php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-12 10:33:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
115,452 Commits 547 Branches 1,483 Tags
php-7.4.31
Commit Graph

366 Commits

Author SHA1 Message Date
Anatol Belski
fa96c7e000 fileinfo: Fixed bug #78987 High memory usage during encoding detection 
The default buffer size for the encoding detection is set to 64K.

Signed-off-by: Anatol Belski <ab@php.net>
 2021-09-18 21:00:30 +02:00
Christoph M. Becker
39f95f5614 Fix #77961: finfo_open crafted magic parsing SIGABRT 
libmagic may abort the running process, which is not desirable for PHP;
we raise a fatal error instead.

Closes GH-6437.
 2020-11-24 14:01:15 +01:00
Christoph M. Becker
aa88f33f7d Fix #79283: Segfault in libmagic patch contains a buffer overflow 
To solve this, we properly calculate the required string length upfront
instead of allocating an oversized string (`len * 4 + 4`).
 2020-03-16 22:40:48 -07:00
Nikita Popov
d4ba1fd963 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #74170: locale information change after mime_content_type
 2019-12-20 11:24:03 +01:00
Sergei Turchanov
c62cd9a43a Fix #74170: locale information change after mime_content_type 
Some functions in libmagic (distributed with fileinfo extension) perform this sequence of calls:
func() {
setlocale(LC_TYPE, "C")
.. do some work ..
setlocale(LC_TYPE, "")
}

It effectively resets LC_TYPE if it that was set before the function call.

To avoid manipulations with current locale at all, the problematic functions
were modified to use locale-independent functions.
 2019-12-20 11:22:59 +01:00
Stanislav Malyshev
53b1d76144 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
 2019-10-28 20:47:50 -07:00
Stanislav Malyshev
8c2b3b0568 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
 2019-10-28 20:47:44 -07:00
Stanislav Malyshev
2bdb13a1f7 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix libmagic buffer overflow issue (CVE-2019-18218)
  bump version
  set versions for release
 2019-10-28 20:47:30 -07:00
Stanislav Malyshev
469820048d Fix libmagic buffer overflow issue (CVE-2019-18218) 
Ported from 46a8443f76
 2019-10-27 16:30:38 -07:00
Peter Kokot
f002761e08 Update libmagic patch 
This simplifies the libmagic patch:
- in upstream the HAVE_STRERROR check has been removed
- in upstream library the HAVE_SIGNAL_H has been removed
- indentations syncs with the upstream library
- some irrelevant changes removed from the patch (log comment), upstream
  has this correctly logged already so no need to patch the comment.

Closes GH-4298
 2019-07-08 12:38:47 +02:00
Anatol Belski
5ae0a6b784 Set buffer to NULL to prevent double free (Kamil Dudka at redhat) 
Based on the upstream patch d13204e8da43f1d8a98cf3f74591cde02ecdb2f7.
 2019-06-29 17:13:21 +02:00
Anatol Belski
0c8454c02d Partially reapply ba40f505e5 2019-05-30 02:48:01 +02:00
Anatol Belski
57c23df142 Fix datatype 2019-05-30 02:34:35 +02:00
Anatol Belski
622b10f06e Ported limagic 5.37 2019-05-30 02:22:40 +02:00
Nikita Popov
908660c1d7 Avoid maybe uninit warning in libmagic 
GCC 5 false positive, gone in newer versions.
 2019-04-15 10:59:45 +02:00
Nikita Popov
ba40f505e5 Fix unused variable warnings in libmagic 
These variables are only used in assertions.
 2019-04-12 12:03:26 +02:00
Nikita Popov
b65cb7e2aa Fix libmagic warnings 2019-04-11 15:20:05 +02:00
Nikita Popov
275fa53564 Accept zend_string* instead of char* in php_pcre_match_impl() 2019-03-18 12:32:06 +01:00
Fabien Villepinte
b6f9ade9f2 Remove unused variables 2019-03-17 23:29:51 +01:00
Anatol Belski
93a38b1f7c Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix typo in libmagic version
 2019-03-08 21:45:18 +01:00
Fabien Villepinte
d9a3cb0b36 Fix typo in libmagic version 2019-03-08 20:51:09 +01:00
Anatol Belski
c8ebfaa4eb Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fixed bug #77576 pull the libmagic implementation of gmtime_r
 2019-03-08 20:48:24 +01:00
Anatol Belski
65ffdc2adf Fixed bug #77576 pull the libmagic implementation of gmtime_r 
PHP already has all the checks to handle the *_r function variants.
Thus, reusing it to get right symbols.
 2019-03-08 20:32:15 +01:00
Nikita Popov
27e9c05e81 Remove preg_options param from pcre_get_compiled_regex() 
This parameter is always zero and not necessary to call pcre2_match.

I'm leaving the parameter behind on the _ex() variant, so the preg_flags
are still accessible in some way.
 2018-12-26 17:20:13 +01:00
Anatol Belski
992e4fbc65 Fix regex 2018-11-10 12:13:03 +01:00
Anatol Belski
9d77bf0978 Fix regex 2018-11-10 12:11:02 +01:00
Anatol Belski
22f71a66ec Sync one more upstream libmagic piece 2018-11-10 00:19:42 +01:00
Anatol Belski
29dcf19f8b Declare function proto in header 2018-11-05 21:29:35 +01:00
Anatol Belski
0e33c2822c Declare function proto in header 2018-11-05 21:28:04 +01:00
Anatol Belski
c621182c42 Backport 7f5f4601 for 7.2 2018-11-04 16:57:55 +01:00
Anatol Belski
7f5f46013b Rework places in libmagic regarding previous CVE-2014-3538 fixes 
CVE-2014-3538 was fixed upstream, but the old patch was still kept in
the PHP port. This patch causes performance regressions when PCRE JIT is
not enabled. This is fixed by applying the relevant original code from
the newer libmagic, which makes the old patch obsolete as the
CVE-2014-3538 tests still pass.
 2018-11-04 13:11:28 +01:00
Anatol Belski
e1af7a794a Fix possible stack buffer overflow 2018-08-04 16:56:08 +02:00
Anatol Belski
6f24d75b56 Remove unnecessary decls, php.h is included 2018-06-03 12:45:37 +02:00
Anatol Belski
4363588f2f Align the ported place with libmagic 2018-06-03 12:14:42 +02:00
Dmitry Stogov
5eb1f92f31 Use zend_string_release_ex() instread of zend_string_release() in places, where we sure about string persistence. 2018-05-28 16:27:12 +03:00
Anatol Belski
94699d2ade Use suitable datatypes 2018-04-30 14:27:11 +02:00
Anatol Belski
f603ab57fc Reuse the struct timespec based pieces in libmagic 2018-04-30 12:02:47 +02:00
Anatol Belski
cf45479a19 Reuse strcasestr implementation from libmagic 2018-04-29 19:39:57 +02:00
Anatol Belski
09db1ae4b7 Fix C89 compat 2018-04-29 16:18:59 +02:00
Anatol Belski
e2182a1ba7 Port libmagic 5.33 2018-04-29 16:02:08 +02:00
Gabriel Caruso
2238403892 Trailing whitespaces on ext/* 
Signed-off-by: Gabriel Caruso <carusogabriel34@gmail.com>
 2018-01-04 02:38:32 -02:00
Gabriel Caruso
6400264856 Trailing whitespaces 
Signed-off-by: Gabriel Caruso <carusogabriel34@gmail.com>
 2018-01-03 14:38:00 +01:00
Anatol Belski
aa978538ca Merge branch 'PHP-7.2' 
* PHP-7.2:
  fileinfo: fix misleading indentation in libmagic
 2017-12-21 15:42:16 +01:00
Riccardo Magliocchetti
e313daa598 fileinfo: fix misleading indentation in libmagic 2017-12-21 15:39:00 +01:00
Anatol Belski
20d930d8f3 Fix remaining signedness warnings 2017-11-14 17:07:09 +01:00
Anatol Belski
a5bc5aed71 Patch core for PCRE2 support 
RFC https://wiki.php.net/rfc/pcre2-migration
 2017-11-13 19:37:38 +01:00
Anatol Belski
fb0be397d0 Fix mismatching alloc 2017-10-23 18:49:17 +02:00
Anatol Belski
08d8623dec Upgrade bundled libmagic to 5.31 2017-10-11 18:18:55 +02:00
Dmitry Stogov
71daef93bc preg_replace() optimization 2017-06-07 13:50:16 +03:00
Xinchen Hui
2d21404e25 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Update NEWS
  Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c)
  Missed NEWS

Conflicts:
	ext/fileinfo/libmagic.patch
 2017-04-10 11:47:38 +08:00