op_array->last;
 					while (opline < end) {
@@ -652,6 +653,7 @@ bool zend_optimizer_replace_by_const(zend_op_array *op_array,
 								&& opline->opcode != ZEND_SWITCH_LONG
 								&& opline->opcode != ZEND_SWITCH_STRING
 								&& opline->opcode != ZEND_MATCH
+								&& opline->opcode != ZEND_MATCH_ERROR
 								&& opline->opcode != ZEND_JMP_NULL
 								&& (opline->opcode != ZEND_FREE
 									|| opline->extended_value != ZEND_FREE_ON_RETURN);

Zend/tests/bug54268.phpt

@@ -8,14 +8,6 @@ $zend_mm_enabled = getenv("USE_ZEND_ALLOC");
 if ($zend_mm_enabled === "0") {
     die("skip Zend MM disabled");
 }
-$tracing = extension_loaded("Zend OPcache")
-    && ($conf = opcache_get_configuration()["directives"])
-    && array_key_exists("opcache.jit", $conf)
-    &&  $conf["opcache.jit"] === "tracing";
-if (PHP_OS_FAMILY === "Windows" && PHP_INT_SIZE == 8 && $tracing) {
-    $url = "https://github.com/php/php-src/issues/15709";
-    die("xfail Test fails on Windows x64 (VS17) and tracing JIT; see $url");
-}
 ?>
 --FILE--
 <?php

Zend/tests/gh16509.phpt

@@ -1,16 +1,5 @@
 --TEST--
 GH-16509: Incorrect lineno reported for function redeclaration
---SKIPIF--
-<?php
-$tracing = extension_loaded("Zend OPcache")
-    && ($conf = opcache_get_configuration()["directives"])
-    && array_key_exists("opcache.jit", $conf)
-    &&  $conf["opcache.jit"] === "tracing";
-if (PHP_OS_FAMILY === "Windows" && PHP_INT_SIZE == 8 && $tracing) {
-    $url = "https://github.com/php/php-src/pull/14919#issuecomment-2259003979";
-    die("xfail Test fails on Windows x64 (VS17) and tracing JIT; see $url");
-}
-?>
 --FILE--
 <?php
 

Zend/tests/gh17162.phpt

@@ -0,0 +1,21 @@
+--TEST--
+GH-17162 (zend_array_try_init() with dtor can cause engine UAF)
+--FILE--
+<?php
+class Test {
+    function __destruct() {
+        global $box;
+        $box->value = null;
+    }
+}
+$box = [new Test];
+// Using getimagesize() for the test because it's always available,
+// but any function that uses zend_try_array_init() would work.
+try {
+    getimagesize("dummy", $box);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Attempt to assign property "value" on null

Zend/tests/gh8841.phpt

@@ -1,16 +1,5 @@
 --TEST--
 GH-8841 (php-cli core dump calling a badly formed function)
---SKIPIF--
-<?php
-$tracing = extension_loaded("Zend OPcache")
-    && ($conf = opcache_get_configuration()["directives"])
-    && array_key_exists("opcache.jit", $conf)
-    &&  $conf["opcache.jit"] === "tracing";
-if (PHP_OS_FAMILY === "Windows" && PHP_INT_SIZE == 8 && $tracing) {
-    $url = "https://github.com/php/php-src/pull/14919#issuecomment-2259003979";
-    die("xfail Test fails on Windows x64 (VS17) and tracing JIT; see $url");
-}
-?>
 --FILE--
 <?php
 register_shutdown_function(function() {

Zend/tests/gh9407.phpt

@@ -1,16 +1,5 @@
 --TEST--
 GH-9407: LSP error in eval'd code refers to wrong class for static type
---SKIPIF--
-<?php
-$tracing = extension_loaded("Zend OPcache")
-    && ($conf = opcache_get_configuration()["directives"])
-    && array_key_exists("opcache.jit", $conf)
-    &&  $conf["opcache.jit"] === "tracing";
-if (PHP_OS_FAMILY === "Windows" && PHP_INT_SIZE == 8 && $tracing) {
-    $url = "https://github.com/php/php-src/pull/14919#issuecomment-2259003979";
-    die("xfail Test fails on Windows x64 (VS17) and tracing JIT; see $url");
-}
-?>
 --FILE--
 <?php
 

Zend/tests/named_params/gh17216.phpt

@@ -0,0 +1,22 @@
+--TEST--
+GH-17216 (Trampoline crash on error)
+--FILE--
+<?php
+class TrampolineTest {
+    public function __call(string $name, array $arguments) {
+        var_dump($name, $arguments);
+    }
+}
+$o = new TrampolineTest();
+$callback = [$o, 'trampoline'];
+$array = ["a" => "b", 1];
+try {
+    forward_static_call_array($callback, $array);
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+echo "Done\n";
+?>
+--EXPECT--
+Cannot use positional argument after named argument
+Done