From b68122e15b7239c5f902dff5792ad065e549d5c6 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Wed, 4 Feb 2026 17:02:40 +0000 Subject: [PATCH 1/8] ext/session: use bool type instead of int --- ext/session/php_session.h | 2 +- ext/session/session.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/session/php_session.h b/ext/session/php_session.h index e48ed4615297f..5b4d3db64f482 100644 --- a/ext/session/php_session.h +++ b/ext/session/php_session.h @@ -264,7 +264,7 @@ PHPAPI zend_result php_session_register_serializer(const char *name, zend_result (*decode)(PS_SERIALIZER_DECODE_ARGS)); PHPAPI zend_result php_session_start(void); -PHPAPI zend_result php_session_flush(int write); +PHPAPI zend_result php_session_flush(bool write); PHPAPI php_session_status php_get_session_status(void); PHPAPI const ps_module *_php_find_ps_module(const char *name); diff --git a/ext/session/session.c b/ext/session/session.c index 1f0c3c7213edd..27be4f8cde473 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -510,7 +510,7 @@ static zend_result php_session_initialize(void) return SUCCESS; } -static void php_session_save_current_state(int write) +static void php_session_save_current_state(bool write) { zend_result ret = FAILURE; @@ -1735,7 +1735,7 @@ PHPAPI zend_result php_session_start(void) return SUCCESS; } -PHPAPI zend_result php_session_flush(int write) +PHPAPI zend_result php_session_flush(bool write) { if (PS(session_status) == php_session_active) { php_session_save_current_state(write); From f4b38fc9c66b0e7b4d413aa77bee2a6a8c120fd1 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Wed, 4 Feb 2026 17:42:39 +0000 Subject: [PATCH 2/8] ext/session: use true/false rather than 1/0 --- ext/session/mod_files.c | 6 +- ext/session/mod_mm.c | 6 +- ext/session/mod_user.c | 14 +-- ext/session/mod_user_class.c | 4 +- ext/session/session.c | 190 +++++++++++++++++------------------ 5 files changed, 110 insertions(+), 110 deletions(-) diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index 74e77973405b2..869bb1052c6df 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -486,7 +486,7 @@ PS_READ_FUNC(files) return SUCCESS; } - *val = zend_string_alloc(sbuf.st_size, 0); + *val = zend_string_alloc(sbuf.st_size, false); #ifdef HAVE_PREAD n = pread(data->fd, ZSTR_VAL(*val), ZSTR_LEN(*val), 0); @@ -519,7 +519,7 @@ PS_READ_FUNC(files) } else { php_error_docref(NULL, E_WARNING, "Read returned less bytes than requested"); } - zend_string_release_ex(*val, 0); + zend_string_release_ex(*val, false); *val = ZSTR_EMPTY_ALLOC(); return FAILURE; } @@ -675,7 +675,7 @@ PS_CREATE_SID_FUNC(files) /* Check collision */ /* FIXME: mod_data(data) should not be NULL (User handler could be NULL) */ if (data && ps_files_key_exists(data, sid) == SUCCESS) { - zend_string_release_ex(sid, 0); + zend_string_release_ex(sid, false); sid = NULL; if (--maxfail < 0) { return NULL; diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c index 76de6035a315c..a2d9a5641e7f1 100644 --- a/ext/session/mod_mm.c +++ b/ext/session/mod_mm.c @@ -359,7 +359,7 @@ PS_READ_FUNC(mm) return FAILURE; } if (PS(use_cookies)) { - PS(send_cookie) = 1; + PS(send_cookie) = true; } php_session_reset_id(); PS(session_status) = php_session_active; @@ -367,7 +367,7 @@ PS_READ_FUNC(mm) sd = ps_sd_lookup(data, PS(id), false); if (sd) { - *val = zend_string_init(sd->data, sd->datalen, 0); + *val = zend_string_init(sd->data, sd->datalen, false); ret = SUCCESS; } @@ -476,7 +476,7 @@ PS_CREATE_SID_FUNC(mm) /* Check collision */ if (ps_mm_key_exists(data, sid) == SUCCESS) { if (sid) { - zend_string_release_ex(sid, 0); + zend_string_release_ex(sid, false); sid = NULL; } if (!(maxfail--)) { diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c index 168c5c7f1d44a..5783ca625a4a6 100644 --- a/ext/session/mod_user.c +++ b/ext/session/mod_user.c @@ -27,19 +27,19 @@ static void ps_call_handler(zval *func, int argc, zval *argv, zval *retval) { int i; if (PS(in_save_handler)) { - PS(in_save_handler) = 0; + PS(in_save_handler) = false; ZVAL_UNDEF(retval); php_error_docref(NULL, E_WARNING, "Cannot call session save handler in a recursive manner"); return; } - PS(in_save_handler) = 1; + PS(in_save_handler) = true; if (call_user_function(NULL, NULL, func, retval, argc, argv) == FAILURE) { zval_ptr_dtor(retval); ZVAL_UNDEF(retval); } else if (Z_ISUNDEF_P(retval)) { ZVAL_NULL(retval); } - PS(in_save_handler) = 0; + PS(in_save_handler) = false; for (i = 0; i < argc; i++) { zval_ptr_dtor(&argv[i]); } @@ -100,7 +100,7 @@ PS_OPEN_FUNC(user) zend_bailout(); } zend_end_try(); - PS(mod_user_implemented) = 1; + PS(mod_user_implemented) = true; ret = verify_bool_return_type_userland_calls(&retval); zval_ptr_dtor(&retval); @@ -109,7 +109,7 @@ PS_OPEN_FUNC(user) PS_CLOSE_FUNC(user) { - bool bailout = 0; + bool bailout = false; zval retval; zend_result ret = FAILURE; @@ -123,10 +123,10 @@ PS_CLOSE_FUNC(user) zend_try { ps_call_handler(&PSF(close), 0, NULL, &retval); } zend_catch { - bailout = 1; + bailout = true; } zend_end_try(); - PS(mod_user_implemented) = 0; + PS(mod_user_implemented) = false; if (bailout) { if (!Z_ISUNDEF(retval)) { diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c index 22be2cd151949..1735423e902c4 100644 --- a/ext/session/mod_user_class.c +++ b/ext/session/mod_user_class.c @@ -54,7 +54,7 @@ PHP_METHOD(SessionHandler, open) } zend_end_try(); if (SUCCESS == ret) { - PS(mod_user_is_open) = 1; + PS(mod_user_is_open) = true; } RETURN_BOOL(SUCCESS == ret); @@ -70,7 +70,7 @@ PHP_METHOD(SessionHandler, close) PS_SANITY_CHECK_IS_OPEN; - PS(mod_user_is_open) = 0; + PS(mod_user_is_open) = false; zend_try { ret = PS(default_mod)->s_close(&PS(mod_data)); diff --git a/ext/session/session.c b/ext/session/session.c index 27be4f8cde473..c1bc4fe504486 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -114,11 +114,11 @@ static inline void php_rinit_session_globals(void) /* TODO: These could be moved to MINIT and removed. These should be initialized by php_rshutdown_session_globals() always when execution is finished. */ PS(id) = NULL; PS(session_status) = php_session_none; - PS(in_save_handler) = 0; - PS(set_handler) = 0; + PS(in_save_handler) = false; + PS(set_handler) = false; PS(mod_data) = NULL; - PS(mod_user_is_open) = 0; - PS(define_sid) = 1; + PS(mod_user_is_open) = false; + PS(define_sid) = true; PS(session_vars) = NULL; PS(module_number) = my_module_number; ZVAL_UNDEF(&PS(http_session_vars)); @@ -168,12 +168,12 @@ static void php_rshutdown_session_globals(void) } zend_end_try(); } if (PS(id)) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); PS(id) = NULL; } if (PS(session_vars)) { - zend_string_release_ex(PS(session_vars), 0); + zend_string_release_ex(PS(session_vars), false); PS(session_vars) = NULL; } @@ -253,7 +253,7 @@ PHPAPI zval* php_get_session_var_str(const char *name, size_t name_len) static void php_session_track_init(void) { zval session_vars; - zend_string *var_name = ZSTR_INIT_LITERAL("_SESSION", 0); + zend_string *var_name = ZSTR_INIT_LITERAL("_SESSION", false); /* Unconditionally destroy existing array -- possible dirty data */ zend_delete_global_variable(var_name); @@ -265,7 +265,7 @@ static void php_session_track_init(void) ZVAL_NEW_REF(&PS(http_session_vars), &session_vars); Z_ADDREF_P(&PS(http_session_vars)); zend_hash_update_ind(&EG(symbol_table), var_name, &PS(http_session_vars)); - zend_string_release_ex(var_name, 0); + zend_string_release_ex(var_name, false); } static zend_string *php_session_encode(void) @@ -356,7 +356,7 @@ PHPAPI zend_string *php_session_create_id(PS_CREATE_SID_ARGS) return NULL; } - outid = zend_string_alloc(PS(sid_length), 0); + outid = zend_string_alloc(PS(sid_length), false); bin_to_readable( rbuf, PS(sid_length), ZSTR_VAL(outid), ZSTR_LEN(outid), @@ -442,7 +442,7 @@ static zend_result php_session_initialize(void) /* If there is no ID, use session module to create one */ if (!PS(id) || !ZSTR_VAL(PS(id))[0]) { if (PS(id)) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); } PS(id) = PS(mod)->s_create_sid(&PS(mod_data)); if (!PS(id)) { @@ -453,20 +453,20 @@ static zend_result php_session_initialize(void) return FAILURE; } if (PS(use_cookies)) { - PS(send_cookie) = 1; + PS(send_cookie) = true; } } else if (PS(use_strict_mode) && PS(mod)->s_validate_sid && PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == FAILURE ) { if (PS(id)) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); } PS(id) = PS(mod)->s_create_sid(&PS(mod_data)); if (!PS(id)) { PS(id) = php_session_create_id(NULL); } if (PS(use_cookies)) { - PS(send_cookie) = 1; + PS(send_cookie) = true; } } @@ -490,7 +490,7 @@ static zend_result php_session_initialize(void) php_session_gc(false); if (PS(session_vars)) { - zend_string_release_ex(PS(session_vars), 0); + zend_string_release_ex(PS(session_vars), false); PS(session_vars) = NULL; } if (val) { @@ -498,7 +498,7 @@ static zend_result php_session_initialize(void) PS(session_vars) = zend_string_copy(val); } php_session_decode(val); - zend_string_release_ex(val, 0); + zend_string_release_ex(val, false); } php_session_cleanup_filename(); @@ -534,7 +534,7 @@ static void php_session_save_current_state(bool write) } else { ret = PS(mod)->s_write(&PS(mod_data), PS(id), val, PS(gc_maxlifetime)); } - zend_string_release_ex(val, 0); + zend_string_release_ex(val, false); } else { ret = PS(mod)->s_write(&PS(mod_data), PS(id), ZSTR_EMPTY_ALLOC(), PS(gc_maxlifetime)); } @@ -955,7 +955,7 @@ PS_SERIALIZER_DECODE_FUNC(php_serialize) zval session_vars; php_unserialize_data_t var_hash; bool result; - zend_string *var_name = ZSTR_INIT_LITERAL("_SESSION", 0); + zend_string *var_name = ZSTR_INIT_LITERAL("_SESSION", false); ZVAL_NULL(&session_vars); PHP_VAR_UNSERIALIZE_INIT(var_hash); @@ -976,7 +976,7 @@ PS_SERIALIZER_DECODE_FUNC(php_serialize) ZVAL_NEW_REF(&PS(http_session_vars), &session_vars); Z_ADDREF_P(&PS(http_session_vars)); zend_hash_update_ind(&EG(symbol_table), var_name, &PS(http_session_vars)); - zend_string_release_ex(var_name, 0); + zend_string_release_ex(var_name, false); return result || !vallen ? SUCCESS : FAILURE; } @@ -1023,7 +1023,7 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) return FAILURE; } - name = zend_string_init(p + 1, namelen, 0); + name = zend_string_init(p + 1, namelen, false); p += namelen + 1; current = var_tmp_var(&var_hash); @@ -1031,12 +1031,12 @@ PS_SERIALIZER_DECODE_FUNC(php_binary) ZVAL_PTR(&rv, current); php_set_session_var(name, &rv, &var_hash); } else { - zend_string_release_ex(name, 0); + zend_string_release_ex(name, false); php_session_normalize_vars(); PHP_VAR_UNSERIALIZE_DESTROY(var_hash); return FAILURE; } - zend_string_release_ex(name, 0); + zend_string_release_ex(name, false); } php_session_normalize_vars(); @@ -1103,7 +1103,7 @@ PS_SERIALIZER_DECODE_FUNC(php) } namelen = q - p; - name = zend_string_init(p, namelen, 0); + name = zend_string_init(p, namelen, false); q++; current = var_tmp_var(&var_hash); @@ -1111,11 +1111,11 @@ PS_SERIALIZER_DECODE_FUNC(php) ZVAL_PTR(&rv, current); php_set_session_var(name, &rv, &var_hash); } else { - zend_string_release_ex(name, 0); + zend_string_release_ex(name, false); retval = FAILURE; goto break_outer_loop; } - zend_string_release_ex(name, 0); + zend_string_release_ex(name, false); p = q; } @@ -1383,7 +1383,7 @@ static zend_result php_session_send_cookie(void) smart_str_appendc(&ncookie, '='); smart_str_append(&ncookie, e_id); - zend_string_release_ex(e_id, 0); + zend_string_release_ex(e_id, false); if (PS(cookie_lifetime) > 0) { struct timeval tv; @@ -1396,7 +1396,7 @@ static zend_result php_session_send_cookie(void) date_fmt = php_format_date(ZEND_STRL("D, d M Y H:i:s \\G\\M\\T"), t, false); smart_str_appends(&ncookie, COOKIE_EXPIRES); smart_str_append(&ncookie, date_fmt); - zend_string_release_ex(date_fmt, 0); + zend_string_release_ex(date_fmt, false); smart_str_appends(&ncookie, COOKIE_MAX_AGE); smart_str_append_long(&ncookie, PS(cookie_lifetime)); @@ -1435,7 +1435,7 @@ static zend_result php_session_send_cookie(void) php_session_remove_cookie(); /* remove already sent session ID cookie */ /* 'replace' must be 0 here, else a previous Set-Cookie header, probably sent with setcookie() will be replaced! */ - sapi_add_header_ex(estrndup(ZSTR_VAL(ncookie.s), ZSTR_LEN(ncookie.s)), ZSTR_LEN(ncookie.s), 0, 0); + sapi_add_header_ex(estrndup(ZSTR_VAL(ncookie.s), ZSTR_LEN(ncookie.s)), ZSTR_LEN(ncookie.s), false, false); smart_str_free(&ncookie); return SUCCESS; @@ -1560,8 +1560,8 @@ static void try_find_session_id_in_cookies(void) potential_session_id = zend_hash_find(Z_ARRVAL_P(cookie_data), PS(session_name)); if (potential_session_id) { proposed_session_id_to_session_id(potential_session_id); - PS(send_cookie) = 0; - PS(define_sid) = 0; + PS(send_cookie) = false; + PS(define_sid) = false; } } @@ -1569,10 +1569,10 @@ static void proposed_session_id_to_session_id(zval *proposed_session_id) { ZVAL_DEREF(proposed_session_id); if (Z_TYPE_P(proposed_session_id) == IS_STRING) { PS(id) = zend_string_copy(Z_STR_P(proposed_session_id)); - PS(send_cookie) = 0; + PS(send_cookie) = false; } else { PS(id) = NULL; - PS(send_cookie) = 1; + PS(send_cookie) = true; } } @@ -1593,7 +1593,7 @@ PHPAPI zend_result php_session_reset_id(void) if (UNEXPECTED(cookies_sent == FAILURE)) { return FAILURE; } - PS(send_cookie) = 0; + PS(send_cookie) = false; } /* If the SID constant exists, destroy it. */ @@ -1626,7 +1626,7 @@ PHPAPI zend_result php_session_reset_id(void) } } if (new_sid_constant != NULL) { - zend_string *deprecation_reason = zend_string_init("as GET/POST sessions were deprecated", strlen("as GET/POST sessions were deprecated"), 0); + zend_string *deprecation_reason = zend_string_init("as GET/POST sessions were deprecated", strlen("as GET/POST sessions were deprecated"), false); zend_attribute *deprecation_attrib = zend_add_attribute(&new_sid_constant->attributes, ZSTR_KNOWN(ZEND_STR_DEPRECATED_CAPITALIZED), 2, 0, 0, 0); ZVAL_STR(&deprecation_attrib->args[0].value, ZSTR_KNOWN(ZEND_STR_8_DOT_4)); deprecation_attrib->args[0].name = ZSTR_KNOWN(ZEND_STR_SINCE); @@ -1709,7 +1709,7 @@ PHPAPI zend_result php_session_start(void) try_find_session_id_in_global(ZEND_STRL("_POST")); if (should_invalidate_session_for_external_referer()) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); PS(id) = NULL; } } @@ -1718,7 +1718,7 @@ PHPAPI zend_result php_session_start(void) /* Finally check session id for dangerous characters * Security note: session id may be embedded in HTML pages.*/ if (PS(id) && strpbrk(ZSTR_VAL(PS(id)), "\r\n\t <>'\"\\")) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); PS(id) = NULL; } @@ -1726,7 +1726,7 @@ PHPAPI zend_result php_session_start(void) || php_session_cache_limiter() == -2) { PS(session_status) = php_session_none; if (PS(id)) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); PS(id) = NULL; } return FAILURE; @@ -1791,8 +1791,8 @@ PHP_FUNCTION(session_set_cookie_params) HashTable *options_ht; zend_long lifetime_long; zend_string *lifetime = NULL, *path = NULL, *domain = NULL, *samesite = NULL; - bool secure = 0, secure_null = 1; - bool httponly = 0, httponly_null = 1; + bool secure = false, secure_null = true; + bool httponly = false, httponly_null = true; bool partitioned = false, partitioned_null = true; zend_string *ini_name; zend_result result; @@ -1859,15 +1859,15 @@ PHP_FUNCTION(session_set_cookie_params) found++; } else if (zend_string_equals_literal_ci(key, "secure")) { secure = zend_is_true(value); - secure_null = 0; + secure_null = false; found++; } else if (zend_string_equals_literal_ci(key, "partitioned")) { partitioned = zend_is_true(value); - partitioned_null = 0; + partitioned_null = false; found++; } else if (zend_string_equals_literal_ci(key, "httponly")) { httponly = zend_is_true(value); - httponly_null = 0; + httponly_null = false; found++; } else if (zend_string_equals_literal_ci(key, "samesite")) { samesite = zval_get_string(value); @@ -1894,63 +1894,63 @@ PHP_FUNCTION(session_set_cookie_params) } if (lifetime) { - ini_name = ZSTR_INIT_LITERAL("session.cookie_lifetime", 0); + ini_name = ZSTR_INIT_LITERAL("session.cookie_lifetime", false); result = zend_alter_ini_entry(ini_name, lifetime, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; goto cleanup; } } if (path) { - ini_name = ZSTR_INIT_LITERAL("session.cookie_path", 0); + ini_name = ZSTR_INIT_LITERAL("session.cookie_path", false); result = zend_alter_ini_entry(ini_name, path, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; goto cleanup; } } if (domain) { - ini_name = ZSTR_INIT_LITERAL("session.cookie_domain", 0); + ini_name = ZSTR_INIT_LITERAL("session.cookie_domain", false); result = zend_alter_ini_entry(ini_name, domain, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; goto cleanup; } } if (!secure_null) { - ini_name = ZSTR_INIT_LITERAL("session.cookie_secure", 0); + ini_name = ZSTR_INIT_LITERAL("session.cookie_secure", false); result = zend_alter_ini_entry_chars(ini_name, secure ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; goto cleanup; } } if (!partitioned_null) { - ini_name = ZSTR_INIT_LITERAL("session.cookie_partitioned", 0); + ini_name = ZSTR_INIT_LITERAL("session.cookie_partitioned", false); result = zend_alter_ini_entry_chars(ini_name, partitioned ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; goto cleanup; } } if (!httponly_null) { - ini_name = ZSTR_INIT_LITERAL("session.cookie_httponly", 0); + ini_name = ZSTR_INIT_LITERAL("session.cookie_httponly", false); result = zend_alter_ini_entry_chars(ini_name, httponly ? "1" : "0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; goto cleanup; } } if (samesite) { - ini_name = ZSTR_INIT_LITERAL("session.cookie_samesite", 0); + ini_name = ZSTR_INIT_LITERAL("session.cookie_samesite", false); result = zend_alter_ini_entry(ini_name, samesite, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); if (result == FAILURE) { RETVAL_FALSE; goto cleanup; @@ -2001,9 +2001,9 @@ PHP_FUNCTION(session_name) RETVAL_STRINGL(ZSTR_VAL(PS(session_name)), ZSTR_LEN(PS(session_name))); if (name) { - zend_string *ini_name = ZSTR_INIT_LITERAL("session.name", 0); + zend_string *ini_name = ZSTR_INIT_LITERAL("session.name", false); zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); } } @@ -2044,9 +2044,9 @@ PHP_FUNCTION(session_module_name) } PS(mod_data) = NULL; - ini_name = ZSTR_INIT_LITERAL("session.save_handler", 0); + ini_name = ZSTR_INIT_LITERAL("session.save_handler", false); zend_alter_ini_entry(ini_name, name, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); } } @@ -2067,13 +2067,13 @@ static bool can_session_handler_be_changed(void) { static inline void set_user_save_handler_ini(void) { zend_string *ini_name, *ini_val; - ini_name = ZSTR_INIT_LITERAL("session.save_handler", 0); + ini_name = ZSTR_INIT_LITERAL("session.save_handler", false); ini_val = ZSTR_KNOWN(ZEND_STR_USER); - PS(set_handler) = 1; + PS(set_handler) = true; zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - PS(set_handler) = 0; - zend_string_release_ex(ini_val, 0); - zend_string_release_ex(ini_name, 0); + PS(set_handler) = false; + zend_string_release_ex(ini_val, false); + zend_string_release_ex(ini_name, false); } #define SESSION_RELEASE_USER_HANDLER_OO(struct_name) \ @@ -2317,7 +2317,7 @@ PHP_FUNCTION(session_id) * see: ext/session/tests/session_id_error3.phpt */ size_t len = strlen(ZSTR_VAL(PS(id))); if (UNEXPECTED(len != ZSTR_LEN(PS(id)))) { - RETVAL_NEW_STR(zend_string_init(ZSTR_VAL(PS(id)), len, 0)); + RETVAL_NEW_STR(zend_string_init(ZSTR_VAL(PS(id)), len, false)); } else { RETVAL_STR_COPY(PS(id)); } @@ -2327,7 +2327,7 @@ PHP_FUNCTION(session_id) if (name) { if (PS(id)) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); } PS(id) = zend_string_copy(name); } @@ -2368,7 +2368,7 @@ PHP_FUNCTION(session_regenerate_id) data = php_session_encode(); if (data) { ret = PS(mod)->s_write(&PS(mod_data), PS(id), data, PS(gc_maxlifetime)); - zend_string_release_ex(data, 0); + zend_string_release_ex(data, false); } else { ret = PS(mod)->s_write(&PS(mod_data), PS(id), ZSTR_EMPTY_ALLOC(), PS(gc_maxlifetime)); } @@ -2383,10 +2383,10 @@ PHP_FUNCTION(session_regenerate_id) /* New session data */ if (PS(session_vars)) { - zend_string_release_ex(PS(session_vars), 0); + zend_string_release_ex(PS(session_vars), false); PS(session_vars) = NULL; } - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); PS(id) = NULL; if (PS(mod)->s_open(&PS(mod_data), ZSTR_VAL(PS(save_path)), ZSTR_VAL(PS(session_name))) == FAILURE) { @@ -2410,7 +2410,7 @@ PHP_FUNCTION(session_regenerate_id) int limit = 3; /* Try to generate non-existing ID */ while (limit-- && PS(mod)->s_validate_sid(&PS(mod_data), PS(id)) == SUCCESS) { - zend_string_release_ex(PS(id), 0); + zend_string_release_ex(PS(id), false); PS(id) = PS(mod)->s_create_sid(&PS(mod_data)); if (!PS(id)) { PS(mod)->s_close(&PS(mod_data)); @@ -2434,11 +2434,11 @@ PHP_FUNCTION(session_regenerate_id) RETURN_THROWS(); } if (data) { - zend_string_release_ex(data, 0); + zend_string_release_ex(data, false); } if (PS(use_cookies)) { - PS(send_cookie) = 1; + PS(send_cookie) = true; } if (php_session_reset_id() == FAILURE) { RETURN_FALSE; @@ -2480,7 +2480,7 @@ PHP_FUNCTION(session_create_id) } else { /* Detect collision and retry */ if (PS(mod)->s_validate_sid(&PS(mod_data), new_id) == SUCCESS) { - zend_string_release_ex(new_id, 0); + zend_string_release_ex(new_id, false); new_id = NULL; continue; } @@ -2493,7 +2493,7 @@ PHP_FUNCTION(session_create_id) if (new_id) { smart_str_append(&id, new_id); - zend_string_release_ex(new_id, 0); + zend_string_release_ex(new_id, false); } else { smart_str_free(&id); php_error_docref(NULL, E_WARNING, "Failed to create new ID"); @@ -2525,9 +2525,9 @@ PHP_FUNCTION(session_cache_limiter) RETVAL_STRINGL(ZSTR_VAL(PS(cache_limiter)), ZSTR_LEN(PS(cache_limiter))); if (limiter) { - ini_name = ZSTR_INIT_LITERAL("session.cache_limiter", 0); + ini_name = ZSTR_INIT_LITERAL("session.cache_limiter", false); zend_alter_ini_entry(ini_name, limiter, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); + zend_string_release_ex(ini_name, false); } } @@ -2554,11 +2554,11 @@ PHP_FUNCTION(session_cache_expire) RETVAL_LONG(PS(cache_expire)); if (!expires_is_null) { - zend_string *ini_name = ZSTR_INIT_LITERAL("session.cache_expire", 0); + zend_string *ini_name = ZSTR_INIT_LITERAL("session.cache_expire", false); zend_string *ini_value = zend_long_to_str(expires); zend_alter_ini_entry(ini_name, ini_value, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME); - zend_string_release_ex(ini_name, 0); - zend_string_release_ex(ini_value, 0); + zend_string_release_ex(ini_name, false); + zend_string_release_ex(ini_value, false); } } @@ -2606,7 +2606,7 @@ static zend_result php_session_start_set_ini(zend_string *varname, zend_string * smart_str_appendc(&buf, '.'); smart_str_append(&buf, varname); smart_str_0(&buf); - ret = zend_alter_ini_entry_ex(buf.s, new_value, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, 0); + ret = zend_alter_ini_entry_ex(buf.s, new_value, PHP_INI_USER, PHP_INI_STAGE_RUNTIME, false); smart_str_free(&buf); return ret; } @@ -2693,7 +2693,7 @@ PHP_FUNCTION(session_start) } if (read_and_close) { - php_session_flush(0); + php_session_flush(false); } RETURN_TRUE; @@ -2759,7 +2759,7 @@ PHP_FUNCTION(session_write_close) if (PS(session_status) != php_session_active) { RETURN_FALSE; } - php_session_flush(1); + php_session_flush(true); RETURN_TRUE; } @@ -2828,7 +2828,7 @@ PHP_FUNCTION(session_register_shutdown) * If the user does have a later shutdown function which needs the * session then tough luck. */ - php_session_flush(1); + php_session_flush(true); php_error_docref(NULL, E_WARNING, "Session shutdown function cannot be registered"); } } @@ -2889,7 +2889,7 @@ static PHP_RSHUTDOWN_FUNCTION(session) { if (PS(session_status) == php_session_active) { zend_try { - php_session_flush(1); + php_session_flush(true); } zend_end_try(); } php_rshutdown_session_globals(); @@ -2923,11 +2923,11 @@ static PHP_GINIT_FUNCTION(ps) ps_globals->mod_data = NULL; ps_globals->session_status = php_session_none; ps_globals->default_mod = NULL; - ps_globals->mod_user_implemented = 0; + ps_globals->mod_user_implemented = false; ps_globals->mod_user_class_name = NULL; - ps_globals->mod_user_is_open = 0; + ps_globals->mod_user_is_open = false; ps_globals->session_vars = NULL; - ps_globals->set_handler = 0; + ps_globals->set_handler = false; ps_globals->session_started_filename = NULL; ps_globals->session_started_lineno = 0; /* Unset user defined handlers */ @@ -3141,7 +3141,7 @@ static void php_session_rfc1867_update(php_session_rfc1867_progress *progress, b Z_TRY_ADDREF(progress->data); zend_hash_update(Z_ARRVAL_P(sess_var), progress->key.s, &progress->data); } - php_session_flush(1); + php_session_flush(true); } static void php_session_rfc1867_cleanup(php_session_rfc1867_progress *progress) @@ -3153,7 +3153,7 @@ static void php_session_rfc1867_cleanup(php_session_rfc1867_progress *progress) SEPARATE_ARRAY(sess_var); zend_hash_del(Z_ARRVAL_P(sess_var), progress->key.s); } - php_session_flush(1); + php_session_flush(true); } static zend_result php_session_rfc1867_callback(unsigned int event, void *event_data, void **extra) @@ -3246,10 +3246,10 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ PS(id) = zend_string_copy(Z_STR(progress->sid)); if (progress->apply_trans_sid) { /* Enable trans sid by modifying flags */ - PS(use_trans_sid) = 1; - PS(use_only_cookies) = 0; + PS(use_trans_sid) = true; + PS(use_only_cookies) = false; } - PS(send_cookie) = 0; + PS(send_cookie) = false; } array_init(&progress->current_file); @@ -3260,7 +3260,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ add_assoc_null_ex(&progress->current_file, ZEND_STRL("tmp_name")); add_assoc_long_ex(&progress->current_file, ZEND_STRL("error"), 0); - add_assoc_bool_ex(&progress->current_file, ZEND_STRL("done"), 0); + add_assoc_bool_ex(&progress->current_file, ZEND_STRL("done"), false); add_assoc_long_ex(&progress->current_file, ZEND_STRL("start_time"), (zend_long)time(NULL)); add_assoc_long_ex(&progress->current_file, ZEND_STRL("bytes_processed"), 0); @@ -3297,7 +3297,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ } add_assoc_long_ex(&progress->current_file, ZEND_STRL("error"), data->cancel_upload); - add_assoc_bool_ex(&progress->current_file, ZEND_STRL("done"), 1); + add_assoc_bool_ex(&progress->current_file, ZEND_STRL("done"), true); Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed; @@ -3313,7 +3313,7 @@ static zend_result php_session_rfc1867_callback(unsigned int event, void *event_ } else { if (!Z_ISUNDEF(progress->data)) { SEPARATE_ARRAY(&progress->data); - add_assoc_bool_ex(&progress->data, ZEND_STRL("done"), 1); + add_assoc_bool_ex(&progress->data, ZEND_STRL("done"), true); Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed; php_session_rfc1867_update(progress, true); } From 713fbeda97bdd60fa6055cf5185c7df6202cc1ea Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Wed, 4 Feb 2026 17:44:31 +0000 Subject: [PATCH 3/8] ext/session: no need to free a known zend_string --- ext/session/session.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index c1bc4fe504486..632a9938d08e2 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2065,14 +2065,12 @@ static bool can_session_handler_be_changed(void) { } static inline void set_user_save_handler_ini(void) { - zend_string *ini_name, *ini_val; + /* const */ zend_string *ini_val = ZSTR_KNOWN(ZEND_STR_USER); + zend_string *ini_name = ZSTR_INIT_LITERAL("session.save_handler", false); - ini_name = ZSTR_INIT_LITERAL("session.save_handler", false); - ini_val = ZSTR_KNOWN(ZEND_STR_USER); PS(set_handler) = true; zend_alter_ini_entry(ini_name, ini_val, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); PS(set_handler) = false; - zend_string_release_ex(ini_val, false); zend_string_release_ex(ini_name, false); } From b56f068756d80c489e09426ff781562e3d8eef4c Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Wed, 4 Feb 2026 17:46:30 +0000 Subject: [PATCH 4/8] ext/session: use RETURN_BOOL() when possible --- ext/session/session.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/ext/session/session.c b/ext/session/session.c index 632a9938d08e2..cd957369c5e20 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2438,11 +2438,8 @@ PHP_FUNCTION(session_regenerate_id) if (PS(use_cookies)) { PS(send_cookie) = true; } - if (php_session_reset_id() == FAILURE) { - RETURN_FALSE; - } - RETURN_TRUE; + RETURN_BOOL(php_session_reset_id() == SUCCESS); } /* Generate new session ID. Intended for user save handlers. */ @@ -2591,10 +2588,7 @@ PHP_FUNCTION(session_decode) RETURN_FALSE; } - if (php_session_decode(str) == FAILURE) { - RETURN_FALSE; - } - RETURN_TRUE; + RETURN_BOOL(php_session_decode(str) == SUCCESS); } static zend_result php_session_start_set_ini(zend_string *varname, zend_string *new_value) { From 68a10628a2d6ed7d58bbe4e6dd670bee5c348233 Mon Sep 17 00:00:00 2001 From: Arnaud Le Blanc <365207+arnaud-lb@users.noreply.github.com> Date: Thu, 5 Feb 2026 14:30:58 +0100 Subject: [PATCH 5/8] Fix -Wdefault-const-init-field-unsafe with clang 21 (#21135) Fixes the following warning: Zend/zend_alloc.c:3469:18: error: default initialization of an object of type 'zend_mm_storage' (aka 'struct _zend_mm_storage') with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe] 3469 | zend_mm_storage tmp_storage, *storage; | ^ Zend/zend_alloc.h:313:25: note: member 'handlers' declared 'const' here 313 | const zend_mm_handlers handlers; | ^ --- Zend/zend_alloc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c index ffb4d69066b97..bca2190976c77 100644 --- a/Zend/zend_alloc.c +++ b/Zend/zend_alloc.c @@ -3465,12 +3465,14 @@ ZEND_API zend_mm_heap *zend_mm_startup(void) ZEND_API zend_mm_heap *zend_mm_startup_ex(const zend_mm_handlers *handlers, void *data, size_t data_size) { #if ZEND_MM_STORAGE - zend_mm_storage tmp_storage, *storage; + zend_mm_storage *storage; + zend_mm_storage tmp_storage = { + .handlers = *handlers, + .data = data, + }; zend_mm_chunk *chunk; zend_mm_heap *heap; - memcpy((zend_mm_handlers*)&tmp_storage.handlers, handlers, sizeof(zend_mm_handlers)); - tmp_storage.data = data; chunk = (zend_mm_chunk*)handlers->chunk_alloc(&tmp_storage, ZEND_MM_CHUNK_SIZE, ZEND_MM_CHUNK_SIZE); if (UNEXPECTED(chunk == NULL)) { #if ZEND_MM_ERROR From 3cb85cc681ac5f1120773917c8f089c898739f98 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Tue, 3 Feb 2026 21:47:27 +0100 Subject: [PATCH 6/8] Fix assign-op/inc/dec on untyped hooked property backing value Fixes OSS-Fuzz #478009707 Closes GH-21124 --- NEWS | 2 + Zend/tests/oss-fuzz-478009707.phpt | 23 ++++++++++ Zend/zend_vm_def.h | 8 ++-- Zend/zend_vm_execute.h | 72 +++++++++++++++++++----------- 4 files changed, 75 insertions(+), 30 deletions(-) create mode 100644 Zend/tests/oss-fuzz-478009707.phpt diff --git a/NEWS b/NEWS index 81d0a689972ed..dd9fd9a268640 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,8 @@ PHP NEWS by setRawValueWithoutLazyInitialization() and newLazyGhost()). (Arnaud) . Fixed bug GH-20504 (Assertion failure in zend_get_property_guard when accessing properties on Reflection LazyProxy via isset()). (Arnaud) + . Fixed OSS-Fuzz #478009707 (Borked assign-op/inc/dec on untyped hooked + property backing value). (ilutov) - Curl: . Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback). diff --git a/Zend/tests/oss-fuzz-478009707.phpt b/Zend/tests/oss-fuzz-478009707.phpt new file mode 100644 index 0000000000000..02ba186a49ece --- /dev/null +++ b/Zend/tests/oss-fuzz-478009707.phpt @@ -0,0 +1,23 @@ +--TEST-- +OSS-Fuzz #478009707: Assign-op/inc/dec on untyped hooked property backing value +--FILE-- +prop = $value; + $this->prop += 1; + $this->prop++; + ++$this->prop; + } + } +} + +$c = new C(1); +$c->prop = 1; +var_dump($c->prop); + +?> +--EXPECT-- +int(4) diff --git a/Zend/zend_vm_def.h b/Zend/zend_vm_def.h index 3e1026ef60e81..4ecd80837b191 100644 --- a/Zend/zend_vm_def.h +++ b/Zend/zend_vm_def.h @@ -1070,7 +1070,7 @@ ZEND_VM_C_LABEL(assign_op_object): } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -1326,7 +1326,8 @@ ZEND_VM_C_LABEL(pre_incdec_object): } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -1394,7 +1395,8 @@ ZEND_VM_C_LABEL(post_incdec_object): ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); diff --git a/Zend/zend_vm_execute.h b/Zend/zend_vm_execute.h index 46c04bdd6d287..d7c14a7cf8075 100644 --- a/Zend/zend_vm_execute.h +++ b/Zend/zend_vm_execute.h @@ -23590,7 +23590,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_VAR_CONST_H } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -23798,7 +23798,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_VAR_CONST_HAN } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -23860,7 +23861,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_VAR_CONST_HA ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -26591,7 +26593,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_VAR_TMPVAR_ } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -26801,7 +26803,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_VAR_TMPVAR_HA } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -26864,7 +26867,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_VAR_TMPVAR_H ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -30951,7 +30955,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_VAR_CV_HAND } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -31159,7 +31163,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_VAR_CV_HANDLE } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -31221,7 +31226,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_VAR_CV_HANDL ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -33621,7 +33627,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_UNUSED_CONS } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -33699,7 +33705,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_UNUSED_CONST_ } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -33761,7 +33768,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_UNUSED_CONST ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -35807,7 +35815,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_UNUSED_TMPV } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -35885,7 +35893,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_UNUSED_TMPVAR } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -35948,7 +35957,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_UNUSED_TMPVA ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -38457,7 +38467,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_UNUSED_CV_H } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -38535,7 +38545,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_UNUSED_CV_HAN } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -38597,7 +38608,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_UNUSED_CV_HA ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -42612,7 +42624,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_CV_CONST_HA } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -42820,7 +42832,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_CV_CONST_HAND } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -42882,7 +42895,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_CV_CONST_HAN ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -46566,7 +46580,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_CV_TMPVAR_H } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -46776,7 +46790,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_CV_TMPVAR_HAN } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -46839,7 +46854,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_CV_TMPVAR_HA ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -52071,7 +52087,7 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_ASSIGN_OBJ_OP_SPEC_CV_CV_HANDL } prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - if (prop_info) { + if (prop_info && ZEND_TYPE_IS_SET(prop_info->type)) { /* special case for typed properties */ zend_binary_assign_op_typed_prop(prop_info, zptr, value OPLINE_CC EXECUTE_DATA_CC); } else { @@ -52279,7 +52295,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_PRE_INC_OBJ_SPEC_CV_CV_HANDLER } } else { prop_info = (zend_property_info *) CACHED_PTR_EX(cache_slot + 2); - zend_pre_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_pre_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_pre_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); @@ -52341,7 +52358,8 @@ static ZEND_OPCODE_HANDLER_RET ZEND_FASTCALL ZEND_POST_INC_OBJ_SPEC_CV_CV_HANDLE ZVAL_NULL(EX_VAR(opline->result.var)); } else { prop_info = (zend_property_info*)CACHED_PTR_EX(cache_slot + 2); - zend_post_incdec_property_zval(zptr, prop_info OPLINE_CC EXECUTE_DATA_CC); + zend_post_incdec_property_zval(zptr, + prop_info && ZEND_TYPE_IS_SET(prop_info->type) ? prop_info : NULL OPLINE_CC EXECUTE_DATA_CC); } } else { zend_post_incdec_overloaded_property(zobj, name, cache_slot OPLINE_CC EXECUTE_DATA_CC); From 8ebdbb763012795371a7a12c5d78135a9522ce01 Mon Sep 17 00:00:00 2001 From: Arshid Date: Thu, 5 Feb 2026 19:43:35 +0530 Subject: [PATCH 7/8] Return from filter_has_var() with RETURN_BOOL() (GH-21137) --- ext/filter/filter.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ext/filter/filter.c b/ext/filter/filter.c index 4a928379877bc..70ab5d358f2c4 100644 --- a/ext/filter/filter.c +++ b/ext/filter/filter.c @@ -479,11 +479,7 @@ PHP_FUNCTION(filter_has_var) RETURN_THROWS(); } - if (array_ptr && zend_hash_exists(Z_ARRVAL_P(array_ptr), var)) { - RETURN_TRUE; - } - - RETURN_FALSE; + RETURN_BOOL(array_ptr && zend_hash_exists(Z_ARRVAL_P(array_ptr), var)); } /* }}} */ From cdae6c38f62b743d78eff47ad50b42d486f7b238 Mon Sep 17 00:00:00 2001 From: Arshid Date: Thu, 5 Feb 2026 19:44:52 +0530 Subject: [PATCH 8/8] Return from curl_setopt() with RETURN_BOOL() (GH-21136) --- ext/curl/interface.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 79785d3ced616..58558b71a5ebc 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -2278,11 +2278,7 @@ PHP_FUNCTION(curl_setopt) ch = Z_CURL_P(zid); - if (_php_curl_setopt(ch, options, zvalue, 0) == SUCCESS) { - RETURN_TRUE; - } else { - RETURN_FALSE; - } + RETURN_BOOL(_php_curl_setopt(ch, options, zvalue, 0) == SUCCESS); } /* }}} */