Commit 1279bc60e79 for php.net

commit 1279bc60e7988fb82f5f40a58b3a827a8cc415a8
Merge: d13b5ebc083 159a75c93c2
Author: Niels Dossche <7771979+ndossche@users.noreply.github.com>
Date:   Fri Nov 28 18:39:50 2025 +0100

    Merge branch 'PHP-8.4' into PHP-8.5

    * PHP-8.4:
      Fix GH-20584: Information Leak of Memory
      Fix GH-20583: Stack overflow in http_build_query via deep structures

diff --cc NEWS
index 94740c8cac1,a6ddc8fae7d..03dc24574db
--- a/NEWS
+++ b/NEWS
@@@ -56,7 -62,13 +56,10 @@@ PH

  - Standard:
    . Fix memory leak in array_diff() with custom type checks. (ndossche)
+   . Fixed bug GH-20583 (Stack overflow in http_build_query
+     via deep structures). (ndossche)
+   . Fixed bug GH-20584 (Information Leak of Memory). (ndossche)

 -- Tidy:
 -  . Fixed bug GH-20374 (PHP with tidy and custom-tags). (ndossche)
 -
  - XML:
    . Fixed bug GH-20439 (xml_set_default_handler() does not properly handle
      special characters in attributes when passing data to callback). (ndossche)
diff --cc ext/standard/http.c
index ae6f668e0cb,ce54a17f765..9aae62479e2
--- a/ext/standard/http.c
+++ b/ext/standard/http.c
@@@ -101,8 -132,14 +110,14 @@@ PHPAPI void php_url_encode_hash_ex(Hash
  		return;
  	}

+ 	/* Very deeply structured data could trigger a stack overflow, even without recursion. */
+ 	if (UNEXPECTED(php_url_check_stack_limit())) {
+ 		zend_throw_error(NULL, "Maximum call stack size reached.");
+ 		return;
+ 	}
+
  	if (!arg_sep) {
 -		arg_sep = zend_ini_str("arg_separator.output", strlen("arg_separator.output"), false);
 +		arg_sep = PG(arg_separator).output;
  		if (ZSTR_LEN(arg_sep) == 0) {
  			arg_sep = ZSTR_CHAR('&');
  		}