php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-18 13:31:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
98,499 Commits 547 Branches 1,483 Tags
0d9d133cd6318efc6a355397495cdfd38651500d
Commit Graph

58 Commits

Author SHA1 Message Date
Stanislav Malyshev
dad0e9d1a3 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (22 commits)
  Fix bug #72293 - Heap overflow in mysqlnd related to BIT fields
  I don't think 8cceb012a7 is needed
  Fix test
  Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)
  Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c
  Fix bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile)
  Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
  Fix bug #73029 - Missing type check when unserializing SplArray
  Fix bug #72860: wddx_deserialize use-after-free
  Fix bug #73007: add locale length check
  Fix bug #72928 - Out of bound when verify signature of zip phar in phar_parse_zipfile
  sync NEWS
  Revert "Merge branch 'PHP-5.6' into PHP-7.0"
  Merge branch 'PHP-5.6' into PHP-7.0
  Merge branch 'PHP-5.6' into PHP-7.0
  Revert "Revert "Merge branch 'PHP-5.6' into PHP-7.0""
  fix version
  sync NEWS
  Fix bug #72957
  set versions
  ...
 2016-09-12 21:10:34 -07:00
Stanislav Malyshev
9528ce7315 Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.c 
(cherry picked from commit bbaf784f8d213e201baf67e861f20b38c6e87d3b)

Conflicts:
	ext/wddx/wddx.c
 2016-09-12 18:13:04 +02:00
Stanislav Malyshev
060ab26cfe Fix bug #72860: wddx_deserialize use-after-free 
(cherry picked from commit ee552853ff4d72f626102025133e2cd1575043ee)

Conflicts:
	ext/wddx/wddx.c
 2016-09-12 17:33:32 +02:00
Anatol Belski
2103e9f21f fix test 
The improvements to the base64 functionality allows now to loosen
strictness. Strict mode still can be activated later, if there are
any issues.
 2016-08-18 00:18:26 +02:00
Anatol Belski
7d4c5a0dc9 Revert "fix tests" 
This reverts commit a47df5be19.

Looks like some environment issue, as some system throws the notice,
some don't. Revert for now.
 2016-08-17 12:04:03 +02:00
Stanislav Malyshev
e3829b8869 Fix bug #72749: wddx_deserialize allows illegal memory access 
(cherry picked from commit 659a21dc20f0b64dafd8cb16573059d3b45cce6b)

Conflicts:
	ext/wddx/wddx.c
 2016-08-16 23:36:14 +02:00
Stanislav Malyshev
f1486f0fd6 Fix bug #72750: wddx_deserialize null dereference 
(cherry picked from commit 6930a1d12c47aa1d2675837852910d177b0ceb11)

Conflicts:
	ext/wddx/wddx.c
 2016-08-16 13:13:05 +02:00
Anatol Belski
a47df5be19 fix tests 2016-08-16 13:01:06 +02:00
Anatol Belski
4bccb8e94e add missing skipif section 2016-08-16 12:53:40 +02:00
Stanislav Malyshev
0c8a2a2cd1 Fix for bug #72790 and bug #72799 
(cherry picked from commit a14fdb9746262549bbbb96abb87338bacd147e1b)

Conflicts:
	ext/wddx/wddx.c
 2016-08-16 12:46:29 +02:00
Nikita Popov
e87ac688d5 Fixed bug #72142 2016-07-30 15:13:03 +02:00
Remi Collet
bfc42211d3 add test for bug #72564 (7.x regression) 2016-07-08 10:45:13 +02:00
Stanislav Malyshev
7dde353ee7 Merge branch 'PHP-5.5' into PHP-5.6.23 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
 2016-06-21 00:01:48 -07:00
Stanislav Malyshev
a44c89e8af Fix bug #72340: Double Free Courruption in wddx_deserialize 2016-06-12 23:18:23 -07:00
Stanislav Malyshev
91990bbde0 Merge branch 'PHP-5.5.33' into PHP-5.6.19 
* PHP-5.5.33:
  Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()
  Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize
 2016-03-01 22:40:00 -08:00
Stanislav Malyshev
b1bd4119bc Fixed bug #71587 - Use-After-Free / Double-Free in WDDX Deserialize 2016-02-14 22:34:39 -08:00
Stanislav Malyshev
309ead112f Merge branch 'PHP-5.5.32' into PHP-5.6.18 
* PHP-5.5.32:
  Fixed bug #71488: Stack overflow when decompressing tar archives
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  Fix bug #71459 - Integer overflow in iptcembed()
  Fixed bug #71323 - Output of stream_get_meta_data can be falsified by its input
  Fix bug #71391: NULL Pointer Dereference in phar_tar_setupmetadata()
  Fix bug #71335: Type Confusion in WDDX Packet Deserialization
  Fix bug #71354 - remove UMR when size is 0
 2016-02-01 18:32:31 -08:00
Stanislav Malyshev
285cd3417f Fix bug #71335: Type Confusion in WDDX Packet Deserialization 2016-01-13 16:43:04 -08:00
Stanislav Malyshev
13750cb0a1 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Update NEWS
  Improve fix for bug #70976
  Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization)
  Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability
  Fixed #70728
  Fixed bug #70755: fpm_log.c memory leak and buffer overflow
  Fix bug #70976: fix boundary check on gdImageRotateInterpolated
  typofix
 2016-01-05 19:38:29 -08:00
Stanislav Malyshev
dcf3c9761c Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization) 2015-12-28 14:46:35 -08:00
Stanislav Malyshev
1785d2b805 Fixed bug #70741: Session WDDX Packet Deserialization Type Confusion Vulnerability 2015-12-28 12:44:10 -08:00
manuel
3550cc5fd9 add tests for #68996 2015-02-07 18:52:26 +01:00
Xinchen Hui
e081c55fb5 Merge branch 'PHP-5.3' into PHP-5.4 2012-10-10 10:31:31 +08:00
Xinchen Hui
610c7fbe7b Remove executable permission on phpt 2012-10-10 10:27:49 +08:00
Matt Ficken
a18cede1c5 Fix bug #62271 test bug - ext/wddx/tests/bug48562.phpt 2012-06-11 17:00:36 +02:00
Pierre Joye
5d62cd1530 - add skipif 2011-09-05 13:52:24 +00:00
Pierre Joye
493808af3d - add skipif 2011-09-05 13:52:24 +00:00
Pierre Joye
07fae45eb7 - add skipif 2011-09-05 13:41:01 +00:00
Pierre Joye
6b424c19ce - add skipif 2011-09-05 13:41:01 +00:00
Felipe Pena
6150174941 - Fixed bug #52468 (wddx_deserialize corrupts integer field value when left empty) 2010-08-01 17:34:09 +00:00
Felipe Pena
88b087bedd - Fixed bug #52468 (wddx_deserialize corrupts integer field value when left empty) 2010-08-01 17:34:09 +00:00
Felipe Pena
c353601a3f - MFH: Fixed bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()) 2009-06-16 02:54:26 +00:00
Mark Karpeles
75b07963e3 - MFH: ext/wddx: classes providing __sleep() are stored without properties (fixed) 
- ext/wddx: fixed wddx_add_vars() ignoring first var in php 5.3
 2008-11-20 15:55:00 +00:00
Mark Karpeles
995deb9aef - MFH: #46496, wddx_serialize treats input as ISO-8859-1 (Mark Karpeles) 2008-11-20 14:14:05 +00:00
Rob Richards
94fd10cd79 MFH: fix bug #45901 (wddx_serialize_value crash with SimpleXMLElement object) 
add test
 2008-09-11 14:17:31 +00:00
Derick Rethans
f81134a9f2 - MFH: Fixed tests on 64bit platform. 2008-02-25 22:32:59 +00:00
Ilia Alshanetsky
f3ad3a770e Fixed test 2007-06-11 15:09:41 +00:00
Ilia Alshanetsky
b6762a8991 Fixed bug #41527 (WDDX deserialize numeric string array key). 2007-06-11 15:08:43 +00:00
Antony Dovgal
ffd09c0961 fix tests 2007-05-18 11:29:55 +00:00
Ilia Alshanetsky
c70105610a Fixed bug #41283 (Bug with serializing array key that are doubles or 
floats).
 2007-05-05 15:14:56 +00:00
Ilia Alshanetsky
4eecfca79c Fixed bug #38213, #37611, #37571 (wddx encoding fails to handle certain 
characters).
 2006-08-02 15:44:33 +00:00
Antony Dovgal
3aaf62d159 there is no Unicode in 5_2 2006-07-11 12:15:11 +00:00
Hannes Magnusson
aaa1d62614 MFH: fix/add SKIPIF 2006-06-27 00:09:43 +00:00
Ilia Alshanetsky
b882f9f37e Fixed bug #37569 (WDDX incorrectly encodes high-ascii characters) 2006-05-25 22:54:16 +00:00
Marcus Boerger
ec79dd793d - MFH Bugfix 37587 2006-05-25 09:59:25 +00:00
Antony Dovgal
604990d6a5 fix test, add test for 64bit platform 2005-12-21 12:16:20 +00:00
Antony Dovgal
b7d5d7047b fix test 2005-12-21 11:46:26 +00:00
Antony Dovgal
c92ae847c7 add missing skipif conditions 
fix existing ones
 2005-12-21 11:42:06 +00:00
Ilia Alshanetsky
c60079862b Fixed bug #35410 (wddx_deserialize() doesn't handle large ints as keys 
properly).
 2005-11-30 18:10:19 +00:00
foobar
307ec8ece4 MFH:- Fixed bug #34306 (wddx_serialize_value() crashes with long array keys) 2005-08-31 14:31:44 +00:00