Fix GH-16649: Avoid UAF when using array_splice #31387
Workflow file for this run
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Push | |
| on: | |
| push: | |
| paths-ignore: | |
| - docs/** | |
| - NEWS | |
| - UPGRADING | |
| - UPGRADING.INTERNALS | |
| - '**/README.*' | |
| - CONTRIBUTING.md | |
| - CODING_STANDARDS.md | |
| - .cirrus.yml | |
| - .travis.yml | |
| - travis/** | |
| - .circleci/** | |
| branches: | |
| - PHP-7.4 | |
| - PHP-8.0 | |
| - PHP-8.1 | |
| - PHP-8.2 | |
| - PHP-8.3 | |
| - master | |
| pull_request: | |
| paths-ignore: | |
| - docs/** | |
| - NEWS | |
| - UPGRADING | |
| - UPGRADING.INTERNALS | |
| - '**/README.*' | |
| - CONTRIBUTING.md | |
| - CODING_STANDARDS.md | |
| - .cirrus.yml | |
| - .travis.yml | |
| - travis/** | |
| - .circleci/** | |
| branches: | |
| - '**' | |
| workflow_dispatch: ~ | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.url || github.run_id }} | |
| cancel-in-progress: true | |
| env: | |
| CC: ccache gcc | |
| CXX: ccache g++ | |
| jobs: | |
| LINUX_X64: | |
| if: github.repository == 'php/php-src' || github.event_name == 'pull_request' | |
| services: | |
| mysql: | |
| image: mysql:8.3 | |
| ports: | |
| - 3306:3306 | |
| env: | |
| MYSQL_DATABASE: test | |
| MYSQL_ROOT_PASSWORD: root | |
| postgres: | |
| image: postgres | |
| ports: | |
| - 5432:5432 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: test | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - debug: false | |
| zts: false | |
| asan: false | |
| - debug: true | |
| zts: true | |
| asan: true | |
| name: "LINUX_X64_${{ matrix.debug && 'DEBUG' || 'RELEASE' }}_${{ matrix.zts && 'ZTS' || 'NTS' }}${{ matrix.asan && '_ASAN' || '' }}" | |
| runs-on: ubuntu-${{ !matrix.asan && '22' || '24' }}.04 | |
| steps: | |
| - name: git checkout | |
| uses: actions/checkout@v4 | |
| - name: apt | |
| uses: ./.github/actions/apt-x64 | |
| - name: System info | |
| run: | | |
| echo "::group::Show host CPU info" | |
| lscpu | |
| echo "::endgroup::" | |
| echo "::group::Show installed package versions" | |
| dpkg -l | |
| echo "::endgroup::" | |
| - name: Create MSSQL container | |
| if: ${{ !matrix.asan }} | |
| uses: ./.github/actions/setup-mssql | |
| - name: Create Oracle container | |
| if: ${{ !matrix.asan }} | |
| uses: ./.github/actions/setup-oracle | |
| - name: Setup Caddy server | |
| uses: ./.github/actions/setup-caddy | |
| - name: ccache | |
| uses: hendrikmuhs/[email protected] | |
| with: | |
| # This duplicates the "job.name" expression above because | |
| # GitHub has no way to query the job name (github.job is the | |
| # job id, not the job name) | |
| key: "LINUX_X64_${{ matrix.debug && 'DEBUG' || 'RELEASE' }}_${{ matrix.zts && 'ZTS' || 'NTS' }}${{ matrix.asan && '_ASAN' || '' }}-${{hashFiles('main/php_version.h')}}" | |
| append-timestamp: false | |
| save: ${{ github.event_name != 'pull_request' }} | |
| - name: ./configure | |
| uses: ./.github/actions/configure-x64 | |
| with: | |
| configurationParameters: >- | |
| --${{ matrix.debug && 'enable' || 'disable' }}-debug | |
| --${{ matrix.zts && 'enable' || 'disable' }}-zts | |
| ${{ matrix.asan && 'CFLAGS="-fsanitize=undefined,address -fno-sanitize=function -DZEND_TRACK_ARENA_ALLOC" LDFLAGS="-fsanitize=undefined,address -fno-sanitize=function" CC=clang CXX=clang++ --disable-opcache-jit' || '' }} | |
| skipSlow: ${{ matrix.asan }} | |
| - name: make | |
| run: make -j$(/usr/bin/nproc) >/dev/null | |
| - name: make install | |
| uses: ./.github/actions/install-linux | |
| - name: Setup | |
| if: ${{ !matrix.asan }} | |
| uses: ./.github/actions/setup-x64 | |
| - name: Test | |
| if: matrix.asan == false | |
| uses: ./.github/actions/test-linux | |
| - name: Test ${{ matrix.asan && 'OpCache' || 'Tracing JIT' }} | |
| uses: ./.github/actions/test-linux | |
| with: | |
| jitType: ${{ matrix.asan && 'disable' || 'tracing' }} | |
| runTestsParameters: >- | |
| -d zend_extension=opcache.so | |
| -d opcache.enable_cli=1 | |
| ${{ matrix.asan && '--asan -x' || '' }} | |
| - name: Verify generated files are up to date | |
| if: ${{ !matrix.asan }} | |
| uses: ./.github/actions/verify-generated-files | |
| LINUX_X32: | |
| if: github.repository == 'php/php-src' || github.event_name == 'pull_request' | |
| name: LINUX_X32_DEBUG_ZTS | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ubuntu:22.04 | |
| env: | |
| MYSQL_TEST_HOST: mysql | |
| PDO_MYSQL_TEST_DSN: mysql:host=mysql;dbname=test | |
| PDO_MYSQL_TEST_HOST: mysql | |
| services: | |
| mysql: | |
| image: mysql:8.3 | |
| ports: | |
| - 3306:3306 | |
| env: | |
| MYSQL_DATABASE: test | |
| MYSQL_ROOT_PASSWORD: root | |
| steps: | |
| - name: git checkout | |
| uses: actions/checkout@v4 | |
| - name: apt | |
| uses: ./.github/actions/apt-x32 | |
| - name: ccache | |
| uses: hendrikmuhs/[email protected] | |
| with: | |
| key: "${{github.job}}-${{hashFiles('main/php_version.h')}}" | |
| append-timestamp: false | |
| - name: ./configure | |
| uses: ./.github/actions/configure-x32 | |
| with: | |
| configurationParameters: >- | |
| --enable-debug | |
| --enable-zts | |
| - name: make | |
| run: make -j$(/usr/bin/nproc) >/dev/null | |
| - name: make install | |
| uses: ./.github/actions/install-linux-x32 | |
| - name: Test Tracing JIT | |
| uses: ./.github/actions/test-linux | |
| with: | |
| jitType: tracing | |
| runTestsParameters: >- | |
| -d zend_extension=opcache.so | |
| -d opcache.enable_cli=1 | |
| MACOS_DEBUG_NTS: | |
| if: github.repository == 'php/php-src' || github.event_name == 'pull_request' | |
| runs-on: macos-14 | |
| steps: | |
| - name: git checkout | |
| uses: actions/checkout@v4 | |
| - name: brew | |
| uses: ./.github/actions/brew | |
| - name: ccache | |
| uses: hendrikmuhs/[email protected] | |
| with: | |
| key: "${{github.job}}-${{hashFiles('main/php_version.h')}}" | |
| append-timestamp: false | |
| save: ${{ github.event_name != 'pull_request' }} | |
| - name: ./configure | |
| uses: ./.github/actions/configure-macos | |
| with: | |
| configurationParameters: --enable-debug --disable-zts | |
| - name: make | |
| run: |- | |
| export PATH="$(brew --prefix)/opt/bison/bin:$PATH" | |
| make -j$(sysctl -n hw.logicalcpu) >/dev/null | |
| - name: make install | |
| run: sudo make install | |
| - name: Test Tracing JIT | |
| uses: ./.github/actions/test-macos | |
| with: | |
| jitType: tracing | |
| runTestsParameters: >- | |
| -d zend_extension=opcache.so | |
| -d opcache.enable_cli=1 | |
| -d opcache.protect_memory=1 | |
| - name: Verify generated files are up to date | |
| uses: ./.github/actions/verify-generated-files | |
| WINDOWS: | |
| if: github.repository == 'php/php-src' || github.event_name == 'pull_request' | |
| name: WINDOWS_X64_ZTS | |
| runs-on: windows-2022 | |
| env: | |
| PHP_BUILD_CACHE_BASE_DIR: C:\build-cache | |
| PHP_BUILD_OBJ_DIR: C:\obj | |
| PHP_BUILD_CACHE_SDK_DIR: C:\build-cache\sdk | |
| PHP_BUILD_SDK_BRANCH: php-sdk-2.3.0 | |
| PHP_BUILD_CRT: vs16 | |
| PLATFORM: x64 | |
| THREAD_SAFE: "1" | |
| INTRINSICS: AVX2 | |
| PARALLEL: -j2 | |
| OPCACHE: "1" | |
| steps: | |
| - name: git config | |
| run: git config --global core.autocrlf false && git config --global core.eol lf | |
| - name: git checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup-windows | |
| - name: Build | |
| run: .github/scripts/windows/build.bat | |
| - name: Test | |
| run: .github/scripts/windows/test.bat | |
| BENCHMARKING: | |
| name: BENCHMARKING | |
| if: github.repository == 'php/php-src' || github.event_name == 'pull_request' | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: git checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: apt | |
| run: | | |
| set -x | |
| sudo apt-get update | |
| sudo apt-get install \ | |
| bison \ | |
| libgmp-dev \ | |
| libonig-dev \ | |
| libsqlite3-dev \ | |
| openssl \ | |
| re2c \ | |
| valgrind | |
| - name: ccache | |
| uses: hendrikmuhs/[email protected] | |
| with: | |
| key: "${{github.job}}-${{hashFiles('main/php_version.h')}}" | |
| append-timestamp: false | |
| save: ${{ github.event_name != 'pull_request' }} | |
| - name: ./configure | |
| run: | | |
| set -x | |
| ./buildconf --force | |
| ./configure \ | |
| --disable-debug \ | |
| --enable-mbstring \ | |
| --enable-opcache \ | |
| --enable-option-checking=fatal \ | |
| --enable-sockets \ | |
| --enable-werror \ | |
| --prefix=/usr \ | |
| --with-config-file-scan-dir=/etc/php.d \ | |
| --with-gmp \ | |
| --with-mysqli=mysqlnd \ | |
| --with-openssl \ | |
| --with-pdo-sqlite \ | |
| --with-valgrind | |
| - name: make | |
| run: make -j$(/usr/bin/nproc) >/dev/null | |
| - name: make install | |
| run: | | |
| set -x | |
| sudo make install | |
| sudo mkdir -p /etc/php.d | |
| sudo chmod 777 /etc/php.d | |
| echo mysqli.default_socket=/var/run/mysqld/mysqld.sock > /etc/php.d/mysqli.ini | |
| echo zend_extension=opcache.so >> /etc/php.d/opcache.ini | |
| echo opcache.enable=1 >> /etc/php.d/opcache.ini | |
| echo opcache.enable_cli=1 >> /etc/php.d/opcache.ini | |
| - name: Setup | |
| run: | | |
| git config --global user.name "Benchmark" | |
| git config --global user.email "[email protected]" | |
| sudo service mysql start | |
| mysql -uroot -proot -e "CREATE DATABASE IF NOT EXISTS wordpress" | |
| mysql -uroot -proot -e "CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'wordpress'; FLUSH PRIVILEGES;" | |
| mysql -uroot -proot -e "GRANT ALL PRIVILEGES ON *.* TO 'wordpress'@'localhost' WITH GRANT OPTION;" | |
| - name: git checkout benchmarking-data | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: php/benchmarking-data | |
| ssh-key: ${{ secrets.BENCHMARKING_DATA_DEPLOY_KEY }} | |
| path: benchmark/repos/data | |
| - name: Benchmark | |
| run: php benchmark/benchmark.php true | |
| - name: Store result | |
| if: github.event_name == 'push' | |
| run: | | |
| set -x | |
| cd benchmark/repos/data | |
| git pull --autostash | |
| if [ -e ".git/MERGE_HEAD" ]; then | |
| echo "Merging, can't proceed" | |
| exit 1 | |
| fi | |
| git add . | |
| if git diff --cached --quiet; then | |
| exit 0 | |
| fi | |
| git commit -m "Add result for ${{ github.repository }}@${{ github.sha }}" | |
| git push | |
| - name: Show diff | |
| if: github.event_name == 'pull_request' | |
| run: |- | |
| set -x | |
| php benchmark/generate_diff.php \ | |
| ${{ github.sha }} \ | |
| $(git merge-base ${{ github.event.pull_request.base.sha }} ${{ github.sha }}) \ | |
| > $GITHUB_STEP_SUMMARY | |
| FREEBSD: | |
| if: github.repository == 'php/php-src' || github.event_name == 'pull_request' | |
| name: FREEBSD | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: git checkout | |
| uses: actions/checkout@v4 | |
| - name: FreeBSD | |
| uses: ./.github/actions/freebsd |