clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-23 19:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
96,044 Commits 491 Branches 1,363 Tags 846 MiB
4ca3468e78
Commit Graph

41871 Commits

Author SHA1 Message Date
Dorin Marcoci
e926bf6507 Fixes #65689. PDO_Firebrid / exec() does not free allocated statement. 2016-12-25 22:06:20 -08:00
Bob Weinand
ac1372d811 Fix alpn_ctx leaking in openssl 2016-12-22 23:34:07 +01:00
Bob Weinand
8823b68c41 Fixed bug #73373 (deflate_add does not verify that output was not truncated) 2016-12-22 15:29:36 +01:00
Sébastien Santoro
25c96f92f4 Fix IS_UNDEF comparisons in opcache 
These conditions were formerly `!q->pData` and `!p->pData`, and should
now be detected as undefined variables, using the special type IS_UNDEF.

Incidentally, this syntax raised a logical-not-parentheses compiler
warning, now gone.
 2016-12-22 12:46:14 +01:00
Dorin Marcoci
eb33d08f1e Compatibility with Firebird & Oracle select syntax. 2016-12-19 01:06:24 +01:00
Anatol Belski
88c1491c6d fix proto 2016-12-19 00:50:29 +01:00
Dorin Marcoci
cf46ac1179 Cursor is not opened on singleton selects. 
Test case for unregistered bug on FB3 singleton selects

Set error mode to warning instead of exception.
 2016-12-18 21:53:51 +01:00
Anatol Belski
3e48baa49d fix arg spec and datatype, follow up on 73594 2016-12-18 21:16:35 +01:00
Bruce Weirdan
c78fd4568e Fixed bug #73594 
Skip the tests when local resolver does not behave

* Added SKIPIF sections to check local resolver
* Added test to check $authns parameter
 2016-12-18 20:44:33 +01:00
Nikita Popov
c1af9f282f Fix bug #46103 2016-12-18 17:10:19 +01:00
Nikita Popov
eb636fcb56 Add test for get_browser() in object mode 
All other tests only check array return values...
 2016-12-18 13:16:25 +01:00
Anatol Belski
58a945cf68 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  fix C89 compat
 2016-12-17 20:45:22 +01:00
Anatol Belski
79e47aae41 fix C89 compat 2016-12-17 20:43:32 +01:00
Sara Golemon
5004ae2b62 Silence warning from unhandled enum 
(cherry picked from commit 57bbe2c140)
 2016-12-17 00:12:33 +01:00
Anatol Belski
2f9e928af8 fix leaking streams and memory mapped files 
(cherry picked from commit f1ff23095b)
 2016-12-17 00:12:19 +01:00
Anatol Belski
8bc3f179ce make timing check more forgiving in these tests 
Particularly on slower VMs, the sporadic fails can still happen.
The timing is kept in an uncritical range, but allows the tests
pass there. Mayby, it'd make sense to introduce a new group for
this kind of tests, so tests requiring exact time measurement
can be avoided on unsuitable environments.
 2016-12-15 12:20:37 +01:00
Matteo Beccati
7c696fa886 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Skip tests when secure_file_priv dir not writable
 2016-12-15 09:31:54 +01:00
Matteo Beccati
0c9324ea9b Skip tests when secure_file_priv dir not writable 2016-12-15 09:31:00 +01:00
Anatol Belski
5136048064 extend skip section 
The day light offset is calculated based on the system TZ, so with
an unsuitable one there's no way to workaround the false positives.
 2016-12-14 19:53:55 +01:00
Anatol Belski
d663296e3b cleanup temporary data 2016-12-14 12:33:13 +01:00
Nikita Popov
4b2cc62e26 More fixes for bug #73089 
Insert a lot more DEREFs. Some may not be necessary, but better
safe than sorry. I'm thinking the soap_hash_str_find_deref function
should become part of the zend_hash API -- we need this in many
places.
 2016-12-13 17:56:38 +01:00
Andrey Hristov
13fc1b92ca Add a bit more test cases (edge cases) to the BIT test case 2016-12-12 21:52:36 +02:00
Andrey Hristov
a881ea7d86 Add a test case to test fetching of multiple rows with bit values. 2016-12-12 21:28:33 +02:00
Andrey Hristov
e15c418c4c Fix off by 1 problem. 
The problem was manifestated only with BIT columns and only when more than
one row was fetched. The problem was coming from the fact that in pre-7.0
times mysqlnd was using a no-copy optimization. This optimization kept the
strings (and also the BIT mask equivalents as strings) in the packet and the
zval referred to them. 7.0+ zvals cannot use no-copy and always copy. Because
of this the allocated memory for the packet was reduced by 1 by the person who
ported the driver, but the starting address of the bit area wasn't reduced.
Because of this the bit_area started at wrong address and the length decoded
wrong.
 2016-12-12 21:11:02 +02:00
Anatol Belski
7a8774ade4 better way to get ACP 2016-12-12 01:54:22 +01:00
Anatol Belski
3473b519c0 fix datatype for zpp, yet a followup on bug #73679 2016-12-12 01:26:06 +01:00
Anatol Belski
1d80fb2cdb Fixed bug #73679 DOTNET read access violation using invalid codepage 2016-12-11 17:06:55 +01:00
Anatol Belski
66ad7918b8 fix uninitialized member 2016-12-08 17:15:06 +01:00
Anatol Belski
ff6565462e git clean section 2016-12-08 03:24:18 +01:00
Dorin Marcoci
13ffa88e1f Fixed bug #72931 PDO_FIREBIRD with Firebird 3.0 not work on returning statement 2016-12-07 21:06:11 +01:00
Anatol Belski
c89306ac52 fix leak, take 2 2016-12-06 16:12:39 +01:00
Anatol Belski
9b1430140a fix leak, take on 7.x 2016-12-06 14:42:59 +01:00
Anatol Belski
b04d60626d fix leak, take on 5.6 2016-12-06 14:34:27 +01:00
Stanislav Malyshev
183b4d78aa Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  This still leaks memory, I don't have enough knowledge in WDDX code to fix them :(
 2016-12-05 22:33:33 -08:00
Stanislav Malyshev
d7ce944cf1 This still leaks memory, I don't have enough knowledge in WDDX code to fix them :( 2016-12-05 22:32:59 -08:00
Stanislav Malyshev
1d59ed7524 Fix bug #73645 - int/size_t confusion 2016-12-05 22:16:00 -08:00
Stanislav Malyshev
6292fe84d3 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #73631 - Invalid read when wddx decodes empty boolean element
 2016-12-05 21:58:55 -08:00
Stanislav Malyshev
266ecb6d0a Fix bug #73631 - Invalid read when wddx decodes empty boolean element 2016-12-05 21:40:55 -08:00
Anatol Belski
eddca73ad2 fix test 
This test depends on connection flags modifable from teh env,
that can affect the exact function called.
 2016-12-04 22:42:39 +01:00
Anatol Belski
1eb3f01c68 fix test 
On Windows, either doubled backslashes or forward slashes are supported
on the server side.
 2016-12-04 22:27:17 +01:00
Anatol Belski
69fbc751ff fix ident 2016-12-04 20:59:12 +01:00
Anatol Belski
8e209d0435 fix test 2016-12-04 17:28:43 +01:00
Anatol Belski
10a2ceef3b enforce the test ini usage for the child process 2016-12-04 14:01:40 +01:00
Anatol Belski
2252d4e59d fork tests 2016-12-01 14:52:18 +01:00
Dmitry Stogov
7f22e3c879 Fixed bad merge 2016-12-01 16:21:57 +03:00
Dmitry Stogov
b7b7dd8cea Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Workaround for GCC-4.9.2 bug
  oops, changed in wrong place
 2016-12-01 15:50:05 +03:00
Anatol Belski
043d8e2fe1 improve skipif 2016-12-01 13:32:10 +01:00
Dmitry Stogov
003346c450 Simpler overflow check 2016-12-01 10:30:02 +03:00
Nuno Lopes
d5a2af6d1c Merge branch 'PHP-7.0' of https://git.php.net/push/php-src into PHP-7.0 2016-11-30 14:41:26 -05:00
Dmitry Stogov
9a9ad56af0 Fixed bug #73586 (php_user_filter::$stream is not set to the stream the filter is working on). 2016-11-28 12:54:47 +03:00
Stanislav Malyshev
c8778eb293 oops, changed in wrong place 2016-11-27 16:11:41 -08:00
Stanislav Malyshev
f1a9851c3e Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix #68447: grapheme_extract take an extra trailing character
 2016-11-27 15:36:29 -08:00
Stanislav Malyshev
8856b3a63c Merge branch 'pull-request/1974' into PHP-5.6 
* pull-request/1974:
  Fix #68447: grapheme_extract take an extra trailing character
 2016-11-27 15:34:58 -08:00
Stanislav Malyshev
1cb58ead70 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix #73549: Use after free when stream is passed to imagepng
 2016-11-27 14:53:27 -08:00
Christoph M. Becker
5049ef2f1c Fix #73549: Use after free when stream is passed to imagepng 
If a stream is passed to imagepng() or other image output functions,
opposed to a filename, we must not close this stream.
 2016-11-27 14:51:02 -08:00
Matteo Beccati
54c04befc2 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix occasionaly failing test
 2016-11-27 10:20:38 +01:00
Matteo Beccati
2a80758fd5 Fix occasionaly failing test 2016-11-27 10:20:13 +01:00
Stanislav Malyshev
bc85678df3 Add more mbfl string size checks (bug #73505) 2016-11-26 14:49:48 -08:00
Stanislav Malyshev
58cdd03d92 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Add more mbfl string size checks (bug #73505)
 2016-11-26 14:48:40 -08:00
Stanislav Malyshev
5ee02b207d Add more mbfl string size checks (bug #73505) 2016-11-26 14:47:58 -08:00
Christoph M. Becker
003727d851 Fix #73612: preg_*() may leak memory 
We have to make sure that collectible zvals end up in the GC root
buffer, to avoid memory leaks.
 2016-11-26 15:34:27 +01:00
Stanislav Malyshev
8be94d46f8 Fix more size_t/int implicit conversions 
Now the conversions are explicit and do checks. Not sure it's
the best way but at least we can see them now in the open.
 2016-11-25 15:31:50 -08:00
Stanislav Malyshev
bcc913fa8b Fix int/size_t confusion in isValidPharFilename (bug #73580) 2016-11-25 15:31:50 -08:00
Christoph M. Becker
bc979aee6d Merge branch 'PHP-5.6' into PHP-7.0 2016-11-25 23:16:18 +01:00
Christoph M. Becker
7f529e3dee Fix #73582: Failing ext/gd/tests/imagettftext_charmap_order.phpt 
This test is not supposed to work with JIS-mapped Japanese font support
enabled.
 2016-11-25 23:14:08 +01:00
Anatol Belski
a36dd1dfd8 add test for bug #57547 2016-11-24 19:25:47 +01:00
Derick Rethans
c38f2c2a6b Updated to version 2016.10 (2016j) 2016-11-24 10:40:14 +00:00
Derick Rethans
6785ea2340 Updated to version 2016.10 (2016j) 2016-11-24 10:40:11 +00:00
Nikita Popov
5b88c61580 Merge branch 'PHP-5.6' into PHP-7.0 2016-11-22 19:25:31 +01:00
Nikita Popov
2d19c92fc2 Make php_url_parse_ex() respect length argument 
This should fix all out-of-bounds reads that could previously
occur if the string passed to php_url_parse_ex() is not NUL
terminated.
 2016-11-22 19:24:24 +01:00
Nikita Popov
f0f68c7274 Cleanup parse_url() query/fragment handling 
The query/fragment handling was pretty convoluted, with many parts
being duplicated. Simplify by checking for fragment, then for query,
then for path.
 2016-11-22 19:24:23 +01:00
Nikita Popov
9befad6fc2 Cleanup parse_url() gotos 
Simplify some unnecessarily complicated code. In particular the
length updates are unnecessary (length is only used at the very
start) and we're goto'ing around a bit too much.
 2016-11-22 19:24:21 +01:00
Anatol Belski
58aa1a70a0 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #73498
  Add a test for bug 73498
 2016-11-22 00:46:03 +01:00
Craig Duncan
644e290fcd Fix bug #73498 
Postgres uses the DELIMITER keyword since 7.3
And WITH is no longer required/used
 2016-11-22 00:42:45 +01:00
Craig Duncan
d36d4c70d3 Add a test for bug 73498 2016-11-22 00:42:45 +01:00
Anatol Belski
5e9b4c26a5 remove TSRMLS_* 2016-11-21 23:53:37 +01:00
Anatol Belski
eb53865dfd Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  add test for bug #73452
  Backport 15ac4904 to 5.6
 2016-11-21 15:29:44 +01:00
Anatol Belski
4805be1db6 add test for bug #73452 2016-11-21 15:25:46 +01:00
Anatol Belski
0da5cb5fb6 Backport 15ac4904 to 5.6 2016-11-21 15:20:03 +01:00
Tyson Andre
cdb7aafc23 Fix memory leak(null coalescing operator with Spl hash) 
The SEPARATE_ARG_IF_REF macro increased the refcount of the object passed as a
key.
However, when the key did not exist in the ArrayAccess implementation,
the code returned early without trying to decrement the refcount.

Add a test of `??` succeeding+failing on a SplObjectStorage instance.
 2016-11-20 15:46:13 -08:00
Jakub Zelenka
60574ea1ac Fix bug #73526 (php_json_encode depth issue) 2016-11-20 20:36:03 +00:00
Craig Duncan
685b1292e9 Fix bug #73538 
Remove any previous default headers and replace with the specified
ones, as documented, and as is the case when a single header is
passed.
 2016-11-20 21:18:28 +01:00
Xinchen Hui
ebfd93f725 Fixed bug #73483 (Segmentation fault on pcre_replace_callback) 2016-11-20 15:44:27 +08:00
Anatol Belski
48191010d5 fix test portability 2016-11-18 22:10:41 +01:00
Mitch Hagstrand
55980684f6 Fix the lchwon error test for Travis CI. 
The E_WARNING message from the PHP function lchown is passed
from the system function lchown. The error message returned
from lchown can be filesystem dependent.
 2016-11-18 17:55:44 +01:00
Dmitry Stogov
97b65cc9c2 Fixed memory leaks in parse_ini_file() 2016-11-18 16:17:52 +03:00
Dmitry Stogov
05d382e7ec Merge branch 'PHP-7.0' of git.php.net:php-src into PHP-7.0 
* 'PHP-7.0' of git.php.net:php-src:
  Updated NEWS
  Improvement for bug73297
  Simplify ext/standard/tests/http/bug73297.phpt
  http_fopen_wrapper.c - bug#73297 Skip past "100 Continue" responses
  Add failing test for bug#73297
 2016-11-17 14:07:11 +03:00
Dmitry Stogov
c2173c16d0 Fixed 64-bit build 2016-11-17 14:05:22 +03:00
Julien Pauli
4b2cbc3f2f Improvement for bug73297 2016-11-17 11:51:53 +01:00
Rowan Collins
66ac73bee8 Simplify ext/standard/tests/http/bug73297.phpt 2016-11-17 11:51:53 +01:00
Rowan Collins
94374c51e7 http_fopen_wrapper.c - bug#73297 Skip past "100 Continue" responses 2016-11-17 11:51:53 +01:00
Rowan Collins
4683377dfa Add failing test for bug#73297 2016-11-17 11:51:53 +01:00
Julien Pauli
49030f2a25 Improvement for bug73297 2016-11-17 11:33:36 +01:00
Dmitry Stogov
a67637039f Prevent modification of immutable arrays (ext/mbstring/tests/bug26639.phpt failure with opcache.protect_memory=1) 2016-11-17 13:33:05 +03:00
Dmitry Stogov
d4b3f89c53 Overflow check 2016-11-17 13:17:34 +03:00
Rowan Collins
eba5e276c7 Simplify ext/standard/tests/http/bug73297.phpt 2016-11-17 11:04:57 +01:00
Rowan Collins
aec1a5eccc http_fopen_wrapper.c - bug#73297 Skip past "100 Continue" responses 2016-11-17 11:04:56 +01:00
Rowan Collins
6122526cea Add failing test for bug#73297 2016-11-17 11:04:56 +01:00
Dmitry Stogov
5e001c34ec Skip 64-bit specific tests on 32-bit systems 2016-11-17 11:44:28 +03:00
Dmitry Stogov
27542d9c9d Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Accorate handling of too big inodes of chroot directories
 2016-11-17 01:14:23 +03:00
Dmitry Stogov
9849c97b1b Accorate handling of too big inodes of chroot directories 2016-11-17 01:08:42 +03:00
Mitch Hagstrand
1d8be7c044 Fix #73546: Logging for opcache has an empty file name 2016-11-16 21:30:40 +01:00
Dmitry Stogov
71ee641327 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  "opcache.validate_root" is useless on Windows
 2016-11-16 23:19:56 +03:00
Dmitry Stogov
935d922114 "opcache.validate_root" is useless on Windows 2016-11-16 23:15:14 +03:00
Nuno Lopes
d26b8804d0 fix gcov coverage 2016-11-16 15:11:07 -05:00
Dmitry Stogov
8e350a627a Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Use full path
 2016-11-16 23:05:00 +03:00
Dmitry Stogov
8202b97077 Use full path 2016-11-16 23:01:40 +03:00
Dmitry Stogov
99e5d6c4a5 Merge branch 'PHP-7.0' of git.php.net:php-src into PHP-7.0 
* 'PHP-7.0' of git.php.net:php-src:
 2016-11-16 16:47:05 +03:00
Dmitry Stogov
a91f3d475e Fixed ZTS build 2016-11-16 16:43:57 +03:00
Christoph M. Becker
936cafe33e Merge branch 'PHP-5.6' into PHP-7.0 2016-11-16 12:00:39 +01:00
Christoph M. Becker
eb570294a2 Fix #73530: Unsetting result set may reset other result set 
Calling sqlite3_reset() when a result set object is freed can cause
undesired and maybe even hard to track interference with other result
sets. Furthermore, there is no need to call sqlite3_reset(), because
that is implicitly called on SQLite3Stmt::execute(), and users are
encouraged to explicitly call either SQLite3Result::finalize() or
SQLite3Stmt::reset() anyway.
 2016-11-16 11:49:04 +01:00
Dmitry Stogov
a1a5b52f3b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #69090 (check cached files permissions)
 2016-11-16 12:49:50 +03:00
Dmitry Stogov
ecba563f2f Fixed bug #69090 (check cached files permissions) 2016-11-16 12:43:10 +03:00
jhdxr
0bd63959c9 move declaration of vars to top 2016-11-13 05:32:24 +00:00
jhdxr
9ad2083773 add test for #69587 2016-11-13 05:32:24 +00:00
jhdxr
23f9e48273 fix bug #69587 DateInterval properties and isset 2016-11-13 05:32:24 +00:00
Edgar R. Sandi
72be8de39f fixed bug generated by fixes bug #73135 2016-11-12 17:43:16 +00:00
Edgar R. Sandi
1631c61feb phpt file to bug #73135 2016-11-12 17:43:16 +00:00
Edgar R. Sandi
319822b050 fixes bug #73135 2016-11-12 17:43:16 +00:00
Joshua Rogers
1b8cfaf23d Fix integer overflow in calender. 
Fix int overflows in conversation functions for calendar.
Add tests for the overflows.
 2016-11-12 17:33:51 +00:00
Jean Carlo Machado
f578ce3a13 added a test for date_interval_format function 2016-11-12 09:57:50 +00:00
Joe Watkins
ff1986e4d7 Merge branch 'pull-request/2198' 2016-11-12 08:16:01 +00:00
Nikita Popov
bb3d0c0e17 Fcall optimization: Avoid FETCH_DIM_R with UNUSED op2 2016-11-10 21:36:46 +01:00
Dmitry Stogov
15ac490472 Don't update proprties inplace. 2016-11-10 12:32:07 +03:00
Anatol Belski
e87daf363b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  fix memory leak
 2016-11-08 12:16:39 +01:00
Anatol Belski
d6d08f97cd fix memory leak 2016-11-08 12:12:58 +01:00
Anatol Belski
2b30b54275 Merge remote-tracking branch 'phpsec/PHP-7.0.13' into PHP-7.0 
* phpsec/PHP-7.0.13:
  Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash
  Fix #72696: imagefilltoborder stackoverflow on truecolor images
  Fix #72482: Ilegal write/read access caused by gdImageAALine overflow
  Fix bug #73144 and bug #73341 - remove extra dtor
  remove unreferenced var came in with merge
  Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
  fix version
  set versions
 2016-11-08 11:13:29 +01:00
Anatol Belski
33766347cb Merge remote-tracking branch 'phpsec/PHP-5.6.28' into PHP-5.6 2016-11-08 11:06:52 +01:00
Anatol Belski
ef55a4b5b3 Enable FTS4 and FTS5 for bundled libsqlite 
FTS3 is already enabled by default, and the other FTS versions
seems just to have been missed. Given that, the other FTS plugins
look like a low impact so worth a try. The current bundled libsqlite
versions in 7.x are proven stable already and support FTS5.
 2016-11-08 02:26:43 +01:00
Anatol Belski
0c2156d190 avoid unneeded copying 2016-11-07 21:09:03 +01:00
Anatol Belski
f0676cbe20 Add test for bug #73448 2016-11-07 20:39:51 +01:00
Anatol Belski
3558e70e58 Fixed bug #73448 odbc_errormsg returns trash, always 513 bytes 2016-11-07 20:18:29 +01:00
Jakub Zelenka
493b2bff02 Fix bug #72776 (Invalid parameter in memcpy function trough openssl_pbkdf2) 2016-11-06 20:40:51 +00:00
Nikita Popov
b2af4e8868 Complete the fix of bug #70172 for PHP 7 2016-11-05 23:06:27 +01:00
Dorin Marcoci
3d73f718b2 Fix blob parameters binding. Fixes: #73087, #61183, #71494 
Adjusted formatting according to requirements

Test case for bug #73087
 2016-11-05 22:49:16 +01:00
Stanislav Malyshev
3b78cabc88 More int->size_t and string overflow fixes 2016-11-05 14:00:47 -07:00
Anatol Belski
617f38b0e0 fix dir separator in test 2016-11-04 18:29:54 +01:00
Anatol Belski
a61eade827 fix dir separator 2016-11-04 13:10:52 +01:00
Stanislav Malyshev
d858b4c77f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Add length check for bzcompress too - fix for bug #73356
 2016-11-03 22:30:46 -07:00
Stanislav Malyshev
40f7fea897 Add length check for bzcompress too - fix for bug #73356 2016-11-03 22:10:22 -07:00
Stanislav Malyshev
2fa455128c Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  More string length checks & fixes
 2016-11-03 22:05:25 -07:00
Stanislav Malyshev
1fd18821e0 More string length checks & fixes 2016-11-03 21:35:09 -07:00
Stanislav Malyshev
6e12e49b5b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  More string length checks & fixes
 2016-11-03 20:46:25 -07:00
Stanislav Malyshev
ea9fac94bb More string length checks & fixes 2016-11-03 20:36:52 -07:00
Derick Rethans
7f2b7a4950 Updated to version 2016.9 (2016i) 2016-11-03 13:57:31 -04:00
Derick Rethans
ccb91cde94 Updated to version 2016.9 (2016i) 2016-11-03 13:57:28 -04:00
Anatol Belski
de643586de Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash 
(cherry picked from commit 99b242a6d0)
 2016-11-03 17:09:03 +01:00
Anatol Belski
99b242a6d0 Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash 2016-11-03 17:03:23 +01:00
Xinchen Hui
1efb9fd32d Fixed bug #73423 (Reproducible crash with GDB backtrace) 2016-11-02 12:11:30 +08:00
Christoph M. Becker
8957ff36b3 Merge branch 'PHP-5.6' into PHP-7.0 2016-11-01 20:24:10 +01:00
Christoph M. Becker
2eacb53fc4 Fix #73436: Setting allow_url_fopen to Off makes several tests fail 
We make sure that these tests run with allow_url_fopen=1.
 2016-11-01 20:13:53 +01:00
Christoph M. Becker
5693474997 Fix #72696: imagefilltoborder stackoverflow on truecolor images 
We must not allow negative color values be passed to
gdImageFillToBorder(), because that can lead to infinite recursion
since the recursion termination condition will not necessarily be met.

(cherry picked from commit 863d37ea66)
 2016-11-01 13:07:37 +01:00
Christoph M. Becker
1b5543b8ab Fix #72482: Ilegal write/read access caused by gdImageAALine overflow 
Instead of rolling our own bounds check we use clip_1d() as it's done
in gdImageLine() and in external libgd. We must not pass the image
width and height, respectively, but rather the largest ordinate value
that is allowed to be accessed, i.e. width-1 and height-1,
respectively.

(cherry picked from commit 6499581af7)
 2016-11-01 13:03:41 +01:00
Stanislav Malyshev
7cf7920055 Fix bug #73144 and bug #73341 - remove extra dtor 
(cherry picked from commit f74d7d92c8)

Conflicts:
	ext/spl/spl_array.c

Merged the test only, in 7.0 tree the removed dtor call is already
not present.
 2016-11-01 13:01:58 +01:00
Anatol Belski
6b21c28b0e remove unreferenced var came in with merge 2016-11-01 12:55:05 +01:00
Stanislav Malyshev
8c67460a10 Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle 
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).

(cherry picked from commit 6045de69c7)

Conflicts:
	ext/wddx/wddx.c
 2016-11-01 12:50:33 +01:00
Christoph M. Becker
863d37ea66 Fix #72696: imagefilltoborder stackoverflow on truecolor images 
We must not allow negative color values be passed to
gdImageFillToBorder(), because that can lead to infinite recursion
since the recursion termination condition will not necessarily be met.
 2016-10-30 14:31:29 -07:00
Christoph M. Becker
6499581af7 Fix #72482: Ilegal write/read access caused by gdImageAALine overflow 
Instead of rolling our own bounds check we use clip_1d() as it's done
in gdImageLine() and in external libgd. We must not pass the image
width and height, respectively, but rather the largest ordinate value
that is allowed to be accessed, i.e. width-1 and height-1,
respectively.
 2016-10-30 14:28:23 -07:00
Xinchen Hui
af873d4788 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed bug #73402 (Opcache segfault when using class constant to call a method)

Conflicts:
	ext/opcache/Optimizer/zend_optimizer.c
 2016-10-29 23:43:59 +08:00
Xinchen Hui
ef75ddd4f9 Fixed bug #73402 (Opcache segfault when using class constant to call a method) 2016-10-29 23:41:51 +08:00
Xinchen Hui
66caa61188 Skip if no jit is built 2016-10-29 14:23:25 +08:00
Xinchen Hui
e5aa365147 Fixed bug #73392 (A use-after-free in zend allocator management) 2016-10-28 21:21:24 +08:00
Anatol Belski
0f9a4af90b make config.w32 compatible with ICU 58 2016-10-26 13:05:03 +02:00
Christoph M. Becker
af4bfe234c Merge branch 'PHP-5.6' into PHP-7.0 2016-10-25 14:31:41 +02:00
Christoph M. Becker
cd13d0260a Fix #72494: imagecropauto out-of-bounds access 
This issue has actually already been fixed with commit 46f2c690. We're
adding a regression test and a NEWS entry, and also port the fix in
gdImageCropThreshold() from libgd:
  * <https://github.com/libgd/libgd/commit/b347e034>
  * <https://github.com/libgd/libgd/commit/46f2c690>
 2016-10-25 14:29:48 +02:00
Derick Rethans
7544040469 Updated to version 2016.8 (2016h) 2016-10-24 10:37:13 +01:00
Derick Rethans
4f5a755b9d Updated to version 2016.8 (2016h) 2016-10-24 10:37:07 +01:00
Stanislav Malyshev
f74d7d92c8 Fix bug #73144 and bug #73341 - remove extra dtor 2016-10-23 22:03:16 -07:00
Stanislav Malyshev
6045de69c7 Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle 
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).
 2016-10-23 20:09:23 -07:00
Nikita Popov
89d3e234af Fix test output 
Changed due to eca84946a4.
 2016-10-23 22:26:25 +02:00
Adam Saponara
55d17662cb Fix bug #71241: array_replace_recursive mutates ref params 
`array_replace_recursive` can sometimes mutate its params if
references are nested within. This differs from the PHP 5 behavior.
 2016-10-20 13:22:04 +02:00
Leigh
c3361f16c7 Add php_random_int internal API 
This is the internal API compliment to `php_random_bytes`
 2016-10-20 10:18:07 +01:00
Joe Watkins
295377630a Merge branch 'pull-request/2152' into PHP-7.0 2016-10-20 05:19:10 +01:00
Joe Watkins
8c74be0c52 Revert "Fix bug #47890 #73215 uniqid() should use better random source" 
This reverts commit 48f1a17886.
 2016-10-18 11:30:19 +01:00
Yasuo Ohgaki
48f1a17886 Fix bug #47890 #73215 uniqid() should use better random source 2016-10-18 09:13:42 +09:00
Christoph M. Becker
0b596f81b8 Merge branch 'PHP-5.6' into PHP-7.0 
We also use ZEND_LONG_(MAX|MIN) now instead of LONG_(MAX|MIN).
 2016-10-17 23:38:28 +02:00
Christoph M. Becker
86e603a664 Fix #73333: 2147483647 is fetched as string 
We return all integers that can be represented as such by PHP as
integers, and only those that exceed the possible range as strings.
On builds which represent integers with 64 bits, the range check is
unnecessary and might cause code checkers to complain, so we skip this
special casing via the preprocessor according to
<http://git.php.net/?p=php-src.git;a=commit;h=99d087e5>.
 2016-10-17 23:34:41 +02:00
Joe Watkins
39ee3184ee Merge branch 'pull-request/1817' 2016-10-17 17:01:39 +01:00
Joe Watkins
5eb84337a6 Merge branch 'pull-request/1816' 2016-10-17 17:01:28 +01:00
Joe Watkins
522e4f1174 Merge branch 'pull-request/1814' 2016-10-17 17:01:10 +01:00
Joe Watkins
6806a41e7f Merge branch 'pull-request/1808' 2016-10-17 17:00:50 +01:00
Christopher Jones
8be59a1301 Fixed bug #71148 (Bind reference overwritten on PHP 7) 2016-10-17 12:40:14 +11:00
Remi Collet
f1cf340e19 bump ext/zip version 2016-10-14 17:31:07 +02:00
Remi Collet
428ef50838 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  use zend_error instead of zend_error_noreturn
 2016-10-14 10:54:09 +02:00
Remi Collet
e1f5b6d8df use zend_error instead of zend_error_noreturn 2016-10-14 10:53:40 +02:00
Keith Smiley
3b9ba6195d soap #69137 - Invert logic to be correct 2016-10-13 23:56:24 -04:00
Anatol Belski
730288ae41 rename publicly exposed symbol to avoid name conflicts 2016-10-13 15:23:50 +02:00
Christoph M. Becker
b8fab503fe Merge branch 'PHP-5.6' into PHP-7.0 2016-10-13 11:25:11 +02:00
Christoph M. Becker
cc08cbc84d Fix #73280: Stack Buffer Overflow in GD dynamicGetbuf 
We make sure to never pass a negative `rlen` as size to memcpy().

Cf. <https://github.com/libgd/libgd/commit/53110871>.
 2016-10-13 11:10:02 +02:00
Stanislav Malyshev
cd8c9b0614 Fix outlen for openssl function 
Even though datalen can't be over int, outlen can.
 2016-10-12 23:19:07 -07:00
Stanislav Malyshev
2301608736 Syncronize with 5.6 - __toString should return "" 2016-10-12 23:09:49 -07:00
Stanislav Malyshev
9c50ba42d6 Fix potential overflows in php_pcre_replace_impl 2016-10-12 23:07:47 -07:00
Keith Smiley
26287132c0 Fixed bug #73237 
If the response includes both fields with simple types (which get
concatenated into an XML string) and a complex type (which is parsed
into an object), then the object will parsed into the same zval as the
simple types and will overwrite the string.
 2016-10-12 23:12:45 +02:00
Mitch Hagstrand
bcee2fdbec Fixed bug in zend_accel_error() and cleaned up kill_all_lockers() 
1. zend_accel_error was only executing clean up if log_verbosity_level is high enough to log
2. Cleaned up kill_all_lockers function and fixed comments.
 2016-10-12 23:03:55 +02:00
Anatol Belski
58b18892bf update len in fallback cases 2016-10-12 20:52:46 +02:00
Stanislav Malyshev
74b5662536 Fix bug #73190: memcpy negative parameter _bc_new_num_ex 
(cherry picked from commit 40e7baab3c)
 2016-10-12 19:48:25 +02:00
Stanislav Malyshev
f42cbd749c Fix bug #73147: Use After Free in PHP7 unserialize() 
(cherry picked from commit 0e6fe3a4c9)
 2016-10-12 17:51:15 +02:00
Anatol Belski
efc1f33b58 fix typo 2016-10-12 17:12:38 +02:00
Anatol Belski
80eb013a92 Revert "Fix for #73240 - Write out of bounds at number_format" 
This reverts commit 01280f8deb.

The fix is already merged by Stas.
 2016-10-12 16:12:18 +02:00
Anatol Belski
b135ba3fa9 followup with #73276 merge 2016-10-12 16:03:35 +02:00
Anatol Belski
7c6cb1282d fix test 2016-10-12 16:03:09 +02:00
Stanislav Malyshev
7dc8b5e7ae Fix bug #73276 - crash in openssl_random_pseudo_bytes function 
(cherry picked from commit 85a22a0af0)
 2016-10-12 15:55:42 +02:00
Stanislav Malyshev
4ef79370a8 Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML() 
(cherry picked from commit 96a8cf8e1b)
 2016-10-12 15:40:21 +02:00
Stanislav Malyshev
01280f8deb Fix for #73240 - Write out of bounds at number_format 
(cherry picked from commit 8259130b6b)
 2016-10-12 14:55:00 +02:00
Anatol Belski
aaa5d07365 avoid strlen 2016-10-12 13:28:23 +02:00
Stanislav Malyshev
b26b02b2df Bug #73218: add mitigation for ICU int overflow 
(cherry picked from commit d946d10293)
 2016-10-12 13:22:51 +02:00
Stanislav Malyshev
87a8240b5a Add more locale length checks, due to ICU bugs. 
(cherry picked from commit d3eb58332a)
 2016-10-12 13:11:16 +02:00
Stanislav Malyshev
d1e878f272 Fix bug #73150: missing NULL check in dom_document_save_html 
(cherry picked from commit 1c0e9126fb)
 2016-10-12 12:19:41 +02:00
Sara Golemon
43ccf23d70 Clear FG(user_stream_current_filename) when bailing out 
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188
 2016-10-11 21:55:01 -07:00
Sara Golemon
4d11a8eedf Clear FG(user_stream_current_filename) when bailing out 
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188
 2016-10-11 21:44:14 -07:00
Stanislav Malyshev
1bdb30a429 Merge branch 'PHP-7.0.12' into PHP-7.0 
* PHP-7.0.12:
  set versions and release date
  sync NEWS
  Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
  Fix for #73240 - Write out of bounds at number_format
  Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key
  set versions
  Fix bug #73091 - Unserializing DateInterval object may lead to __toString invocation
 2016-10-11 16:46:51 -07:00
Stanislav Malyshev
9c675607e6 Merge remote-tracking branch 'origin/PHP-7.0.12' into PHP-7.0.12 
* origin/PHP-7.0.12: (99 commits)
  set versions and release date
  sync NEWS
  Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
  set versions
  update NEWS
  Ignore potentially misleading dberr values
  update NEWS
  Fixed bug #73172 parse error: Invalid numeric literal
  Fix #53745: cgi.discard_path option is missing from php.ini
  update libs_versions.txt
  update libs_versions.txt
  Fixed bug #73156 (segfault on undefined function)
  Add an include path for freetype which is relevant for cmake builds
  Fix test_image_equals_file() wrt. palette images
  Fixed bug #73163
  Fix #73161: imagecreatefromgd2() may leak memory
  Fix #73159: imagegd2(): unrecognized formats may result in corrupted files
  Fix #73155: imagegd2() writes wrong chunk sizes on boundaries
  Fix #73157 (again): imagegd2() ignores 3rd param if 4 are given
  Fix #73157: imagegd2() ignores 3rd param if 4 are given
  ...
 2016-10-11 16:27:13 -07:00
Stanislav Malyshev
689a9b8def Merge branch 'PHP-5.6.27' into PHP-5.6 
* PHP-5.6.27:
  Fix tests
  fix tsrm
  Fix bug #73284 - heap overflow in php_ereg_replace function
  Fix bug #73276 - crash in openssl_random_pseudo_bytes function
  Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
  fix bug #73275 - crash in openssl_encrypt function
  Fix for #73240 - Write out of bounds at number_format
  Bug #73218: add mitigation for ICU int overflow
  Add more locale length checks, due to ICU bugs.
  Fix bug #73208 - another missing length check
  Fix bug #73190: memcpy negative parameter _bc_new_num_ex
  Fix bug #73189 - Memcpy negative size parameter php_resolve_path
  Fixed bug #73174 - heap overflow in php_pcre_replace_impl
  Fix bug #73150: missing NULL check in dom_document_save_html
  Fix bug #73147: Use After Free in PHP7 unserialize()
  Fix bug #73082
  Fix bug #73073 - CachingIterator null dereference when convert to string
 2016-10-11 16:26:35 -07:00
Stanislav Malyshev
082d1f2375 Fix tests 2016-10-11 16:18:08 -07:00
Stanislav Malyshev
c1112ff323 fix tsrm 2016-10-11 14:39:16 -07:00
Stanislav Malyshev
21452a5401 Fix bug #73284 - heap overflow in php_ereg_replace function 2016-10-11 14:16:51 -07:00
Stanislav Malyshev
85a22a0af0 Fix bug #73276 - crash in openssl_random_pseudo_bytes function 2016-10-11 13:37:47 -07:00
Stanislav Malyshev
96a8cf8e1b Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML() 2016-10-11 13:30:52 -07:00
Stanislav Malyshev
8822f7c9f0 fix bug #73275 - crash in openssl_encrypt function 2016-10-11 13:19:20 -07:00
Stanislav Malyshev
3b5262ec4c Fix for #73240 - Write out of bounds at number_format 2016-10-10 23:49:28 -07:00
Stanislav Malyshev
8259130b6b Fix for #73240 - Write out of bounds at number_format 2016-10-10 23:42:50 -07:00
Stanislav Malyshev
61cdd1255d Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key 2016-10-10 22:54:29 -07:00
Anatol Belski
62c68f7483 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  add test for bug #73037
 2016-10-10 16:02:30 +02:00
Anatol Belski
256b150a96 add test for bug #73037 2016-10-10 15:59:52 +02:00
Nikita Popov
c91f652ddb Fixed bug #73273 
As well as a few other $_SESSION separation issues.
 2016-10-10 12:20:44 +02:00
Christoph M. Becker
fb08216b08 Merge branch 'PHP-5.6' into PHP-7.0 2016-10-10 11:45:53 +02:00
Christoph M. Becker
fc989fc6e7 Fix #73279: Integer overflow in gdImageScaleBilinearPalette() 
The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default for `char`.

Port of <https://github.com/libgd/libgd/commit/77c8d359>.
 2016-10-10 11:41:39 +02:00
Christoph M. Becker
c930714cbe Merge branch 'PHP-5.6' into PHP-7.0 2016-10-09 15:14:17 +02:00
Christoph M. Becker
b92216b97d Fix #73272: imagescale() affects imagesetinterpolation() 
We must not permanently change the interpolation method, but rather
have to restore the old method after we're done with scaling the image.
 2016-10-09 15:10:34 +02:00
Anatol Belski
6f84ac721b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  fix leak
 2016-10-08 19:25:36 +02:00
Anatol Belski
3c5742ebd7 fix leak 2016-10-08 19:07:35 +02:00
Nikita Popov
159de7723e Merge branch 'PHP-5.6' into PHP-7.0 2016-10-08 01:06:02 +02:00
Nikita Popov
b061fa909d Fix bug #73192 2016-10-08 01:04:22 +02:00
Nikita Popov
bc3a0b82b8 Revert "Fixed test" 
This reverts commit a10d03ac16.
 2016-10-08 00:43:36 +02:00
Nikita Popov
1c468ee044 Revert "Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986" 
This reverts commit 085dfca02b.
 2016-10-08 00:43:17 +02:00
Christoph M. Becker
825e0fd430 Document that ext/shmop deals with resources as of PHP 7.0.0 
Second attempt
 2016-10-07 16:35:37 +02:00
Anatol Belski
5b79e95f7b Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #73037, second round
 2016-10-05 15:03:38 +02:00
Anatol Belski
07546496b1 Fix bug #73037, second round 2016-10-05 14:54:06 +02:00
Stanislav Malyshev
d946d10293 Bug #73218: add mitigation for ICU int overflow 2016-10-04 22:40:43 -07:00
Stanislav Malyshev
56e19b7c75 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed test
  Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986
  Apparently negative wordwrap is a thing and should work as length = 0.
 2016-10-04 21:56:28 -07:00
Stanislav Malyshev
d3eb58332a Add more locale length checks, due to ICU bugs. 2016-10-04 21:28:40 -07:00
Ilia Alshanetsky
a10d03ac16 Fixed test 2016-10-04 21:20:38 -07:00
Ilia Alshanetsky
085dfca02b Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986 2016-10-04 21:20:31 -07:00
Stanislav Malyshev
8ea01d5f19 Apparently negative wordwrap is a thing and should work as length = 0. 
I'll leave it as is for now.
 2016-10-03 19:17:42 -07:00
Stanislav Malyshev
631173aa5c Really fix bug #73017 2016-10-03 18:07:21 -07:00
Keith Smiley
31cbce341c soap #69137 - Fix SSL verify when using a proxy 
Name verification was failing because the OpenSSL extension was picking
the proxy server's address when guessing which name to compare to the
SSL certificate. This scenario is already handled for stream wrappers
in http_fopen_wrapper.c. This patch applies the same fix to the SOAP
extension: when a proxy is used, set peer_name explicitly on the stream
context.
 2016-10-03 14:02:34 -04:00
Stanislav Malyshev
ef801b9bf9 Fix bug #73208 - another missing length check 2016-10-03 00:12:14 -07:00
Stanislav Malyshev
40e7baab3c Fix bug #73190: memcpy negative parameter _bc_new_num_ex 2016-10-03 00:09:02 -07:00
Christoph M. Becker
12967bc346 Merge branch 'PHP-5.6' into PHP-7.0 2016-09-30 23:54:18 +02:00
Christoph M. Becker
9acfb1a3a5 Fix #73213: Integer overflow in imageline() with antialiasing 
We port the respective fixes <https://github.com/libgd/libgd/commit/eca37d620>
and <https://github.com/libgd/libgd/commit/837b7327> to our bundled libgd.
 2016-09-30 23:38:13 +02:00