Nikita Popov
d162147315
Merge branch 'PHP-7.1'
2017-06-03 15:09:04 +02:00
Nikita Popov
6af1d7ad01
Merge branch 'PHP-7.0' into PHP-7.1
2017-06-03 15:08:59 +02:00
Nikita Popov
585c9f3c4b
Fix leak in WDDX serialization
2017-06-03 15:08:42 +02:00
Sammy Kaye Powers
dac6c639bb
Update copyright headers to 2017
2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9
Update copyright headers to 2017
2017-01-04 11:14:55 -06:00
Sammy Kaye Powers
1e3624290a
Resolve conflict
2017-01-03 08:01:05 -06:00
Stanislav Malyshev
13c18d4601
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Fix #73832 - leave the table in a safe state if the size is too big.
Fix bug #73831 - NULL Pointer Dereference while unserialize php object
2017-01-02 21:37:10 -08:00
Stanislav Malyshev
ca72faa2c5
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix #73832 - leave the table in a safe state if the size is too big.
Fix bug #73831 - NULL Pointer Dereference while unserialize php object
2017-01-02 21:37:06 -08:00
Sammy Kaye Powers
9e29f841ce
Update copyright headers to 2017
2017-01-02 09:30:12 -06:00
Stanislav Malyshev
8d2539fa0f
Fix bug #73831 - NULL Pointer Dereference while unserialize php object
2016-12-31 20:14:20 -08:00
Anatol Belski
8c403ecd99
Merge branch 'PHP-7.1'
...
* PHP-7.1:
fix leak, take on 7.x
2016-12-06 14:46:15 +01:00
Anatol Belski
4e3f728701
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix leak, take on 7.x
2016-12-06 14:44:04 +01:00
Anatol Belski
9b1430140a
fix leak, take on 7.x
2016-12-06 14:42:59 +01:00
Stanislav Malyshev
fe084168d0
Merge branch 'PHP-7.1'
...
* PHP-7.1:
This still leaks memory, I don't have enough knowledge in WDDX code to fix them :(
2016-12-05 22:33:47 -08:00
Stanislav Malyshev
28fc49a53f
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
This still leaks memory, I don't have enough knowledge in WDDX code to fix them :(
2016-12-05 22:33:42 -08:00
Stanislav Malyshev
183b4d78aa
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
This still leaks memory, I don't have enough knowledge in WDDX code to fix them :(
2016-12-05 22:33:33 -08:00
Stanislav Malyshev
d7ce944cf1
This still leaks memory, I don't have enough knowledge in WDDX code to fix them :(
2016-12-05 22:32:59 -08:00
Stanislav Malyshev
5b18436dc6
Merge branch 'PHP-7.1'
...
* PHP-7.1:
Fix bug #73631 - Invalid read when wddx decodes empty boolean element
2016-12-05 21:59:17 -08:00
Stanislav Malyshev
4ae4ca45aa
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fix bug #73631 - Invalid read when wddx decodes empty boolean element
2016-12-05 21:59:10 -08:00
Stanislav Malyshev
6292fe84d3
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #73631 - Invalid read when wddx decodes empty boolean element
2016-12-05 21:58:55 -08:00
Stanislav Malyshev
266ecb6d0a
Fix bug #73631 - Invalid read when wddx decodes empty boolean element
2016-12-05 21:40:55 -08:00
Dmitry Stogov
3e9bb03a62
Removed IS_TYPE_IMMUTABLE (it's the same as COPYABLE & !REFCOUED)
2016-11-28 22:59:57 +03:00
Anatol Belski
59f2f14aea
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix memory leak
2016-11-08 12:17:39 +01:00
Anatol Belski
e87daf363b
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
fix memory leak
2016-11-08 12:16:39 +01:00
Anatol Belski
d6d08f97cd
fix memory leak
2016-11-08 12:12:58 +01:00
Anatol Belski
9b81342352
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash
Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash
Fix #72696 : imagefilltoborder stackoverflow on truecolor images
Fix #72482 : Ilegal write/read access caused by gdImageAALine overflow
Fix bug #73144 and bug #73341 - remove extra dtor
remove unreferenced var came in with merge
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
Fix #72696 : imagefilltoborder stackoverflow on truecolor images
Fix #72482 : Ilegal write/read access caused by gdImageAALine overflow
fix version
set versions
Fix bug #73144 and bug #73341 - remove extra dtor
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
2016-11-08 11:15:06 +01:00
Anatol Belski
6b21c28b0e
remove unreferenced var came in with merge
2016-11-01 12:55:05 +01:00
Stanislav Malyshev
8c67460a10
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
...
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).
(cherry picked from commit 6045de69c7
)
Conflicts:
ext/wddx/wddx.c
2016-11-01 12:50:33 +01:00
Stanislav Malyshev
6045de69c7
Fix bug #73331 - do not try to serialize/unserialize objects wddx can not handle
...
Proper soltion would be to call serialize/unserialize and deal with the result,
but this requires more work that should be done by wddx maintainer (not me).
2016-10-23 20:09:23 -07:00
Stanislav Malyshev
dad0e9d1a3
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0: (22 commits)
Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
I don't think 8cceb012a7
is needed
Fix test
Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
Fix bug #73065 : Out-Of-Bounds Read in php_wddx_push_element of wddx.c
Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
Fix bug #73029 - Missing type check when unserializing SplArray
Fix bug #72860 : wddx_deserialize use-after-free
Fix bug #73007 : add locale length check
Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
sync NEWS
Revert "Merge branch 'PHP-5.6' into PHP-7.0"
Merge branch 'PHP-5.6' into PHP-7.0
Merge branch 'PHP-5.6' into PHP-7.0
Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
fix version
sync NEWS
Fix bug #72957
set versions
...
2016-09-12 21:10:34 -07:00
Stanislav Malyshev
c4cca4c20e
Fix bug #73065 : Out-Of-Bounds Read in php_wddx_push_element of wddx.c
2016-09-12 21:04:23 -07:00
Stanislav Malyshev
b88393f08a
Fix bug #72860 : wddx_deserialize use-after-free
2016-09-12 21:04:23 -07:00
Stanislav Malyshev
9528ce7315
Fix bug #73065 : Out-Of-Bounds Read in php_wddx_push_element of wddx.c
...
(cherry picked from commit bbaf784f8d213e201baf67e861f20b38c6e87d3b)
Conflicts:
ext/wddx/wddx.c
2016-09-12 18:13:04 +02:00
Stanislav Malyshev
060ab26cfe
Fix bug #72860 : wddx_deserialize use-after-free
...
(cherry picked from commit ee552853ff4d72f626102025133e2cd1575043ee)
Conflicts:
ext/wddx/wddx.c
2016-09-12 17:33:32 +02:00
Anatol Belski
2103e9f21f
fix test
...
The improvements to the base64 functionality allows now to loosen
strictness. Strict mode still can be activated later, if there are
any issues.
2016-08-18 00:18:26 +02:00
Anatol Belski
f7231acadf
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix char * vs zend_string *
2016-08-17 13:23:31 +02:00
Anatol Belski
06c0540b90
fix char * vs zend_string *
2016-08-17 13:22:02 +02:00
Xinchen Hui
0fd0328933
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Avoid duplicating string
2016-08-17 18:19:59 +08:00
Xinchen Hui
195d7618e7
Avoid duplicating string
2016-08-17 18:19:14 +08:00
Anatol Belski
afa832b5a6
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
Revert "fix tests"
2016-08-17 12:07:39 +02:00
Anatol Belski
7d4c5a0dc9
Revert "fix tests"
...
This reverts commit a47df5be19
.
Looks like some environment issue, as some system throws the notice,
some don't. Revert for now.
2016-08-17 12:04:03 +02:00
Anatol Belski
60f1ec1c32
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0:
fix leak
2016-08-17 11:53:00 +02:00
Anatol Belski
a5d00fc908
fix leak
2016-08-17 11:51:56 +02:00
Xinchen Hui
ce6ad9bdd9
Merge branch 'PHP-7.0' into PHP-7.1
...
* PHP-7.0: (48 commits)
Update NEWs
Unused label
Fixed bug #72853 (stream_set_blocking doesn't work)
fix test
Bug #72663 - part 3
Bug #72663 - part 2
Bug #72663 - part 1
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
...
Conflicts:
ext/standard/var_unserializer.c
2016-08-17 17:14:30 +08:00
Nikita Popov
e0f9fbdfa6
Bug #72663 - part 3
...
When using the php_serialize session serialization handler, do
not use the result of the unserialization if it failed.
2016-08-17 01:01:03 -07:00
Stanislav Malyshev
0d13325b66
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6: (24 commits)
Update NEWS
BLock test with memory leak
fix tests
Fix TSRM build
Fix bug #72850 - integer overflow in uuencode
Fixed bug #72849 - integer overflow in urlencode
Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase
Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Fix bug #72836 - integer overflow in base64_decode caused heap corruption
Fix for bug #72807 - do not produce strings with negative length
Fix for bug #72790 and bug #72799
Fix bug #72730 - imagegammacorrect allows arbitrary write access
Fix bug#72697 - select_colors write out-of-bounds
Fixed bug #72627 : Memory Leakage In exif_process_IFD_in_TIFF
Fix bug #72750 : wddx_deserialize null dereference
Fix bug #72771 : ftps:// opendir wrapper is vulnerable to protocol downgrade attack
Improve fix for #72663
Fix bug #70436 : Use After Free Vulnerability in unserialize()
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
Conflicts:
Zend/zend_API.h
ext/bz2/bz2.c
ext/curl/interface.c
ext/ereg/ereg.c
ext/exif/exif.c
ext/gd/gd.c
ext/gd/tests/imagetruecolortopalette_error3.phpt
ext/gd/tests/imagetruecolortopalette_error4.phpt
ext/session/session.c
ext/snmp/snmp.c
ext/standard/base64.c
ext/standard/ftp_fopen_wrapper.c
ext/standard/quot_print.c
ext/standard/url.c
ext/standard/uuencode.c
ext/standard/var.c
ext/standard/var_unserializer.c
ext/standard/var_unserializer.re
ext/wddx/tests/bug72790.phpt
ext/wddx/tests/bug72799.phpt
ext/wddx/wddx.c
sapi/cli/generate_mime_type_map.php
2016-08-17 00:43:33 -07:00
Stanislav Malyshev
5a34bd6d1e
Fix for bug #72790 and bug #72799
2016-08-16 22:55:41 -07:00
Stanislav Malyshev
698a691724
Fix bug #72750 : wddx_deserialize null dereference
2016-08-16 22:55:39 -07:00
Stanislav Malyshev
426aeb2808
Fix bug #72749 : wddx_deserialize allows illegal memory access
2016-08-16 22:55:19 -07:00
Stanislav Malyshev
e3829b8869
Fix bug #72749 : wddx_deserialize allows illegal memory access
...
(cherry picked from commit 659a21dc20f0b64dafd8cb16573059d3b45cce6b)
Conflicts:
ext/wddx/wddx.c
2016-08-16 23:36:14 +02:00