clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 09:57:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
96,283 Commits 491 Branches 1,363 Tags 836 MiB
fba6f90ae3
Commit Graph

96283 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikita Popov
fba6f90ae3 Fix type inference bugs 
* Add proper array_key_any|array_of_any|array_of_ref in some more
  places
* strlen() on objects may be null
* IS fetch on string dim may be null
 2016-06-15 22:52:48 +02:00
Dmitry Stogov
006b8417d1 Added specialized handlers for SEND_VAR/SEND_VAR_EX opcodes. 2016-06-15 23:07:46 +03:00
Dmitry Stogov
d12987256a Fixed mistakes in type inference rules. 2016-06-15 23:04:17 +03:00
Derick Rethans
22343e8a31 Merge branch 'PHP-7.0' 2016-06-15 18:30:19 +01:00
Derick Rethans
76ec139a0a Merge branch 'PHP-5.6' into PHP-7.0 2016-06-15 18:30:03 +01:00
Derick Rethans
e0e83c0180 Fixed expected test outcome due to rule changes 2016-06-15 18:29:40 +01:00
Derick Rethans
334db3b921 Updated to version 2016.5 (2016e) 2016-06-15 11:58:51 +01:00
Derick Rethans
46853ba5c5 Empty merge 2016-06-15 11:58:51 +01:00
Derick Rethans
020541587a Updated to version 2016.5 (2016e) 2016-06-15 11:58:50 +01:00
Derick Rethans
a1db72d519 Empty merge 2016-06-15 11:58:49 +01:00
Derick Rethans
fffa1aa0f3 Updated to version 2016.5 (2016e) 2016-06-15 11:58:47 +01:00
Xinchen Hui
1bc1af001d Merge branch 'PHP-7.0' 
* PHP-7.0:
 2016-06-15 14:56:58 +08:00
Xinchen Hui
053a6eb0fe These bugs are also in 7.1-alpha 2016-06-15 14:56:41 +08:00
Xinchen Hui
c3fc4194ea Merge branch 'PHP-7.0' of git.php.net:/php-src into PHP-7.0 
* 'PHP-7.0' of git.php.net:/php-src:
  Maybe fix bug #72011
  Fix #50845: exif_process_IFD_TAG: Use the right offset if reading from stream
  Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
 2016-06-15 14:56:07 +08:00
Xinchen Hui
85fd260916 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)
 2016-06-15 14:55:43 +08:00
Xinchen Hui
999a3553d5 Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access) 
according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6
 2016-06-15 14:54:57 +08:00
Nikita Popov
3389c2e6a6 Merge branch 'PHP-7.0' 2016-06-14 22:39:18 +02:00
Nikita Popov
93f7939891 Merge branch 'PHP-5.6' into PHP-7.0 
Conflicts:
	ext/date/php_date.c
 2016-06-14 22:38:44 +02:00
Nikita Popov
248fdfcf73 Maybe fix bug #72011 2016-06-14 22:37:27 +02:00
Stanislav Malyshev
a040c43ffc Merge branch 'PHP-7.0' 
* PHP-7.0:
  Fix #50845: exif_process_IFD_TAG: Use the right offset if reading from stream
 2016-06-14 10:51:02 -07:00
Stanislav Malyshev
49b1290617 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix #50845: exif_process_IFD_TAG: Use the right offset if reading from stream
 2016-06-14 10:50:45 -07:00
Bartosz Dziewoński
1ab5a1b432 Fix #50845: exif_process_IFD_TAG: Use the right offset if reading from stream 
When the location of the data is outside of the range we have
preloaded (for example, if it's before the beginning of the IFD
structure), we have to read it from the stream into a separate buffer.
The offset calculations in this case were incorrect, resulting in
bogus values being read for the affected fields (sometimes parts of
other fields, sometimes binary data).

The included test image, sourced from [1], is in the public domain.

[1] https://commons.wikimedia.org/wiki/File:U.S._Marines_Prepare_to_board_an_MV-22_Osprey_160509-M-AF202-041.jpg
 2016-06-14 10:48:08 -07:00
Xinchen Hui
493524454d Improve the signature 2016-06-14 08:05:17 -07:00
Xinchen Hui
8c41df5480 Unused var 2016-06-14 21:29:02 +08:00
Xinchen Hui
f2a0d37323 Merge branch 'master' of git.php.net:/php-src 
* 'master' of git.php.net:/php-src:
  Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
 2016-06-14 18:20:23 +08:00
Xinchen Hui
d6e668368d C89 compatibility 2016-06-14 18:17:49 +08:00
Stanislav Malyshev
8d78e936ad Merge branch 'PHP-7.0' 
* PHP-7.0:
  Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
 2016-06-14 01:04:07 -07:00
Stanislav Malyshev
79fc877290 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL
 2016-06-14 01:03:37 -07:00
Stanislav Malyshev
4c968c6ddd Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL 2016-06-14 01:03:03 -07:00
Xinchen Hui
9c8e1c03b9 Only allow single comma in tail 2016-06-14 14:02:34 +08:00
Xinchen Hui
14e790a075 Merge branch 'PHP-7.0' 2016-06-13 18:20:37 -07:00
Xinchen Hui
3d56418722 Fixed bug #72399 (Use-After-Free in MBString (search_re)) 2016-06-13 18:20:26 -07:00
Xinchen Hui
78a13e8290 Implemented FR #72385 (Update SQLite bundle lib(3.13.0)) 2016-06-13 17:53:31 -07:00
Xinchen Hui
564cc38245 Merge branch 'master' of git.php.net:/php-src 2016-06-13 17:36:26 -07:00
Xinchen Hui
6166c26f1c Cleanup 2016-06-13 17:36:03 -07:00
Nikita Popov
046889518d Add support for "instanceof" pi nodes 2016-06-13 19:03:59 +02:00
Nikita Popov
9877d8f019 Use union for pi constraints 
This will make it easier to extend pi constraints without impacting
structure sizes.
 2016-06-13 19:03:57 +02:00
Xinchen Hui
aeb3948f3c Cleanup 2016-06-13 09:33:19 -07:00
Xinchen Hui
f2fd469152 Merge branch 'master' of git.php.net:/php-src 2016-06-13 09:21:34 -07:00
Xinchen Hui
dcd1c29f79 Fixed bug #72395 (list() regression) 2016-06-13 09:21:14 -07:00
Nikita Popov
1b29e0cacd Switch zend_print_zval_r to use smart_str 
Instead of directly writing to stdout. This allows doing a print_r
into a string, without using output buffering.

The motivation for this is bug #67467: print_r() in return mode
will still dump the string to stdout (causing a potential information
leak) if a fatal error occurs.
 2016-06-13 18:04:22 +02:00
Anatol Belski
1cca3eb7c8 fix test portability 2016-06-13 15:47:08 +02:00
Xinchen Hui
a94d53d0d1 Merge branch 'PHP-7.0' 
* PHP-7.0:
  Fixed bug #72306 (Heap overflow through proc_open and $env parameter)
 2016-06-13 21:08:23 +08:00
Xinchen Hui
d1ab974f0b Fixed bug #72306 (Heap overflow through proc_open and $env parameter) 2016-06-13 21:08:04 +08:00
Anatol Belski
1bad119723 Merge branch 'PHP-7.0' 
* PHP-7.0:
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now
 2016-06-13 08:20:11 +02:00
Anatol Belski
d3bdbe6395 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now
 2016-06-13 08:19:19 +02:00
Anatol Belski
93e8f59aab Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now
 2016-06-13 08:15:31 +02:00
Anatol Belski
6f73079ce1 update NEWS 2016-06-13 08:12:22 +02:00
Christoph M. Becker
f96ebb0986 Fix #66387: Stack overflow with imagefilltoborder 
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
 2016-06-13 08:10:36 +02:00
Xinchen Hui
42f23effa9 Value should not be a reference here 2016-06-13 13:40:53 +08:00