From 3884438fe33b0a45fe0839d4a8b352b28b00b800 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 25 Oct 2025 21:00:10 +0100 Subject: [PATCH 1/2] ext/zip: ZipArchive callback missing zend_release_fcall_info_cache during FCC conversion (79b9fe3) in the rare cases where the lib fails to allocate the memory for these callbacks, we return false directly. close GH-20293 --- NEWS | 5 +++++ ext/zip/php_zip.c | 2 ++ 2 files changed, 7 insertions(+) diff --git a/NEWS b/NEWS index 23933494c825..d8d7cda775b5 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,11 @@ PHP NEWS . Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64. (Jakub Zelenka) +- Zip: + . Fixed missing zend_release_fcall_info_cache on the following methods + ZipArchive::registerProgressCallback() and ZipArchive::registerCancelCallback() + on failure. (David Carlier) + 23 Oct 2025, PHP 8.5.0RC3 diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index 1a49bc1d10bd..34ac611c99b7 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -3026,6 +3026,7 @@ PHP_METHOD(ZipArchive, registerProgressCallback) /* register */ if (zip_register_progress_callback_with_state(intern, rate, php_zip_progress_callback, php_zip_progress_callback_free, obj)) { + zend_release_fcall_info_cache(&fcc); RETURN_FALSE; } zend_fcc_dup(&obj->progress_callback, &fcc); @@ -3081,6 +3082,7 @@ PHP_METHOD(ZipArchive, registerCancelCallback) /* register */ if (zip_register_cancel_callback_with_state(intern, php_zip_cancel_callback, php_zip_cancel_callback_free, obj)) { + zend_release_fcall_info_cache(&fcc); RETURN_FALSE; } zend_fcc_dup(&obj->cancel_callback, &fcc); From 275ec6f3352ffa423409751f4488439179c65528 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Sat, 25 Oct 2025 22:36:09 +0100 Subject: [PATCH 2/2] Zend: make zend_copy_parameters_array() private (#20265) And slightly refactor implementation. --- UPGRADING.INTERNALS | 1 + Zend/zend_API.c | 22 ---------------------- Zend/zend_API.h | 3 --- Zend/zend_closures.c | 17 +++++++++++++++-- 4 files changed, 16 insertions(+), 27 deletions(-) diff --git a/UPGRADING.INTERNALS b/UPGRADING.INTERNALS index 42e52480bbb9..15f6620496d4 100644 --- a/UPGRADING.INTERNALS +++ b/UPGRADING.INTERNALS @@ -34,6 +34,7 @@ PHP 8.6 INTERNALS UPGRADE NOTES printf family. . The zval_dtor() alias of zval_ptr_dtor_nogc() has been removed. Call zval_ptr_dtor_nogc() directly instead. + . The internal zend_copy_parameters_array() function is no longer exposed. ======================== 2. Build system changes diff --git a/Zend/zend_API.c b/Zend/zend_API.c index 1b97974686ed..e05cc7e506f6 100644 --- a/Zend/zend_API.c +++ b/Zend/zend_API.c @@ -76,28 +76,6 @@ ZEND_API zend_result zend_get_parameters_array_ex(uint32_t param_count, zval *ar } /* }}} */ -ZEND_API zend_result zend_copy_parameters_array(uint32_t param_count, zval *argument_array) /* {{{ */ -{ - zval *param_ptr; - uint32_t arg_count; - - param_ptr = ZEND_CALL_ARG(EG(current_execute_data), 1); - arg_count = ZEND_CALL_NUM_ARGS(EG(current_execute_data)); - - if (param_count>arg_count) { - return FAILURE; - } - - while (param_count-->0) { - Z_TRY_ADDREF_P(param_ptr); - zend_hash_next_index_insert_new(Z_ARRVAL_P(argument_array), param_ptr); - param_ptr++; - } - - return SUCCESS; -} -/* }}} */ - ZEND_API ZEND_COLD void zend_wrong_param_count(void) /* {{{ */ { const char *space; diff --git a/Zend/zend_API.h b/Zend/zend_API.h index 4e2954c0a65c..24e686b721ef 100644 --- a/Zend/zend_API.h +++ b/Zend/zend_API.h @@ -347,9 +347,6 @@ ZEND_API void zend_set_dl_use_deepbind(bool use_deepbind); ZEND_API zend_result zend_get_parameters_array_ex(uint32_t param_count, zval *argument_array); -/* internal function to efficiently copy parameters when executing __call() */ -ZEND_API zend_result zend_copy_parameters_array(uint32_t param_count, zval *argument_array); - #define zend_get_parameters_array(ht, param_count, argument_array) \ zend_get_parameters_array_ex(param_count, argument_array) #define zend_parse_parameters_none() \ diff --git a/Zend/zend_closures.c b/Zend/zend_closures.c index 4c2b85f5d48c..948139a86590 100644 --- a/Zend/zend_closures.c +++ b/Zend/zend_closures.c @@ -287,6 +287,19 @@ ZEND_METHOD(Closure, bindTo) do_closure_bind(return_value, ZEND_THIS, newthis, scope_obj, scope_str); } +static void zend_copy_parameters_array(const uint32_t param_count, HashTable *argument_array) /* {{{ */ +{ + zval *param_ptr = ZEND_CALL_ARG(EG(current_execute_data), 1); + + ZEND_ASSERT(param_count <= ZEND_CALL_NUM_ARGS(EG(current_execute_data))); + + for (uint32_t i = 0; i < param_count; i++) { + Z_TRY_ADDREF_P(param_ptr); + zend_hash_next_index_insert_new(argument_array, param_ptr); + param_ptr++; + } +} + static ZEND_NAMED_FUNCTION(zend_closure_call_magic) /* {{{ */ { zend_fcall_info fci; zend_fcall_info_cache fcc; @@ -310,14 +323,14 @@ static ZEND_NAMED_FUNCTION(zend_closure_call_magic) /* {{{ */ { array_init_size(&fci.params[1], ZEND_NUM_ARGS() + zend_hash_num_elements(EX(extra_named_params))); /* Avoid conversion from packed to mixed later. */ zend_hash_real_init_mixed(Z_ARRVAL(fci.params[1])); - zend_copy_parameters_array(ZEND_NUM_ARGS(), &fci.params[1]); + zend_copy_parameters_array(ZEND_NUM_ARGS(), Z_ARRVAL(fci.params[1])); ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(EX(extra_named_params), name, named_param_zval) { Z_TRY_ADDREF_P(named_param_zval); zend_hash_add_new(Z_ARRVAL(fci.params[1]), name, named_param_zval); } ZEND_HASH_FOREACH_END(); } else if (ZEND_NUM_ARGS()) { array_init_size(&fci.params[1], ZEND_NUM_ARGS()); - zend_copy_parameters_array(ZEND_NUM_ARGS(), &fci.params[1]); + zend_copy_parameters_array(ZEND_NUM_ARGS(), Z_ARRVAL(fci.params[1])); } else { ZVAL_EMPTY_ARRAY(&fci.params[1]); }