If we're expecting the start of an encoded word (`=?`), but instead of
the question mark get a line break (CR or LF), we must not append it to
the `pretval`.
There's no need to actually try to trigger an out-of-memory condition
to proof the leak; instead we can simply rely on the Zend MM to report
the memory leaks in debug mode (at least on Linux). Therefore we
simplify the regression test, which also makes it run much faster.
jewish.c includes ISO-8859-8 encoded Hebrew Hebrew month names, which
may cause compile errors, and is generally confusing. We replace the
literal month names with appropriate escape sequences.
* PHP-7.0:
Fixed bug #76459 windows linkinfo lacks openbasedir check
Add NEWS
Fixed bug #76459 windows linkinfo lacks openbasedir check
Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data
Fix bug #76423 - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
* PHP-5.6:
Add NEWS
Fixed bug #76459 windows linkinfo lacks openbasedir check
Fix bug #76557: heap-buffer-overflow (READ of size 48) while reading exif data
Fix bug #76423 - Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c
Due to incorrect string termination and length handling, several HTML
entities missed the trailing semicolon.
We also fix the obviously wrong expectations in two already existing
tests.
The search path needs to be appended with the wild card. Till now, an
edge case existed, so then if a path is 259 bytes long, which is smaller
_MAX_PATH, the suffix would cause the final search path to become longer
than _MAX_PATH. It is an edge case, when the starting path happens to
have a specific length. If the starting path was longer than _MAX_PATH
or the addition of "\\*" would not exceed _MAX_PATH, the function was
correct. Except for rewind, which was broken in the case of the long
path.
Bugfix #76524: Free up zip internal state and adjust the tests for Windows
Bugfix #76524: Fix possible use after free for libzip 1.3.1
Bugfix #76524: Make the test independent of platform
Validate that "C" serialization payload is followed by "}" prior to
calling the unserialize() handler. This mitigates issues caused by
unserialize() not correctly handling strings that are not NUL
terminated. Making sure that there is a "}" at the end avoids the
problem.
Some JFIF images contain empty APP segments, i.e. those which consist
only of the marker bytes and the length, but without actual content.
It appears to be doubtful to have empty APP segments, but we should
apply the robustness principle, and accept these, instead of simply
failing in this case.
We choose to add empty APP segments to $imageinfo with an empty string
as value, instead of NULL, or even to omit these segments altogether.
This patch also fixes the potential issue that php_stream_read() might
not read the supposed number of bytes, which could result in garbage to
be added to the read value.
