php-8.4.12
- Core:
. Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. (psumbera)
. Fixed bug GH-19053 (Duplicate property slot with hooks and interface property). (ilutov)
. Fixed bug GH-19044 (Protected properties are not scoped according to their prototype). (Bob)
. Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking). (ilutov)
. Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr). (ilutov)
. Fixed bug GH-19305 (Operands may be being released during comparison). (Arnaud)
. Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure). (nielsdos)
. Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator). (Arnaud)
. Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes). (Arnaud)
. Fixed bug GH-19280 (Stale array iterator position on rehashing). (ilutov)
. Fixed bug GH-18736 (Circumvented type check with return by ref + finally). (ilutov)
. Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming). (nielsdos, Arnaud)
- Calendar:
. Fixed bug GH-19371 (integer overflow in calendar.c). (nielsdos)
- FTP:
. Fix theoretical issues with hrtime() not being available. (nielsdos)
- GD:
. Fix incorrect comparison with result of php_stream_can_cast(). (Girgias)
- Hash:
. Fix crash on clone failure. (nielsdos)
- Intl:
. Fix memleak on failure in collator_get_sort_key(). (nielsdos)
. Fix return value on failure for resourcebundle count handler. (Girgias)
- LDAP:
. Fixed bug GH-18529 (additional inheriting of TLS int options). (Jakub Zelenka)
- LibXML:
. Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free). (nielsdos)
- MbString:
. Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown). (nielsdos)
- Opcache:
. Reset global pointers to prevent use-after-free in zend_jit_status(). (Florian Engelhardt)
. Fix issue with JIT restart and hooks. (nielsdos)
. Fix crash with dynamic function defs in hooks during preload. (nielsdos)
- OpenSSL:
. Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check). (nielsdos, botovq)
. Fix error return check of EVP_CIPHER_CTX_ctrl(). (nielsdos)
. Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param). (Jakub Zelenka)
- PDO Pgsql:
. Fixed dangling pointer access on _pdo_pgsql_trim_message helper. (dixyes)
- SOAP:
. Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref). (nielsdos)
- Sockets:
. Fix some potential crashes on incorrect argument value. (nielsdos)
- Standard:
. Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). (ilutov)
. Fix theoretical issues with hrtime() not being available. (nielsdos)
. Fixed bug GH-19300 (Nested array_multisort invocation with error breaks).
(nielsdos)
- Windows:
. Free opened_path when opened_path_len >= MAXPATHLEN. (dixyes)
Saki Takamachi has announced the release of PHP 8.4.12 with various bug fixes and improvements across different components, including Core, Calendar, FTP, GD, Hash, Intl, LDAP, LibXML, MbString, Opcache, OpenSSL, PDO Pgsql, SOAP, Sockets, and Standard. The fixes address issues such as memory leaks, crashes, incorrect behavior, and theoretical problems with functions like hrtime() not being available. Notable bug fixes include resolving integer overflows in the calendar component, fixing a crash on clone failure in the Hash component, and resolving a memleak issue in the Intl component. Additionally, several security-related issues have been addressed, including leaks and heap-use-after-free errors in various components.
