Derick Rethans
7759d6b0db
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-11 11:32:10 +01:00
Derick Rethans
6a5e1783b7
Generate new .c file from .re file, as that was missing on my previous commit
2016-07-11 11:31:43 +01:00
Xinchen Hui
a19655cfe3
Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash)
2016-07-11 11:51:19 +08:00
Stanislav Malyshev
98b9dfaec9
Fix for HTTP_PROXY issue.
...
The following changes are made:
- _SERVER/_ENV only has HTTP_PROXY if the local environment has it,
and only one from the environment.
- getenv('HTTP_PROXY') only returns one from the local environment
- getenv has optional second parameter, telling it to only consider
local environment
2016-07-10 16:21:11 -07:00
Matteo Beccati
4d677ae0e2
Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
2016-07-10 14:36:07 +02:00
Matteo Beccati
11d74b5b79
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #70313 PDO statement fails to throw exception
2016-07-10 14:34:59 +02:00
Matteo Beccati
219ebcb689
Fixed bug #70313 PDO statement fails to throw exception
2016-07-10 14:33:56 +02:00
Julien Pauli
13a5c54068
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Updated NEWS
update filter_var filters for ipv4 addresses to reflect rfc6890
2016-07-08 16:31:53 +02:00
Jos Elstgeest
6fc7817558
update filter_var filters for ipv4 addresses to reflect rfc6890
2016-07-08 16:30:06 +02:00
Adam Baratz
8db64e919c
Correct for connection with PDO::ATTR_STRINGIFY_FETCHES set to false
2016-07-08 15:54:52 +02:00
Christoph M. Becker
82637e8187
Fix #69975 : PHP segfaults when accessing nvarchar(max) defined columns
...
The SQL Server Native Client 11.0 and maybe other ODBC drivers report
NVARCHAR(MAX) columns as SQL_WVARCHAR with size 0. This causes too small a
buffer to be emalloc'd, likely causing a segfault in the following. As we don't
know the real size of the column data, we treat such colums as
SQL_WLONGVARCHAR.
The related bug #67437 suggests that some drivers report a size of ~4GB. It is
not certain that this is really the case (there might be some integer overflow
involved, and anyway, there has been no feedback), so we do not cater for this
now. However, it would not be hard to treat all sizes above a certain threshold
in a similar way, i.e. as SQL_WLONGVARCHAR.
(cherry picked from commit 16db4d1462
)
(cherry picked from commit 344ff5dd4c
)
2016-07-08 15:33:46 +02:00
Julien Pauli
87fe485c35
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Updated NEWS
Backported bug #71144 (Segmentation fault when using cURL with ZTS)
fix bug #72024 (microtime() leaks memory)
Conflicts:
ext/curl/interface.c
2016-07-08 15:05:13 +02:00
Julien Pauli
78d5783b62
Backported bug #71144 (Segmentation fault when using cURL with ZTS)
2016-07-08 14:58:56 +02:00
Michael Maroszek
0be13d2dc2
fix bug #72024 (microtime() leaks memory)
2016-07-08 14:36:44 +02:00
Remi Collet
99d6e09c3d
Fixed Bug #72564 boolean always deserialized as "true"
2016-07-08 10:46:33 +02:00
Remi Collet
76a143c27c
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
add test for bug #72564 (7.x regression)
2016-07-08 10:45:32 +02:00
Remi Collet
bfc42211d3
add test for bug #72564 (7.x regression)
2016-07-08 10:45:13 +02:00
Christopher Jones
fae6407314
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-07 11:52:39 +10:00
Christopher Jones
8b905e337c
Mask DB usernames from expected test output for test portability
2016-07-07 11:52:17 +10:00
Lauri Kenttä
3104759915
base64_decode: fix bug #72264 ('VV= =' shouldn't fail in strict mode)
2016-07-07 01:27:23 +02:00
Lauri Kenttä
0259459486
base64_decode: remove redundant code
...
case 1 is already handled in the first lines of the for loop;
it would only be entered in the invalid case where the string
continues past the defined length (ch != 0 but length-- == 0).
case 2 and case 3 are redundant, since k >= j and later the
string is truncated to j characters anyway.
2016-07-07 01:27:23 +02:00
Lauri Kenttä
c1ac081bf1
base64_decode: fix bug #72263 (skips char after padding)
2016-07-07 01:27:23 +02:00
Lauri Kenttä
b9c9be13cc
base64_decode: fix bug #72152 (fail on NUL bytes in strict mode)
...
This added check is actually for NOT failing in NON-strict mode.
The ch == -2 check later causes the desired failure in strict mode.
2016-07-07 01:27:23 +02:00
Lauri Kenttä
ef6f163161
base64_decode: remove redundant check
...
If length == 0 || *current != '=' is false, the for loop will always
end up in this same point, until the if statement becomes true.
Thus, the if statement is not needed.
2016-07-07 01:27:23 +02:00
Lauri Kenttä
c65de8ac13
base64_decode: reorder to fix out of bounds read
2016-07-07 01:27:22 +02:00
Derick Rethans
a4e140e6ab
Updated to version 2016.6 (2016f)
2016-07-06 11:15:45 +01:00
Derick Rethans
884db2f7be
Updated to version 2016.6 (2016f)
2016-07-06 11:15:42 +01:00
Anatol Belski
b63d41e1e5
add tests for bug #72512
2016-07-06 10:40:52 +02:00
Matteo Beccati
ff7c981d19
Rewrite test to avoid sending emails
...
A properly configured email server was generating bounce emails when running
the test.
2016-07-06 07:08:43 +02:00
Christoph M. Becker
c015095042
Merge branch 'PHP-5.6' into PHP-7.0
...
# Resolved conflicts:
# ext/spl/spl_directory.c
2016-07-05 16:43:39 +02:00
Valentin VALCIU
4c24f170ea
Fix bug #55701 : GlobIterator throws LogicException
...
GlobIterator throws LogicException with message 'The parent constructor was
not called' on its first operation when the glob expression doesn't match
any file. It also throws on the first operation after the iteration
completes, when the glob expression matches some files.
# Resolved conflicts:
# ext/spl/spl_directory.c
2016-07-05 16:39:25 +02:00
Adam Baratz
f22bc6438d
Use size_t instead of int for loop counter
2016-07-05 16:09:27 +02:00
Anatol Belski
8bd8a64db6
fix possible optimization bug
2016-07-05 15:07:24 +02:00
Anatol Belski
4576c41291
fix possible optimization bug
2016-07-05 14:57:16 +02:00
Stanislav Malyshev
e1ba58f068
Fix bug #70480 (php_url_parse_ex() buffer overflow read)
...
(cherry picked from commit 629e4da7cc
)
2016-07-05 10:59:02 +02:00
Pierre Joye
7b2c22696a
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
2016-07-04 10:35:20 +02:00
Christoph M. Becker
60fc27f912
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-04 03:18:50 +02:00
Christoph M. Becker
717a043a32
Fix typo in comment
2016-07-04 03:17:17 +02:00
Xinchen Hui
f6aaaf02a9
Merge branch 'PHP-7.0' of git.php.net:/php-src into PHP-7.0
...
* 'PHP-7.0' of git.php.net:/php-src:
update NEWS
extend test
Fixed bug #72534 stream_socket_get_name crashes
2016-07-03 23:57:42 +08:00
Xinchen Hui
612aff3a8a
Fixed bug #72538 (readline_redisplay crashes php)
2016-07-03 23:56:27 +08:00
Anatol Belski
8b229bfeeb
extend test
2016-07-03 17:13:46 +02:00
Anatol Belski
ea9da7529c
Fixed bug #72534 stream_socket_get_name crashes
2016-07-03 17:09:19 +02:00
Xinchen Hui
6744737577
Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow)
2016-07-03 09:30:33 +08:00
Anatol Belski
3455848dfe
Fixed bug #72498 variant_date_from_timestamp null dereference
2016-07-01 18:41:50 +02:00
Xinchen Hui
de7a6b1232
MFH: Fixed fd leak (the origin commit can not be cherry-picked)
2016-06-28 11:36:27 +08:00
Stanislav Malyshev
b8487b6a7d
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fix the fix for #72403 on nl2br
5.5.38 now
Conflicts:
configure.in
main/php_version.h
2016-06-27 12:32:11 -07:00
Stanislav Malyshev
25bd11cf27
Fix the fix for #72403 on nl2br
2016-06-27 12:30:42 -07:00
Christoph M. Becker
0f03224d59
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-27 17:09:55 +02:00
Christoph M. Becker
57940605da
Fix #70628 : Clearing bindings on an SQLite3 statement doesn't work
...
Obiously, it isn't sufficient to call sqlite3_clear_bindings() alone, but
also the bound_params of the php_sqlite3_stmt have to be cleared.
2016-06-27 17:06:27 +02:00
Stanislav Malyshev
cab1c3b370
Fixed bug #72479 - same as #72434
2016-06-26 18:02:58 -07:00
Xinchen Hui
53de1c2830
Fixed format
2016-06-24 21:13:04 +08:00
Anatol Belski
056c2ce349
yet another test rewrite
2016-06-23 09:42:17 +02:00
Xinchen Hui
bd74e7d013
Fixed bug #72476 (Memleak in jit_stack)
2016-06-23 14:06:48 +08:00
Anatol Belski
4edbac6ec5
rewrite test
2016-06-22 19:46:02 +02:00
Anatol Belski
e453904251
Fixed bug #72463 mail fails with invalid argument
2016-06-22 19:06:33 +02:00
Anatol Belski
c196f9cdf7
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix test cleanup
2016-06-22 12:22:03 +02:00
Anatol Belski
4638ba9c07
fix test cleanup
2016-06-22 12:20:02 +02:00
Anatol Belski
98f6248dcf
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix dir separator in test
2016-06-22 11:44:14 +02:00
Anatol Belski
de1c407348
fix dir separator in test
2016-06-22 11:41:05 +02:00
Anatol Belski
ed10168b30
fix two remaining tests
2016-06-21 17:24:08 +02:00
Anatol Belski
1d5a4520be
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix test
2016-06-21 16:22:51 +02:00
Anatol Belski
e3bd360ec9
fix test
...
There is a difference between TS and NTS warning message, since
virtual_mkdir vs glibc directly is used. This has no effect for
the actual fix functionality.
2016-06-21 16:20:03 +02:00
Anatol Belski
5a9f0c77ad
re-fix leak
2016-06-21 15:21:58 +02:00
Anatol Belski
a00350486f
re-fix leak
2016-06-21 15:18:10 +02:00
Anatol Belski
9a9249a8d0
Revert "fix leak"
...
This reverts commit 757105e2a2
.
2016-06-21 14:58:15 +02:00
Anatol Belski
e6cc30e167
Revert "fix leak"
...
This reverts commit c5d9c50897
.
2016-06-21 14:51:43 +02:00
Anatol Belski
757105e2a2
fix leak
2016-06-21 13:26:12 +02:00
Anatol Belski
c5d9c50897
fix leak
2016-06-21 12:29:41 +02:00
Remi Collet
69fd1133d0
bump zip version
2016-06-21 11:16:21 +02:00
Anatol Belski
2af71a04b0
remove the huge test file, generate it on the fly instead
2016-06-21 09:48:11 +02:00
Anatol Belski
fd93c8601d
remove the huge test file, generate it on the fly instead
2016-06-21 09:45:26 +02:00
Anatol Belski
0c7250f260
remove the huge test file, generate it on the fly instead
2016-06-21 09:42:38 +02:00
Stanislav Malyshev
8705254f2d
Merge branch 'PHP-7.0.8' into PHP-7.0
...
* PHP-7.0.8:
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
fix NEWS
set versions
Conflicts:
configure.in
main/php_version.h
2016-06-21 00:25:49 -07:00
Stanislav Malyshev
2a65544f78
Merge branch 'PHP-5.6.23' into PHP-7.0.8
...
* PHP-5.6.23: (24 commits)
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Fix bug #72140 (segfault after calling ERR_free_strings())
...
Conflicts:
configure.in
ext/mbstring/php_mbregex.c
ext/mcrypt/mcrypt.c
ext/spl/spl_array.c
ext/spl/spl_directory.c
ext/standard/php_smart_str.h
ext/standard/string.c
ext/standard/url.c
ext/wddx/wddx.c
ext/zip/php_zip.c
main/php_version.h
2016-06-21 00:24:32 -07:00
Stanislav Malyshev
c9b24ef307
Merge branch 'PHP-5.6.23' into PHP-5.6
...
* PHP-5.6.23:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
Fix bug #72321 - use efree() for emalloc allocation
5.6.23RC1
Conflicts:
configure.in
main/php_version.h
2016-06-21 00:02:37 -07:00
Stanislav Malyshev
7dde353ee7
Merge branch 'PHP-5.5' into PHP-5.6.23
...
* PHP-5.5:
Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
update NEWS
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
Conflicts:
configure.in
ext/mcrypt/mcrypt.c
ext/spl/spl_directory.c
main/php_version.h
2016-06-21 00:01:48 -07:00
Stanislav Malyshev
c395c6e5d7
iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
2016-06-20 23:58:26 -07:00
Stanislav Malyshev
e1d2f86a41
Merge branch 'PHP-5.5.37' into PHP-5.5
...
* PHP-5.5.37:
fix tests
fix build
Fix bug #72455 : Heap Overflow due to integer overflows
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275 : don't allow smart_str to overflow int
Fix bug #72340 : Double Free Courruption in wddx_deserialize
2016-06-20 23:31:54 -07:00
Stanislav Malyshev
5f107ab8a6
fix tests
2016-06-20 22:54:55 -07:00
Stanislav Malyshev
7f428cae88
fix build
2016-06-20 22:13:31 -07:00
Stanislav Malyshev
6c5211a0ce
Fix bug #72455 : Heap Overflow due to integer overflows
2016-06-20 21:51:42 -07:00
Stanislav Malyshev
f6aef68089
Fix bug #72434 : ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
2016-06-20 21:35:22 -07:00
Stanislav Malyshev
3f627e580a
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
2016-06-20 21:26:33 -07:00
Christoph M. Becker
5cc924e5c2
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-20 15:20:58 +02:00
Christoph M. Becker
4b4275059f
Fix #64641 : imagefilledpolygon doesn't draw horizontal line
...
As has been reported, 1-dimensional horizontal filled polygons are not drawn
at all. That is caused by the scanline algorithm used for drawing filled
polygons which skips the drawing of horizontal edges, because that is
normally not necessary. If, however, the polygon consists of horizontal
edges only, that obviously doesn't work, so we add a special case handling.
That has also been fixed in libgd with
<https://github.com/libgd/libgd/commit/f9f10fa9 >.
2016-06-20 15:17:52 +02:00
Stanislav Malyshev
8c0133f0eb
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #72447 : Type Confusion in php_bz2_filter_create()
Conflicts:
ext/bz2/bz2_filter.c
2016-06-18 22:11:23 -07:00
Stanislav Malyshev
42b2d7fec5
Fix bug #72447 : Type Confusion in php_bz2_filter_create()
2016-06-18 22:10:22 -07:00
Stanislav Malyshev
b9ec171e7d
Fix bug #72407 : NULL Pointer Dereference at _gdScaleVert
2016-06-18 21:57:25 -07:00
Stanislav Malyshev
5b597a2e5b
Fix bug #72402 : _php_mb_regex_ereg_replace_exec - double free
2016-06-18 21:48:39 -07:00
Stanislav Malyshev
e9ac8954be
Fix bug #72298 pass2_no_dither out-of-bounds access
2016-06-18 21:06:09 -07:00
Pierre Joye
7722455726
Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
2016-06-18 20:15:10 +02:00
Christoph M. Becker
eb456d2d27
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-17 17:52:10 +02:00
Christoph M. Becker
ed0ec66996
Fix #53640 : XBM images require width to be multiple of 8
2016-06-17 17:50:36 +02:00
Xinchen Hui
958f18c1a1
Fixed "implicit declaration of function ‘msgformat_fix_quotes’"
2016-06-17 15:59:41 +08:00
Jakub Zelenka
307e546e1a
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-16 20:11:54 +01:00
Jakub Zelenka
0c34f53c93
Fix incorrect error suppressing in openssl_error_string test
2016-06-16 20:11:02 +01:00
Jakub Zelenka
84948e6382
Fix occasionally failing OpenSSL DH bug test
...
The test was failing when first byte was 0
2016-06-16 20:09:17 +01:00
Christoph M. Becker
60feda4ea4
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-16 14:06:39 +02:00
Christoph M. Becker
8aa511f1fc
Fix #43475 : Styled thick horizontal lines are scrambled
...
Thick lines are drawn by gdImageFilledRectangle(), which iterates over
the x ordinate first (Z order) to apply the style pattern. While this works
fine for vertical and diagonal lines, it obviously fails for horizontal
lines, which have to be iterated over in N order.
To fix this bug, we introduce the helpers gdImageFilled(H|V)Rectangle(),
which may be reused for other purposes as well.
This is basically the same fix as libgd/libgd/c2b91dbc.
2016-06-16 13:59:00 +02:00
Stanislav Malyshev
7245bff300
Fix bug #72262 - do not overflow int
2016-06-15 21:58:26 -07:00
Stanislav Malyshev
88746d60ab
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
2016-06-15 21:51:28 -07:00
Derick Rethans
8267a5fba7
Fixed expected test outcome due to rule changes
2016-06-15 18:31:41 +01:00
Derick Rethans
76ec139a0a
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-15 18:30:03 +01:00
Derick Rethans
e0e83c0180
Fixed expected test outcome due to rule changes
2016-06-15 18:29:40 +01:00
Derick Rethans
020541587a
Updated to version 2016.5 (2016e)
2016-06-15 11:58:50 +01:00
Derick Rethans
fffa1aa0f3
Updated to version 2016.5 (2016e)
2016-06-15 11:58:47 +01:00
Xinchen Hui
c3fc4194ea
Merge branch 'PHP-7.0' of git.php.net:/php-src into PHP-7.0
...
* 'PHP-7.0' of git.php.net:/php-src:
Maybe fix bug #72011
Fix #50845 : exif_process_IFD_TAG: Use the right offset if reading from stream
Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
2016-06-15 14:56:07 +08:00
Xinchen Hui
999a3553d5
Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)
...
according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6
2016-06-15 14:54:57 +08:00
Nikita Popov
93f7939891
Merge branch 'PHP-5.6' into PHP-7.0
...
Conflicts:
ext/date/php_date.c
2016-06-14 22:38:44 +02:00
Nikita Popov
248fdfcf73
Maybe fix bug #72011
2016-06-14 22:37:27 +02:00
Stanislav Malyshev
49b1290617
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix #50845 : exif_process_IFD_TAG: Use the right offset if reading from stream
2016-06-14 10:50:45 -07:00
Bartosz Dziewoński
1ab5a1b432
Fix #50845 : exif_process_IFD_TAG: Use the right offset if reading from stream
...
When the location of the data is outside of the range we have
preloaded (for example, if it's before the beginning of the IFD
structure), we have to read it from the stream into a separate buffer.
The offset calculations in this case were incorrect, resulting in
bogus values being read for the affected fields (sometimes parts of
other fields, sometimes binary data).
The included test image, sourced from [1], is in the public domain.
[1] https://commons.wikimedia.org/wiki/File:U.S._Marines_Prepare_to_board_an_MV-22_Osprey_160509-M-AF202-041.jpg
2016-06-14 10:48:08 -07:00
Stanislav Malyshev
4c968c6ddd
Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
2016-06-14 01:03:03 -07:00
Stanislav Malyshev
489fd56fe3
Fix bug #72275 : don't allow smart_str to overflow int
2016-06-14 00:02:17 -07:00
Xinchen Hui
3d56418722
Fixed bug #72399 (Use-After-Free in MBString (search_re))
2016-06-13 18:20:26 -07:00
Xinchen Hui
d1ab974f0b
Fixed bug #72306 (Heap overflow through proc_open and $env parameter)
2016-06-13 21:08:04 +08:00
Stanislav Malyshev
a44c89e8af
Fix bug #72340 : Double Free Courruption in wddx_deserialize
2016-06-12 23:18:23 -07:00
Christoph M. Becker
f96ebb0986
Fix #66387 : Stack overflow with imagefilltoborder
...
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
2016-06-13 08:10:36 +02:00
Stanislav Malyshev
d144590d38
Fix bug #72321 - use efree() for emalloc allocation
2016-06-12 21:35:13 -07:00
Jakub Zelenka
a2f4c32eb1
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-12 18:39:32 +01:00
Jakub Zelenka
0e2447cd11
Fix bug #71915 (openssl_random_pseudo_bytes is not fork-safe)
...
Add time to the entropy before using RAND_bytes
2016-06-12 18:14:21 +01:00
Jakub Zelenka
54310d95f9
Fix bug #72336 (openssl_pkey_new does not fail for invalid DSA params)
2016-06-12 18:14:21 +01:00
Jakub Zelenka
4056edd20d
Update openssl_error_string to run and be more forgiving
2016-06-12 18:14:21 +01:00
Christoph M. Becker
07a793810f
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-09 15:35:28 +02:00
Christoph M. Becker
1f7cc24df7
Merge branch 'pull-request/1930' into PHP-5.6
2016-06-09 15:28:58 +02:00
Dmitry Stogov
bfcf32237e
Fixed bug #72369 (array_merge() produces references in PHP7)
2016-06-09 15:07:44 +03:00
Jakub Zelenka
84dce33b04
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-08 18:36:36 +01:00
Jakub Zelenka
05033c9ebd
Fix bug #72140 (segfault after calling ERR_free_strings())
2016-06-08 18:21:39 +01:00
Pierre Joye
4d81bf937f
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
prevent invalid color index (palette only), may lead to crash
Add CVE to #66387
add missing NEWS entry
2016-06-08 11:07:32 +07:00
Pierre Joye
6d3fa654b7
prevent invalid color index (palette only), may lead to crash
2016-06-08 11:06:48 +07:00
Pierre Joye
1bbd7fc7eb
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
#72337 invalid dimensions can lead to segv
2016-06-07 17:18:14 +07:00
Pierre Joye
f80125950c
#72337 invalid dimensions can lead to segv
2016-06-07 17:16:40 +07:00
Anatol Belski
edb8c3f6e3
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Add test for bug #53735
2016-06-06 21:07:45 +02:00
Anatol Belski
2a0ed8a2eb
Add test for bug #53735
2016-06-06 21:06:06 +02:00
Anatol Belski
3e6c02b91a
fix ibase handle initialization, mostly compiler warnings
2016-06-06 13:30:17 +02:00
Anatol Belski
174c3371bd
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix typo
2016-06-06 08:58:08 +02:00
Anatol Belski
eaef8f6db2
fix typo
2016-06-06 08:56:40 +02:00
Anatol Belski
075c75873e
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix broken skipif and add xfail for now
2016-06-06 08:21:39 +02:00
Anatol Belski
1b2afd478b
fix broken skipif and add xfail for now
2016-06-06 08:20:01 +02:00
Anatol Belski
6ec8b2c57d
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
missing return
2016-06-06 07:33:36 +02:00
Anatol Belski
c05b417718
missing return
2016-06-06 07:28:12 +02:00
Jakub Zelenka
1f7535234e
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-05 17:30:03 +01:00
Jakub Zelenka
d4615d1118
Add new test for openssl_pkey_new
2016-06-05 17:27:47 +01:00
Jakub Zelenka
497fe33d6f
Add test for openssl_error_string
...
This test is important for making sure that the error strings
from OpenSSL works as expected and we can safely add a fix
for storing the strings that is prepared.
2016-06-05 17:23:05 +01:00
Jakub Zelenka
5e9f387175
Remove openssl_x509_parse for OpenSSL 0.9.x
...
The test is unstable and it actually fails with latest 0.9.8
2016-06-05 16:28:50 +01:00
Raphaël Tournoy
1dfdae6de4
fix typo
2016-06-03 17:18:14 +02:00
Anatol Belski
22336db97f
Fixed bug #70484 selectordinal doesn't work with named parameters
2016-06-02 12:17:42 +02:00
Elizabeth Marie Smith
72c9324d70
Fix ODBC bug for varchars returning with length zero
2016-06-02 12:04:10 +02:00
Anatol Belski
79b978db9a
Add test for bug #72294
2016-06-01 11:55:35 +02:00
Anatol Belski
af8fa8e937
Fixed bug #72294 Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor
2016-06-01 11:55:35 +02:00
Xinchen Hui
cf1ad54b64
Also include ini_get
2016-06-01 10:46:04 +08:00
Xinchen Hui
f5bc7e881b
Forgotten test script for bug #72300
2016-06-01 10:43:53 +08:00
Anatol Belski
1d4d8c7436
fix test portability
2016-05-31 18:42:40 +02:00
Xinchen Hui
f2a814df33
Fixed bug #72300 (ignore_user_abort(false) has no effect)
2016-05-31 07:24:02 -07:00
Xinchen Hui
953ee61a49
No sure why this is failed in travis
2016-05-31 17:22:47 +08:00
Xinchen Hui
47fa763fae
Fixed test (keyword is local related)
2016-05-31 16:55:58 +08:00
Xinchen Hui
072bc589fc
Attempt to fix tests fails
2016-05-31 16:48:19 +08:00
Xinchen Hui
d1dd9b4558
Re-Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type)
2016-05-31 11:44:20 +08:00
Xinchen Hui
a811b5e38d
Revert "fix #72155 (use-after-free caused by get_zval_xmlrpc_type)"
...
This reverts commit 1690dcb827
.
2016-05-31 11:32:09 +08:00
Anatol Belski
933d6b188c
fix test title
2016-05-30 12:48:00 +02:00
Anatol Belski
97c530fece
Add test for bug #72258
2016-05-30 12:47:04 +02:00
Anatol Belski
2c80459c24
Expose missing flags from libzip at least >= 0.11.x
...
These are helpful with reading/writing zips containing non UTF-8
filenames to mitigate possibly changed libzip behaviors.
Partial cherry-pick of 893c2405ff
2016-05-30 10:32:43 +02:00
Joe Watkins
1690dcb827
fix #72155 (use-after-free caused by get_zval_xmlrpc_type)
2016-05-30 08:56:50 +01:00
Xinchen Hui
d29bd582a8
Added NEWS Entry
2016-05-28 16:12:10 +08:00
Remi Collet
4dd03651f3
Skip test which is 64bits only
...
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
2016-05-25 16:40:52 +02:00
Remi Collet
ce932f6479
Skip test which is 64bits only
...
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
2016-05-25 16:17:12 +02:00
Anatol Belski
65a2c451bb
fix test portability
2016-05-25 11:19:19 +02:00
Stanislav Malyshev
2fe563e8d8
Merge branch 'PHP-7.0.7' into PHP-7.0
...
* PHP-7.0.7:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227 : imagescale out-of-bounds read
Fix bug #72241 : get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
set versions
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
configure.in
main/php_version.h
2016-05-24 20:51:52 -07:00
Stanislav Malyshev
3ed0114e7f
Merge branch 'PHP-5.5' into PHP-7.0.7
...
* PHP-5.5:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227 : imagescale out-of-bounds read
Fix bug #72241 : get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
Zend/zend_operators.c
ext/intl/locale/locale_methods.c
ext/phar/dirstream.c
ext/phar/tests/bug71331.phpt
ext/standard/file.c
ext/standard/html.c
2016-05-24 18:05:06 -07:00
Stanislav Malyshev
2464b092eb
Merge branch 'PHP-5.6.22' into PHP-5.6
...
* PHP-5.6.22:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227 : imagescale out-of-bounds read
Fix bug #72241 : get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
prepare for 5.6.22RC1
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
configure.in
main/php_version.h
2016-05-24 17:21:22 -07:00
Stanislav Malyshev
544940c48a
Merge branch 'PHP-5.5' into PHP-5.6.22
...
* PHP-5.5:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227 : imagescale out-of-bounds read
Fix bug #72241 : get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
Zend/zend_operators.c
ext/phar/dirstream.c
ext/phar/tests/bug71331.phpt
2016-05-24 16:56:36 -07:00
Stanislav Malyshev
9a826a3bd9
Fix memory leak in imagescale()
2016-05-24 16:12:01 -07:00
Stanislav Malyshev
e955913115
Better fix for bug #72135
2016-05-24 15:52:15 -07:00
Stanislav Malyshev
7a1aac3343
Fixed bug #72227 : imagescale out-of-bounds read
...
Ported from 4f65a3e4ee
2016-05-23 00:34:35 -07:00
Stanislav Malyshev
97eff7eb57
Fix bug #72241 : get_icu_value_internal out-of-bounds read
2016-05-22 17:49:02 -07:00
Derick Rethans
c572968900
Merge branch 'PHP-5.6' into PHP-7.0
2016-05-18 12:19:49 +01:00
Derick Rethans
f43f6fc39b
Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week)
2016-05-18 12:19:11 +01:00
Dmitry Stogov
d41920c57d
Use PHP_VERSION as OPcahce version
2016-05-17 17:16:10 +03:00
Xinchen Hui
2eb7e75c25
Let's only read-only here
2016-05-17 18:07:20 +08:00
Xinchen Hui
7989db975f
Fixed bug #72229 (Wrong reference when serialize/unserialize an object)
2016-05-17 17:40:26 +08:00
Thomas Punt
0e21742bf8
Tidy up
2016-05-16 19:15:40 +02:00
Thomas Punt
367fde9947
Remove unnecessary boundary checks
2016-05-16 19:15:40 +02:00
Thomas Punt
39052d4d75
Resolve bug #72017
2016-05-16 19:15:40 +02:00
Xinchen Hui
0b3a4c6101
Revert "Revert "fix #72143 (preg_replace uses int instead of size_t on zend_string_allocs)""
...
obviously I read the change is in argument lists by mistake :<
This reverts commit 9e7afa7514
.
2016-05-16 06:22:13 -07:00
Stanislav Malyshev
0da8b8b801
Fix bug #72135 - don't create strings with lengths outside int range
2016-05-15 23:26:51 -07:00
Xinchen Hui
9e7afa7514
Revert "fix #72143 (preg_replace uses int instead of size_t on zend_string_allocs)"
...
ABI break
This reverts commit fb951553be
.
2016-05-16 11:24:16 +08:00
Joe Watkins
fb951553be
fix #72143 (preg_replace uses int instead of size_t on zend_string_allocs)
2016-05-14 08:20:41 +01:00
Joe Watkins
b165114013
fix #72206 (xml_parser_create/xml_parser_free leaks mem)
2016-05-14 08:10:16 +01:00
Anatol Belski
9f50bb5bfa
workaround the extra new line in the test out on another env
2016-05-12 12:45:04 +02:00
Anatol Belski
7f6e285430
Fixed bug #72197 pg_lo_create arbitrary read
2016-05-12 11:40:28 +02:00
Xinchen Hui
92828ae204
Committed by accident
2016-05-12 13:40:22 +08:00
Xinchen Hui
3c0341e6f9
Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free)
2016-05-12 13:15:33 +08:00
Xinchen Hui
df404e2e0e
Fixed Bug #72193 (dns_get_record returns array containing elements of type 'unknown')
2016-05-11 17:31:46 +08:00
Xinchen Hui
66ad4fc393
Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound)
2016-05-11 11:12:27 +08:00
Dmitry Stogov
f7372f648f
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
The "flock" structure has to be writable on AIX.
2016-05-10 17:53:33 +03:00
Dmitry Stogov
90f43caf5b
The "flock" structure has to be writable on AIX.
2016-05-10 17:50:14 +03:00
Nikita Popov
a1ed4ab3ca
Fixed bug #72174
...
Also fixes a memory leak if ::getValue() is used with __get().
2016-05-10 12:13:10 +02:00
Stanislav Malyshev
abd159cce4
Fix bug #72114 - int/size_t confusion in fread
2016-05-09 21:55:29 -07:00
Anatol Belski
fc2a45b70a
Revert "Fixed bug #71820 pg_fetch_object bind parameters before call constructor"
...
This reverts commit b4eedd128b
.
This fixed bug #72151 , and reverts the fix for bug #71820 .
See also bug #50636 and #49521 for the history.
2016-05-09 17:25:53 +02:00
Anatol Belski
1cc536af5a
Revert "Backport patch for bug #71820 "
...
This reverts commit 1b632cfe83
.
This fixed bug #72151 , and reverts the fix for bug #71820 .
See also bug #50636 and #49521 for the history.
2016-05-09 17:15:40 +02:00
Xinchen Hui
197470b62f
Revert "Fixed bug #72170 (JsonSerializable may inc apply count without dec it)"
...
This reverts commit 459a7cc209
.
2016-05-06 20:25:24 +08:00
Xinchen Hui
459a7cc209
Fixed bug #72170 (JsonSerializable may inc apply count without dec it)
...
I don't want use zend_try here, but seems I have no choice :<
2016-05-06 18:38:26 +08:00
Anatol Belski
5afba67bfe
Re-fix #72165
...
Reverted previous wrong patch, throw warning for numeric keys.
Numeric field names are not supported, see "distinguished name"
section here https://www.openssl.org/docs/manmaster/apps/req.html
2016-05-06 09:30:41 +02:00
Anatol Belski
dd5479ea4c
Revert "Fixed bug #72165 Null pointer dereference - openssl_csr_new"
...
This reverts commit 7277c85765
.
2016-05-06 09:19:04 +02:00
Anatol Belski
7277c85765
Fixed bug #72165 Null pointer dereference - openssl_csr_new
2016-05-06 09:01:27 +02:00
Xinchen Hui
395863b1d1
Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace)
2016-05-05 17:27:34 +08:00
Xinchen Hui
c15b6134f6
Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite)
2016-05-05 15:18:17 +08:00
Xinchen Hui
1a5d58b28f
Fixed bug #72157 (use-after-free caused by dba_open)
2016-05-05 11:12:17 +08:00
Nikita Popov
0691e7a8e1
Fix JMPZ, JMPZNZ_EX chain optimization
...
The result_type was not copied, resulting in a corrupted JMPZ_EX.
Fix can be verified by inspecting the opcodes of the following
function (it should not contain any _EX opcodes):
function test() {
if ($a && $b) {
echo "a";
}
if ($b || $c || $d) {
echo "b";
}
}
Conflicts:
ext/opcache/Optimizer/block_pass.c
2016-05-05 00:00:56 +02:00
Anatol Belski
2d0081cebd
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
add test fo rbug 71805
2016-05-03 19:10:40 +02:00
Anatol Belski
5351151352
add test fo rbug 71805
2016-05-03 19:09:11 +02:00
Chris Wright
e8abb70fc9
Implement socket_export_stream()
2016-05-02 17:08:15 +02:00
Anatol Belski
5360b3de33
fix test if unlink fails occasionally
2016-05-01 19:25:39 +02:00
Nikita Popov
8e855534b7
Fix posix build
2016-05-01 13:07:01 +02:00
Xinchen Hui
895337ddbd
Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL)
2016-05-01 11:00:41 +08:00
Sara Golemon
d0b952260e
Create temporary sqlite db in test dir rather than cwd (and clean it up)
...
Well behaved tests do not leave their droppings all over the filesystem.
2016-04-30 06:02:01 +00:00
Anatol Belski
8c74f03c10
fix test
2016-04-29 14:30:19 +02:00
Pierrick Charron
3c92f113e4
Expose some of the new curl constants to PHP userspace
2016-04-29 14:19:55 +02:00
Joe Watkins
dbae1653da
fix size_t signed comparison
2016-04-29 10:19:55 +01:00
Xinchen Hui
a5718539b1
Fixed build
2016-04-29 11:13:15 +08:00
Stanislav Malyshev
9649ca1630
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
2016-04-28 20:57:44 +03:00
Joe Watkins
64721f143a
Merge branch 'PHP-7.0' of https://github.com/php/php-src into PHP-7.0
2016-04-28 15:41:23 +01:00
Joe Watkins
e27a43b7be
variable used out of scope
2016-04-28 15:40:28 +01:00
Bob Weinand
74ef863f5d
Fixed bug #72116 (7.0.6 array_fill optimization breaks implementation)
2016-04-28 11:02:47 +02:00
Xinchen Hui
a05320c419
Use zend_string_safe_alloc
2016-04-27 20:29:11 +08:00
Anatol Belski
25ef19f927
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix/improve tests
2016-04-27 13:19:29 +02:00
Anatol Belski
a21a997478
fix/improve tests
2016-04-27 13:16:57 +02:00
Anatol Belski
4bc97db0b8
fix merge
2016-04-27 12:24:28 +02:00
Anatol Belski
33d41da347
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix memory leak
Fix bug #72099 : xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093 : bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
2016-04-27 11:45:29 +02:00
Stanislav Malyshev
e315a162da
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Fix memory leak
Fix bug #72099 : xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093 : bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
Conflicts:
configure.in
main/php_version.h
2016-04-26 23:48:41 -07:00
Stanislav Malyshev
a32e143d4e
fix build
2016-04-26 23:04:29 -07:00
Stanislav Malyshev
ccc12efa32
Fix bug #71923 - integer overflow in ZipArchive::getFrom*
2016-04-26 22:59:09 -07:00
Stanislav Malyshev
61c7a06e7c
Fix memory leak
2016-04-26 22:54:58 -07:00
Stanislav Malyshev
dccda88f27
Fix bug #72099 : xml_parse_into_struct segmentation fault
2016-04-26 22:46:28 -07:00
Xinchen Hui
c89b7a4860
Use zend_string_safe_alloc
2016-04-27 12:45:02 +08:00
Dmitry Stogov
4ce8a15eae
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed test on 32-bit platforms (split into 32-bit and 64-bit versions)
2016-04-26 13:44:52 +03:00
Dmitry Stogov
9f389cccfd
Fixed test on 32-bit platforms (split into 32-bit and 64-bit versions)
2016-04-26 13:43:18 +03:00
Dmitry Stogov
8f0ceb97cf
Fixed bug #72100 (implode() inserts garbage into resulting string when joins very big integer). (Mikhail Galanin)
2016-04-26 13:04:06 +03:00
Stanislav Malyshev
082aecfc3a
Fix bug #72094 - Out of bounds heap read access in exif header processing
2016-04-24 19:33:52 -07:00
Stanislav Malyshev
d650063a04
Fix bug #72093 : bcpowmod accepts negative scale and corrupts _one_ definition
...
We can not modify result since it can be copy of _zero_ or _one_, etc. and
"copy" in bcmath is just bumping the refcount.
2016-04-24 18:33:32 -07:00
Stanislav Malyshev
fd9689745c
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
2016-04-24 13:15:17 -07:00
Pierrick Charron
a2d78d1a5f
Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE)
2016-04-23 22:55:00 -04:00
Pierrick Charron
043ce195c6
Fix cURL test to use local server instead of google
2016-04-23 18:37:55 -04:00
Anatol Belski
e0edb25cf2
Fixed bug #72035 php-cgi.exe fails to run scripts relative to drive root
2016-04-23 18:55:52 +02:00
Xinchen Hui
589d0e0f18
Fixed bug #72069 (Behavior \JsonSerializable different from json_encode)
2016-04-22 21:41:44 -07:00
Xinchen Hui
9eb7c8cd3b
Fixed bug #72075 (Referencing socket resources breaks stream_select)
2016-04-22 21:21:49 -07:00
Nikita Popov
988bdd0908
Fix escape sequences in pgsql.c
2016-04-21 23:41:59 +02:00
Stanislav Malyshev
c02301b666
Better fix for #71952
2016-04-19 23:44:00 -07:00
Stanislav Malyshev
086729bb6c
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #71952 : Corruption inside imageaffinematrixget
Conflicts:
ext/gd/gd.c
2016-04-18 23:34:26 -07:00
Stanislav Malyshev
f061867fd3
Fix bug #71952 : Corruption inside imageaffinematrixget
2016-04-18 23:33:21 -07:00