php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-18 13:31:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,901 Commits 547 Branches 1,483 Tags
ba15e8dfd0bbe65fd7022f55cf5bdaca413d96e4
Commit Graph

206 Commits

Author SHA1 Message Date
Stanislav Malyshev
0cb9d75cb6 Merge branch 'PHP-5.4.40' into PHP-5.5.24 
* PHP-5.4.40:
  Additional fix for bug #69324
  More fixes for bug #69152
  Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions)
  Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar)
  Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER)
  Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
  Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault)
  Fixed bug #68901 (use after free)
  Fixed bug #68740 (NULL Pointer Dereference)
  Fix bug #66550 (SQLite prepared statement use-after-free)
  Better fix for #68601 for perf 81e9a993f2
  Fix bug #68601 buffer read overflow in gd_gif_in.c
  Revert "Merge branch 'PHP-5.4' of https://git.php.net/repository/php-src into PHP-5.4"
  Fixed bug #69293
  Add ZEND_ARG_CALLABLE_INFO to allow internal function to type hint against callable.
 2015-04-11 16:56:12 -07:00
Stanislav Malyshev
f938112c49 Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) 2015-04-11 16:53:21 -07:00
Anatol Belski
43652d386a simplify error handling for dirs as magic 2015-01-22 10:16:13 +01:00
Joshua Rogers
91aa340180 Fixed bug #68827 Double free with disabled ZMM 2015-01-22 09:59:13 +01:00
Anatol Belski
5fe54dbaf9 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug #68735 fileinfo out-of-bounds memory access
 2015-01-04 14:22:37 +01:00
Anatol Belski
ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Anatol Belski
b644dcfb72 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  removed dead code
 2015-01-04 09:40:56 +01:00
Remi Collet
919abf0cb1 removed dead code 2015-01-04 09:40:19 +01:00
Anatol Belski
d92a87d7cb Fixed bug #68671 incorrect expression in libmagic 2014-12-30 19:37:27 +01:00
Remi Collet
5b295bf191 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers 
Upstream commit
39c7ac1106

CVE -2014-3710

(cherry picked from commit 1803228597)
 2014-10-25 11:29:16 +02:00
Remi Collet
1803228597 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers 
Upstream commit
39c7ac1106

CVE -2014-3710
 2014-10-22 15:37:04 +02:00
Ard Biesheuvel
7958793342 Merge branch 'PHP-5.4' into PHP-5.5 2014-09-20 16:40:02 -07:00
Ard Biesheuvel
e64da8c20d Fixed bug #66242 (don't assume char is signed) 
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2014-09-20 16:39:48 -07:00
Stanislav Malyshev
3468f03b6f Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #67716 - Segfault in cdf.c
 2014-08-14 17:21:29 -07:00
Remi Collet
35f32637b0 Fix bug #67716 - Segfault in cdf.c 2014-08-14 17:21:20 -07:00
Remi Collet
49387b31cf Fix bug #67716 - Segfault in cdf.c 2014-08-14 17:19:03 -07:00
Andrey Hristov
41e1ccefd5 Merge branch 'PHP-5.4' into PHP-5.5 
Conflicts:
	NEWS
	configure.in
	main/php_version.h
 2014-08-06 15:27:56 +03:00
Stanislav Malyshev
eeaec70758 Fix bug #67705 (extensive backtracking in rule regular expression) 2014-08-04 00:05:40 -07:00
Remi Collet
12a62ce868 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #67413 	fileinfo: cdf_read_property_info insufficient boundary chec
 2014-06-10 14:35:23 +02:00
Remi Collet
25b1dc917a Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec 
Upstream:
93e063ee37

Adapted for C standard.
 2014-06-10 14:33:37 +02:00
Remi Collet
ff66c90af0 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Bug #67412 	fileinfo: cdf_count_chain insufficient boundary check
 2014-06-10 14:23:37 +02:00
Remi Collet
40ef6e07e0 Bug #67412 fileinfo: cdf_count_chain insufficient boundary check 
Upstream:
40bade80cb
 2014-06-10 14:22:04 +02:00
Remi Collet
f6fee381be Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #67411 	fileinfo: cdf_check_stream_offset insufficient boundary check
 2014-06-10 14:16:07 +02:00
Remi Collet
5c9f967999 Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check 
Upstream:
36fadd2984
 2014-06-10 14:13:14 +02:00
Remi Collet
18ff81eb1a Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size
 2014-06-10 14:04:36 +02:00
Remi Collet
e77659a8c8 Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size 
Upstream
27a14bc7ba
 2014-06-10 14:02:36 +02:00
Remi Collet
2d59b87527 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fix bug #67326	fileinfo: cdf_read_short_sector insufficient boundary check
 2014-06-03 11:09:04 +02:00
Remi Collet
4fcb9a9d1b Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check 
Upstream fix 6d209c1c48.patch
Only revelant part applied
 2014-06-03 11:05:00 +02:00
Anatol Belski
d184f07b3c backport this piece from 5.6, related to the #66307 fix 2014-05-26 18:05:13 -07:00
Anatol Belski
15ee33eb21 Fixed bug #66307 Fileinfo crashes with powerpoint files 2014-05-26 18:04:27 -07:00
Stanislav Malyshev
5ce11c2698 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation)
  Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS
 2014-05-26 18:03:01 -07:00
Stanislav Malyshev
4005f06df6 Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation) 
Upstream patch: b8acc83781
 2014-05-26 18:01:17 -07:00
Stanislav Malyshev
57225f09ed Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS 
Upstream fix: f97486ef5d
 2014-05-26 17:45:14 -07:00
Anatol Belski
d7bb09cc1d backport this piece from 5.6, related to the #66307 fix 2014-04-24 19:50:23 +02:00
Anatol Belski
03fa5501a8 Fixed bug #66307 Fileinfo crashes with powerpoint files 2014-04-24 19:30:34 +02:00
Remi Collet
178eac6c98 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian)
 2014-03-31 16:57:12 +02:00
Remi Collet
2c204a55af Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian) 
On little endian:
	map->p == php_magic_database
	map->magic[i] = pointer into the map

	map->p == NULL
	map->magic[i] = pointer to allocated memory

On big endian (ppc64, s390x, ...):
	map->p != php_magic_database and map->p != NULL
        map->magic[i] = pointer into a copy of the map

Trying to efree pointer in the later cause memory corruption
Thanks to dkatulek / Red Hat for the report.
 2014-03-31 16:50:47 +02:00
Remi Collet
5d08cae346 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #66820 out-of-bounds memory access in fileinfo
 2014-03-04 20:36:08 +01:00
Remi Collet
a33759fd27 Fixed Bug #66820 out-of-bounds memory access in fileinfo 
Upstream fix:
447558595a

Notice, test changed, with upstream agreement:
-define OFFSET_OOB(n, o, i)	((n) < (o) || (i) >= ((n) - (o)))
+define OFFSET_OOB(n, o, i)	((n) < (o) || (i) >  ((n) - (o)))
 2014-03-04 20:32:52 +01:00
Remi Collet
bc0b6e02e4 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Improves fix for memory leak, keep in sync with upstream.
 2014-03-04 13:43:42 +01:00
Remi Collet
731013ee8e Improves fix for memory leak, keep in sync with upstream. 
Previous fix:
http://git.php.net/?p=php-src.git;a=commitdiff;h=10eb0070700382f966bf260e44135e1f724a15d2

Upstream fix:
c0c0032b9e
 2014-03-04 13:41:37 +01:00
Anatol Belski
6d4d4155d2 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fixed leak introduced after CVE/upgrade
 2014-02-20 18:54:35 +01:00
Anatol Belski
10eb007070 fixed leak introduced after CVE/upgrade 2014-02-20 18:53:53 +01:00
Remi Collet
bdd65b578c Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  NEWS
  Fixed Bug #66731 file: infinite recursion
 2014-02-18 13:57:10 +01:00
Remi Collet
89f864c547 Fixed Bug #66731 file: infinite recursion 
Upstream commit (available in file-5.17)

3c081560c2
cc9e74dfec
 2014-02-18 13:54:33 +01:00
Veres Lajos
e9a95d78ef typo fixes 2013-07-15 00:23:03 -07:00
Veres Lajos
72085b0e5f typo fixes 2013-07-15 00:18:57 -07:00
Anatol Belski
933e01bbac Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug #64830 mimetype detection segfaults on mp3 file
 2013-05-14 09:41:38 +02:00
Anatol Belski
74555e7c26 Fixed bug #64830 mimetype detection segfaults on mp3 file 2013-05-14 09:40:43 +02:00
Anatol Belski
d72307f1ca Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed bug bug #64713 Compilation warnings in finfo
 2013-04-27 13:51:12 +02:00