Skip to content

[pull] master from php:master #1026

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 8, 2025
Merged

[pull] master from php:master #1026

merged 4 commits into from
Sep 8, 2025

Conversation

@pull
Copy link

@pull pull bot commented Sep 8, 2025
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.3)

Can you help keep this open source service alive? 💖 Please sponsor : )

ndossche and others added 4 commits September 8, 2025 23:10
@ndossche
Fix GH-19752: Phar decompression with invalid extension can cause UAF
f6878b6 
The rename code can error out prior to the reassignment of the filename,
which is why the test causes a crash.
The rename code can also error out at a later point,
which means it will have already assigned the new filename.
We detect in which case we are in and act accordingly.

Closes GH-19761.
@ndossche
Merge branch 'PHP-8.3' into PHP-8.4
c395355 
* PHP-8.3:
  Fix GH-19752: Phar decompression with invalid extension can cause UAF
@ndossche
Merge branch 'PHP-8.4'
79eca3f 
* PHP-8.4:
  Fix GH-19752: Phar decompression with invalid extension can cause UAF
@TimWolla
uri: Fix handling of the errors == NULL && !silent for uri_parser_w…
156c847 
…hatwg (#19748)

* uri: Fix handling of the `errors == NULL && !silent` for uri_parser_whatwg

Previously, when `errors` was `NULL`, the `errors` pointer was used to set the
`$errors` property when throwing the exception, leading to a crash. Use a local
zval to pass the errors to the Exception and copy it into the `errors` input
when it is non-`NULL`.

* uri: Only pass the `errors` zval when interested in it in `php_uri_instantiate_uri()`

This is no longer necessary since the previous commit and also is a layering
violation, since `php_uri_instantiate_uri()` should not care how `parse_uri()`
works internally.

* uri: Use `ZVAL_EMPTY_ARRAY()` when no parsing errors are available

* uri: Avoid redundant refcounting in error handling of uri_parser_whatwg

* NEWS
@pull pull bot locked and limited conversation to collaborators Sep 8, 2025
@pull pull bot added the ⤵️ pull label Sep 8, 2025
@pull pull bot merged commit 156c847 into wudi:master Sep 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ndossche @TimWolla