PHP Release Notes

Core

• Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
• Fixed hard_timeout with --enable-zend-max-execution-timers.
• Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
• Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
• Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
• Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
• Fixed bug GH-20002 (Broken build on *BSD with MSAN).

CLI

• Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.

Curl

• Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
• Fix curl build and test failures with version 8.16.

Date

• Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.

DOM

• Fix macro name clash on macOS.
• Fixed bug GH-20022 (docker-php-ext-install DOM failed).

GD

• Fixed GH-19955 (imagefttext() memory leak).

MySQLnd

• Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).

Opcache

• Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
• Fixed bug GH-19831 (function JIT may not deref property value).
• Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).

Phar

• Fix memory leak and invalid continuation after tar header writing fails.
• Fix memory leaks when creating temp file fails when applying zip signature.

SimpleXML

• Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).

Soap

• Fixed bug GH-19784 (SoapServer memory leak).
• Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).

Standard

• Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
• Fixed bug GH-19701 (Serialize/deserialize loses some data).
• Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
• Fixed bug GH-20043 (array_unique assertion failure with RC1 array causing an exception on sort).
• Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
• Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).

Streams

• Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
• Fixed bug GH-17345 (Bug #35916 was not completely fixed).
• Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream.

XMLReader

• Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure).

Zip

• Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()).
• Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).

Original source Report a problem

Core

• Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
• Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
• Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
• Fixed bug GH-19613 (Stale array iterator pointer).
• Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
• Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
• Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).

CLI

• Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).

Date

• Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.

DBA

• Fixed bug GH-19706 (dba stream resource mismanagement).

DOM

• Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).

FPM

• Fixed failed debug assertion when php_admin_value setting fails.

Intl

• Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).

Opcache

• Fixed bug GH-19493 (JIT variable not stored before YIELD).

OpenSSL

• Fixed bug GH-19245 (Success error message on TLS stream accept failure).

PGSQL

• Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).

Phar

• Fixed memory leaks when verifying OpenSSL signature.
• Fix memory leak in phar tar temporary file error handling code.
• Fix metadata leak when phar convert logic fails.
• Fix memory leak on failure in phar_convert_to_other().
• Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).

Standard

• Fixed bug GH-16649 (UAF during array_splice).
• Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).

Streams

• Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
• Fix OSS-Fuzz #385993744.

Zip

• Fix memory leak in zip when encountering empty glob result.

Original source Report a problem

Core

• Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
• Fixed bug GH-19053 (Duplicate property slot with hooks and interface property).
• Fixed bug GH-19044 (Protected properties are not scoped according to their prototype).
• Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
• Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
• Fixed bug GH-19305 (Operands may be being released during comparison).
• Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
• Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
• Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
• Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
• Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).

Calendar

• Fixed bug GH-19371 (integer overflow in calendar.c).

FTP

• Fix theoretical issues with hrtime() not being available.

GD

• Fix incorrect comparison with result of php_stream_can_cast().

Hash

• Fix crash on clone failure.

Intl

• Fix memleak on failure in collator_get_sort_key().
• Fix return value on failure for resourcebundle count handler.

LDAP

• Fixed bug GH-18529 (additional inheriting of TLS int options).

LibXML

• Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).

MbString

• Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).

Opcache

• Reset global pointers to prevent use-after-free in zend_jit_status().
• Fix issue with JIT restart and hooks.
• Fix crash with dynamic function defs in hooks during preload.

OpenSSL

• Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check).
• Fix error return check of EVP_CIPHER_CTX_ctrl().
• Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param).

PDO Pgsql

• Fixed dangling pointer access on _pdo_pgsql_trim_message helper.

SOAP

• Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref).

Sockets

• Fix some potential crashes on incorrect argument value.

Standard

• Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache).
• Fix theoretical issues with hrtime() not being available.
• Fixed bug GH-19300 (Nested array_multisort invocation with error breaks).

Windows

• Free opened_path when opened_path_len >= MAXPATHLEN.

Original source Report a problem