clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
96,360 Commits 491 Branches 1,363 Tags 837 MiB
be9edd83c2
Commit Graph

1150 Commits

Author SHA1 Message Date
Fabien Villepinte
2cc1cbf2f4 Fix Bug #75001: Wrong reflection on mb_eregi_replace 2017-08-02 18:08:42 +02:00
Nikita Popov
e3d25e78eb Fixed bug #62934 2017-07-28 13:02:25 +02:00
Christoph M. Becker
418da85f15 Fix #71606: Segmentation fault mb_strcut with HTML-ENTITIES 
The HTML decoding filter uses the `opaque` member of mbfl_convert_filter
as buffer, but there was no copy constructor defined, what caused double
frees when the filter is copied (what happens multiple times in mb_strcut(),
for instance).
 2017-07-23 12:19:27 +02:00
Remi Collet
1c845d2950 Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-05-30 15:40:32 +02:00
Remi Collet
5416deec66 Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229)
b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-05-30 15:39:21 +02:00
Remi Collet
6a8ae7cf8d Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-05-30 15:38:17 +02:00
Remi Collet
60b1829e1c Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224)

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-05-30 15:37:11 +02:00
Remi Collet
1e0c4386ab Patch from the upstream git 
https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226)
b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6
f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
 2017-05-30 15:35:42 +02:00
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Anatol Belski
58a945cf68 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  fix C89 compat
 2016-12-17 20:45:22 +01:00
Anatol Belski
79e47aae41 fix C89 compat 2016-12-17 20:43:32 +01:00
Stanislav Malyshev
bc85678df3 Add more mbfl string size checks (bug #73505) 2016-11-26 14:49:48 -08:00
Stanislav Malyshev
58cdd03d92 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Add more mbfl string size checks (bug #73505)
 2016-11-26 14:48:40 -08:00
Stanislav Malyshev
5ee02b207d Add more mbfl string size checks (bug #73505) 2016-11-26 14:47:58 -08:00
Anatol Belski
5e9b4c26a5 remove TSRMLS_* 2016-11-21 23:53:37 +01:00
Dmitry Stogov
a67637039f Prevent modification of immutable arrays (ext/mbstring/tests/bug26639.phpt failure with opcache.protect_memory=1) 2016-11-17 13:33:05 +03:00
Stanislav Malyshev
e1709b7e58 Fix bug #73082 2016-09-25 16:07:14 -07:00
Yasuo Ohgaki
8c700076d7 Fix bug26639.phpt 2016-09-08 14:07:57 +09:00
Yasuo Ohgaki
379d9a1cfc Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix Bug #72992 mbstring.internal_encoding doesn't inherit default_charset
 2016-09-08 13:32:31 +09:00
Yasuo Ohgaki
8bbd0952e5 Fix Bug #72992 mbstring.internal_encoding doesn't inherit default_charset 2016-09-08 13:17:10 +09:00
Yasuo Ohgaki
6f1a52bfbb Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fixed Bug #66964 mb_convert_variables() cannot detect recursion
 2016-09-06 16:41:52 +09:00
Yasuo Ohgaki
a25f6f89cd Fixed Bug #66964 mb_convert_variables() cannot detect recursion 2016-09-06 16:05:34 +09:00
Stanislav Malyshev
c3dfe57c23 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Sync fix for bug #72910 with current upstream
 2016-09-04 19:15:30 -07:00
Stanislav Malyshev
d1fbc98ff6 Sync fix for bug #72910 with current upstream 2016-09-04 19:13:48 -07:00
Christoph M. Becker
7f97d63130 Merge branch 'PHP-5.6' into PHP-7.0 2016-09-04 16:39:45 +02:00
Christoph M. Becker
b7259b71b4 Fix #72994: mbc_to_code() out of bounds read 
We're backporting commit 999a3553 to the still supported PHP 5.6.
 2016-09-04 16:37:06 +02:00
Stanislav Malyshev
ccc8d92d3d Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #72910
  5.6.27 will be next
 2016-09-01 23:28:44 -07:00
Stanislav Malyshev
e576714f6b Fix bug #72910 
Merge upstream patch from 65bdf2a0d1
 2016-09-01 23:27:06 -07:00
Christoph M. Becker
972302d2f0 Merge branch 'PHP-5.6' into PHP-7.0 2016-08-30 15:01:12 +02:00
Christoph M. Becker
2f10db36af Fix #66797: mb_substr only takes 32-bit signed integer 
`from` and `len` are `long`, but get passed to mbfl_substr() which expects
`int`s. Therefore we clamp the values to avoid the undefined conversion
behavior.
 2016-08-30 14:52:47 +02:00
Christoph M. Becker
e5940aa795 Merge branch 'PHP-5.6' into PHP-7.0 2016-07-30 12:01:29 +02:00
ju1ius
1d32b80903 fixes bad address given to onig_error_code_to_str 
Closes bug #72710

(cherry picked from commit 0fb7eb6723)
 2016-07-30 11:46:34 +02:00
Christoph M. Becker
805dc0ea47 Merge branch 'PHP-5.6' into PHP-7.0 
# Resolved conflicts:
#	ext/mbstring/php_mbregex.c
 2016-07-28 15:26:29 +02:00
Christoph M. Becker
ee6900c3de Fix #72694: mb_ereg_search_setpos does not accept a string's last position 
Setting the search position immediately behind the last character should be
allowed, so we fix this off-by-one error.
 2016-07-28 15:21:48 +02:00
Christoph M. Becker
a621023168 Merge branch 'PHP-5.6' into PHP-7.0 2016-07-28 14:03:40 +02:00
Christoph M. Becker
56cdaecb28 Fix #72693: mb_ereg_search increments search position when a match zero-width 
That's caused by an off-by-one error, which we fix.
 2016-07-28 13:57:38 +02:00
Christoph M. Becker
18a37eeeec Merge branch 'PHP-5.6' into PHP-7.0 
# Resolved conflicts:
#	ext/mbstring/php_mbregex.c
 2016-07-28 13:12:40 +02:00
Christoph M. Becker
d276e6a838 Fix #72691: mb_ereg_search raises a warning if a match zero-width 
That warning doesn't make sense (PCRE doesn't throw such a warning either),
so we remove it.
 2016-07-28 13:07:05 +02:00
Stanislav Malyshev
8705254f2d Merge branch 'PHP-7.0.8' into PHP-7.0 
* PHP-7.0.8:
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  fix NEWS
  set versions

Conflicts:
	configure.in
	main/php_version.h
 2016-06-21 00:25:49 -07:00
Stanislav Malyshev
2a65544f78 Merge branch 'PHP-5.6.23' into PHP-7.0.8 
* PHP-5.6.23: (24 commits)
  iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1
  Fix bug #72140 (segfault after calling ERR_free_strings())
  ...

Conflicts:
	configure.in
	ext/mbstring/php_mbregex.c
	ext/mcrypt/mcrypt.c
	ext/spl/spl_array.c
	ext/spl/spl_directory.c
	ext/standard/php_smart_str.h
	ext/standard/string.c
	ext/standard/url.c
	ext/wddx/wddx.c
	ext/zip/php_zip.c
	main/php_version.h
 2016-06-21 00:24:32 -07:00
Stanislav Malyshev
7dde353ee7 Merge branch 'PHP-5.5' into PHP-5.6.23 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
 2016-06-21 00:01:48 -07:00
Stanislav Malyshev
5b597a2e5b Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free 2016-06-18 21:48:39 -07:00
Xinchen Hui
999a3553d5 Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access) 
according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6
 2016-06-15 14:54:57 +08:00
Xinchen Hui
3d56418722 Fixed bug #72399 (Use-After-Free in MBString (search_re)) 2016-06-13 18:20:26 -07:00
Anatol Belski
6ec8b2c57d Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  missing return
 2016-06-06 07:33:36 +02:00
Anatol Belski
c05b417718 missing return 2016-06-06 07:28:12 +02:00
Xinchen Hui
395863b1d1 Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace) 2016-05-05 17:27:34 +08:00
Stanislav Malyshev
67fbb06311 Merge branch 'PHP-5.5' into PHP-7.0.5 
* PHP-5.5:
  Fixed bug #71704 php_snmp_error() Format String Vulnerability
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/phar_object.c
	ext/phar/tests/badparameters.phpt
	ext/phar/tests/create_path_error.phpt
	ext/phar/tests/pharfileinfo_construct.phpt
	ext/snmp/snmp.c
	ext/standard/url.c
	main/php_version.h
 2016-03-28 23:55:05 -07:00
Stanislav Malyshev
62da5cdf3d Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut
  Fix bug #71798 - Integer Overflow in php_raw_url_encode
  Fix bug #71860: Require valid paths for phar filenames
  Going for 5.5.34

Conflicts:
	configure.in
	ext/phar/tests/create_path_error.phpt
	main/php_version.h
 2016-03-28 23:21:15 -07:00
Stanislav Malyshev
f8dd10508b Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut 2016-03-28 23:15:16 -07:00