php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-19 22:11:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
71,090 Commits 547 Branches 1,483 Tags
d263ecd8640697d6cde4b71ec722e8a2e5022dcf
Commit Graph

153 Commits

Author SHA1 Message Date
Stanislav Malyshev
f938112c49 Fix bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault) 2015-04-11 16:53:21 -07:00
Anatol Belski
ede59c8feb Fixed bug #68735 fileinfo out-of-bounds memory access 2015-01-04 14:20:21 +01:00
Remi Collet
919abf0cb1 removed dead code 2015-01-04 09:40:19 +01:00
Remi Collet
1803228597 Fix bug #68283: fileinfo: out-of-bounds read in elf note headers 
Upstream commit
39c7ac1106

CVE -2014-3710
 2014-10-22 15:37:04 +02:00
Ard Biesheuvel
e64da8c20d Fixed bug #66242 (don't assume char is signed) 
This fixes a bug in libmagic where a cast to 'char' is assumed to result
in sign extension to occur. However, unqualified 'char' is unsigned on
architectures such as ARM, so the cast needs to be to 'signed char'
explicitly.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
 2014-09-20 16:39:48 -07:00
Remi Collet
35f32637b0 Fix bug #67716 - Segfault in cdf.c 2014-08-14 17:21:20 -07:00
Stanislav Malyshev
eeaec70758 Fix bug #67705 (extensive backtracking in rule regular expression) 2014-08-04 00:05:40 -07:00
Remi Collet
25b1dc917a Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary chec 
Upstream:
93e063ee37

Adapted for C standard.
 2014-06-10 14:33:37 +02:00
Remi Collet
40ef6e07e0 Bug #67412 fileinfo: cdf_count_chain insufficient boundary check 
Upstream:
40bade80cb
 2014-06-10 14:22:04 +02:00
Remi Collet
5c9f967999 Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary check 
Upstream:
36fadd2984
 2014-06-10 14:13:14 +02:00
Remi Collet
e77659a8c8 Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal string size 
Upstream
27a14bc7ba
 2014-06-10 14:02:36 +02:00
Remi Collet
4fcb9a9d1b Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary check 
Upstream fix 6d209c1c48.patch
Only revelant part applied
 2014-06-03 11:05:00 +02:00
Anatol Belski
d184f07b3c backport this piece from 5.6, related to the #66307 fix 2014-05-26 18:05:13 -07:00
Anatol Belski
15ee33eb21 Fixed bug #66307 Fileinfo crashes with powerpoint files 2014-05-26 18:04:27 -07:00
Stanislav Malyshev
4005f06df6 Fix bug #67328 (fileinfo: numerous file_printf calls resulting in performance degradation) 
Upstream patch: b8acc83781
 2014-05-26 18:01:17 -07:00
Stanislav Malyshev
57225f09ed Fix bug #67327: fileinfo: CDF infinite loop in nelements DoS 
Upstream fix: f97486ef5d
 2014-05-26 17:45:14 -07:00
Remi Collet
2c204a55af Fixed Bug #66987 Memory corruption in fileinfo ext (bigendian) 
On little endian:
	map->p == php_magic_database
	map->magic[i] = pointer into the map

	map->p == NULL
	map->magic[i] = pointer to allocated memory

On big endian (ppc64, s390x, ...):
	map->p != php_magic_database and map->p != NULL
        map->magic[i] = pointer into a copy of the map

Trying to efree pointer in the later cause memory corruption
Thanks to dkatulek / Red Hat for the report.
 2014-03-31 16:50:47 +02:00
Remi Collet
a33759fd27 Fixed Bug #66820 out-of-bounds memory access in fileinfo 
Upstream fix:
447558595a

Notice, test changed, with upstream agreement:
-define OFFSET_OOB(n, o, i)	((n) < (o) || (i) >= ((n) - (o)))
+define OFFSET_OOB(n, o, i)	((n) < (o) || (i) >  ((n) - (o)))
 2014-03-04 20:32:52 +01:00
Remi Collet
731013ee8e Improves fix for memory leak, keep in sync with upstream. 
Previous fix:
http://git.php.net/?p=php-src.git;a=commitdiff;h=10eb0070700382f966bf260e44135e1f724a15d2

Upstream fix:
c0c0032b9e
 2014-03-04 13:41:37 +01:00
Anatol Belski
10eb007070 fixed leak introduced after CVE/upgrade 2014-02-20 18:53:53 +01:00
Remi Collet
89f864c547 Fixed Bug #66731 file: infinite recursion 
Upstream commit (available in file-5.17)

3c081560c2
cc9e74dfec
 2014-02-18 13:54:33 +01:00
Veres Lajos
e9a95d78ef typo fixes 2013-07-15 00:23:03 -07:00
Anatol Belski
74555e7c26 Fixed bug #64830 mimetype detection segfaults on mp3 file 2013-05-14 09:40:43 +02:00
Anatol Belski
cdc1a63790 Fixed bug bug #64713 Compilation warnings in finfo 2013-04-27 13:49:50 +02:00
Anatol Belski
9de5dcad1c fix ident 2013-04-08 15:51:22 +02:00
Anatol Belski
f3ca1155d6 Refactored the previous memleak fix 
to avoid usage of a freed pointer. Thanks Laruence )
 2013-04-08 14:32:37 +02:00
Anatol Belski
28e26b0fad fix memory leak at apprentice.c:1095 2013-04-08 12:49:53 +02:00
Anatol Belski
b0b81c0a37 fixed EOL 2013-04-08 09:20:43 +02:00
Anatol Belski
10367fa7c6 upgraded libmagic to 5.14 2013-04-07 22:15:56 +02:00
Anatoliy Belsky
d88017e992 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Fixed bug #63590 Fileinfo delivers ifferent results in TS and NTS under Windows

Conflicts:
	NEWS
	ext/fileinfo/libmagic.patch
	ext/fileinfo/tests/finfo_open_error-win32.phpt
 2012-11-27 16:45:25 +01:00
Anatoliy Belsky
e6b727d3b7 Fixed bug #63590 Fileinfo delivers ifferent results in TS and NTS under Windows 2012-11-27 16:33:58 +01:00
Anatoliy Belsky
8a84b1b5d9 Backported the fix for bug #63248 from 5.4+ 2012-11-23 13:58:22 +01:00
Xinchen Hui
0d7965f0a3 Merge the fix for #61964 to 5.3, which will fix #63304 2012-10-18 23:29:33 +08:00
Anatoliy Belsky
6d019deee2 Fixed bug #63248 Load multiple magic files on win 
- adapt config.w32 to not to use dirent lib anymore
- prevent libmagic from opening a dir handle under win
- reimplement the dir iteration functionality with streams
 2012-10-16 11:03:32 +02:00
Xinchen Hui
328a3d9f13 regenerate patch, and save a strlen 2012-09-11 11:43:47 +08:00
Xinchen Hui
0a25a0241e Fix the wrong use of snprintf which is introduced in 1d2f619049 2012-09-10 23:08:54 +08:00
Stanislav Malyshev
1916bb223e Merge branch 'pull-request/91' into PHP-5.4 
* pull-request/91:
  Fixed bug #61964 (finfo_open with directory cause invalid free)
 2012-07-14 18:52:24 -07:00
Reeze Xia
1d2f619049 Fixed bug #61964 (finfo_open with directory cause invalid free) 2012-05-25 18:55:34 +08:00
Felipe Pena
84b2c39920 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  - Fixed magic file regex support
 2012-05-24 13:43:35 -03:00
Felipe Pena
11b4f3becd - Fixed magic file regex support 2012-05-24 13:42:47 -03:00
Xinchen Hui
0d115ca211 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Fixed warning implicit declaration of function 'file_printedlen'
 2012-04-22 19:59:46 +08:00
Xinchen Hui
f13b0ede07 Fixed warning implicit declaration of function 'file_printedlen' 2012-04-22 19:52:07 +08:00
Xinchen Hui
b225330707 Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Fixed bug #61812 (Uninitialised value used in libmagic)
 2012-04-22 19:39:02 +08:00
Xinchen Hui
c06e92a533 Fixed bug #61812 (Uninitialised value used in libmagic) 2012-04-22 19:38:14 +08:00
Anatoliy Belsky
374646c36b Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  updated the libmagic.patch
  Bug #61566 Fileinfo ext\fileinfo\tests\finfo_file_002.phpt fails
  Fix bug #61565 Fileinfo ext\fileinfo\tests\finfo_file_001.phpt fails
  - update to openssl 0.9.8u

Conflicts:
	ext/fileinfo/tests/finfo_open_001.phpt
	ext/fileinfo/tests/finfo_open_error.phpt
	win32/build/libs_version.txt
 2012-04-02 17:36:50 +02:00
Anatoliy Belsky
909713e233 Bug #61566 Fileinfo ext\fileinfo\tests\finfo_file_002.phpt fails 
This patch fixes the failure caused by the
posix lseek and read versions under windows in cdf_read() .
Additionally all the occurences of lseek and read
was replaced by _lseek and _reed for windows.
 2012-04-02 17:22:46 +02:00
Anatoliy Belsky
4f23ee8f5e Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  Bug 61504 updated libmagic.patch
  Bug #61504 TSRML_FETCH() must be last
 2012-03-28 12:10:25 +02:00
Anatoliy Belsky
e7fa402c7c Bug #61504 TSRML_FETCH() must be last 2012-03-28 12:05:20 +02:00
Gustavo André dos Santos Lopes
067603106e Restored the good part of 74ee335 that was just reverted. 2012-03-28 08:43:41 +01:00
Gustavo André dos Santos Lopes
c6e15455a3 Revert "- fix bug #61504, fix build errors on windows and possibly other" 
This reverts commit 74ee335e3a.
 2012-03-28 08:41:18 +01:00