php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
PHP-8.3.30
archived-php-src/main
History
Niels Dossche ee0143887d Fix GH-20352: UAF in php_output_handler_free via re-entrant ob_start() during error deactivation 
The problem is that the code is doing `php_output_handler_free` in a loop on the output stack,
but prior to freeing the pointer on the stack in `php_output_handler_free` it calls
`php_output_handler_dtor` which can run user code that reallocates the stack,
resulting in a dangling pointer freed by php_output_handler_free.
Furthermore, OG(active) is set when creating a new output handler, but
the loop is supposed to clean up all handlers, so OG(active) must be
reset as well.

Closes GH-20356.
2025-12-19 19:36:26 +01:00
..
streams
Fix GH-20286: use-after-destroy during userland stream_close()
2025-11-23 17:46:28 +01:00
build-defs.h.in
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
explicit_bzero.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
fastcgi.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-05-19 22:55:02 +02:00
fastcgi.h
Mark various functions with void arguments.
2021-05-12 14:55:53 +01:00
fopen_wrappers.c
Fix GH-17797: zend_test_compile_string crash on invalid script path.
2025-02-15 10:11:27 +00:00
fopen_wrappers.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
getopt.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
http_status_codes.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
internal_functions_win32.c
Implement Random Extension
2022-07-19 10:27:38 +01:00
internal_functions.c.in
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
main_arginfo.h
Fix type of the PHP_FLOAT_DIG constant
2023-09-10 22:31:19 +02:00
main.c
Fix GH-19480: error_log php.ini cannot be unset when open_basedir is configured
2025-09-19 14:14:53 +02:00
main.stub.php
Fix type of the PHP_FLOAT_DIG constant
2023-09-10 22:31:19 +02:00
network.c
Fix GH-20601: ftp_connect() timeout argument overflow.
2025-11-29 23:05:14 +00:00
output.c
Fix GH-20352: UAF in php_output_handler_free via re-entrant ob_start() during error deactivation
2025-12-19 19:36:26 +01:00
php_compat.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_content_types.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_content_types.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_getopt.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_globals.h
Fix open_basedir leak
2023-07-25 17:54:14 +02:00
php_ini_builder.c
sapi/*: move duplicate "--define" code to library
2022-04-18 16:52:08 +02:00
php_ini_builder.h
sapi/*: move duplicate "--define" code to library
2022-04-18 16:52:08 +02:00
php_ini.c
Revert "Zend/zend_types.h: move zend_rc_debug to zend_rc_debug.h"
2023-04-04 22:48:26 +03:00
php_ini.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_main.h
Add php_version and php_version_id PHPAPI funcs (#11875)
2023-08-04 15:39:50 -06:00
php_memory_streams.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_network.h
Fix GH-19248: Use strerror_r instead of strerror in main
2025-10-01 11:12:08 +02:00
php_odbc_utils.c
[skip ci] Fix typo (#11558)
2023-06-30 12:59:33 +02:00
php_odbc_utils.h
Quote when adding to connection string in (PDO_)ODBC
2022-05-27 16:56:44 +02:00
php_open_temporary_file.c
Free opened_path when opened_path_len >= MAXPATHLEN
2025-07-27 10:54:21 +02:00
php_open_temporary_file.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_output.h
Declare main constants in stubs - part 3 (#9731)
2022-10-12 14:42:22 +02:00
php_reentrancy.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_scandir.c
Fix some leaks in php_scandir
2025-04-21 13:20:45 +02:00
php_scandir.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_streams.h
Fix GH-13264: fgets() and stream_get_line() do not return false on filter fatal error
2025-06-21 20:13:09 +02:00
php_syslog.c
Make globals const (part 2) (#10610)
2023-02-18 19:52:53 +00:00
php_syslog.h
Fix strict prototype for php_closelog
2022-06-19 22:56:44 +01:00
php_ticks.c
Fix GH-10737: PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c
2023-04-08 16:34:07 +02:00
php_ticks.h
Fix GH-10737: PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c
2023-04-08 16:34:07 +02:00
php_variables.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-09-26 15:34:34 +02:00
php_variables.h
Fix bug #75712: getenv in php-fpm should not read $_ENV, $_SERVER
2024-02-04 11:58:18 +00:00
php_version.h
PHP-8.3 is now for PHP 8.3.30-dev
2025-12-02 09:05:38 -08:00
php.h
Update API versions and numbers
2023-08-29 17:04:24 +01:00
reentrancy.c
Implement Random Extension
2022-07-19 10:27:38 +01:00
rfc1867.c
Fix GH-19248: Use strerror_r instead of strerror in main
2025-10-01 11:12:08 +02:00
rfc1867.h
Fix -Wenum-int-mismatch warnings on gcc 13
2023-04-20 16:04:59 +02:00
safe_bcmp.c
Fix comment for php_safe_bcmp (#10306)
2023-01-12 23:30:36 +01:00
SAPI.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-10-06 19:40:24 +01:00
SAPI.h
main/SAPI: make "ini_entries" a const string
2023-01-04 12:49:48 +00:00
snprintf.c
[skip ci] Fix various typos and grammar issues (#11143)
2023-04-28 11:05:32 +02:00
snprintf.h
Revert GH-10220
2023-01-16 12:27:33 +01:00
spprintf.c
Use a single version of strnlen (#12015)
2023-08-22 17:40:24 +02:00
spprintf.h
Revert GH-10220
2023-01-16 12:27:33 +01:00
strlcat.c
strlcpy/strlcat update to last openbsd version.
2022-04-28 15:09:55 +02:00
strlcpy.c
strlcpy/strlcat update to last openbsd version.
2022-04-28 15:09:55 +02:00