GD2 stores the number of horizontal and vertical chunks as words (i.e. 2
byte unsigned). These values are multiplied and assigned to an int when
reading the image, what can cause integer overflows. We have to avoid
that, and also make sure that either chunk count is actually greater
than zero. If illegal chunk counts are detected, we bail out from
reading the image.
(cherry picked from commit 5b5d9db3988b829e0b121b74bb3947f01c2796a1)
We must not pretend that there are image data if there are none. Instead
we fail reading the image file gracefully.
(cherry picked from commit cdb648dc4115ce0722f3cc75e6a65115fc0e56ab)
opcache_reset() only schedules the restart. Under circumstances,
the follow up requests might run uncached, until the restart
condition is met. To mitigate the false positives caused by this
behavior, any tests using opcache_reset() should not be put in
between other tests. Thus, moving the corresponding test to be
executed last.
* 'PHP-7.0' of git.php.net:/php-src:
Fixed bug #67707 IV not needed for ECB encryption mode, but it returns a warning
Fixed#73907 (nextSibling property not included in var_dump of DOMNode)
Fixed bug #61858 (DOMAttr debug info generates E_WARNING)
Fix glob-wrapper.phpt to not fail in Windows
Fix#73893: A hidden danger of death cycle in a function of gd
It seems fair to remove this warning, given that:
* it is not documented in the official documentation
* the $specified property, which has a similar 'not implemented' status,
also does not trigger a warning
* it apparently hinders quite a lot of people during debugging, judging by
the number of votes on the bug
php_check_open_basedir() expects a local filesystem path,
but we're handing it a `glob://...` URI instead.
Move the check to after the path trim so that we're checking
a meaningful pathspec.
The stream handler assumed all HTTP headers contained exactly one space,
but the standard says there may be zero or more. Should fix Bug #47021,
and any other edge cases caused by a web server sending unusual spacing,
e.g. the MIME type discovered from Content-Type: can no longer contain
leading whitespace.
We strip trailing whitespace from the headers added into
$http_response_header as well.
