`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.
We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.
* PHP-7.0: (34 commits)
Fix URL rewriter partially
Support "git worktree"
Add NEWS
Fix ASSERT logic
Bugfix 72791: fix memory leak in PDO persistent connections
Don't copy mime types in CLI server
Remove obsolete Id tags
Bump version in OCI8 test
Fixed bug #72788 (Invalid memory access when using persistent PDO connection)
Remove typo'd commit
Fix bug 72788: Invalid memory access when database_object_handle is undefined. Also fix memory leak in dbh_free when using persistent PDO connections.
Replace dead branch with ZEND_ASSERT()
Add test for bug #69107: finfo no longer detects PHP files
Fix bug #55451
Fix stream_socket_enable_crypto() test
Remove old $Id$ tags
Sync with 7.1 branch changes from Nikita & Dimitri to keep OCI8 code identical
Fix bug #72524 (Binding null values triggers ORA-24816 error)
Fix the fix (Nikita), thanks!
Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.
...
Conflicts:
ext/standard/ftp_fopen_wrapper.c
This should be safe change, as we don't dereference value and member
after calling setter/getter.
And compare to adding unref codes, this is much cheaper.
Under the special circumstance where a garbage collected objects bucket slot was not reused until the end of the script, we get access into freed memory...
No test added as it usually is valgrind-only, and only sometimes when the memory happens to have changed (i.e. (GC_FLAGS(obj) & IS_OBJ_FREE_CALLED) == 0), it actually *may* segfault
* PHP-5.5:
fix#72519, possible OOB using imagegif
fix#72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
ext/bz2/bz2.c
main/SAPI.c
main/php_variables.c
Previously reference arguments were allowed if call_user_func()
was compiled to SEND_USER and not otherwise. Make it consistent
by always forbidding them.
