php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-14 03:22:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
83,661 Commits 547 Branches 1,483 Tags
1cda0d7c2ffb62d8331c64e703131d9cabdc03ea
Commit Graph

36032 Commits

Author SHA1 Message Date
Stanislav Malyshev
1cda0d7c2f Fix bug #73737 FPE when parsing a tag format 2016-12-31 19:31:49 -08:00
Stanislav Malyshev
e5246580a8 Fix bug #73773 - Seg fault when loading hostile phar 2016-12-31 18:47:50 -08:00
Stanislav Malyshev
16b3003ffc Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() 2016-12-30 16:59:46 -08:00
Stanislav Malyshev
b28b8b2fee Fix bug #73768 - Memory corruption when loading hostile phar 2016-12-30 15:57:24 -08:00
Stanislav Malyshev
ca46d0acbc Fix int overflows in phar (bug #73764) 2016-12-30 15:39:48 -08:00
Christoph M. Becker
2ba3b27594 Revert "Fix #73530: Unsetting result set may reset other result set" 
This reverts commit eb570294a2.

That commit caused a regression, so it's probably best to revert it, and
to tackle the issue for the next minor release.
 2016-12-29 12:59:04 +01:00
Anatol Belski
79e47aae41 fix C89 compat 2016-12-17 20:43:32 +01:00
Matteo Beccati
0c9324ea9b Skip tests when secure_file_priv dir not writable 2016-12-15 09:31:00 +01:00
Anatol Belski
c89306ac52 fix leak, take 2 2016-12-06 16:12:39 +01:00
Anatol Belski
b04d60626d fix leak, take on 5.6 2016-12-06 14:34:27 +01:00
Stanislav Malyshev
d7ce944cf1 This still leaks memory, I don't have enough knowledge in WDDX code to fix them :( 2016-12-05 22:32:59 -08:00
Stanislav Malyshev
266ecb6d0a Fix bug #73631 - Invalid read when wddx decodes empty boolean element 2016-12-05 21:40:55 -08:00
Stanislav Malyshev
c8778eb293 oops, changed in wrong place 2016-11-27 16:11:41 -08:00
Stanislav Malyshev
8856b3a63c Merge branch 'pull-request/1974' into PHP-5.6 
* pull-request/1974:
  Fix #68447: grapheme_extract take an extra trailing character
 2016-11-27 15:34:58 -08:00
Christoph M. Becker
5049ef2f1c Fix #73549: Use after free when stream is passed to imagepng 
If a stream is passed to imagepng() or other image output functions,
opposed to a filename, we must not close this stream.
 2016-11-27 14:51:02 -08:00
Matteo Beccati
2a80758fd5 Fix occasionaly failing test 2016-11-27 10:20:13 +01:00
Stanislav Malyshev
bc85678df3 Add more mbfl string size checks (bug #73505) 2016-11-26 14:49:48 -08:00
Christoph M. Becker
7f529e3dee Fix #73582: Failing ext/gd/tests/imagettftext_charmap_order.phpt 
This test is not supposed to work with JIS-mapped Japanese font support
enabled.
 2016-11-25 23:14:08 +01:00
Derick Rethans
6785ea2340 Updated to version 2016.10 (2016j) 2016-11-24 10:40:11 +00:00
Nikita Popov
2d19c92fc2 Make php_url_parse_ex() respect length argument 
This should fix all out-of-bounds reads that could previously
occur if the string passed to php_url_parse_ex() is not NUL
terminated.
 2016-11-22 19:24:24 +01:00
Nikita Popov
f0f68c7274 Cleanup parse_url() query/fragment handling 
The query/fragment handling was pretty convoluted, with many parts
being duplicated. Simplify by checking for fragment, then for query,
then for path.
 2016-11-22 19:24:23 +01:00
Nikita Popov
9befad6fc2 Cleanup parse_url() gotos 
Simplify some unnecessarily complicated code. In particular the
length updates are unnecessary (length is only used at the very
start) and we're goto'ing around a bit too much.
 2016-11-22 19:24:21 +01:00
Craig Duncan
644e290fcd Fix bug #73498 
Postgres uses the DELIMITER keyword since 7.3
And WITH is no longer required/used
 2016-11-22 00:42:45 +01:00
Craig Duncan
d36d4c70d3 Add a test for bug 73498 2016-11-22 00:42:45 +01:00
Anatol Belski
4805be1db6 add test for bug #73452 2016-11-21 15:25:46 +01:00
Anatol Belski
0da5cb5fb6 Backport 15ac4904 to 5.6 2016-11-21 15:20:03 +01:00
Mitch Hagstrand
55980684f6 Fix the lchwon error test for Travis CI. 
The E_WARNING message from the PHP function lchown is passed
from the system function lchown. The error message returned
from lchown can be filesystem dependent.
 2016-11-18 17:55:44 +01:00
Julien Pauli
49030f2a25 Improvement for bug73297 2016-11-17 11:33:36 +01:00
Rowan Collins
eba5e276c7 Simplify ext/standard/tests/http/bug73297.phpt 2016-11-17 11:04:57 +01:00
Rowan Collins
aec1a5eccc http_fopen_wrapper.c - bug#73297 Skip past "100 Continue" responses 2016-11-17 11:04:56 +01:00
Rowan Collins
6122526cea Add failing test for bug#73297 2016-11-17 11:04:56 +01:00
Dmitry Stogov
9849c97b1b Accorate handling of too big inodes of chroot directories 2016-11-17 01:08:42 +03:00
Dmitry Stogov
935d922114 "opcache.validate_root" is useless on Windows 2016-11-16 23:15:14 +03:00
Dmitry Stogov
8202b97077 Use full path 2016-11-16 23:01:40 +03:00
Dmitry Stogov
a91f3d475e Fixed ZTS build 2016-11-16 16:43:57 +03:00
Christoph M. Becker
eb570294a2 Fix #73530: Unsetting result set may reset other result set 
Calling sqlite3_reset() when a result set object is freed can cause
undesired and maybe even hard to track interference with other result
sets. Furthermore, there is no need to call sqlite3_reset(), because
that is implicitly called on SQLite3Stmt::execute(), and users are
encouraged to explicitly call either SQLite3Result::finalize() or
SQLite3Stmt::reset() anyway.
 2016-11-16 11:49:04 +01:00
Dmitry Stogov
ecba563f2f Fixed bug #69090 (check cached files permissions) 2016-11-16 12:43:10 +03:00
Anatol Belski
d6d08f97cd fix memory leak 2016-11-08 12:12:58 +01:00
Anatol Belski
33766347cb Merge remote-tracking branch 'phpsec/PHP-5.6.28' into PHP-5.6 2016-11-08 11:06:52 +01:00
Jakub Zelenka
493b2bff02 Fix bug #72776 (Invalid parameter in memcpy function trough openssl_pbkdf2) 2016-11-06 20:40:51 +00:00
Anatol Belski
617f38b0e0 fix dir separator in test 2016-11-04 18:29:54 +01:00
Stanislav Malyshev
40f7fea897 Add length check for bzcompress too - fix for bug #73356 2016-11-03 22:10:22 -07:00
Stanislav Malyshev
1fd18821e0 More string length checks & fixes 2016-11-03 21:35:09 -07:00
Derick Rethans
ccb91cde94 Updated to version 2016.9 (2016i) 2016-11-03 13:57:28 -04:00
Anatol Belski
99b242a6d0 Fixed bug #73418 Integer Overflow in "_php_imap_mail" leads to crash 2016-11-03 17:03:23 +01:00
Christoph M. Becker
2eacb53fc4 Fix #73436: Setting allow_url_fopen to Off makes several tests fail 
We make sure that these tests run with allow_url_fopen=1.
 2016-11-01 20:13:53 +01:00
Christoph M. Becker
863d37ea66 Fix #72696: imagefilltoborder stackoverflow on truecolor images 
We must not allow negative color values be passed to
gdImageFillToBorder(), because that can lead to infinite recursion
since the recursion termination condition will not necessarily be met.
 2016-10-30 14:31:29 -07:00
Christoph M. Becker
6499581af7 Fix #72482: Ilegal write/read access caused by gdImageAALine overflow 
Instead of rolling our own bounds check we use clip_1d() as it's done
in gdImageLine() and in external libgd. We must not pass the image
width and height, respectively, but rather the largest ordinate value
that is allowed to be accessed, i.e. width-1 and height-1,
respectively.
 2016-10-30 14:28:23 -07:00
Xinchen Hui
ef75ddd4f9 Fixed bug #73402 (Opcache segfault when using class constant to call a method) 2016-10-29 23:41:51 +08:00
Christoph M. Becker
cd13d0260a Fix #72494: imagecropauto out-of-bounds access 
This issue has actually already been fixed with commit 46f2c690. We're
adding a regression test and a NEWS entry, and also port the fix in
gdImageCropThreshold() from libgd:
  * <https://github.com/libgd/libgd/commit/b347e034>
  * <https://github.com/libgd/libgd/commit/46f2c690>
 2016-10-25 14:29:48 +02:00