d3d6d7906e
Fix #76167 : mbstring may use pointer from some previous request
...
We must not reuse per-request memory across multiple requests, so this
check triggered during RINIT makes no sense. As explained in the bug
report[1], it can be even harmful, if some request startup fails, and
the pointers refer to already freed memory in the next request.
[1] <https://bugs.php.net/76167 >
Closes GH-7604.
2021-10-25 12:37:28 +02:00
0cafd53d18
Fix #81011 : mb_convert_encoding removes references from arrays
...
We need to dereference references.
Closes GH-6938.
2021-05-04 18:37:40 +02:00
77a8a709da
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix bug #79787
2020-07-08 11:22:18 +02:00
3d5de7d746
Fix bug #79787
...
Closes GH-5807.
2020-07-08 11:20:58 +02:00
3d6199db8a
Add mbregex skipif
2020-06-17 09:35:02 +02:00
3f2f36d5d4
Fix non-default syntax in mb_ereg_search()
2020-06-16 14:31:29 +02:00
8ff1991503
Fix test
2020-04-08 09:41:14 +02:00
9b98cf3209
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Revert "Went to fast and forgot to update tests"
Revert "Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails"
2020-04-07 22:27:00 +02:00
a0df5f3b54
Revert "Went to fast and forgot to update tests"
...
This reverts commit 656eac74fa
2020-04-07 22:24:40 +02:00
6031b08240
Revert "Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails"
...
This commit brings some substantial changes in behaviour due to the weird implementation.
This will be fixed in master due to BC concerns.
This reverts commit 1333b46d6d
2020-04-07 22:23:24 +02:00
c31b2bbd46
Merge branch 'PHP-7.3' into PHP-7.4
2020-04-03 22:10:56 +02:00
656eac74fa
Went to fast and forgot to update tests
...
However due to the really lax conversion to integer all strings pass as 0
2020-04-03 22:03:00 +02:00
7a42611870
Merge branch 'PHP-7.3' into PHP-7.4
2020-04-03 21:28:07 +02:00
1333b46d6d
Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails
2020-04-03 21:18:45 +02:00
cc0052678a
Merge branch 'PHP-7.3' into PHP-7.4
2020-04-01 04:34:09 +02:00
18dc9044f5
Fix bug 79441
2020-04-01 04:29:20 +02:00
db848e1482
Fix #79371 : mb_strtolower (UTF-32LE): stack-buffer-overflow
...
We make sure that negative values are properly compared.
2020-03-16 22:40:48 -07:00
1fdffd1c55
Fix #79371 : mb_strtolower (UTF-32LE): stack-buffer-overflow
...
We make sure that negative values are properly compared.
2020-03-16 22:40:00 -07:00
a73f98eda9
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Add SKIPIF to test requiring mbregex
2020-01-30 11:21:26 +01:00
6ccd675776
Add SKIPIF to test requiring mbregex
2020-01-30 11:20:42 +01:00
43465768f1
Fix shift ub in mbstring
...
Ideally "c" would be an unsigned integer...
2020-01-30 10:07:25 +01:00
9aadcb18e1
Restore digit check in mb_decode_numericentity()
...
I replaced it with a multiplication overflow check in
18599f9c52
2020-01-30 10:07:01 +01:00
acc616c455
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix mb_ord() crash if internal encoding not supported
2020-01-29 16:19:14 +01:00
a62c06c4cf
Fix mb_ord() crash if internal encoding not supported
...
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
2020-01-29 16:18:46 +01:00
18599f9c52
Better overflow check for entity decoding
...
Check for multiplication overflow rather than number of digits.
2020-01-29 16:08:46 +01:00
085371b299
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Reset MBREX(search_re) in RSHUTDOWN
2020-01-29 16:05:38 +01:00
560ff9725e
Reset MBREX(search_re) in RSHUTDOWN
...
This is going to cause a segfault if reused in the next request.
To illustrate the issue, run these two scripts in sequence with
the built-in server:
// script1.php
mb_ereg_search_init('foobar');
mb_ereg_search('foo');
// script2.php
var_dump(mb_ereg_search_init("foobar"));
var_dump(mb_ereg_search_pos());
2020-01-29 16:05:11 +01:00
b3f07afabc
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix use of mb_ereg_search_getregs() after invalid pattern
2020-01-29 12:50:40 +01:00
392ad206a4
Fix use of mb_ereg_search_getregs() after invalid pattern
...
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
2020-01-29 12:50:18 +01:00
5589bf4d4a
Fix length inconsistency in mb_convert_encoding
...
Don't mix strlen() and ZSTR_LEN(). If the encoding contains a
NULL byte, this will overflow the buffer.
NULL bytes will still make this behave oddly because the consuming
code will cut off the string there, but let's address that in master...
2020-01-29 12:19:28 +01:00
91f878779c
Fix recovery of large entities in mb_decode_numericentity()
...
Make sure we don't overflow the integer.
2020-01-29 11:48:34 +01:00
9fcaf25c93
Fix memory leak in mb_str_split
2020-01-28 17:39:49 +01:00
f1bf4bf6eb
Don't leak encoding_str
2020-01-22 11:15:16 +01:00
ab846173e2
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix #79154 : mb_convert_encoding() can modify $from_encoding
2020-01-22 10:30:25 +01:00
9be31a582a
Fix #79154 : mb_convert_encoding() can modify $from_encoding
...
We must not modify arrays passed by value.
2020-01-22 10:28:07 +01:00
94c9dc498f
Fix #79149 : SEGV in mb_convert_encoding with non-string encodings
...
We must not assume that `hash_entry` `IS_STRING`, but rather use
`encoding_str` which is guaranteed to be.
2020-01-22 09:43:51 +01:00
a29c793381
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Update NEWS
Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
Fix #79099 : OOB read in php_strip_tags_ex
Fix #79091 : heap use-after-free in session_create_id()
2020-01-20 22:47:01 -08:00
25ec7eb346
Merge branch 'PHP-7.2' into PHP-7.3
...
* PHP-7.2:
Update NEWS
Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
Fix #79099 : OOB read in php_strip_tags_ex
Fix #79091 : heap use-after-free in session_create_id()
2020-01-20 22:46:29 -08:00
2bcbc95f03
Fix bug #79037 (global buffer-overflow in mbfl_filt_conv_big5_wchar)
2020-01-20 21:43:42 -08:00
1979c5d16f
Upgrade to Oniguruma 6.9.4
...
Oniguruma 6.9.4 fixes several CVEs.
2019-11-30 14:00:41 +01:00
8c4b0ddde5
Add missing skip checks
2019-11-29 23:50:05 +01:00
ff2140c49d
Partially revert "Adapt test cases for Oniguruma 6.9.4"
...
This partially reverts commit c55d09c2f5
2019-11-29 23:40:30 +01:00
2b700841c5
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Adapt test cases for Oniguruma 6.9.4
2019-11-29 17:00:11 +01:00
c55d09c2f5
Adapt test cases for Oniguruma 6.9.4
...
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result. Also,
the order of the named captures has been fixed.
2019-11-29 16:59:19 +01:00
85874af404
Remove obsolete oniguruma.patch
...
The proper `SIZEOF_SIZE_T` definitions are available as of Oniguruma
6.9.1; no more need to patch.
2019-11-05 10:16:22 +01:00
d517c559fc
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix #78633 : Heap buffer overflow (read) in mb_eregi
2019-10-20 23:20:16 -07:00
4f50d58cab
Fix #78633 : Heap buffer overflow (read) in mb_eregi
...
We backport kkos/oniguruma@15c4228aa2 .
2019-10-20 22:47:38 -07:00
5b067163be
Limit retry_limit test to oniguruma >= 6.9.3
...
This test is somewhat fragile in that it depends on how well a
particular regex is optimized. Apparently on 6.9.1 this regex
would hit the default retry_limit of 1000000 already. I'm limiting
this to 6.9.3 because that's the version that works for me.
2019-10-07 10:49:34 +02:00
6623e7ac51
Add support for mbstring.regex_retry_limit
...
This is very similar to the existing mbstring.regex_stack_limit,
but for backtracking. The default value matches pcre.backtrack_limit.
Only used on libonig >= 2.8.0.
2019-10-06 10:06:33 +02:00
3d89f92784
Skip tests for old versions instead of marking them XFAIL
...
According to commit 0eea9a6[1], these tests fail with old Oniguruma
versions; we are not sure which version of Oniguruma is required to let
them pass, but at least 6.9.3 is sufficient.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=0eea9a642941ab5d4c612f8092f186977afbb73e >
2019-09-30 14:14:23 +02:00
Christoph M. Becker