Merge branch 'PHP-7.2'

* PHP-7.2: Fixed bug #75055 Out-Of-Bounds Read in timelib_meridian() Apply upstream patch for CVE-2016-1283
2026-04-24 16:38:25 +02:00 · 2017-10-24 13:45:59 +02:00
parent 59a7944bc6 e97b10f1a0
commit 69ecd5edb2
4 changed files with 35 additions and 2 deletions
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.15.3 on Mon Sep  4 22:44:17 2017 */
+/* Generated by re2c 0.15.3 on Tue Oct 24 13:44:48 2017 */
 #line 1 "ext/date/lib/parse_date.re"
 /*
 * The MIT License (MIT)
@@ -40,7 +40,7 @@ object(DateInterval)#%d (16) {
  ["special_amount"]=>
  int(-1)
  ["have_weekday_relative"]=>
-  int(9)
+  int(0)
  ["have_special_relative"]=>
  int(0)
  ["f"]=>
@@ -0,0 +1,20 @@
+--TEST--
+Bug #75055 Out-Of-Bounds Read in timelib_meridian()
+--SKIPIF--
+<?php if (!extension_loaded("wddx")) print "skip"; ?>
+--FILE--
+<?php
+
+$file_str = dirname(__FILE__) . "/bug75055.wddx";
+
+$wddx_str = file_get_contents($file_str);
+print strlen($wddx_str) . " bytes read.\n";
+
+var_dump(wddx_deserialize($wddx_str));
+?>
+--EXPECT--
+323 bytes read.
+array(1) {
+  ["aDateTime"]=>
+  string(12) "frONt of 0 0"
+}
@@ -0,0 +1,13 @@
+<?xml version='1.0'?>
+<!DOCTYPE wddxPacket SYSTEM 'wddx_0100.dtd'>
+<wddxPacket version='1.0'>
+<header/>
+	<data>
+        	<struct>
+                    <var name='aDateTime'>
+                         <dateTime>frONt of 0 0</dateTime>
+                     </var>
+                </struct>
+	</data>
+</wddxPacket>
+