ZendPHP January 2025 Releases

Community changes

PHP version 8.4.3 changes

• BcMath

  • Fixed bug GH-17049: Correctly compare 0 and -0
  • Fixed bug GH-17061: Number::round() does not remove trailing zeros
  • Fixed bug GH-17064: Correctly round rounding mode with zero edge case
  • Fixed bug GH-17275: Fixed the calculation logic of dividend scale

• Core

  • Fixed bug OSS-Fuzz #382922236: Duplicate dynamic properties in hooked object iterator properties table
  • Fixed unstable get_iterator pointer for hooked classes in shm on Windows
  • Fixed bug GH-17106: ZEND_MATCH_ERROR misoptimization
  • Fixed bug GH-17162: zend_array_try_init() with dtor can cause engine UAF
  • Fixed bug GH-17101: AST->string does not reproduce constructor property promotion correctly
  • Fixed bug GH-17200: Incorrect dynamic prop offset in hooked prop iterator
  • Fixed bug GH-17216: Trampoline crash on error

• DBA

  • Skip test if inifile is disabled

• DOM

  • Fixed bug GH-17145: DOM memory leak
  • Fixed bug GH-17201: Dom\TokenList issues with interned string replace
  • Fixed bug GH-17224: UAF in importNode

• Embed

  • Make build command for program using embed portable

• FFI

  • Fixed bug #79075: FFI header parser chokes on comments
  • Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure
  • Fixed bug GH-16013 and bug #80857: Big endian issues

• Fileinfo

  • Fixed bug GH-17039: PHP 8.4: Incorrect MIME content type

• FPM

  • Fixed bug GH-13437: FPM: ERROR: scoreboard: failed to lock (already locked)
  • Fixed bug GH-17112: Macro redefinitions
  • Fixed bug GH-17208: bug64539-status-json-encoding.phpt fail on 32-bits

• GD

  • Fixed bug GH-16255: Unexpected nan value in ext/gd/libgd/gd_filter.c
  • Ported fix for libgd bug 276: Sometimes pixels are missing when storing images as BMPs

• Gettext

  • Fixed bug GH-17202: Segmentation fault ext/gettext/gettext.c bindtextdomain()

• Iconv

  • Fixed bug GH-17047: UAF on iconv filter failure

• LDAP

  • Fixed bug GH-17280: ldap_search() fails when $attributes array has holes

• LibXML

  • Fixed bug GH-17223: Memory leak in libxml encoding handling

• MBString

  • Fixed bug GH-17112: Macro redefinitions

• Opcache

  • opcache_get_configuration() properly reports jit_prof_threshold
  • Fixed bug GH-17140: Assertion failure in JIT trace exit with ZEND_FETCH_DIM_FUNC_ARG
  • Fixed bug GH-17151: Incorrect RC inference of op1 of FETCH_OBJ and INIT_METHOD_CALL
  • Fixed bug GH-17246: GC during SCCP causes segfault
  • Fixed bug GH-17257: UBSAN warning in ext/opcache/jit/zend_jit_vm_helpers.c

• PCNTL

  • Fix memory leak in cleanup code of pcntl_exec() when a non-stringable value is encountered past the first entry

• PgSql

  • Fixed bug GH-17158: pg_fetch_result shows incorrect ArgumentCountError message when called with 1 argument
  • Fixed further ArgumentCountError for calls with flexible number of arguments

• Phar

  • Fixed bug GH-17137: Segmentation fault ext/phar/phar.c

• SimpleXML

  • Fixed bug GH-17040: SimpleXML's unset can break DOM objects
  • Fixed bug GH-17153: SimpleXML crash when using autovivification on document

• Sockets

  • Fixed bug GH-16276: socket_strerror overflow handling with INT_MIN
  • Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option()

• SPL

  • Fixed bug GH-17198: SplFixedArray assertion failure with get_object_vars
  • Fixed bug GH-17225: NULL deref in spl_directory.c

• Streams

  • Fixed bug GH-17037: UAF in user filter when adding existing filter name due to incorrect error handling
  • Fixed bug GH-16810: overflow on fopen HTTP wrapper timeout value
  • Fixed bug GH-17067: glob:// wrapper doesn't cater to CWD for ZTS builds

• Windows

  • Hardened proc_open() against cmd.exe hijacking

• XML

  • Fixed bug GH-1718: unreachable program point in zend_hash

PHP version 8.3.16 changes

• Core

  • Fixed bug GH-17106: ZEND_MATCH_ERROR misoptimization
  • Fixed bug GH-17162: zend_array_try_init() with dtor can cause engine UAF
  • Fixed bug GH-17101: AST->string does not reproduce constructor property promotion correctly
  • Fixed bug GH-17211: observer segfault on function loaded with dl()
  • Fixed bug GH-17216: Trampoline crash on error

• Date

  • Fixed bug GH-14709: DatePeriod::__construct() overflow on recurrences

• DBA

  • Skip test if inifile is disabled

• DOM

  • Fixed bug GH-17224: UAF in importNode

• Embed

  • Make build command for program using embed portable

• FFI

  • Fixed bug #79075: FFI header parser chokes on comments
  • Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure
  • Fixed bug GH-16013 and bug #80857: Big endian issues

• Filter

  • Fixed bug GH-16944: Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890

• FPM

  • Fixed bug GH-13437: FPM: ERROR: scoreboard: failed to lock (already locked)
  • Fixed bug GH-17112: Macro redefinitions
  • Fixed bug GH-17208: bug64539-status-json-encoding.phpt fail on 32-bits

• GD

  • Fixed bug GH-16255: Unexpected nan value in ext/gd/libgd/gd_filter.c
  • Ported fix for libgd bug 276: Sometimes pixels are missing when storing images as BMPs

• Gettext

  • Fixed bug GH-17202: Segmentation fault ext/gettext/gettext.c bindtextdomain()

• Iconv

  • Fixed bug GH-17047: UAF on iconv filter failure

• LDAP

  • Fixed bug GH-17280: ldap_search() fails when $attributes array has holes

• LibXML

  • Fixed bug GH-17223: Memory leak in libxml encoding handling

• MBString

  • Fixed bug GH-17112: Macro redefinitions

• Opcache

  • opcache_get_configuration() properly reports jit_prof_threshold
  • Fixed bug GH-17246: GC during SCCP causes segfault

• PCNTL

  • Fix memory leak in cleanup code of pcntl_exec() when a non-stringable value is encountered past the first entry

• PgSql

  • Fixed bug GH-17158: pg_fetch_result shows incorrect ArgumentCountError message when called with 1 argument
  • Fixed further ArgumentCountError for calls with flexible number of arguments

• Phar

  • Fixed bug GH-17137: Segmentation fault ext/phar/phar.c

• SimpleXML

  • Fixed bug GH-17040: SimpleXML's unset can break DOM objects
  • Fixed bug GH-17153: SimpleXML crash when using autovivification on document

• Sockets

  • Fixed bug GH-16276: socket_strerror overflow handling with INT_MIN
  • Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option()

• SPL

  • Fixed bug GH-17225: NULL deref in spl_directory.c

• Streams

  • Fixed bug GH-17037: UAF in user filter when adding existing filter name due to incorrect error handling
  • Fixed bug GH-16810: overflow on fopen HTTP wrapper timeout value
  • Fixed bug GH-17067: glob:// wrapper doesn't cater to CWD for ZTS builds

• Windows

  • Hardened proc_open() against cmd.exe hijacking

• XML

  • Fixed bug GH-1718: unreachable program point in zend_hash