Commit 633fb48fca2 for php.net

commit 633fb48fca2689f28f4a2653268f73c64e1ce241
Merge: 9b33be2493f e776695abf4
Author: Jakub Zelenka <bukka@php.net>
Date:   Tue Dec 16 15:35:25 2025 +0100

    Merge branch 'PHP-8.3' into PHP-8.4

    * PHP-8.3:
      Update NEWS with info about security issues
      Fix GHSA-www2-q4fc-65wf
      Fix GHSA-h96m-rvf9-jgm2
      Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
      Fix GH-20584: Information Leak of Memory

diff --cc NEWS
index d58644fe15b,beff3f224ce..e5fe6af0e04
--- a/NEWS
+++ b/NEWS
@@@ -113,12 -113,13 +117,17 @@@ PH
    . Fix memory leak in array_diff() with custom type checks. (ndossche)
    . Fixed bug GH-20583 (Stack overflow in http_build_query
      via deep structures). (ndossche)
-   . Fixed bug GH-20584 (Information Leak of Memory). (ndossche)
+   . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
+     (ndossche)
+   . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()).
+     (CVE-2025-14178) (ndossche)
+   . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize).
+     (CVE-2025-14177) (ndossche)

 +- Streams:
 +  . Fixed bug GH-20370 (User stream filters could violate typed property
 +    constraints). (alexandre-daubois)
 +
  - Tidy:
    . Fixed bug GH-20374 (PHP with tidy and custom-tags). (ndossche)

diff --cc ext/standard/basic_functions.c
index 855356a52b0,35715c6abe5..16c34a21966
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@@ -589,12 -585,17 +589,12 @@@ PHP_FUNCTION(ip2long
  {
  	char *addr;
  	size_t addr_len;
 -#ifdef HAVE_INET_PTON
  	struct in_addr ip;
 -#else
 -	zend_ulong ip;
 -#endif

  	ZEND_PARSE_PARAMETERS_START(1, 1)
- 		Z_PARAM_STRING(addr, addr_len)
+ 		Z_PARAM_PATH(addr, addr_len)
  	ZEND_PARSE_PARAMETERS_END();

 -#ifdef HAVE_INET_PTON
  	if (addr_len == 0 || inet_pton(AF_INET, addr, &ip) != 1) {
  		RETURN_FALSE;
  	}