Pierre Joye
b61bd1243a
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
fix #72519 , possible OOB using imagegif
2016-07-19 14:16:01 +07:00
Stanislav Malyshev
33c1a55b40
Apparently some envs miss SIZE_MAX
2016-07-19 00:13:25 -07:00
Pierre Joye
2fbce5f51f
fix #72519 , possible OOB using imagegif
2016-07-19 14:11:44 +07:00
Pierre Joye
740661bd7a
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix #72512 , invalid read or write for palette image when invalid transparent index is used
2016-07-19 13:40:34 +07:00
Pierre Joye
511f07b747
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
fix #72512 , invalid read or write for palette image when invalid transparent index is used
2016-07-19 13:39:46 +07:00
Pierre Joye
0fbcff1b35
fix #72512 , invalid read or write for palette image when invalid transparent index is used
2016-07-19 13:37:23 +07:00
Stanislav Malyshev
08ac37bd2a
Merge branch 'PHP-5.5.38' into PHP-5.5
...
* PHP-5.5.38:
Fix tests
Fix bug #72618 : NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606 : heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558 , Integer overflow error within _gdContributionsAlloc()
Fix bug #72603 : Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
2016-07-18 23:32:38 -07:00
Stanislav Malyshev
1364742be9
Fix tests
2016-07-18 23:30:51 -07:00
Stanislav Malyshev
41131cd41d
Fix bug #72618 : NULL Pointer Dereference in exif_process_user_comment
2016-07-18 23:21:51 -07:00
Stanislav Malyshev
5faa15c4ce
Partial fix for bug #72613 - do not allow reading past error read
2016-07-18 23:01:36 -07:00
Stanislav Malyshev
f3feddb5b4
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
2016-07-18 22:24:52 -07:00
Stanislav Malyshev
e6c48213c2
Fix bug #72606 : heap-buffer-overflow (write) simplestring_addn simplestring.c
2016-07-18 21:44:39 -07:00
Christoph M. Becker
d565d4bc1c
Merge branch 'PHP-5.6' into PHP-7.0
...
# Resolved conflicts:
# ext/gd/gd.c
2016-07-19 00:48:10 +02:00
Christoph M. Becker
3c3980caa1
Merge branch 'pull-request/1991' into PHP-5.6
2016-07-19 00:42:49 +02:00
Christoph M. Becker
6cb75fb1e8
Fix #70315 : 500 Server Error but page is fully rendered
...
That happens because the external libgd uses other error codes than PHP
(and the bundled libgd), but the libgd error codes are simply forwarded
to php_verror(). We fix that by properly mapping libgd errors to PHP errors.
2016-07-19 00:18:07 +02:00
Stanislav Malyshev
d1a491acf3
Fix for bug #72558 , Integer overflow error within _gdContributionsAlloc()
2016-07-18 00:17:48 -07:00
Stanislav Malyshev
e4d55878dd
Merge branch 'PHP-7.0.9' of git.php.net:php-src into PHP-7.0.9
...
* 'PHP-7.0.9' of git.php.net:php-src:
update NEWS
Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
2016-07-17 16:43:27 -07:00
Stanislav Malyshev
eebcbd5de3
Fix bug #72603 : Out of bound read in exif_process_IFD_in_MAKERNOTE
2016-07-17 16:34:21 -07:00
Nikita Popov
31cbe23a9a
Merge branch 'PHP-5.6' into PHP-7.0
...
Conflicts:
Zend/zend_gc.c
2016-07-16 23:02:34 +02:00
Nikita Popov
171c759d79
Revert "Fixed bug #72286 (Segmentation fault During Garbage Collection)"
...
This reverts commit 1c84b55ade
.
2016-07-16 23:02:23 +02:00
Christoph M. Becker
190fbb94e7
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-15 20:02:44 +02:00
Christoph M. Becker
3666cfab97
Fix #72604 : imagearc() ignores thickness for full arcs
...
We remove the special casing for full arcs, what conforms to external libgd.
2016-07-15 19:45:52 +02:00
Christoph M. Becker
b01b093ca9
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-15 01:14:41 +02:00
Christoph M. Becker
a4aa4f9772
Fix bug #66502 : DOM document dangling reference
...
When we decrement the refcount of a node's document, we state that we
won't need it anymore. Therefore we can *always* set the pointer to the
document to NULL, what avoids invalid memory accesses for some edge cases
as demonstrated with the PHPT.
Original patch provided by Sean Heelan.
2016-07-15 01:08:08 +02:00
Nikita Popov
0b0e7520a9
Fix test output
...
The error is now detected earlier, so the message ends up being
different.
2016-07-14 23:22:09 +02:00
Nikita Popov
a50a5c1bf1
Fix is_callable() on abstract method via object
2016-07-14 21:41:41 +02:00
Dmitry Stogov
99a5170781
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fixed bug #72286 (Segmentation fault During Garbage Collection)
2016-07-14 22:38:47 +03:00
Dmitry Stogov
1c84b55ade
Fixed bug #72286 (Segmentation fault During Garbage Collection)
2016-07-14 22:37:25 +03:00
Anatol Belski
d67e92af8a
Merge branch 'PHP-7.0' of git.php.net:php-src into PHP-7.0
2016-07-14 21:21:01 +02:00
Anatol Belski
d4b455ae3f
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Extend libxml exports
Updated NEWS
Fix #69975 : PHP segfaults when accessing nvarchar(max) defined columns
Updated NEWS
Fix bug #70480 (php_url_parse_ex() buffer overflow read)
Update PHP 5.5 NEWS entries with CVE info
2016-07-14 21:16:07 +02:00
Anatol Belski
d0c98366d0
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
Extend libxml exports
Updated NEWS
Fix #69975 : PHP segfaults when accessing nvarchar(max) defined columns
Updated NEWS
Fix bug #70480 (php_url_parse_ex() buffer overflow read)
Update PHP 5.5 NEWS entries with CVE info
2016-07-14 21:13:49 +02:00
Anatol Belski
fe1d6feb3d
Extend libxml exports
...
These are needed to support libxslt 1.1.29 on Windows. This libxslt version
fixes CVE-2015-7995 and for this reason needs to be used.
2016-07-14 21:08:54 +02:00
Nikita Popov
a26748d7be
Fix bad merge
...
In master the operand is fetched earlier, I didn't account for
that.
2016-07-14 20:44:36 +02:00
Nikita Popov
411eee7b5a
Fix leak when creating timezone with null bytes
2016-07-14 18:39:16 +02:00
Nikita Popov
00047fcf84
Fix leak when dynamically calling abstract method
2016-07-14 18:39:08 +02:00
Nikita Popov
587668be56
Fix leak of class name when printing exception backtrace
2016-07-14 18:38:58 +02:00
Nikita Popov
c3804a2cf9
Fix leaks in yield from error conditions
...
Conflicts:
Zend/zend_vm_execute.h
2016-07-14 18:38:45 +02:00
Nikita Popov
d1f82bfeb2
Fix leak for by-ref assign to overloaded object
...
Conflicts:
Zend/zend_vm_execute.h
2016-07-14 18:38:04 +02:00
Nikita Popov
82ce2a4e4d
Add missing call opcodes in cleanup_unfinished_calls()
...
Otherwise we may leak if an exception is thrown from them.
2016-07-14 18:37:28 +02:00
Nikita Popov
5063b5aea1
Fix leak if throw_exception_object() fails
2016-07-14 18:37:21 +02:00
Christoph M. Becker
5829458215
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-14 17:25:13 +02:00
Christoph M. Becker
8bb3bd04a9
Fix bug #72596 : imagetypes function won't advertise WEBP support
...
We add the constant IMG_WEBP and make sure that WebP support is properly
reported by imagetypes().
2016-07-14 17:17:59 +02:00
Anatol Belski
9d3b729803
update NEWS
2016-07-14 13:21:38 +02:00
Anatol Belski
131117f7a5
update NEWS
2016-07-14 13:20:13 +02:00
Matteo Beccati
0f182c2495
Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
...
Special commit for 7.0.9
2016-07-14 12:05:40 +02:00
Dmitry Stogov
f80bb059b3
Fixed memory leak
2016-07-14 13:05:27 +03:00
Xinchen Hui
8c5b27e061
Fixed bug #72594 (Calling an earlier instance of an included anonymous class fatals)
2016-07-14 13:36:43 +08:00
Nikita Popov
61a2566dc9
Merge branch 'PHP-5.6' into PHP-7.0
2016-07-13 21:57:14 +02:00
Nikita Popov
3cc4265527
Add NEWS entry
2016-07-13 21:57:01 +02:00
Nikita Popov
57c9983619
Merge branch 'PHP-5.6' into PHP-7.0
...
Conflicts:
ext/reflection/php_reflection.c
2016-07-13 21:48:05 +02:00