[pull] master from php:master #1101
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It is possible to build libxml without HTML support, which would mean that PHP does not support the saveHtml() features and HTML parsing in general. It also adds some maintenance complexity. I'm not aware of any distro that does this and it shows: this has been broken since stubs have been introduced. So we can just drop it as clearly no one cares about this or we would've known about it already. It also simplifies downstream code because they can now rely on the HTML functionality to always be available.
…ties exception with foreach loop In this test, we will loop once, and then replace the object with an instance that'll throw on property construction in Z_OBJPROP_P() in the ZEND_FE_FETCH_RW VM handler. Since at that point `pos >= fe_ht->nNumUsed`, we exit via `fe_fetch_w_exit` without checking for an exception, causing incorrect continuation of the code and an eventual assertion failure. To solve this, we perform an exception check at the end of the iteration. This should be sufficient to guarantee the exception is checked in time as failure of get_properties() via Z_OBJPROP_P() will always result in an empty hash table. This should also be more efficient than the alternative fix that checks for an exception right after Z_OBJPROP_P() as that would be executed at each iteration. Closes GH-20098.
* PHP-8.4: Fix GH-20085: Assertion failure when combining lazy object get_properties exception with foreach loop
* PHP-8.5: Fix GH-20085: Assertion failure when combining lazy object get_properties exception with foreach loop
…20097) Previously this failed as the read_dimension which is invoked by ref-assign does not contain the logic to add the key, so it was required to first write the value using a normal assignment and then thereafter use the reference assignment. This solves it by adding the necessary logic to assign references directly.
* PHP-8.3: Fix Randomizer::__serialize() wrt INDIRECTs
* PHP-8.4: Fix Randomizer::__serialize() wrt INDIRECTs
* PHP-8.5: Fix Randomizer::__serialize() wrt INDIRECTs
Exposing INDIRECTs to userland is not allowed and can lead to all sorts of wrong behaviour. In this case it lead to UAF bugs. Solve it by duplicating the properties table, which de-indirects the elements and also decouples it for future modifications. Closes GH-20102.
* PHP-8.5: Fix GH-20101: SplHeap/SplPriorityQueue serialization exposes INDIRECTs
* PHP-8.5: Regenerate zend_vm_execute.h
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )