php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-26 01:02:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
php-8.3.30RC1
archived-php-src/ext/standard
History
Niels Dossche 99ed66b49f Fix GH-20582: Heap Buffer Overflow in iptcembed 
If you can extend the file between the file size gathering (resulting in
a buffer allocation), and reading / writing to the file you can trigger a
TOC-TOU where you write out of bounds.
To solve this, add extra bound checks and make sure that write actions
always fail when going out of bounds.
The easiest way to trigger this is via a pipe, which is used in the
test, but it should be possible with a regular file and a quick race
condition as well.

Closes GH-20591.
2025-12-26 22:43:45 +01:00
..
html_tables
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
libavifinfo
Implement php_handle_avif() using libavifinfo
2021-12-15 20:27:40 +01:00
tests
Fix GH-20582: Heap Buffer Overflow in iptcembed
2025-12-26 22:43:45 +01:00
array.c
Merge branch 'PHP-8.2' into PHP-8.3
2025-12-16 15:34:19 +01:00
assert.c
standard: Take zend.assertions into account for dynamic calls to assert() (#18521)
2025-05-12 08:44:46 +02:00
base64.c
Zend/zend_types.h: deprecate zend_bool, zend_intptr_t, zend_uintptr_t (#10597)
2023-02-18 19:31:28 +00:00
base64.h
base64: add avx512 and vbmi version. (#6361)
2023-02-13 03:30:47 +00:00
basic_functions_arginfo.h
Fix RCN violations in array functions
2025-06-24 23:29:00 +02:00
basic_functions.c
Merge branch 'PHP-8.2' into PHP-8.3
2025-12-16 15:34:19 +01:00
basic_functions.h
Implement Random Extension
2022-07-19 10:27:38 +01:00
basic_functions.stub.php
Fix RCN violations in array functions
2025-06-24 23:29:00 +02:00
browscap.c
Fix GH-12621: browscap segmentation fault when configured in the vhost
2023-11-22 20:39:28 -06:00
config.m4
Fix GH-13727: macro generating invalid call test prototypes fixes.
2024-03-18 06:53:39 +00:00
config.w32
Windows arm64 build system support
2022-08-09 16:22:14 +02:00
crc32_x86.c
Zend/zend_cpuinfo, ext/standard/crc32_x86: fix -Wstrict-prototypes
2023-02-07 22:47:43 +00:00
crc32_x86.h
X86: Fast CRC32 computation using PCLMULQDQ instruction
2020-09-02 15:10:41 +02:00
crc32.c
Fix GH-11785: '++nothing+crc' is not a recognized feature for M1 / M2 macOS compile target (#11796)
2023-07-29 06:00:47 +01:00
crc32.h
phar: crc32: Extend and cleanup API for the new bulk crc32 functions
2021-07-03 21:03:47 +02:00
credits_ext.h
Run scripts/dev/credits
2022-07-19 17:45:15 +02:00
credits_sapi.h
Update CREDITS for PHP 7.2.30
2020-04-14 15:16:26 +00:00
credits.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
credits.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
crypt_blowfish.c
crypt: Fix validation of malformed BCrypt hashes
2023-02-12 20:46:44 -07:00
crypt_blowfish.h
Clean house in cryptographic hashing code
2020-06-24 13:40:27 +02:00
crypt_freesec.c
Use standard C99 uint8_t type instead of u_char type for crypt_freesec (#8610)
2022-05-23 19:06:41 +01:00
crypt_freesec.h
Use standard C99 uint8_t type instead of u_char type for crypt_freesec (#8610)
2022-05-23 19:06:41 +01:00
crypt_sha256.c
Backport fix for GH-17687
2025-05-27 20:40:35 +02:00
crypt_sha512.c
Backport fix for GH-17687
2025-05-27 20:40:35 +02:00
crypt.c
Merge branch 'PHP-8.2'
2023-02-12 21:34:14 -07:00
css.c
phpinfo HTML Output: Make module title names clickable and link to the URL fragment
2022-07-20 17:18:34 +02:00
css.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
datetime.c
Fix [-Wundef] warnings in standard extension
2022-04-01 15:48:41 +01:00
datetime.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
dir_arginfo.h
Declare Directory properties
2021-08-19 10:39:23 +02:00
dir.c
Remove unnecessary usage of CONST_CS
2022-11-28 17:12:07 +01:00
dir.stub.php
Declare Directory properties
2021-08-19 10:39:23 +02:00
dl_arginfo.h
Include stub hash in generated arginfo files
2020-06-24 09:55:19 +02:00
dl.c
Merge branch 'PHP-8.1' into PHP-8.2
2023-09-20 20:58:08 +02:00
dl.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
dl.stub.php
Add stubs for some SAPIs
2020-05-14 13:35:12 +02:00
dns_win32.c
Merge branch 'PHP-8.1' into PHP-8.2
2025-12-16 15:30:54 +01:00
dns.c
Merge branch 'PHP-8.1' into PHP-8.2
2025-12-16 15:30:54 +01:00
exec.c
Revert GH-10220
2023-01-16 12:27:33 +01:00
exec.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
file_arginfo.h
Fix GH-9518: Disabling IPv6 support disables unrelated constants
2022-09-10 18:12:22 +02:00
file.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-08-30 17:17:20 +01:00
file.h
Fix GH-14780: p(f)sockopen overflow on timeout argument.
2024-07-22 22:57:59 +01:00
file.stub.php
Fix GH-9518: Disabling IPv6 support disables unrelated constants
2022-09-10 18:12:22 +02:00
filestat.c
Fix bug #72666: stat cache not cleared for plain paths
2025-02-24 23:21:45 +01:00
filters.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-11-20 11:12:19 +01:00
flock_compat.c
Fix [-Wundef] warnings in standard extension
2022-04-01 15:48:41 +01:00
flock_compat.h
Fix [-Wundef] warnings in standard extension
2022-04-01 15:48:41 +01:00
formatted_print.c
Fix misleading errors in printf()
2025-06-23 19:58:49 +02:00
fsock.c
Fix GHSA-3cr5-j632-f35r: Null byte in hostnames
2025-07-01 19:46:42 +03:00
fsock.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
ftok.c
Revert GH-10220
2023-01-16 12:27:33 +01:00
ftp_fopen_wrapper.c
Cache d_type in directory entry
2023-07-07 18:02:32 +02:00
head.c
http_response_code should warn if headers were already sent
2023-05-05 15:24:56 +02:00
head.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
hrtime.c
Fix arginfo/zpp violation if zend_hrtime is not available
2025-07-25 11:56:17 +02:00
html_tables.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
html.c
[skip ci] Fix various typos and grammar issues (#11143)
2023-04-28 11:05:32 +02:00
html.h
Declare ext/standard constants in stubs - part 8 (#9615)
2022-09-30 13:51:18 +02:00
http_fopen_wrapper.c
Fix bug #74796: Requests through http proxy set peer name
2025-06-05 14:08:28 +02:00
http.c
Fix GH-20583: Stack overflow in http_build_query via deep structures
2025-11-28 18:38:18 +01:00
image.c
Merge branch 'PHP-8.1' into PHP-8.2
2025-12-16 15:30:54 +01:00
incomplete_class.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
info.c
Merge branch 'PHP-8.2'
2023-03-03 11:56:34 +01:00
info.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
iptc.c
Fix GH-20582: Heap Buffer Overflow in iptcembed
2025-12-26 22:43:45 +01:00
levenshtein.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
link.c
Remove unbalanced parentheses in an error message (#10420)
2023-01-23 12:28:21 +00:00
mail.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-03-04 21:30:27 +09:00
Makefile.frag
Revert "Remove some unnecessary explicit header dependencies"
2021-03-16 14:22:25 +01:00
Makefile.frag.w32
Harden proc_open() against cmd.exe hijacking
2024-12-08 19:08:02 +01:00
math.c
Merge branch 'PHP-8.2'
2023-07-21 13:58:57 +02:00
md5.c
Revert GH-10279
2023-01-16 12:25:59 +01:00
md5.h
Revert GH-10279
2023-01-16 12:25:59 +01:00
metaphone.c
[skip ci] fix typo in comment
2023-03-05 21:28:50 +01:00
microtime.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
net.c
Revert GH-10220
2023-01-16 12:27:33 +01:00
pack.c
Fix GH-18976: pack with h or H format string overflow.
2025-06-29 16:57:10 +01:00
pack.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
pageinfo.c
Don't initialise pointers to zend_stat_t
2022-05-22 16:13:44 +01:00
pageinfo.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
password.c
standard: supress msan (#15665)
2024-08-31 15:56:11 +09:00
php_array.h
Declare ext/standard constants in stubs - part 1 (#9404)
2022-08-24 16:09:48 +02:00
php_assert.h
Declare ext/standard constants in stubs - part 10 (#9719)
2022-10-12 08:16:19 +02:00
php_browscap.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_crypt_r.c
Merge branch 'PHP-8.0' into PHP-8.1
2022-09-29 20:40:33 +01:00
php_crypt_r.h
fix php_init_crypt_r/php_shutdown_crypt_r signatures warning.
2022-09-29 20:40:16 +01:00
php_crypt.h
Declare ext/stanard constants in stubs - part 11 (#9728)
2022-10-12 12:07:03 +02:00
php_dir.h
Remove unnecessary PHP_FUNCTION() declarations (#7472)
2021-09-07 10:04:00 +02:00
php_dns.h
Declare ext/standard constants in stubs - part 5
2022-09-02 15:04:49 +02:00
php_ext_syslog.h
Fix memory leak in standard syslog device handling
2023-11-09 13:29:09 +00:00
php_filestat.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_fopen_wrapper.c
Revert GH-10220
2023-01-16 12:27:33 +01:00
php_fopen_wrappers.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_http.h
Drop key_suffix parameter in php_url_encode_hash_ex()
2023-01-15 16:00:18 +00:00
php_image.h
Declare ext/standard constants in stubs - part 6
2022-09-02 16:07:25 +02:00
php_incomplete_class.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_lcg.h
Implement Random Extension
2022-07-19 10:27:38 +01:00
php_mail.h
Merge branch 'PHP-8.2' into PHP-8.3
2024-03-04 21:30:27 +09:00
php_math.h
Prevent decimal int precision loss in number_format()
2023-07-13 15:30:30 +01:00
php_mt_rand.h
Implement Random Extension
2022-07-19 10:27:38 +01:00
php_net.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_password.h
Fix [-Wundef] warnings in standard extension
2022-04-01 15:48:41 +01:00
php_rand.h
Fix undefined behaviour in GENERATE_SEED()
2023-03-26 16:07:39 +02:00
php_random.h
Implement Random Extension
2022-07-19 10:27:38 +01:00
php_smart_string_public.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_smart_string.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_standard.h
Expose time spent collecting cycles in gc_status() (#11523)
2023-07-16 12:34:28 +02:00
php_string.h
Declare ext/standard constants in stubs - part 9 (#9717)
2022-10-13 13:13:36 +02:00
php_uuencode.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_var.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
php_versioning.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
proc_open.c
standard: Fix error check for proc_open() command
2025-12-13 11:57:54 +01:00
proc_open.h
Fix GH-10239: proc_close after proc_get_status always returns -1
2023-02-22 12:05:33 +01:00
quot_print.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
quot_print.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
scanf.c
Fix GH-15552: Signed integer overflow in ext/standard/scanf.c
2024-09-01 17:24:17 +02:00
scanf.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
sha1.c
Fix GH-12936: hash() function hangs endlessly if using sha512 on strings >= 4GiB
2023-12-12 19:57:06 +01:00
sha1.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
soundex.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
streamsfuncs.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-07-22 22:58:18 +01:00
streamsfuncs.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
string.c
Merge branch 'PHP-8.2' into PHP-8.3
2024-07-04 13:35:53 +02:00
strnatcmp.c
Minor refactoring of std string extension (#8196)
2022-04-23 12:15:13 +01:00
syslog.c
Merge branch 'PHP-8.1' into PHP-8.2
2023-11-16 14:36:16 +00:00
type.c
More usage of known zend_str instead of C string (#11381)
2023-06-08 13:03:29 +01:00
uniqid.c
Implement Random Extension
2022-07-19 10:27:38 +01:00
url_scanner_ex.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
url_scanner_ex.re
Fix GH-15179: Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re
2024-08-03 02:05:06 +02:00
url.c
Revert "Fix parse_url(): can not recognize port without scheme"
2022-09-23 19:44:29 +02:00
url.h
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
user_filters_arginfo.h
Fix GH-9967 Add support for generating custom function, class const, and property attributes in stubs
2023-08-26 21:35:31 +02:00
user_filters.c
Fix GH-20370: forbid user stream filters to violate typed property constraints (#20373)
2025-12-04 09:09:30 +01:00
user_filters.stub.php
Declare ext/standard constants in stubs - part 12 (#9729)
2022-10-12 13:04:14 +02:00
uuencode.c
Update http->https in license (#6945)
2021-05-06 12:16:35 +02:00
var_unserializer.re
Leak in failed unserialize() with opcache
2025-07-22 15:43:31 +02:00
var.c
Fix shm corruption with coercion in options of unserialize()
2025-10-13 21:40:54 +02:00
versioning.c
Fixed some spaces used instead of tabs
2021-06-29 11:30:26 +02:00
winver.h