PHP 8.0.30 backports VC11 compatibility

[Jan-E]

This PR fixes the VC11 compatibility for 2 security backports from PHP 8.0.30:

• Sanitize libxml2 globals before parsing
• Fix buffer mismanagement in phar_dir_read()

I did not include another commit in PHP 8.0.30: Disable global state test on Windows

[Jan-E]

Compiled 5.6.40 VC11 NTS with the backports and a couple of additional extensions:

• https://phpdev.toolsforresearch.com/php-5.6.40-nts-Win32-VC11-x86.htm
• https://phpdev.toolsforresearch.com/php-5.6.40-nts-Win32-VC11-x86.zip

[Jan-E]

@remicollet Do you want another PR for the PHP-5.6-security-backports-openssl11 branch?

[nielsdos]

Patch seems right. The if check on vptr is redundant, but I suppose you're doing that to create a new scope such that you can put the declarations.

[Jan-E]

Thanks for reviewing. I needed a new scope because VC11 even stumbles over 2 PHP_LIBXML_SANITIZE_GLOBALS_DECL macro's after each other. My first attempt was to put the PHP_LIBXML_SANITIZE_GLOBALS_DECL(validate) directly after the PHP_LIBXML_SANITIZE_GLOBALS_DECL(new_parser_ctxt) in the same block, but that did not work. See https://github.com/remicollet/php-src-security/pull/10#discussion_r1285013334 as well.

Did you also look at the buffer mismanagement patch at https://github.com/remicollet/php-src-security/pull/10/commits/a6a46f00b19451bf518a6c33c3332bed4bf3f1dd ? I am always a bit unsure about level indirection.

[nielsdos]

Yes the change for the buffer mismanagement is right too.

[Jan-E]

@remicollet There is a PR for the 5.6 Openssl11 branch as well now: https://github.com/remicollet/php-src-security/pull/11

[Jan-E]

Recompiled all 4 versions of PHP 5.6 and published them on https://www.apachelounge.com/viewtopic.php?t=6359

[remicollet]

PR #11 is merged and commits cherry-picked in the other branch (so a single PR is enough)

Thanks