ZendPHP January 2025 Releases

Community changes

PHP version 8.4.3 changes

  • BcMath

    • Fixed bug GH-17049: Correctly compare 0 and -0
    • Fixed bug GH-17061: Number::round() does not remove trailing zeros
    • Fixed bug GH-17064: Correctly round rounding mode with zero edge case
    • Fixed bug GH-17275: Fixed the calculation logic of dividend scale

  • Core

    • Fixed bug OSS-Fuzz #382922236: Duplicate dynamic properties in hooked object iterator properties table
    • Fixed unstable get_iterator pointer for hooked classes in shm on Windows
    • Fixed bug GH-17106: ZEND_MATCH_ERROR misoptimization
    • Fixed bug GH-17162: zend_array_try_init() with dtor can cause engine UAF
    • Fixed bug GH-17101: AST->string does not reproduce constructor property promotion correctly
    • Fixed bug GH-17200: Incorrect dynamic prop offset in hooked prop iterator
    • Fixed bug GH-17216: Trampoline crash on error

  • DBA

    • Skip test if inifile is disabled

  • DOM

    • Fixed bug GH-17145: DOM memory leak
    • Fixed bug GH-17201: Dom\TokenList issues with interned string replace
    • Fixed bug GH-17224: UAF in importNode

  • Embed

    • Make build command for program using embed portable

  • FFI

    • Fixed bug #79075: FFI header parser chokes on comments
    • Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure
    • Fixed bug GH-16013 and bug #80857: Big endian issues

  • Fileinfo

    • Fixed bug GH-17039: PHP 8.4: Incorrect MIME content type

  • FPM

    • Fixed bug GH-13437: FPM: ERROR: scoreboard: failed to lock (already locked)
    • Fixed bug GH-17112: Macro redefinitions
    • Fixed bug GH-17208: bug64539-status-json-encoding.phpt fail on 32-bits

  • GD

    • Fixed bug GH-16255: Unexpected nan value in ext/gd/libgd/gd_filter.c
    • Ported fix for libgd bug 276: Sometimes pixels are missing when storing images as BMPs

  • Gettext

    • Fixed bug GH-17202: Segmentation fault ext/gettext/gettext.c bindtextdomain()

  • Iconv

    • Fixed bug GH-17047: UAF on iconv filter failure

  • LDAP

    • Fixed bug GH-17280: ldap_search() fails when $attributes array has holes

  • LibXML

    • Fixed bug GH-17223: Memory leak in libxml encoding handling

  • MBString

    • Fixed bug GH-17112: Macro redefinitions

  • Opcache

    • opcache_get_configuration() properly reports jit_prof_threshold
    • Fixed bug GH-17140: Assertion failure in JIT trace exit with ZEND_FETCH_DIM_FUNC_ARG
    • Fixed bug GH-17151: Incorrect RC inference of op1 of FETCH_OBJ and INIT_METHOD_CALL
    • Fixed bug GH-17246: GC during SCCP causes segfault
    • Fixed bug GH-17257: UBSAN warning in ext/opcache/jit/zend_jit_vm_helpers.c

  • PCNTL

    • Fix memory leak in cleanup code of pcntl_exec() when a non-stringable value is encountered past the first entry

  • PgSql

    • Fixed bug GH-17158: pg_fetch_result shows incorrect ArgumentCountError message when called with 1 argument
    • Fixed further ArgumentCountError for calls with flexible number of arguments

  • Phar

    • Fixed bug GH-17137: Segmentation fault ext/phar/phar.c

  • SimpleXML

    • Fixed bug GH-17040: SimpleXML's unset can break DOM objects
    • Fixed bug GH-17153: SimpleXML crash when using autovivification on document

  • Sockets

    • Fixed bug GH-16276: socket_strerror overflow handling with INT_MIN
    • Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option()

  • SPL

    • Fixed bug GH-17198: SplFixedArray assertion failure with get_object_vars
    • Fixed bug GH-17225: NULL deref in spl_directory.c

  • Streams

    • Fixed bug GH-17037: UAF in user filter when adding existing filter name due to incorrect error handling
    • Fixed bug GH-16810: overflow on fopen HTTP wrapper timeout value
    • Fixed bug GH-17067: glob:// wrapper doesn't cater to CWD for ZTS builds

  • Windows

    • Hardened proc_open() against cmd.exe hijacking

  • XML

    • Fixed bug GH-1718: unreachable program point in zend_hash

PHP version 8.3.16 changes

  • Core

    • Fixed bug GH-17106: ZEND_MATCH_ERROR misoptimization
    • Fixed bug GH-17162: zend_array_try_init() with dtor can cause engine UAF
    • Fixed bug GH-17101: AST->string does not reproduce constructor property promotion correctly
    • Fixed bug GH-17211: observer segfault on function loaded with dl()
    • Fixed bug GH-17216: Trampoline crash on error

  • Date

    • Fixed bug GH-14709: DatePeriod::__construct() overflow on recurrences

  • DBA

    • Skip test if inifile is disabled

  • DOM

    • Fixed bug GH-17224: UAF in importNode

  • Embed

    • Make build command for program using embed portable

  • FFI

    • Fixed bug #79075: FFI header parser chokes on comments
    • Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure
    • Fixed bug GH-16013 and bug #80857: Big endian issues

  • Filter

    • Fixed bug GH-16944: Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890

  • FPM

    • Fixed bug GH-13437: FPM: ERROR: scoreboard: failed to lock (already locked)
    • Fixed bug GH-17112: Macro redefinitions
    • Fixed bug GH-17208: bug64539-status-json-encoding.phpt fail on 32-bits

  • GD

    • Fixed bug GH-16255: Unexpected nan value in ext/gd/libgd/gd_filter.c
    • Ported fix for libgd bug 276: Sometimes pixels are missing when storing images as BMPs

  • Gettext

    • Fixed bug GH-17202: Segmentation fault ext/gettext/gettext.c bindtextdomain()

  • Iconv

    • Fixed bug GH-17047: UAF on iconv filter failure

  • LDAP

    • Fixed bug GH-17280: ldap_search() fails when $attributes array has holes

  • LibXML

    • Fixed bug GH-17223: Memory leak in libxml encoding handling

  • MBString

    • Fixed bug GH-17112: Macro redefinitions

  • Opcache

    • opcache_get_configuration() properly reports jit_prof_threshold
    • Fixed bug GH-17246: GC during SCCP causes segfault

  • PCNTL

    • Fix memory leak in cleanup code of pcntl_exec() when a non-stringable value is encountered past the first entry

  • PgSql

    • Fixed bug GH-17158: pg_fetch_result shows incorrect ArgumentCountError message when called with 1 argument
    • Fixed further ArgumentCountError for calls with flexible number of arguments

  • Phar

    • Fixed bug GH-17137: Segmentation fault ext/phar/phar.c

  • SimpleXML

    • Fixed bug GH-17040: SimpleXML's unset can break DOM objects
    • Fixed bug GH-17153: SimpleXML crash when using autovivification on document

  • Sockets

    • Fixed bug GH-16276: socket_strerror overflow handling with INT_MIN
    • Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option()

  • SPL

    • Fixed bug GH-17225: NULL deref in spl_directory.c

  • Streams

    • Fixed bug GH-17037: UAF in user filter when adding existing filter name due to incorrect error handling
    • Fixed bug GH-16810: overflow on fopen HTTP wrapper timeout value
    • Fixed bug GH-17067: glob:// wrapper doesn't cater to CWD for ZTS builds

  • Windows

    • Hardened proc_open() against cmd.exe hijacking

  • XML

    • Fixed bug GH-1718: unreachable program point in zend_hash