Software 43035 Published by

PHP 8.3.17 has been released and fixes ini_parse_quantity(), GH-17214, and NULL arithmetic during Windows system application execution. It also corrected ZEND_AST_UNPACK's may_have_extra_named_args flag and Windows trailing space OOB. The enchant no longer crashes when supplying null bytes. FTP and GD have been patched for EINTR and tilded true color filling/imagefttext problems, respectively. Internal closure issues, UCNverter::transcode producing E_WARNING on improper encoding, and JIT failure have been resolved in Intl. Fixed function registration and test crashes, session issues, SimpleXML issues, SNMP issues, SPL issues, and zip issues with PHPDBG.



php-8.3.17

- Core:
. Fixed bug GH-16892 (ini_parse_quantity() fails to parse inputs starting
with 0x0b). (nielsdos)
. Fixed bug GH-16886 (ini_parse_quantity() fails to emit warning for 0x+0).
(nielsdos)
. Fixed bug GH-17214 (Relax final+private warning for trait methods with
inherited final). (ilutov)
. Fixed NULL arithmetic during system program execution on Windows. (cmb,
nielsdos)
. Fixed potential OOB when checking for trailing spaces on Windows. (cmb)
. Fixed bug GH-17408 (Assertion failure Zend/zend_exceptions.c).
(nielsdos, ilutov)
. Fix may_have_extra_named_args flag for ZEND_AST_UNPACK. (nielsdos)
. Fix NULL arithmetic in System V shared memory emulation for Windows. (cmb)

- DOM:
. Fixed bug GH-17500 (Segfault with requesting nodeName on nameless doctype).
(nielsdos)

- Enchant:
. Fix crashes in enchant when passing null bytes. (nielsdos)

- FTP:
. Fixed bug GH-16800 (ftp functions can abort with EINTR). (nielsdos)

- GD:
. Fixed bug GH-17349 (Tiled truecolor filling looses single color
transparency). (cmb)
. Fixed bug GH-17373 (imagefttext() ignores clipping rect for palette
images). (cmb)
. Ported fix for libgd 223 (gdImageRotateGeneric() does not properly
interpolate). (cmb)

- Intl:
. Fixed bug GH-11874 (intl causing segfault in docker images). (nielsdos)
. Fixed bug GH-17469 (UConverter::transcode always emit E_WARNING on
invalid encoding). (David Carlier)

- Opcache:
. Fixed bug GH-17307 (Internal closure causes JIT failure). (nielsdos)
. Fixed bug GH-17564 (Potential UB when reading from / writing to struct
padding). (ilutov)

- PDO:
. Fixed a memory leak when the GC is used to free a PDOStatment. (Girgias)
. Fixed a crash in the PDO Firebird Statement destructor. (nielsdos)
. Fixed UAFs when changing default fetch class ctor args. (Girgias, nielsdos)

- Phar:
. Fixed bug GH-17518 (offset overflow phar extractTo()). (nielsdos)

- PHPDBG:
. Fix crashes in function registration + test. (nielsdos, Girgias)

- Session:
. Fix type confusion with session SID constant. (nielsdos)
. Fixed bug GH-17541 (ext/session NULL pointer dereferencement during
ID reset). (Girgias)

- SimpleXML:
. Fixed bug GH-17409 (Assertion failure Zend/zend_hash.c:1730). (nielsdos)

- SNMP:
. Fixed bug GH-17330 (SNMP::setSecurity segfault on closed session).
(David Carlier)

- SPL:
. Fixed bug GH-17463 (crash on SplTempFileObject::ftruncate with negative
value). (David Carlier)

- Zip:
. Fixed bug GH-17139 (Fix zip_entry_name() crash on invalid entry).
(nielsdos)

Release php-8.3.17 · php/php-src