Nikita Popov
fba6f90ae3
Fix type inference bugs
...
* Add proper array_key_any|array_of_any|array_of_ref in some more
places
* strlen() on objects may be null
* IS fetch on string dim may be null
2016-06-15 22:52:48 +02:00
Dmitry Stogov
006b8417d1
Added specialized handlers for SEND_VAR/SEND_VAR_EX opcodes.
2016-06-15 23:07:46 +03:00
Dmitry Stogov
d12987256a
Fixed mistakes in type inference rules.
2016-06-15 23:04:17 +03:00
Derick Rethans
22343e8a31
Merge branch 'PHP-7.0'
2016-06-15 18:30:19 +01:00
Derick Rethans
76ec139a0a
Merge branch 'PHP-5.6' into PHP-7.0
2016-06-15 18:30:03 +01:00
Derick Rethans
e0e83c0180
Fixed expected test outcome due to rule changes
2016-06-15 18:29:40 +01:00
Derick Rethans
334db3b921
Updated to version 2016.5 (2016e)
2016-06-15 11:58:51 +01:00
Derick Rethans
46853ba5c5
Empty merge
2016-06-15 11:58:51 +01:00
Derick Rethans
020541587a
Updated to version 2016.5 (2016e)
2016-06-15 11:58:50 +01:00
Derick Rethans
a1db72d519
Empty merge
2016-06-15 11:58:49 +01:00
Derick Rethans
fffa1aa0f3
Updated to version 2016.5 (2016e)
2016-06-15 11:58:47 +01:00
Xinchen Hui
1bc1af001d
Merge branch 'PHP-7.0'
...
* PHP-7.0:
2016-06-15 14:56:58 +08:00
Xinchen Hui
053a6eb0fe
These bugs are also in 7.1-alpha
2016-06-15 14:56:41 +08:00
Xinchen Hui
c3fc4194ea
Merge branch 'PHP-7.0' of git.php.net:/php-src into PHP-7.0
...
* 'PHP-7.0' of git.php.net:/php-src:
Maybe fix bug #72011
Fix #50845 : exif_process_IFD_TAG: Use the right offset if reading from stream
Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
2016-06-15 14:56:07 +08:00
Xinchen Hui
85fd260916
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)
2016-06-15 14:55:43 +08:00
Xinchen Hui
999a3553d5
Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)
...
according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6
2016-06-15 14:54:57 +08:00
Nikita Popov
3389c2e6a6
Merge branch 'PHP-7.0'
2016-06-14 22:39:18 +02:00
Nikita Popov
93f7939891
Merge branch 'PHP-5.6' into PHP-7.0
...
Conflicts:
ext/date/php_date.c
2016-06-14 22:38:44 +02:00
Nikita Popov
248fdfcf73
Maybe fix bug #72011
2016-06-14 22:37:27 +02:00
Stanislav Malyshev
a040c43ffc
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fix #50845 : exif_process_IFD_TAG: Use the right offset if reading from stream
2016-06-14 10:51:02 -07:00
Stanislav Malyshev
49b1290617
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix #50845 : exif_process_IFD_TAG: Use the right offset if reading from stream
2016-06-14 10:50:45 -07:00
Bartosz Dziewoński
1ab5a1b432
Fix #50845 : exif_process_IFD_TAG: Use the right offset if reading from stream
...
When the location of the data is outside of the range we have
preloaded (for example, if it's before the beginning of the IFD
structure), we have to read it from the stream into a separate buffer.
The offset calculations in this case were incorrect, resulting in
bogus values being read for the affected fields (sometimes parts of
other fields, sometimes binary data).
The included test image, sourced from [1], is in the public domain.
[1] https://commons.wikimedia.org/wiki/File:U.S._Marines_Prepare_to_board_an_MV-22_Osprey_160509-M-AF202-041.jpg
2016-06-14 10:48:08 -07:00
Xinchen Hui
493524454d
Improve the signature
2016-06-14 08:05:17 -07:00
Xinchen Hui
8c41df5480
Unused var
2016-06-14 21:29:02 +08:00
Xinchen Hui
f2a0d37323
Merge branch 'master' of git.php.net:/php-src
...
* 'master' of git.php.net:/php-src:
Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
2016-06-14 18:20:23 +08:00
Xinchen Hui
d6e668368d
C89 compatibility
2016-06-14 18:17:49 +08:00
Stanislav Malyshev
8d78e936ad
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
2016-06-14 01:04:07 -07:00
Stanislav Malyshev
79fc877290
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
2016-06-14 01:03:37 -07:00
Stanislav Malyshev
4c968c6ddd
Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
2016-06-14 01:03:03 -07:00
Xinchen Hui
9c8e1c03b9
Only allow single comma in tail
2016-06-14 14:02:34 +08:00
Xinchen Hui
14e790a075
Merge branch 'PHP-7.0'
2016-06-13 18:20:37 -07:00
Xinchen Hui
3d56418722
Fixed bug #72399 (Use-After-Free in MBString (search_re))
2016-06-13 18:20:26 -07:00
Xinchen Hui
78a13e8290
Implemented FR #72385 (Update SQLite bundle lib(3.13.0))
2016-06-13 17:53:31 -07:00
Xinchen Hui
564cc38245
Merge branch 'master' of git.php.net:/php-src
2016-06-13 17:36:26 -07:00
Xinchen Hui
6166c26f1c
Cleanup
2016-06-13 17:36:03 -07:00
Nikita Popov
046889518d
Add support for "instanceof" pi nodes
2016-06-13 19:03:59 +02:00
Nikita Popov
9877d8f019
Use union for pi constraints
...
This will make it easier to extend pi constraints without impacting
structure sizes.
2016-06-13 19:03:57 +02:00
Xinchen Hui
aeb3948f3c
Cleanup
2016-06-13 09:33:19 -07:00
Xinchen Hui
f2fd469152
Merge branch 'master' of git.php.net:/php-src
2016-06-13 09:21:34 -07:00
Xinchen Hui
dcd1c29f79
Fixed bug #72395 (list() regression)
2016-06-13 09:21:14 -07:00
Nikita Popov
1b29e0cacd
Switch zend_print_zval_r to use smart_str
...
Instead of directly writing to stdout. This allows doing a print_r
into a string, without using output buffering.
The motivation for this is bug #67467 : print_r() in return mode
will still dump the string to stdout (causing a potential information
leak) if a fatal error occurs.
2016-06-13 18:04:22 +02:00
Anatol Belski
1cca3eb7c8
fix test portability
2016-06-13 15:47:08 +02:00
Xinchen Hui
a94d53d0d1
Merge branch 'PHP-7.0'
...
* PHP-7.0:
Fixed bug #72306 (Heap overflow through proc_open and $env parameter)
2016-06-13 21:08:23 +08:00
Xinchen Hui
d1ab974f0b
Fixed bug #72306 (Heap overflow through proc_open and $env parameter)
2016-06-13 21:08:04 +08:00
Anatol Belski
1bad119723
Merge branch 'PHP-7.0'
...
* PHP-7.0:
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
2016-06-13 08:20:11 +02:00
Anatol Belski
d3bdbe6395
Merge branch 'PHP-5.6' into PHP-7.0
...
* PHP-5.6:
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
2016-06-13 08:19:19 +02:00
Anatol Belski
93e8f59aab
Merge branch 'PHP-5.5' into PHP-5.6
...
* PHP-5.5:
update NEWS
Fix #66387 : Stack overflow with imagefilltoborder
Skip test which is 64bits only
5.5.37 now
2016-06-13 08:15:31 +02:00
Anatol Belski
6f73079ce1
update NEWS
2016-06-13 08:12:22 +02:00
Christoph M. Becker
f96ebb0986
Fix #66387 : Stack overflow with imagefilltoborder
...
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
2016-06-13 08:10:36 +02:00
Xinchen Hui
42f23effa9
Value should not be a reference here
2016-06-13 13:40:53 +08:00