Niels Dossche
c2b671cb1b
Fix GH-13344: finfo::buffer(): Failed identify data 0:(null)
...
Credits to ranvis for finding the upstream commit that fixes the issue.
This backports 029b82459e
2024-02-13 21:13:43 +01:00
Stanislav Malyshev
b2f692a9f8
Merge branch 'PHP-8.1'
2022-07-05 00:59:43 -06:00
Christoph M. Becker
ca6d511fa5
Fix #81723 : Memory corruption in finfo_buffer()
...
We need to use the same memory allocator throughout.
2022-07-05 00:44:00 -06:00
George Peter Banyard
d08451b2ca
Replace php_stdint.h header with standard headers ( #8613 )
2022-05-29 11:20:56 +01:00
David Carlier
45e623da26
libmagic: use php_memnstr instead of memmem
...
Closes GH-8391.
2022-05-23 10:57:44 +02:00
George Peter Banyard
2ecd46f48f
Initialise zend_stat_t to fix MSAN build
2022-05-22 16:06:27 +01:00
Anatol Belski
9b78000432
Revert "fileinfo: Obey POSIX in pattern conversion"
...
This reverts commit 343d1c2b1fab@php.net >
2021-04-24 14:59:53 +02:00
Anatol Belski
343d1c2b1f
fileinfo: Obey POSIX in pattern conversion
...
Signed-off-by: Anatol Belski <ab@php.net >
2021-04-24 01:40:15 +02:00
Anatol Belski
ecfb888354
fileinfo: Turn back the WS check mitigation
...
Looks like there's still a timing issue shown on some pipeline runs.
Signed-off-by: Anatol Belski <ab@php.net >
2021-04-06 12:29:04 +02:00
Anatol Belski
f60dc3bd34
fileinfo: More VS compat
...
Signed-off-by: Anatol Belski <ab@php.net >
2021-04-05 21:23:26 +02:00
Anatol Belski
cd238bd09d
fileinfo: Fix VS compat
...
Signed-off-by: Anatol Belski <ab@php.net >
2021-04-05 21:10:20 +02:00
Anatol Belski
f7ab54cbe7
fileinfo: Restore config.h for libmagic
...
Signed-off-by: Anatol Belski <ab@php.net >
2021-04-05 20:56:41 +02:00
Anatol Belski
3b9173dc8f
fileinfo: Port libmagic 5.40
...
Signed-off-by: Anatol Belski <ab@php.net >
2021-04-05 20:19:07 +02:00
Christoph M. Becker
e589609b4c
Merge branch 'PHP-7.4' into PHP-8.0
...
* PHP-7.4:
Fix #77961 : finfo_open crafted magic parsing SIGABRT
2020-11-24 14:06:53 +01:00
Christoph M. Becker
39f95f5614
Fix #77961 : finfo_open crafted magic parsing SIGABRT
...
libmagic may abort the running process, which is not desirable for PHP;
we raise a fatal error instead.
Closes GH-6437.
2020-11-24 14:01:15 +01:00
Anatol Belski
f2b40775af
Revert "libmagic: Move the allocation on the stack"
...
This reverts commit 1d84a58736ab@php.net >
2020-09-02 20:04:00 +02:00
Anatol Belski
8c31001bf1
libmagic: Constify arg
2020-09-02 17:35:51 +02:00
Anatol Belski
1d84a58736
libmagic: Move the allocation on the stack
2020-09-02 17:35:51 +02:00
Anatol Belski
c676e8f356
libmagic: Fix VS compat
2020-08-29 19:58:26 +02:00
Anatol Belski
f8f288145b
libmagic: Remove unneeded includes
...
Signed-off-by: Anatol Belski <ab@php.net >
2020-08-29 19:41:53 +02:00
Anatol Belski
bf93f1d824
fileinfo: Followup fixes
...
Signed-off-by: Anatol Belski <ab@php.net >
2020-08-29 19:03:41 +02:00
Anatol Belski
c3eeab01ba
fileinfo: Upgrade to libmagic 5.39
...
Signed-off-by: Anatol Belski <ab@php.net >
2020-08-29 02:05:56 +02:00
George Peter Banyard
1b2ec73c1d
Drop various unused macros/APIs
...
Also convert_libmagic_pattern() to return a zend_string*
Closes GH-6029
2020-08-26 12:59:43 +02:00
David Carlier
f32653accc
fileinfo build fix proposal for haiku.
...
Haiku already defines a unichar type and different than the fileinfo's anyway.
Closed GH-5983
2020-08-21 16:13:09 +02:00
George Peter Banyard
3f286fa89a
Promote Notice to Warning in libmagic
...
The current behaviour makes little to no sense, having a notice which starts with 'Warning:' should just be a warning
Closes GH-5824
2020-07-10 14:43:43 +02:00
George Peter Banyard
f91f72607b
Drop unnecessary stdint and inttypes header checks
...
These are always available as of C99.
Closes GH-5323
Co-authored-by: "Christoph M. Becker" <cmbecker69@gmx.de >
2020-04-22 20:18:19 +02:00
George Peter Banyard
457380cae7
Drop wchar header check as always defined since C95
2020-03-31 00:14:56 +02:00
Christoph M. Becker
7702b693b5
Fix #79283 : Segfault in libmagic patch contains a buffer overflow
...
To solve this, we properly calculate the required string length upfront
instead of allocating an oversized string (`len * 4 + 4`).
2020-03-16 22:42:15 -07:00
Christoph M. Becker
aa88f33f7d
Fix #79283 : Segfault in libmagic patch contains a buffer overflow
...
To solve this, we properly calculate the required string length upfront
instead of allocating an oversized string (`len * 4 + 4`).
2020-03-16 22:40:48 -07:00
Nikita Popov
d4ba1fd963
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix #74170 : locale information change after mime_content_type
2019-12-20 11:24:03 +01:00
Sergei Turchanov
c62cd9a43a
Fix #74170 : locale information change after mime_content_type
...
Some functions in libmagic (distributed with fileinfo extension) perform this sequence of calls:
func() {
setlocale(LC_TYPE, "C")
.. do some work ..
setlocale(LC_TYPE, "")
}
It effectively resets LC_TYPE if it that was set before the function call.
To avoid manipulations with current locale at all, the problematic functions
were modified to use locale-independent functions.
2019-12-20 11:22:59 +01:00
Stanislav Malyshev
53b1d76144
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix libmagic buffer overflow issue (CVE-2019-18218)
bump version
set versions for release
2019-10-28 20:47:50 -07:00
Stanislav Malyshev
8c2b3b0568
Merge branch 'PHP-7.2' into PHP-7.3
...
* PHP-7.2:
Fix libmagic buffer overflow issue (CVE-2019-18218)
bump version
set versions for release
2019-10-28 20:47:44 -07:00
Stanislav Malyshev
2bdb13a1f7
Merge branch 'PHP-7.1' into PHP-7.2
...
* PHP-7.1:
Fix libmagic buffer overflow issue (CVE-2019-18218)
bump version
set versions for release
2019-10-28 20:47:30 -07:00
Stanislav Malyshev
469820048d
Fix libmagic buffer overflow issue (CVE-2019-18218)
...
Ported from 46a8443f76
2019-10-27 16:30:38 -07:00
Peter Kokot
f002761e08
Update libmagic patch
...
This simplifies the libmagic patch:
- in upstream the HAVE_STRERROR check has been removed
- in upstream library the HAVE_SIGNAL_H has been removed
- indentations syncs with the upstream library
- some irrelevant changes removed from the patch (log comment), upstream
has this correctly logged already so no need to patch the comment.
Closes GH-4298
2019-07-08 12:38:47 +02:00
Anatol Belski
5ae0a6b784
Set buffer to NULL to prevent double free (Kamil Dudka at redhat)
...
Based on the upstream patch d13204e8da43f1d8a98cf3f74591cde02ecdb2f7.
2019-06-29 17:13:21 +02:00
Anatol Belski
0c8454c02d
Partially reapply ba40f505e5
2019-05-30 02:48:01 +02:00
Anatol Belski
57c23df142
Fix datatype
2019-05-30 02:34:35 +02:00
Anatol Belski
622b10f06e
Ported limagic 5.37
2019-05-30 02:22:40 +02:00
Nikita Popov
908660c1d7
Avoid maybe uninit warning in libmagic
...
GCC 5 false positive, gone in newer versions.
2019-04-15 10:59:45 +02:00
Nikita Popov
ba40f505e5
Fix unused variable warnings in libmagic
...
These variables are only used in assertions.
2019-04-12 12:03:26 +02:00
Nikita Popov
b65cb7e2aa
Fix libmagic warnings
2019-04-11 15:20:05 +02:00
Nikita Popov
275fa53564
Accept zend_string* instead of char* in php_pcre_match_impl()
2019-03-18 12:32:06 +01:00
Fabien Villepinte
b6f9ade9f2
Remove unused variables
2019-03-17 23:29:51 +01:00
Anatol Belski
93a38b1f7c
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fix typo in libmagic version
2019-03-08 21:45:18 +01:00
Fabien Villepinte
d9a3cb0b36
Fix typo in libmagic version
2019-03-08 20:51:09 +01:00
Anatol Belski
c8ebfaa4eb
Merge branch 'PHP-7.3' into PHP-7.4
...
* PHP-7.3:
Fixed bug #77576 pull the libmagic implementation of gmtime_r
2019-03-08 20:48:24 +01:00
Anatol Belski
65ffdc2adf
Fixed bug #77576 pull the libmagic implementation of gmtime_r
...
PHP already has all the checks to handle the *_r function variants.
Thus, reusing it to get right symbols.
2019-03-08 20:32:15 +01:00
Nikita Popov
27e9c05e81
Remove preg_options param from pcre_get_compiled_regex()
...
This parameter is always zero and not necessary to call pcre2_match.
I'm leaving the parameter behind on the _ex() variant, so the preg_flags
are still accessible in some way.
2018-12-26 17:20:13 +01:00
