Merge remote-tracking branch 'origin/master'

Author: mvorisek

CONTRIBUTING.md

@@ -100,6 +100,7 @@ scattered across different websites, and often outdated. Nonetheless, they can
 provide a good starting point for learning about the fundamentals of the code
 base.
 
+* https://php.github.io/php-src/
 * https://www.phpinternalsbook.com/
 * https://www.npopov.com/
   * [Internal value representation](https://www.npopov.com/2015/05/05/Internal-value-representation-in-PHP-7-part-1.html), [part 2](https://www.npopov.com/2015/06/19/Internal-value-representation-in-PHP-7-part-2.html)

NEWS

@@ -50,6 +50,8 @@ PHP                                                                        NEWS
 - Streams:
   . Added so_reuseaddr streams context socket option that allows disabling
     address resuse.
+  . Fixed bug GH-20370 (User stream filters could violate typed property
+    constraints). (alexandre-daubois)
 
 - Zip:
   . Fixed ZipArchive callback being called after executor has shut down.

Zend/zend_weakrefs.c

@@ -776,9 +776,7 @@ ZEND_METHOD(WeakMap, offsetUnset)
 
 ZEND_METHOD(WeakMap, count)
 {
-	if (zend_parse_parameters_none() == FAILURE) {
-		RETURN_THROWS();
-	}
+	ZEND_PARSE_PARAMETERS_NONE();
 
 	zend_long count;
 	zend_weakmap_count_elements(Z_OBJ_P(ZEND_THIS), &count);
@@ -787,9 +785,7 @@ ZEND_METHOD(WeakMap, count)
 
 ZEND_METHOD(WeakMap, getIterator)
 {
-	if (zend_parse_parameters_none() == FAILURE) {
-		RETURN_THROWS();
-	}
+	ZEND_PARSE_PARAMETERS_NONE();
 
 	zend_create_internal_iterator_zval(return_value, ZEND_THIS);
 }

docs/release-process.md

@@ -169,10 +169,10 @@ slightly different steps. We'll call attention where the steps differ.
 4. Using your local-only release branch, bump the version numbers in
    `main/php_version.h`, `Zend/zend.h`, `configure.ac`, and possibly
    `NEWS`.
-  
+
    The date for NEWS should be the date of the announcement (Thursday),
    *not* the date of the tagging (Tuesday).
-  
+
    For examples, see [Update versions for PHP 8.1.0beta3][] (for a pre-GA
    example) or [Update versions for PHP 8.1.6RC1][] along with
    [Update NEWS for PHP 8.1.6RC1][] (for a post-GA example).
@@ -506,8 +506,8 @@ slightly different steps. We'll call attention where the steps differ.
    You can send a PR to [toot-together](https://github.com/derickr/toot-together/)
    with highlights from the NEWS file yourself, if you want.
 
-   * [Annonce 8.5.0alpha1](https://github.com/derickr/toot-together/pull/42)
-   * [Annonce 8.5.0alpha2](https://github.com/derickr/toot-together/pull/47)
+   * [Announce 8.5.0alpha1](https://github.com/derickr/toot-together/pull/42)
+   * [Announce 8.5.0alpha2](https://github.com/derickr/toot-together/pull/47)
 
    We post to [@php@fosstodon.org](https://fosstodon.org/@php).
 

docs/source/miscellaneous/stubs.rst

@@ -489,7 +489,7 @@ generated. You can include this file conditionally, such as:
    #endif
 
 When ``@generate-legacy-arginfo`` is passed the minimum PHP version ID that needs to be supported,
-then only one arginfo file is going to be generated, and ``#if`` prepocessor directives will ensure
+then only one arginfo file is going to be generated, and ``#if`` preprocessor directives will ensure
 compatibility with all the required PHP 8 versions.
 
 PHP Version IDs are as follows: ``80000`` for PHP 8.0, ``80100`` for PHP PHP 8.1, ``80200`` for PHP

docs/source/miscellaneous/writing-tests.rst

@@ -132,7 +132,7 @@ below illustrates a minimal test.
    string(32) "# hello All, I sAid hi planet! #"
 
 As you can see the file is divided into several sections. The TEST section holds a one line title of
-the phpt test, this should be a simple description and shouldn't ever excede one line, if you need
+the phpt test, this should be a simple description and shouldn't ever exceed one line, if you need
 to write more explanation add comments in the body of the test case. The phpt files name is used
 when generating a .php file. The FILE section is used as the body of the .php file, so don't forget
 to open and close your php tags. The EXPECT section is the part used as a comparison to see if the
@@ -580,7 +580,7 @@ Example 1 (snippet):
 .. code:: text
 
    --DESCRIPTION--
-   This test covers both valid and invalid usages of filter_input() with INPUT_GET and INPUT_POST data and several differnet filter sanitizers.
+   This test covers both valid and invalid usages of filter_input() with INPUT_GET and INPUT_POST data and several different filter sanitizers.
 
 Example 1 (full): :ref:`sample001.phpt`
 
@@ -1310,7 +1310,7 @@ Example 1 (full): :ref:`sample017.phpt`
 ``--FLAKY--``
 -------------
 
-**Description:** This section identifies this test as one that occassionally fails. If the test
+**Description:** This section identifies this test as one that occasionally fails. If the test
 actually fails, it will be retried one more time, and that result will be reported. The section
 should include a brief description of why the test is flaky. Reasons for this include tests that
 rely on relatively precise timing, or temporary disc states. Available as of PHP 8.1.22 and 8.2.9,
@@ -1884,7 +1884,7 @@ sample001.phpt
    --DESCRIPTION--
    This test covers both valid and invalid usages of
    filter_input() with INPUT_GET and INPUT_POST data
-   and several differnt filter sanitizers.
+   and several different filter sanitizers.
    --CREDITS--
    Felipe Pena <felipe@php.net>
    --INI--

ext/bz2/bz2.c

@@ -476,8 +476,15 @@ PHP_FUNCTION(bzcompress)
 	   + .01 x length of data + 600 which is the largest size the results of the compression
 	   could possibly be, at least that's what the libbz2 docs say (thanks to jeremy@nirvani.net
 	   for pointing this out).  */
-	// TODO Check source string length fits in unsigned int
-	dest_len = (unsigned int) (source_len + (0.01 * source_len) + 600);
+	size_t chunk_len = source_len + source_len / 100 + 600;
+	const size_t min = MIN(ZSTR_MAX_LEN, UINT_MAX);
+
+	if (chunk_len < source_len || chunk_len > min) {
+		zend_argument_value_error(1, "must have a length less than or equal to %zu", min);
+		RETURN_THROWS();
+	}
+
+	dest_len = (unsigned int) chunk_len;
 
 	/* Allocate the destination buffer */
 	dest = zend_string_alloc(dest_len, 0);

ext/bz2/tests/gh20620.phpt

@@ -0,0 +1,21 @@
+--TEST--
+Bug GH-20620 (bzcompress with large source)
+--EXTENSIONS--
+bz2
+--SKIPIF--
+<?php 
+if (PHP_INT_SIZE != 8) die('skip this test is for 64bit platforms only'); 
+if (getenv('SKIP_SLOW_TESTS')) die('skip slow tests excluded by request');
+?>
+--INI--
+memory_limit=-1
+--FILE--
+<?php
+try {
+	bzcompress(str_repeat('1', 4295163906));
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECTF--
+bzcompress(): Argument #1 ($data) must have a length less than or equal to %d

ext/exif/exif.c

@@ -4421,7 +4421,7 @@ static bool exif_scan_HEIF_header(image_info_type *ImageInfo, unsigned char *buf
 			if (exif_read_from_stream_file_looped(ImageInfo->infile, (char*)(data + remain), limit - remain) == limit - remain) {
 				exif_isobmff_parse_meta(data, data + limit, &pos);
 			}
-			if ((pos.size) &&
+			if ((pos.size >= 2) &&
 				(pos.size < ImageInfo->FileSize) &&
 				(ImageInfo->FileSize - pos.size >= pos.offset) &&
 				(php_stream_seek(ImageInfo->infile, pos.offset + 2, SEEK_SET) >= 0)) {

ext/exif/tests/heic_iloc_underflow.phpt

@@ -0,0 +1,19 @@
+--TEST--
+HEIC iloc extent_length underflow
+--EXTENSIONS--
+exif
+--FILE--
+<?php
+// Read valid HEIC file and patch iloc extent_length to 1
+$data = file_get_contents(__DIR__."/image029.heic");
+$data = substr_replace($data, "\x00\x00\x00\x01", 0x4f8, 4);
+file_put_contents(__DIR__."/heic_iloc_underflow.heic", $data);
+var_dump(exif_read_data(__DIR__."/heic_iloc_underflow.heic"));
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__."/heic_iloc_underflow.heic");
+?>
+--EXPECTF--
+Warning: exif_read_data(heic_iloc_underflow.heic): Invalid HEIF file in %s on line %d
+bool(false)