Skip to content

[pull] master from php:master#649

Merged
pull[bot] merged 13 commits intoConnectionMaster:masterfrom
php:master
Apr 3, 2026
Merged

[pull] master from php:master#649
pull[bot] merged 13 commits intoConnectionMaster:masterfrom
php:master

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented Apr 3, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

iluuu1994 and others added 13 commits April 3, 2026 16:38
@iluuu1994
Ignore ZPP in gcovr (GH-21623)
7cfde6e 
The ZPP macros materialize into optimized code with many error branches that
aren't useful to test for every function. Ignore these lines completely by using
the gcovr --exclude-lines-by-pattern flag. For codecov to pick up on this
change, we generate the xml file manually and point to it in the codecov action.
Also move the ignore paths from codecov.yml to Makefile.gcov.
@ndossche
Fix NULL deref when enabling TLS fails and the peer name needs to be …
7782b88 
…reset

The code tries to read the context on NULL when
`php_stream_xport_crypto_setup` fails because by then `stream` is reset
to NULL.
This is also UB, so can cause miscompiles.

```
==1217==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000090 (pc 0x55d829ed3acf bp 0x7fff045f5770 sp 0x7fff045f4df0 T0)
==1217==The signal is caused by a READ memory access.
==1217==Hint: address points to the zero page.
    #0 0x55d829ed3acf in php_stream_url_wrap_http_ex /work/php-src/ext/standard/http_fopen_wrapper.c:580
    #1 0x55d829ed857e in php_stream_url_wrap_http /work/php-src/ext/standard/http_fopen_wrapper.c:1204
    #2 0x55d82a15073d in _php_stream_open_wrapper_ex /work/php-src/main/streams/streams.c:2270
    #3 0x55d829e78fa6 in zif_file_get_contents /work/php-src/ext/standard/file.c:409
    #4 0x55d829bbfe39 in zif_phar_file_get_contents /work/php-src/ext/phar/func_interceptors.c:226
    #5 0x55d82a0b7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
    #6 0x55d82a3e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
    #7 0x55d82a540995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
    #8 0x55d82a5558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
    #9 0x55d82a6ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
    #10 0x55d82a0ec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
    #11 0x55d82a0ecccb in php_execute_script /work/php-src/main/main.c:2685
    #12 0x55d82a6bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
    #13 0x55d82a6c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
    #14 0x7f9e770491c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #15 0x7f9e7704928a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #16 0x55d829209b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```

Closes GH-21468.
Closes GH-21031.
@ndossche
Merge branch 'PHP-8.4' into PHP-8.5
45d6daa 
* PHP-8.4:
  Fix NULL deref when enabling TLS fails and the peer name needs to be reset
@ndossche
Merge branch 'PHP-8.5'
d4ef996 
* PHP-8.5:
  Fix NULL deref when enabling TLS fails and the peer name needs to be reset
@Girgias
Zend: mark callable zval* as const (#21582)
6783824
@Girgias
ext/mbstring: use new INI API and remove unnecessary casts (#21393)
b621f80
@ndossche
Fix build warning on LibreSSL (#21050)
5216ca8 
When trying to build on LibreSSL, I encounter the following build
warning (this was observed on master, but applies to 8.4 too):
```
/work/php-src/ext/openssl/openssl.c: In function 'zif_openssl_x509_parse':
/work/php-src/ext/openssl/openssl.c:1101:22: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
 1101 |                 purp = X509_PURPOSE_get0(i);
      |                      ^
/work/php-src/ext/openssl/openssl.c:1110:23: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
 1110 |                 pname = useshortnames ? X509_PURPOSE_get0_sname(purp) : X509_PURPOSE_get0_name(purp);

```
@ndossche
Merge branch 'PHP-8.4' into PHP-8.5
f8ce1a8 
* PHP-8.4:
  Fix build warning on LibreSSL (#21050)
@ndossche
Merge branch 'PHP-8.5'
57a8084 
* PHP-8.5:
  Fix build warning on LibreSSL (#21050)
@ndossche
Fix memory leak on failure in openssl_x509_parse() (#21005)
1aff271 
Only one of the two arrays (subitem) is destroyed, and critext is not.
This leads to a memory leak if the loop bails out:

```
Direct leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x7f309fe699c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x563b9709ca05 in tracked_malloc /work/php-src/Zend/zend_alloc.c:3018
    #2 0x563b9709b969 in _emalloc /work/php-src/Zend/zend_alloc.c:2780
    #3 0x563b9737dc7b in _zend_new_array /work/php-src/Zend/zend_hash.c:290
    #4 0x563b960f40fc in zif_openssl_x509_parse /work/php-src/ext/openssl/openssl.c:1120
    #5 0x563b96eb7ed2 in zend_test_execute_internal /work/php-src/ext/zend_test/observer.c:306
    #6 0x563b971e024a in ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER /work/php-src/Zend/zend_vm_execute.h:2154
    #7 0x563b97340995 in execute_ex /work/php-src/Zend/zend_vm_execute.h:116519
    #8 0x563b973558b0 in zend_execute /work/php-src/Zend/zend_vm_execute.h:121962
    #9 0x563b974ba0ab in zend_execute_script /work/php-src/Zend/zend.c:1980
    #10 0x563b96eec8bb in php_execute_script_ex /work/php-src/main/main.c:2645
    #11 0x563b96eecccb in php_execute_script /work/php-src/main/main.c:2685
    #12 0x563b974bfc16 in do_cli /work/php-src/sapi/cli/php_cli.c:951
    #13 0x563b974c21e3 in main /work/php-src/sapi/cli/php_cli.c:1362
    #14 0x7f309f1641c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #15 0x7f309f16428a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e)
    #16 0x563b96009b34 in _start (/work/php-src/build-dbg-asan/sapi/cli/php+0x609b34) (BuildId: aa149f943514fff0c491e1f199e30fed0e977f7c)
```
@ndossche
Fix memory leak regression in openssl_pbkdf2()
880a6fc 
We're fetching the digest using the new method, but if an alias is used,
the method is fetched via EVP_MD_fetch() which requires lifetime
management. This is observable when using "sha-256" instead of "sha256"
as an algorithm name. This is a regression in comparison to PHP 8.4.

Closes GH-21039.
@ndossche
Merge branch 'PHP-8.5'
85b23b0 
* PHP-8.5:
  Fix memory leak regression in openssl_pbkdf2()
@devnexen
Openssl little optims (#21424)
c349c32 
- reuse BIO object in certificate chain loops.

Avoid repeated BIO_new/BIO_free per iteration in PKCS12, PKCS7, and CMS
read functions. Allocate once before the loop, BIO_reset between
iterations, free after.

- Avoid double zval_get_long() call in threads option parsing.

- Reuse already computed string length instead of calling strlen() again.
@pull pull Bot locked and limited conversation to collaborators Apr 3, 2026
@pull pull Bot added the ⤵️ pull label Apr 3, 2026
@pull pull Bot merged commit c349c32 into ConnectionMaster:master Apr 3, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bukka @ndossche @iluuu1994 @Girgias @devnexen