php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-22 23:48:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
77,286 Commits 549 Branches 1,485 Tags
41fc3c76e97a36ff3b505da7d704ca17bb171fdf
Commit Graph

1190 Commits

Author SHA1 Message Date
Stanislav Malyshev 61c7a06e7c Fix memory leak 2016-04-26 22:54:58 -07:00
Stanislav Malyshev b15f0ecc0f Fix for bug #71912 (libgd: signedness vulnerability) 2016-04-18 22:24:16 -07:00
Remi Collet aa8d3a8cc6 fix the fix for bug #70976 (imagerotate) 2016-01-12 14:03:35 +01:00
Stanislav Malyshev 2baeb167a0 Improve fix for bug #70976 2015-12-28 23:44:14 -08:00
Stanislav Malyshev 4bb422343f Fix bug #70976: fix boundary check on gdImageRotateInterpolated 2015-12-07 23:33:05 -08:00
Christoph M. Becker 7469c7e7d0 Fixed bug #61221 - imagegammacorrect function loses alpha channel 
When applying imagegammacorrect() the alpha channel is now fully retained, instead of being completely lost.
 2015-06-17 02:15:59 +02:00
Stanislav Malyshev 4e2fb47092 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #69646	OS command injection vulnerability in escapeshellarg
  Fix #69719 - more checks for nulls in paths
  fix test description
  Fixed Buf #68812 Unchecked return value.

Conflicts:
	ext/dom/document.c
	ext/gd/gd.c
 2015-06-09 15:31:27 -07:00
Stanislav Malyshev f7d7befae8 Fix #69719 - more checks for nulls in paths 2015-06-09 10:52:38 -07:00
Remi Collet e807e07bfa Fixed Bug #69479 GD fails to build with newer libvpx 
From upstream https://github.com/libgd/libgd/commit/d41eb72cd4545c394578332e5c102dee69e02ee8

Fix build with latest libvpx 1.4.0

These new constants exist at least since 1.0.0
Compatibility ones have been droped in 1.4.0
 2015-05-24 09:37:12 +02:00
Stanislav Malyshev ba15e8dfd0 Merge branch 'PHP-5.4.40' into PHP-5.5.24 
* PHP-5.4.40:
  fix memory leak & add test
  Fix tests
 2015-04-12 23:49:16 -07:00
Stanislav Malyshev a643ccfb90 Fix tests 2015-04-12 20:55:35 -07:00
Stanislav Malyshev 0cb9d75cb6 Merge branch 'PHP-5.4.40' into PHP-5.5.24 
* PHP-5.4.40:
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  Fixed bug #68901 (use after free)
  Fixed bug #68740 (NULL Pointer Dereference)
  Fix bug #66550 (SQLite prepared statement use-after-free)
  Better fix for #68601 for perf https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
  Fix bug #68601 buffer read overflow in gd_gif_in.c
  Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
  Fixed bug #69293
  Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
 2015-04-11 16:56:12 -07:00
Stanislav Malyshev 4435b9142f Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) 2015-04-11 16:53:22 -07:00
Remi Collet bd31cb7563 Better fix for #68601 for perf 
https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
 2015-04-05 17:36:47 -07:00
Remi Collet afbf725e73 Fix bug #68601 buffer read overflow in gd_gif_in.c 2015-04-05 17:33:52 -07:00
Anatol Belski b5aca81de1 backport gd config.w32 to support freetype 2.5 2015-02-12 20:27:48 +01:00
Xinchen Hui 73c1be2653 Bump year 2015-01-15 23:26:03 +08:00
Stanislav Malyshev 184b6d9e73 fix memory leak 2015-01-04 21:07:57 -08:00
Stanislav Malyshev 5639c3350e Merge branch 'pull-request/742' into PHP-5.5 
* pull-request/742:
  Fixed typo
  GD: imagepalettetotruecolor tests
 2015-01-04 19:47:54 -08:00
Stanislav Malyshev 75f93ed663 fix GD tests with no GD loaded 2015-01-04 19:45:57 -08:00
Remi Collet 5fc2fede9c Better fix for #68601 for perf 
https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
 2014-12-17 10:59:36 +01:00
Remi Collet 07b5896a13 Fix bug #68601 buffer read overflow in gd_gif_in.c 2014-12-13 09:03:44 +01:00
Stanislav Malyshev f86aa349eb move tests into proper place 2014-11-24 12:26:20 -08:00
Remi Collet 2728e6f017 Fixed Bug #65171 imagescale() fails 
Third param (height) is set as optional,
but default value = -1 is incorrect

Compute correct height to preserve ratio.
 2014-10-15 19:13:25 +02:00
Matteo Beccati b8470e19e4 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed freetype test on multiple environments
 2014-09-16 10:22:34 +02:00
Matteo Beccati 00525b824a Fixed freetype test on multiple environments 
Some environments, apparently regardless to the freetype version, output 155, while others 156. I guess we can accept both ;)

This reverts commit 592df89027.
 2014-09-16 10:19:29 +02:00
Matteo Beccati 72c9b0e12b Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed test with freetype >= 2.4.12
 2014-09-03 09:44:59 +02:00
Matteo Beccati 592df89027 Fixed test with freetype >= 2.4.12 2014-09-03 09:43:29 +02:00
Lior Kaplan c8b3bce407 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Bug #67730: Add tests by Ryan Mauger <ryan@rmauger.co.uk>
 2014-08-25 00:30:01 +03:00
Lior Kaplan bda1cc6946 Bug #67730: Add tests by Ryan Mauger <ryan@rmauger.co.uk> 2014-08-25 00:29:05 +03:00
Sara Golemon ac4569621d Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Switch use of strtok() to gd_strtok_r()

Conflicts:
	NEWS
 2014-08-19 13:17:56 -07:00
Sara Golemon cbe1597b74 Switch use of strtok() to gd_strtok_r() 
strtok() is not thread safe, so this will potentially break in
very bad ways if used in ZTS mode.

I'm not sure why gd_strtok_r() exists since it seems to do the
same thing as strtok_r(), but I'll assume it's a portability
decision and do as the Romans do.
 2014-08-19 13:16:44 -07:00
Stanislav Malyshev b278be894f Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  5.4.32
  fix potentially missing NUL termination
  Fix bug #67730 - Null byte injection possible with imagexxx functions
  Fixed bug #67717 - segfault in dns_get_record
  Fix bug #67716 - Segfault in cdf.c
  5.4.32 RC1
 2014-08-19 01:34:09 -07:00
Stanislav Malyshev 706aefb781 Fix bug #67730 - Null byte injection possible with imagexxx functions 2014-08-18 22:49:10 -07:00
Andrey Hristov 41e1ccefd5 Merge branch 'PHP-5.4' into PHP-5.5 
Conflicts:
	NEWS
	configure.in
	main/php_version.h
 2014-08-06 15:27:56 +03:00
Remi Collet cf4753691d Fixed Bug #66901 php-gd 'c_color' NULL pointer dereference 
Upstream https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704

Notice: this fix don't manage monochrome/monovisual values
but just fix the security issue CVE-2014-2497
failing when trying to load such an image
 2014-08-04 10:42:39 +02:00
Stanislav Malyshev 291b45afb5 Fix bug #67248 (imageaffinematrixget missing check of parameters) 2014-05-11 18:14:57 -07:00
Anatol Belski 3f049bcff2 made libgd recognize the 9 version series 2014-03-12 19:30:27 +01:00
Remi Collet 862c006da1 Fix bug #66887 imagescale - poor quality of scaled image 
Issue with signed char overflow.

Upstream fix:
https://bitbucket.org/libgd/gd-libgd/commits/4b86e06937bc5ff116be969137f8da9d1a7869d5
 2014-03-12 17:10:51 +01:00
Remi Collet f2d5b2b6c6 Fixed Bug #66893i imagescale ignore method argument 
We also have our goto fail; bug.

Upstream fix for libgd
https://bitbucket.org/libgd/gd-libgd/commits/5b42b1178c37ffd30c9a15733058656be0277da0
 2014-03-12 15:35:42 +01:00
Remi Collet dada2f550f Fixed Bug #66890 imagescale segfault 
zend_parse_parameters "l" expect long, not int
 2014-03-12 13:44:58 +01:00
Pierre Joye 8e3c2015dc - fix #66869, Invalid 2nd argument crashes imageaffinematrixget 2014-03-09 21:12:19 +01:00
Remi Collet af09d8b96a Fixed Bug #66815 imagecrop(): insufficient fix for NULL defer CVE-2013-7327 
This amends commit 8f4a537, which aimed to correct NULL dereference because of
missing check of gdImageCreateTrueColor() / gdImageCreate() return value.  That
commit checks for negative crop rectangle width and height, but
gdImageCreate*() can also return NULL when width * height overflows.  Hence
NULL deref is still possible, as gdImageSaveAlpha() and gdImagePaletteCopy()
is called before dst == NULL check.

This moves NULL check to happen right after gdImageCreate*().  It also removes
width and height check before gdImageCreate*(), as the same check is done by
image create functions (with an extra warning).

From thoger redhat com
 2014-03-05 10:40:36 +01:00
Brad Daily 143bb29c1a Fixes #66714: imageconvolution breakage in 5.5.9 
5.5.9 included some GD fixes related to #66356. One of those fixes changed the 
above section of imageconvolution, but the variable was mistyped.
 2014-02-19 15:24:15 -06:00
Xinchen Hui 47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Remi Collet 464c219ed4 minor fix on previous 2013-12-28 14:29:14 +01:00
Remi Collet 8f4a5373bb Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()) 
Initial fix was PHP stuff
This one is libgd fix.

- filter invalid crop size
- dont try to copy on invalid position
- fix crop size when out of src image
- fix possible NULL deref
- fix possible integer overfloow
 2013-12-28 14:22:13 +01:00
Xinchen Hui 2938329ce1 Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()) 
And also fixed the bug: arguments are altered after some calls
 2013-12-27 14:04:59 +08:00
Adam Harvey d7a45a67be Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Switch to using freetype-config for freetype detection.
 2013-12-07 19:41:23 -08:00