Merge remote-tracking branch 'php/master'

Author: danog

.cirrus.yml

@@ -0,0 +1,104 @@
+name: FreeBSD
+runs:
+  using: composite
+  steps:
+    - name: FreeBSD
+      uses: vmactions/freebsd-vm@v1
+      with:
+        release: '13.3'
+        usesh: true
+        # Temporarily disable sqlite, as FreeBSD ships it with disabled double quotes. We'll need to fix our tests.
+        # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269889
+        prepare: |
+          cd $GITHUB_WORKSPACE
+
+          kldload accf_http
+          pkg install -y \
+            autoconf \
+            bison \
+            gmake \
+            re2c \
+            icu \
+            libiconv \
+            png \
+            freetype2 \
+            enchant2 \
+            bzip2 \
+            t1lib \
+            gmp \
+            tidyp \
+            libsodium \
+            libzip \
+            libxml2 \
+            libxslt \
+            openssl \
+            oniguruma \
+            pkgconf \
+            webp \
+            libavif \
+            `#sqlite3` \
+            curl
+
+          ./buildconf -f
+          ./configure \
+            --prefix=/usr/local \
+            --enable-debug \
+            --enable-option-checking=fatal \
+            --enable-fpm \
+            `#--with-pdo-sqlite` \
+            --without-sqlite3 \
+            --without-pdo-sqlite \
+            --without-pear \
+            --with-bz2 \
+            --with-avif \
+            --with-jpeg \
+            --with-webp \
+            --with-freetype \
+            --enable-gd \
+            --enable-exif \
+            --with-zip \
+            --with-zlib \
+            --enable-soap \
+            --enable-xmlreader \
+            --with-xsl \
+            --with-libxml \
+            --enable-shmop \
+            --enable-pcntl \
+            --enable-mbstring \
+            --with-curl \
+            --enable-sockets \
+            --with-openssl \
+            --with-iconv=/usr/local \
+            --enable-bcmath \
+            --enable-calendar \
+            --enable-ftp \
+            --with-ffi \
+            --enable-zend-test \
+            --enable-dl-test=shared \
+            --enable-intl \
+            --with-mhash \
+            --with-sodium \
+            --enable-werror \
+            --with-config-file-path=/etc \
+            --with-config-file-scan-dir=/etc/php.d
+          gmake -j2
+          mkdir /etc/php.d
+          gmake install > /dev/null
+          echo opcache.enable_cli=1 > /etc/php.d/opcache.ini
+          echo opcache.protect_memory=1 >> /etc/php.d/opcache.ini
+          echo opcache.preload_user=root >> /etc/php.d/opcache.ini
+        run: |
+          cd $GITHUB_WORKSPACE
+
+          export SKIP_IO_CAPTURE_TESTS=1
+          export CI_NO_IPV6=1
+          export STACK_LIMIT_DEFAULTS_CHECK=1
+          sapi/cli/php run-tests.php \
+            -P -q -j2 \
+            -g FAIL,BORK,LEAK,XLEAK \
+            --no-progress \
+            --offline \
+            --show-diff \
+            --show-slow 1000 \
+            --set-timeout 120 \
+            -d zend_extension=opcache.so

.github/actions/freebsd/action.yml

@@ -728,12 +728,14 @@ jobs:
         with:
           withMysqli: ${{ inputs.libmysqlclient_with_mysqli }}
       - name: Build mysql-8.4
+        if: ${{ !inputs.libmysqlclient_with_mysqli }}
         uses: ./.github/actions/build-libmysqlclient
         with:
           configurationParameters: ${{ !inputs.libmysqlclient_with_mysqli && '--enable-werror' || '' }}
           libmysql: mysql-8.4.0-linux-glibc2.28-x86_64.tar.xz
           withMysqli: ${{ inputs.libmysqlclient_with_mysqli }}
       - name: Test mysql-8.4
+        if: ${{ !inputs.libmysqlclient_with_mysqli }}
         uses: ./.github/actions/test-libmysqlclient
         with:
           withMysqli: ${{ inputs.libmysqlclient_with_mysqli }}
@@ -893,3 +895,13 @@ jobs:
         run: .github/scripts/windows/build.bat
       - name: Test
         run: .github/scripts/windows/test.bat
+  FREEBSD:
+    name: FREEBSD
+    runs-on: ubuntu-latest
+    steps:
+      - name: git checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch }}
+      - name: FreeBSD
+        uses: ./.github/actions/freebsd

.github/workflows/nightly.yml

@@ -359,3 +359,11 @@ jobs:
           name: profiles
           path: ${{ github.workspace }}/benchmark/profiles
           retention-days: 30
+  FREEBSD:
+    name: FREEBSD
+    runs-on: ubuntu-latest
+    steps:
+      - name: git checkout
+        uses: actions/checkout@v4
+      - name: FreeBSD
+        uses: ./.github/actions/freebsd

.github/workflows/push.yml

@@ -15,4 +15,4 @@ class Bar extends Foo
 
 ?>
 --EXPECTF--
-Fatal error: Type of Bar::$property1 must not be defined (as in class Foo) in %s on line %d
+Fatal error: Type of Bar::$property1 must be omitted to match the parent definition in class Foo in %s on line %d

Zend/tests/type_declarations/mixed/inheritance/mixed_property_inheritance_error7.phpt

@@ -11,4 +11,4 @@ class Baz extends Foo{
 }
 ?>
 --EXPECTF--
-Fatal error: Type of Baz::$bar must not be defined (as in class Foo) in %s on line 6
+Fatal error: Type of Baz::$bar must be omitted to match the parent definition in class Foo in %s on line 6

Zend/tests/type_declarations/typed_properties_035.phpt

@@ -1507,7 +1507,7 @@ static void do_inherit_property(zend_property_info *parent_info, zend_string *ke
 				}
 			} else if (UNEXPECTED(ZEND_TYPE_IS_SET(child_info->type) && !ZEND_TYPE_IS_SET(parent_info->type))) {
 				zend_error_noreturn(E_COMPILE_ERROR,
-						"Type of %s::$%s must not be defined (as in class %s)",
+						"Type of %s::$%s must be omitted to match the parent definition in class %s",
 						ZSTR_VAL(ce->name),
 						ZSTR_VAL(key),
 						ZSTR_VAL(parent_info->ce->name));

Zend/zend_inheritance.c

@@ -3759,13 +3759,23 @@ static zend_string* php_ldap_do_escape(const bool *map, const char *value, size_
 	zend_string *ret;
 
 	for (i = 0; i < valuelen; i++) {
-		len += (map[(unsigned char) value[i]]) ? 3 : 1;
+		size_t addend = (map[(unsigned char) value[i]]) ? 3 : 1;
+		if (len > ZSTR_MAX_LEN - addend) {
+			return NULL;
+		}
+		len += addend;
 	}
 	/* Per RFC 4514, a leading and trailing space must be escaped */
 	if ((flags & PHP_LDAP_ESCAPE_DN) && (value[0] == ' ')) {
+		if (len > ZSTR_MAX_LEN - 2) {
+			return NULL;
+		}
 		len += 2;
 	}
 	if ((flags & PHP_LDAP_ESCAPE_DN) && ((valuelen > 1) && (value[valuelen - 1] == ' '))) {
+		if (len > ZSTR_MAX_LEN - 2) {
+			return NULL;
+		}
 		len += 2;
 	}
 
@@ -3832,7 +3842,13 @@ PHP_FUNCTION(ldap_escape)
 		php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0);
 	}
 
-	RETURN_NEW_STR(php_ldap_do_escape(map, value, valuelen, flags));
+	zend_string *result = php_ldap_do_escape(map, value, valuelen, flags);
+	if (UNEXPECTED(!result)) {
+		zend_argument_value_error(1, "is too long");
+		RETURN_THROWS();
+	}
+
+	RETURN_NEW_STR(result);
 }
 
 #ifdef STR_TRANSLATION

ext/ldap/ldap.c

@@ -0,0 +1,28 @@
+--TEST--
+GHSA-g665-fm4p-vhff (OOB access in ldap_escape)
+--EXTENSIONS--
+ldap
+--INI--
+memory_limit=-1
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE !== 4) die("skip only for 32-bit");
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--FILE--
+<?php
+try {
+    ldap_escape(' '.str_repeat("#", 1431655758), "", LDAP_ESCAPE_DN);
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    ldap_escape(str_repeat("#", 1431655758).' ', "", LDAP_ESCAPE_DN);
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+ldap_escape(): Argument #1 ($value) is too long
+ldap_escape(): Argument #1 ($value) is too long

ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt

@@ -0,0 +1,29 @@
+--TEST--
+GHSA-g665-fm4p-vhff (OOB access in ldap_escape)
+--EXTENSIONS--
+ldap
+--INI--
+memory_limit=-1
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE !== 4) die("skip only for 32-bit");
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--FILE--
+<?php
+try {
+    ldap_escape(str_repeat("*", 1431655759), "", LDAP_ESCAPE_FILTER);
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+// would allocate a string of length 2
+try {
+    ldap_escape(str_repeat("*", 1431655766), "", LDAP_ESCAPE_FILTER);
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+ldap_escape(): Argument #1 ($value) is too long
+ldap_escape(): Argument #1 ($value) is too long