diff --git a/Zend/zend_compile.c b/Zend/zend_compile.c index b4be1ebb8e9a8..5243eb608f333 100644 --- a/Zend/zend_compile.c +++ b/Zend/zend_compile.c @@ -6522,23 +6522,25 @@ static zend_type zend_compile_typename( ZEND_ASSERT(list->children == type_list->num_types); - ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_ARENA_BIT; /* An implicitly nullable intersection type needs to be converted to a DNF type */ if (force_allow_null) { zend_type intersection_type = ZEND_TYPE_INIT_NONE(0); ZEND_TYPE_SET_LIST(intersection_type, type_list); ZEND_TYPE_FULL_MASK(intersection_type) |= _ZEND_TYPE_INTERSECTION_BIT; + ZEND_TYPE_FULL_MASK(intersection_type) |= _ZEND_TYPE_ARENA_BIT; - zend_type_list *dnf_type_list = zend_arena_alloc(&CG(arena), ZEND_TYPE_LIST_SIZE(list->children)); + zend_type_list *dnf_type_list = zend_arena_alloc(&CG(arena), ZEND_TYPE_LIST_SIZE(1)); dnf_type_list->num_types = 1; dnf_type_list->types[0] = intersection_type; ZEND_TYPE_SET_LIST(type, dnf_type_list); /* Inform that the type list is a DNF type */ ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_UNION_BIT; + ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_ARENA_BIT; } else { ZEND_TYPE_SET_LIST(type, type_list); /* Inform that the type list is an intersection type */ ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_INTERSECTION_BIT; + ZEND_TYPE_FULL_MASK(type) |= _ZEND_TYPE_ARENA_BIT; } } else { type = zend_compile_single_typename(ast); diff --git a/ext/gd/tests/bug81739.phpt b/ext/gd/tests/bug81739.phpt index cc2a90381bab4..b340aa7c07580 100644 --- a/ext/gd/tests/bug81739.phpt +++ b/ext/gd/tests/bug81739.phpt @@ -1,9 +1,7 @@ --TEST-- Bug #81739 (OOB read due to insufficient validation in imageloadfont()) ---SKIPIF-- - +--EXTENSIONS-- +gd --FILE-- opcode != ZEND_FETCH_DIM_RW) { + if (opline->opcode != ZEND_FETCH_DIM_RW) { | EXT_CALL zend_jit_prepare_assign_dim_ref, REG0 } | mov FCARG1x, RETVALx diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index 2c56459a62772..a640a1b78d2d3 100644 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -1254,7 +1254,11 @@ bool pdo_hash_methods(pdo_dbh_object_t *dbh_obj, int kind) func.function_name = zend_string_init(funcs->fname, strlen(funcs->fname), dbh->is_persistent); func.scope = dbh_obj->std.ce; func.prototype = NULL; - ZEND_MAP_PTR(func.run_time_cache) = rt_cache_size ? pemalloc(rt_cache_size, dbh->is_persistent) : NULL; + ZEND_MAP_PTR(func.run_time_cache) = NULL; + if (rt_cache_size > 0) { + ZEND_MAP_PTR(func.run_time_cache) = pemalloc(rt_cache_size, dbh->is_persistent); + memset(ZEND_MAP_PTR(func.run_time_cache), 0, rt_cache_size); + } func.T = ZEND_OBSERVER_ENABLED; if (funcs->flags) { func.fn_flags = funcs->flags | ZEND_ACC_NEVER_CACHE; diff --git a/ext/zend_test/tests/observer_sqlite_create_function.phpt b/ext/zend_test/tests/observer_sqlite_create_function.phpt new file mode 100644 index 0000000000000..85d269c9ead1a --- /dev/null +++ b/ext/zend_test/tests/observer_sqlite_create_function.phpt @@ -0,0 +1,51 @@ +--TEST-- +Observer: PDO::sqliteCreateFunction() can be observed +--EXTENSIONS-- +zend_test +PDO +pdo_sqlite +--INI-- +zend_test.observer.enabled=1 +zend_test.observer.observe_all=1 +--FILE-- +sqliteCreateFunction('returnOne', 'returnOne', 0); + +foreach ($db->query('SELECT returnOne()') as $row) { + var_dump($row); +} + +echo 'Done' . PHP_EOL; +?> +--EXPECTF-- + + + + + + + + + + + + + + + + +array(2) { + ["returnOne()"]=> + int(1) + [0]=> + int(1) +} + +Done +