Due to user closures, the `fbc` address isn't unique if the memory address is reused.
We need to distinguish using a unique key, and we choose arg_info such
that it can be reused across different functions.
Closes GH-19654.
We change the order of operations such that the file size check cannot
overflow in the for loop. This prevents infinite loops.
We also add an overflow check at the end of the loop body to prevent the
addition of offset and box.size from overflowing.
The loop checks against `p` but increases `p2`. I don't see the point of
having 2 separate variables, so use `p` instead to correct the bounds
check and simplify the code in the process.
It is illegal to construct out-of-bound pointers, even if they are not
dereferenced. The current bound checks rely on undefined behaviour.
Fix this by introducing convenience macros that check the remaining
length.
In the macOS 26 SDK, xmlFree is defined as a macro for free. This causes
issues where a same-named variable is used. Renaming the variable to
should_free resolves the issue.
See:
$ grep -B4 -A2 -n "#define xmlFree(" "Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX26.sdk/usr/include/libxml/globals.h"
261-#if defined(LIBXML_HAS_DEPRECATED_MEMORY_ALLOCATION_FUNCTIONS)
262-#define xmlMalloc(size) malloc(size)
263-#define xmlMallocAtomic(size) malloc(size)
264-#define xmlRealloc(ptr, size) realloc((ptr), (size))
265:#define xmlFree(ptr) free(ptr)
266-#define xmlMemStrdup(str) strdup(str)
267-#endif
Fixes:
```
In file included from /Library/Developer/CommandLineTools/SDKs/MacOSX26.sdk/usr/include/libxml/xmlIO.h:117,
from /Library/Developer/CommandLineTools/SDKs/MacOSX26.sdk/usr/include/libxml/parser.h:813,
from /private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/php_dom.h:29,
from /private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c:26:
/private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c: In function 'dom_compare_value':
/private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c:208:17: error: called object 'free' is not a function or function pointer
208 | xmlFree(attr_value);
| ^~~~~~~
/private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c:204:14: note: declared here
204 | bool free;
| ^~~~
make: *** [ext/dom/attr.lo] Error 1
```
Closes GH-19832.
Signed-off-by: Ruoyu Zhong <zhongruoyu@outlook.com>
* uri: Do not check the return value of `uri_property_handler_from_internal_uri()`
It's impossible for this function to return `NULL`, since it will always return
a positive offset into a struct.
* uri: Optimize `php_uri_get_*()`
Currently the `php_uri_get_*()` functions call into `php_uri_get_property()`
with a constant `php_uri_property_name`. This name will then be used to look up
the correct property handler by a function in a different compilation unit.
Improve this by making `uri_property_handler_from_internal_uri` take a
`php_uri_parser` rather than a `uri_internal_t`, defining it in a header as
inlinable (and renaming it to better match its updated purpose).
This allows the compiler to fully inline `php_uri_get_property()`, such that no
dynamic lookups will need to happen.
* uri: Eliminate `php_uri_get_property()` entirely
Spelling out the effective implementation explicitly is not much longer than
going through `php_uri_get_property()`, but much more explicit in what is
happening.
* uri: Do not pass `uri_internal_t` to property handlers
Within an individual property handler, the `parser` is already implicitly
known, which just leaves the `->uri` field which must contain the entire state
necessary for the handlers to work with.
Pass the `->uri` directly. It avoids one pointer indirection, since the
handlers do not need to follow the pointer to the `uri_internal_t` just to
follow the pointer to the URI state. Instead the URI pointer can directly be
passed using a register with the dereferences (if necessary) happening in the
caller, providing more insight for the compiler to work with.
It also makes it more convenient to use the handlers directly for code that
already knows that it needs a specific URI parser, since no `uri_internal_t`
needs to be constructed to store the already-known information about which
parser to use.
* uri: Use local variable for the URI in `uri_get_debug_properties()`
This makes the code a little less verbose.
If an exception _and_ a warning (or deprecation) is emitted, then the
result is destroyed twice. Use an `else if` to prevent this.
This is tested via zend_test because the deprecation that triggered the
original reproducer may disappear in the future.
Closes GH-19793.
Niels Dossche
Ruoyu Zhong
Gina Peter Banyard
Gina Peter Banyard
Jakub Zelenka
tekimen
Tim Düsterhus
Tim Düsterhus
Ilija Tovilo