[pull] master from php:master #669
Open
+179
−88
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This can trigger the memory limit in run-tests.php, which buffers the tests output. Instead, only output "nesting level too deep" and discard the rest. Closes GH-20946
* PHP-8.4: Avoid huge output in gh20840.phpt
* PHP-8.5: Avoid huge output in gh20840.phpt
* Fix zend_call_trampoline_arginfo arg name Name is "arguments" in documentation: https://www.php.net/__call#language.oop5.overloading.methods * Use zend_call_trampoline_arginfo in zend_get_call_trampoline_func() * Copy the original arg_info in zend_closure_from_frame None of these changes are observable, but this is cleaner, and this becomes observable in GH-20848. Closes GH-20951
Within hooks, the backing value can directly be accessed as if no hooks were present. This was previously handled only in read_property(). zend_fetch_property_address(), which is used for by-ref assignment, will first call get_property_ptr_ptr() and then try read_property(). However, when called on uninitialized backing values, read_property() will return &EG(uninitialized_zval) with an uninitialized property warning. This is problematic for zend_fetch_property_address() because it write to the result of read_property() unless there's an exception. For untyped properties, this can result in writes to &EG(uninitialized_zval) (see oss-fuzz-471486164-001.phpt). For types properties, it will result in an unexpected "Typed property C::$prop must not be accessed before initialization" exception. Fixes OSS-Fuzz #471486164 Closes GH-20943
* PHP-8.4: Fix by-ref assignment to uninitialized hooked backing value
* PHP-8.5: Fix by-ref assignment to uninitialized hooked backing value
Fixes OSS-Fuzz #438780145 Closes GH-19488
* PHP-8.4: Fix uaf for nested finally with repeated return type check
* PHP-8.5: Fix uaf for nested finally with repeated return type check
UNSET_OBJ et al. do not expect to find IS_UNDEF results for IS_INDIRECT vars. To solve this, return IS_NULL from FETCH_OBJ_UNSET when properties are uninitialized. Do the same for FETCH_STATIC_PROP_IS, as we're otherwise copying IS_UNDEF into the VAR result, which is not a valid value for VAR. Fixes OSS-Fuzz #429429090 Closes GH-19160
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )