php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-21 23:18:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,654 Commits 549 Branches 1,484 Tags
0c9324ea9ba32e85ccca4f52287d013b0a6ef2a4
Commit Graph

68 Commits

Author SHA1 Message Date
Christoph M. Becker 52793c14d9 Improvements to fix #72714, suggested by nikic 2016-08-20 12:44:20 +02:00
Christoph M. Becker 9164dc11e2 Fix #72714: _xml_startElementHandler() segmentation fault 
The issue is caused by an integer overflow when the `long` passed as
XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is
declared as `int`. We can simply work around this issue, by clipping
resulting negative values to 0 (and raising a notice in this case), because
the reasonable range for this value is certainly catered to by positive
`int`s.

However, there still remains the issue that `xml_parser::toffset` is later
added to `char *`s, which can cause OOB reads, so we make sure that the
upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART`
wrt. to the potentially duplicate strlen() call, because that code path is
unexpected anyway.
 2016-08-20 01:58:08 +02:00
Christoph M. Becker 1bb92d5212 #72085: SEGV on unknown address zif_xml_parse 
We better make sure that the ZVALs we're accessing as arrays are indeed
arrays.
 2016-08-17 00:42:45 +02:00
Stanislav Malyshev e315a162da Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix memory leak
  Fix bug #72099: xml_parse_into_struct segmentation fault
  5.5.36 now
  Fix bug #72094 - Out of bounds heap read access in exif header processing
  Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
  Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
  Fix for bug #71912 (libgd: signedness vulnerability)
  Typo in NEWS

Conflicts:
	configure.in
	main/php_version.h
 2016-04-26 23:48:41 -07:00
Stanislav Malyshev dccda88f27 Fix bug #72099: xml_parse_into_struct segmentation fault 2016-04-26 22:46:28 -07:00
Christoph M. Becker 71da4f1f7f Skip test for old glibc iconv 
bug32001.phpt has a high failure rate for the submitted reports. According to
several samples it seems the iconv implementation of glibc 2.12 (released
2010-05) is the culprit. It seems appropriate to skip the test for such old
versions.
 2015-09-09 04:27:28 +02:00
Ferenc Kovacs cb41a7bad1 this test depends on the simplexml ext, not just on xml 2014-08-24 00:08:09 +02:00
Johannes Schlüter 4204e2cb5b Merge branch 'PHP-5.3' into PHP-5.4 2013-07-10 19:36:12 +02:00
Johannes Schlüter 710eee5555 add test for bug #65236 2013-07-10 19:35:18 +02:00
Xinchen Hui 610c7fbe7b Remove executable permission on phpt 2012-10-10 10:27:49 +08:00
Xinchen Hui e081c55fb5 Merge branch 'PHP-5.3' into PHP-5.4 2012-10-10 10:31:31 +08:00
Xinchen Hui 7b307fb930 Fixed bug #62328 (implementing __toString and a cast to string fails) 
__toString should has a high priority
 2012-08-12 11:50:28 +08:00
Stanislav Malyshev d81ea16ef1 Changed silent conversion of array to string to produce a notice. (Patrick) 2011-10-21 06:08:47 +00:00
Pierre Joye 45420bb669 - remove magic quotes support, functions are kept (see the NEWS entry for the details) for BC reasons but do not allow to set enable MQ, missing tests changes in 5.4 2011-07-22 11:56:20 +00:00
Gustavo André dos Santos Lopes db75ce41a3 - Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number 
of reported malformed sequences). (Gustavo)
#Made a public interface for get_next_char/utf-8 in trunk to use in utf8_decode.
#In PHP 5.3, trunk's get_next_char was copied to xml.c because 5.3's
#get_next_char is different and is not prepared to recover appropriately from
#errors.
 2010-10-27 18:13:25 +00:00
Gustavo André dos Santos Lopes e69b1ff2c4 - Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number 
of reported malformed sequences). (Gustavo)
#Made a public interface for get_next_char/utf-8 in trunk to use in utf8_decode.
#In PHP 5.3, trunk's get_next_char was copied to xml.c because 5.3's
#get_next_char is different and is not prepared to recover appropriately from
#errors.
 2010-10-27 18:13:25 +00:00
Pierrick Charron c9a85e3a7e Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). 2010-01-05 13:03:40 +00:00
Jani Taskinen 9f210d53cc - Fix test 2009-12-14 09:42:55 +00:00
Antony Dovgal 61e3fbabb8 fix test 2009-01-13 12:00:53 +00:00
Rob Richards ca954ad613 MFH: fix bug #46699: (xml_parse crash when parser is namespace aware) 
fix a couple warnings
add test
 2008-12-12 04:16:21 +00:00
Ant Phillips fc8a260a92 Remove duff comment produced by the test generator tool 2008-12-05 14:18:02 +00:00
Ant Phillips 3fb86b0b9e XML tests: checked on PHP 5.2.6, 5.3 and 6.0 (Windows, Linux and Linux 64 bit). 2008-12-03 19:09:14 +00:00
Dmitry Stogov 833a2295d1 Support for closures 2008-07-17 09:53:42 +00:00
Antony Dovgal b3b5126954 fix test names 2008-05-14 13:04:05 +00:00
Rasmus Lerdorf 9ae934d5c4 Fixed bug #43957 (utf8_decode() bogus conversion of partial multibyte UTF8 char) 2008-01-29 23:21:11 +00:00
Hannes Magnusson 948d84fd67 fix test 2006-09-02 15:42:00 +00:00
Rob Richards adf10989b0 fix bug #38454 (warning upon disabling handler via xml_set_element_handler) 
fix bug #38427 (unicode causes xml_parser to misbehave)
add test
 2006-08-15 22:47:11 +00:00
Rob Richards 594139b1ea MFH: fix test 2006-01-04 20:55:58 +00:00
Marcus Boerger 42f8bef053 - MFH Fix test by splitting it 2005-12-23 20:04:30 +00:00
Marcus Boerger 35343ffaec - MFH Do not test output escaping here 2005-12-23 08:44:43 +00:00
Antony Dovgal 97200944d2 add skipif conditions 2005-12-21 10:49:51 +00:00
Rob Richards fc4ebee3e3 MFH: Fixed bug #35447 (xml_parse_into_struct() chokes on the UTF-8 BOM) 
add test
 2005-12-19 14:17:30 +00:00
foobar f803888510 MFH: Hiding bugs is not purpose of the regression tests. 2005-11-01 14:36:37 +00:00
Ilia Alshanetsky 2dc3862c7f Improve iconv skip conditions 2005-10-30 18:07:47 +00:00
foobar c1fee15561 This test failed because libxml versions differ.. 2005-08-07 14:22:10 +00:00
foobar a78730c257 Added test for bug #27908 2005-07-31 21:59:01 +00:00
foobar ac19a759b6 - Fix test. 2005-07-31 21:18:16 +00:00
Marcus Boerger dfeddbe539 - If you ask me both (expat and libxml) are not really accurate about byte 
positions and columns...however the line number information is now
  correct for both so for the moment we live with the situation that they
  return different byte and column information.
 2005-07-17 17:38:16 +00:00
Antony Dovgal f4667ee268 fix test 2005-06-29 11:52:18 +00:00
foobar 83dff0b68b nuke crap, end scripts always with ?> 2005-06-03 23:13:23 +00:00
Magnus M��tt� 1182dd48e9 Add skipif, test requires iconv. 2005-06-03 22:51:10 +00:00
foobar fc883fd477 Partial fix test: It is still possible to use expat libs with ext/xml.. 2005-04-03 00:12:26 +00:00
Moriyoshi Koizumi 6437bc056d - Turn off incorrect case folding to let test over. 2005-03-14 01:11:54 +00:00
Moriyoshi Koizumi e628f2d9fa - Add testcases for bug #32001 2005-03-02 19:27:37 +00:00
Hartmut Holzgraefe 2c6b600a90 test case for Bug #30266 2005-02-10 22:55:52 +00:00
Hartmut Holzgraefe 5e3b2e3d31 Test updated to test for additional libxml2/expat inconsistencies 2004-03-29 05:56:18 +00:00
foobar e389c25850 - Fix test (wrong expected result..) 2004-03-15 15:53:28 +00:00
Christian Stocker 1d0596dbef - omit WARNING instead of ERROR for x_p_c_ns 
- fix SKIPIF code in tests
 2004-02-23 16:19:40 +00:00
Christian Stocker 9e6de31645 skip tests, if xml_parser_create_ns is not supported. 2004-02-23 16:01:15 +00:00
Christian Stocker a3b1085f06 test for attributes 2004-02-23 15:55:16 +00:00