The issue is caused by an integer overflow when the `long` passed as
XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is
declared as `int`. We can simply work around this issue, by clipping
resulting negative values to 0 (and raising a notice in this case), because
the reasonable range for this value is certainly catered to by positive
`int`s.
However, there still remains the issue that `xml_parser::toffset` is later
added to `char *`s, which can cause OOB reads, so we make sure that the
upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART`
wrt. to the potentially duplicate strlen() call, because that code path is
unexpected anyway.
* PHP-7.0: (25 commits)
Update NEWS
update NEWS
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
extend check for add_flag
Fixed another segfault with file_cache_only now
set version
fix nmake clean in phpize mode
Fixed segfault with file_cache_only
Fixed possible crash at PCRE on MSHUTDOWN
Fixed more synchronisation issues during SHM reload
Set proper type flags (REFCOUNTED and COPYABLE) according to interned or regular string
sync with improvements in NEWS
Fixed process synchronisation problem, that may cause crashes after opcache restart
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
...
PHP_VERSION_ID
PHP_API_VERSION
ZEND_MODULE_API_NO
PHP_MAJOR_VERSION, PHP_MINOR_VERSION
ZEND_ENGINE_2
I've left litespeed alone, as it seems to genuinely maintain support
for many PHP versions.
bug32001.phpt has a high failure rate for the submitted reports. According to
several samples it seems the iconv implementation of glibc 2.12 (released
2010-05) is the culprit. It seems appropriate to skip the test for such old
versions.
* origin/master: (37 commits)
NEWS
NEWS
Fix bug #68601 buffer read overflow in gd_gif_in.c
Fixed compilation warnings
Removed unnecessary checks
pcntl_signal_dispatch: Speed up by preventing system calls when unnecessary
Merged PR #911.
Removed ZEND_ACC_FINAL_CLASS which is unnecessary. This also fixed some currently defined classes as final which were just not being considered as such before.
Updated NEWS
Updated NEWS
Updated NEWS
Fix bug #68532: convert.base64-encode omits padding bytes
Updated NEWS
Updated NEWS
Updated NEWS
Fixed Bug #65576 (Constructor from trait conflicts with inherited constructor)
Updated NEWS
Updated NEWS
Fix MySQLi tests
Fixed gd test
...