[pull] master from php:master

NEWS

@@ -33,6 +33,9 @@ PHP                                                                        NEWS
   . Fixed GH-22422 (zend_arena layout mismatch leaked memory in separately
     built extensions under AddressSanitizer). (iliaal)
   . TSRM: use local-exec TLS in PIE executables. (henderkes)
+  . perf: make all static extensions use TSRMG_STATIC. (henderkes)
+  . Fixed bug GH-22257 (type confusion in Exception::getTraceAsString()).
+    (David Carlier)
 
 - BCMath:
   . Added NUL-byte validation to BCMath functions. (jorgsowa)
@@ -230,6 +233,8 @@ PHP                                                                        NEWS
 
 - Sodium:
   . Added support for libsodium 1.0.21 IPcrypt and XOF APIs. (jedisct1)
+  . pwhash argument-validation errors now throw ValueError instead of
+    SodiumException. (iliaal)
 
 - SPL:
   . DirectoryIterator key can now work better with filesystem supporting larger
@@ -283,6 +288,8 @@ PHP                                                                        NEWS
     (sebastian)
   . Fixed bug GH-22171 (Invalid auth header generation in http(s) stream
     wrapper). (David Carlier)
+  . Fixed bug GH-17384 (number_format() may exhaust memory with decimals
+    outside the range from -2147483648 to 2147483647). (Weilin Du)
 
 - Streams:
   . Added new stream errors API including new StreamException, StreamError
@@ -311,6 +318,9 @@ PHP                                                                        NEWS
   . Added Uri\Rfc3986\UriBuilder. (kocsismate)
 
 - Zip:
+  . Fixed bug GH-21682 (ZipArchive instances should not be serializable).
+    serialize()/unserialize() now throw unless a subclass overrides
+    __serialize()/__unserialize(). (iliaal)
   . Fixed ZipArchive callback being called after executor has shut down.
     (ilutov)
   . Support minimum version for libzip dependency updated to 1.0.0.

UPGRADING

@@ -127,6 +127,15 @@ PHP 8.6 UPGRADE NOTES
     occurrence constraints and integer restriction facets. Negative minOccurs
     and maxOccurs values are rejected as well.
 
+- Sodium:
+  . The password-hashing functions sodium_crypto_pwhash(),
+    sodium_crypto_pwhash_str(),
+    sodium_crypto_pwhash_scryptsalsa208sha256() and
+    sodium_crypto_pwhash_scryptsalsa208sha256_str() now throw ValueError
+    instead of SodiumException when an argument is out of range, such as an
+    opslimit or memlimit below the documented minimum. SodiumException is
+    still thrown for internal libsodium failures.
+
 - SPL:
   . SplObjectStorage::getHash() implementations may no longer mutate any
     SplObjectStorage instance. Attempting to do so now throws an Error.
@@ -481,7 +490,7 @@ PHP 8.6 UPGRADE NOTES
   . The performance of the TAILCALL VM has been improved.
   . The TAILCALL VM is now enabled on Windows when compiling with Clang >= 19
     x86_64.
-  . The performance of ZTS+PIE builds has been improved.
+  . The performance of ZTS builds has been improved.
 
 - DOM:
   . Made splitText() faster and consume less memory.

UPGRADING.INTERNALS

@@ -118,6 +118,10 @@ PHP 8.6 INTERNALS UPGRADE NOTES
   . Added ZEND_CONTAINER_OF().
   . The OPENBASEDIR_CHECKPATH() compatibility macro has been removed, instead
     use php_check_open_basedir() directly.
+  . Added zend_reflection_property_set_raw_value_without_lazy_initialization(),
+    zend_reflection_property_set_raw_value() to expose the functionality of
+    ReflectionProperty::setRawValueWithoutLazyInitialization() and
+    ReflectionProperty::setRawValue() to C extensions.
 
 ========================
 2. Build system changes

Zend/tests/gh22257.phpt

@@ -0,0 +1,38 @@
+--TEST--
+GH-22257 (Type confusion / OOB read unserializing an Exception with a non-array trace)
+--CREDITS--
+Igor Sak-Sakovskiy (Positive Technologies)
+--FILE--
+<?php
+/* A crafted, deliberately truncated payload makes the nested value of the typed
+ * "array $trace" property fail to unserialize. On that failure path the slot used
+ * to keep the half-built (non-array) value, and the partially-built Exception was
+ * then exposed to getTraceAsString() through SplHeap's delayed __unserialize(),
+ * type-confusing the object as a HashTable. The slot is now reset to the property
+ * default, so the run completes without an out-of-bounds read. */
+$n = "\x00";
+try {
+    unserialize(
+        'O:9:"Exception":1:{s:16:"' . $n . 'Exception' . $n . 'trace";' .
+        'O:8:"stdClass":2:{s:1:"0";O:10:"SplMaxHeap":2:{i:0;a:0:{}i:1;a:2:{' .
+        's:5:"flags";i:0;s:13:"heap_elements";a:2:{i:0;s:0:"";i:1;R:1;}}}z}}'
+    );
+} catch (\Throwable $e) {
+    for (; $e; $e = $e->getPrevious()) {
+        printf("%s: %s\n", $e::class, $e->getMessage());
+    }
+}
+
+/* By-ref type violation: the slot is reset to the property default. */
+class Test { public int $i; public array $a; }
+try {
+    var_dump(unserialize('O:4:"Test":2:{s:1:"i";N;s:1:"a";R:2;}'));
+} catch (\Throwable $e) {
+    printf("%s: %s\n", $e::class, $e->getMessage());
+}
+echo "OK\n";
+?>
+--EXPECTF--
+Warning: unserialize(): Error at offset %d of %d bytes in %s on line %d
+TypeError: Cannot assign null to property Test::$i of type int
+OK

build/php.m4

@@ -938,10 +938,14 @@ AC_DEFUN([PHP_NEW_EXTENSION],[
 
   ifelse($5,,ac_extra=,[ac_extra=$(echo "m4_normalize(m4_expand([$5]))"|$SED s#@ext_srcdir@#$ext_srcdir#g|$SED s#@ext_builddir@#$ext_builddir#g)])
 
+  dnl Statically linked extensions share the engine's _tsrm_ls_cache symbol,
+  dnl so in ZTS builds they can read the TSRMLS cache directly.
+  ac_extra_static="$ac_extra -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1"
+
   if test "$3" != "shared" && test "$3" != "yes" && test "$4" != "cli"; then
 dnl ---------------------------------------------- Static module
     [PHP_]translit($1,a-z_-,A-Z__)[_SHARED]=no
-    PHP_ADD_SOURCES($ext_dir,$2,$ac_extra,)
+    PHP_ADD_SOURCES($ext_dir,$2,$ac_extra_static,)
     EXT_STATIC="$EXT_STATIC $1;$ext_dir"
     if test "$3" != "nocli"; then
       EXT_CLI_STATIC="$EXT_CLI_STATIC $1;$ext_dir"
@@ -962,11 +966,11 @@ dnl ---------------------------------------------- CLI static module
     [PHP_]translit($1,a-z_-,A-Z__)[_SHARED]=no
     case "$PHP_SAPI" in
       cgi|embed|phpdbg[)]
-        PHP_ADD_SOURCES($ext_dir,$2,$ac_extra,)
+        PHP_ADD_SOURCES($ext_dir,$2,$ac_extra_static,)
         EXT_STATIC="$EXT_STATIC $1;$ext_dir"
         ;;
       *[)]
-        PHP_ADD_SOURCES($ext_dir,$2,$ac_extra,cli)
+        PHP_ADD_SOURCES($ext_dir,$2,$ac_extra_static,cli)
         ;;
     esac
     EXT_CLI_STATIC="$EXT_CLI_STATIC $1;$ext_dir"

ext/date/config.w32

@@ -1,6 +1,6 @@
 // vim:ft=javascript
 
-EXTENSION("date", "php_date.c", false, "/Iext/date/lib /DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 /DHAVE_TIMELIB_CONFIG_H=1");
+EXTENSION("date", "php_date.c", false, "/Iext/date/lib /DHAVE_TIMELIB_CONFIG_H=1");
 PHP_DATE = "yes";
 ADD_SOURCES("ext/date/lib", "astro.c timelib.c dow.c parse_date.c parse_posix.c parse_tz.c tm2unixtime.c unixtime2tm.c parse_iso_intervals.c interval.c", "date");
 

ext/date/config0.m4

@@ -9,7 +9,7 @@ AX_CHECK_COMPILE_FLAG([-Wno-implicit-fallthrough],
 
 PHP_DATE_CFLAGS="$PHP_DATE_CFLAGS -DHAVE_TIMELIB_CONFIG_H=1"
 PHP_TIMELIB_CFLAGS="$PHP_DATE_CFLAGS"
-PHP_DATE_CFLAGS="$PHP_DATE_CFLAGS -I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1"
+PHP_DATE_CFLAGS="$PHP_DATE_CFLAGS -I@ext_builddir@/lib"
 
 AX_CHECK_COMPILE_FLAG([-fwrapv],
   [PHP_TIMELIB_CFLAGS="$PHP_TIMELIB_CFLAGS -fwrapv"])

ext/hash/config.m4

@@ -57,7 +57,7 @@ PHP_NEW_EXTENSION([hash], m4_normalize([
     murmur/PMurHash128.c
   ]),
   [no],,
-  [$PHP_HASH_CFLAGS -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1])
+  [$PHP_HASH_CFLAGS])
 PHP_ADD_BUILD_DIR([$ext_builddir/murmur])
 AS_VAR_IF([SHA3_DIR],,, [PHP_ADD_BUILD_DIR([$ext_builddir/$SHA3_DIR])])
 PHP_INSTALL_HEADERS([ext/hash], m4_normalize([

ext/hash/config.w32

@@ -27,7 +27,7 @@ if (!CHECK_HEADER('KeccakHash.h', 'CFLAGS_HASH', hash_sha3_dir)) {
 	ERROR('Unable to locate SHA3 headers');
 }
 
-ADD_FLAG('CFLAGS_HASH', '/DKeccakP200_excluded /DKeccakP400_excluded /DKeccakP800_excluded /DZEND_ENABLE_STATIC_TSRMLS_CACHE=1');
+ADD_FLAG('CFLAGS_HASH', '/DKeccakP200_excluded /DKeccakP400_excluded /DKeccakP800_excluded');
 
 ADD_SOURCES('ext/hash/murmur', 'PMurHash.c PMurHash128.c', 'hash');
 

ext/intl/breakiterator/breakiterator_iterators.cpp

@@ -65,7 +65,7 @@ static void _breakiterator_move_forward(zend_object_iterator *iter)
 		return;
 	}
 
-	int32_t pos = biter->next();
+	const int32_t pos = biter->next();
 	if (pos != BreakIterator::DONE) {
 		ZVAL_LONG(&zoi_iter->current, (zend_long)pos);
 	} //else we've reached the end of the enum, nothing more is required
@@ -76,7 +76,7 @@ static void _breakiterator_rewind(zend_object_iterator *iter)
 	BreakIterator *biter = _breakiter_prolog(iter);
 	zoi_with_current *zoi_iter = (zoi_with_current*)iter;
 
-	int32_t pos = biter->first();
+	const int32_t pos = biter->first();
 	ZVAL_LONG(&zoi_iter->current, (zend_long)pos);
 }
 

ext/intl/breakiterator/breakiterator_methods.cpp

@@ -171,7 +171,7 @@ static void _breakiter_no_args_ret_int32(
 
 	BREAKITER_METHOD_FETCH_OBJECT;
 
-	int32_t res = (bio->biter->*func)();
+	const int32_t res = (bio->biter->*func)();
 
 	RETURN_LONG((zend_long)res);
 }
@@ -195,7 +195,7 @@ static void _breakiter_int32_ret_int32(
 		RETURN_THROWS();
 	}
 
-	int32_t res = (bio->biter->*func)((int32_t)arg);
+	const int32_t res = (bio->biter->*func)((int32_t)arg);
 
 	RETURN_LONG((zend_long)res);
 }
@@ -246,7 +246,7 @@ U_CFUNC PHP_METHOD(IntlBreakIterator, current)
 
 	BREAKITER_METHOD_FETCH_OBJECT;
 
-	int32_t res = bio->biter->current();
+	const int32_t res = bio->biter->current();
 
 	RETURN_LONG((zend_long)res);
 }
@@ -282,7 +282,7 @@ U_CFUNC PHP_METHOD(IntlBreakIterator, isBoundary)
 
 	BREAKITER_METHOD_FETCH_OBJECT;
 
-	UBool res = bio->biter->isBoundary((int32_t)offset);
+	const UBool res = bio->biter->isBoundary((int32_t)offset);
 
 	RETURN_BOOL((zend_long)res);
 }

ext/intl/calendar/calendar_class.cpp

@@ -192,7 +192,7 @@ static HashTable *Calendar_get_debug_info(zend_object *object, int *is_temp)
 			 i++) {
 		UErrorCode	uec		= U_ZERO_ERROR;
 		const char	*name	= debug_info_fields[i].name;
-		int32_t		res		= cal->get(debug_info_fields[i].field, uec);
+		const int32_t	res		= cal->get(debug_info_fields[i].field, uec);
 		if (U_SUCCESS(uec)) {
 			add_assoc_long(&zfields, name, (zend_long)res);
 		} else {

ext/intl/calendar/calendar_methods.cpp

@@ -226,7 +226,7 @@ static void _php_intlcal_field_uec_ret_in32t_method(
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	int32_t result = (co->ucal->*func)(
+	const int32_t result = (co->ucal->*func)(
 		(UCalendarDateFields)field, CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "Call to ICU method has failed");
 
@@ -250,7 +250,7 @@ U_CFUNC PHP_FUNCTION(intlcal_get_time)
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	UDate result = co->ucal->getTime(CALENDAR_ERROR_CODE(co));
+	const UDate result = co->ucal->getTime(CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "error calling ICU Calendar::getTime");
 
 	RETURN_DOUBLE((double)result);
@@ -377,7 +377,7 @@ static void _php_intlcal_before_after(
 		RETURN_THROWS();
 	}
 
-	UBool res = (co->ucal->*func)(*when_co->ucal, CALENDAR_ERROR_CODE(co));
+	const UBool res = (co->ucal->*func)(*when_co->ucal, CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "Error calling ICU method");
 
 	RETURN_BOOL((int)res);
@@ -401,7 +401,7 @@ U_CFUNC PHP_FUNCTION(intlcal_set)
 
 	object = getThis();
 
-	int arg_num = ZEND_NUM_ARGS() - (object ? 0 : 1);
+	const int arg_num = ZEND_NUM_ARGS() - (object ? 0 : 1);
 
 	if (object && arg_num > 2) {
 		zend_error(E_DEPRECATED, "Calling IntlCalendar::set() with more than 2 arguments is deprecated, "
@@ -564,7 +564,7 @@ U_CFUNC PHP_FUNCTION(intlcal_field_difference)
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	int32_t result = co->ucal->fieldDifference((UDate)when,
+	const int32_t result = co->ucal->fieldDifference((UDate)when,
 		(UCalendarDateFields)field, CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "Call to ICU method has failed");
 
@@ -597,7 +597,7 @@ U_CFUNC PHP_FUNCTION(intlcal_get_day_of_week_type)
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	int32_t result = co->ucal->getDayOfWeekType(
+	const int32_t result = co->ucal->getDayOfWeekType(
 		(UCalendarDaysOfWeek)dow, CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "Call to ICU method has failed");
 
@@ -615,7 +615,7 @@ U_CFUNC PHP_FUNCTION(intlcal_get_first_day_of_week)
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	int32_t result = co->ucal->getFirstDayOfWeek(CALENDAR_ERROR_CODE(co));
+	const int32_t result = co->ucal->getFirstDayOfWeek(CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "Call to ICU method has failed");
 
 	RETURN_LONG((zend_long)result);
@@ -637,7 +637,7 @@ static void _php_intlcal_field_ret_in32t_method(
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	int32_t result = (co->ucal->*func)((UCalendarDateFields)field);
+	const int32_t result = (co->ucal->*func)((UCalendarDateFields)field);
 	INTL_METHOD_CHECK_STATUS(co, "Call to ICU method has failed");
 
 	RETURN_LONG((zend_long)result);
@@ -696,7 +696,7 @@ U_CFUNC PHP_FUNCTION(intlcal_get_minimal_days_in_first_week)
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	uint8_t result = co->ucal->getMinimalDaysInFirstWeek();
+	const uint8_t result = co->ucal->getMinimalDaysInFirstWeek();
 	/* TODO Is it really a failure? */
 	INTL_METHOD_CHECK_STATUS(co, "Call to ICU method has failed");
 
@@ -758,7 +758,7 @@ U_CFUNC PHP_FUNCTION(intlcal_get_weekend_transition)
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	int32_t res = co->ucal->getWeekendTransition((UCalendarDaysOfWeek)dow,
+	const int32_t res = co->ucal->getWeekendTransition((UCalendarDaysOfWeek)dow,
 		CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "Error calling ICU method");
 
@@ -776,7 +776,7 @@ U_CFUNC PHP_FUNCTION(intlcal_in_daylight_time)
 
 	CALENDAR_METHOD_FETCH_OBJECT;
 
-	UBool ret = co->ucal->inDaylightTime(CALENDAR_ERROR_CODE(co));
+	const UBool ret = co->ucal->inDaylightTime(CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "Error calling ICU method");
 
 	RETURN_BOOL((int)ret);
@@ -852,7 +852,7 @@ U_CFUNC PHP_FUNCTION(intlcal_is_weekend)
 	if (date_is_null) {
 		RETURN_BOOL((int)co->ucal->isWeekend());
 	} else {
-		UBool ret = co->ucal->isWeekend((UDate)date, CALENDAR_ERROR_CODE(co));
+		const UBool ret = co->ucal->isWeekend((UDate)date, CALENDAR_ERROR_CODE(co));
 		INTL_METHOD_CHECK_STATUS(co, "Error calling ICU method");
 		RETURN_BOOL((int)ret);
 	}
@@ -937,7 +937,7 @@ U_CFUNC PHP_FUNCTION(intlcal_equals)
 		RETURN_THROWS();
 	}
 
-	UBool result = co->ucal->equals(*other_co->ucal, CALENDAR_ERROR_CODE(co));
+	const UBool result = co->ucal->equals(*other_co->ucal, CALENDAR_ERROR_CODE(co));
 	INTL_METHOD_CHECK_STATUS(co, "error calling ICU Calendar::equals");
 
 	RETURN_BOOL((int)result);
@@ -1116,7 +1116,7 @@ U_CFUNC PHP_FUNCTION(intlcal_to_date_time)
 
 	/* There are no exported functions in ext/date to this
 	 * in a more native fashion */
-	double	date = co->ucal->getTime(CALENDAR_ERROR_CODE(co)) / 1000.;
+	const double	date = co->ucal->getTime(CALENDAR_ERROR_CODE(co)) / 1000.;
 	int64_t	ts;
 	char	ts_str[sizeof("@-9223372036854775808")];
 	int		ts_str_len;

ext/intl/converter/converter.cpp

@@ -159,7 +159,7 @@ static void php_converter_append_toUnicode_target(zval *val, UConverterToUnicode
 			return;
 		case IS_LONG:
 		{
-			zend_long lval = Z_LVAL_P(val);
+			const zend_long lval = Z_LVAL_P(val);
 			if ((lval < 0) || (lval > 0x10FFFF)) {
 				php_converter_throw_failure(objval, U_ILLEGAL_ARGUMENT_ERROR, "Invalid codepoint U+%04lx", lval);
 				return;
@@ -265,7 +265,7 @@ static void php_converter_append_fromUnicode_target(zval *val, UConverterFromUni
 			return;
 		case IS_STRING:
 		{
-			size_t vallen = Z_STRLEN_P(val);
+			const size_t vallen = Z_STRLEN_P(val);
 			if (TARGET_CHECK(args, vallen)) {
 				args->target = reinterpret_cast<char *>(zend_mempcpy(args->target, Z_STRVAL_P(val), vallen));
 			}
@@ -682,7 +682,7 @@ static zend_string* php_converter_do_convert(UConverter *dest_cnv,
 }
 /* }}} */
 
-static void php_converter_set_subst_chars(UConverter *cnv, zend_string *subst, UErrorCode *error)
+static void php_converter_set_subst_chars(UConverter *cnv, const zend_string *subst, UErrorCode *error)
 {
 	if (ZSTR_LEN(subst) > SCHAR_MAX) {
 		*error = U_ILLEGAL_ARGUMENT_ERROR;