php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-27 17:52:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
php-8.3.30RC1
archived-php-src/ext/standard/tests
History
Niels Dossche 99ed66b49f Fix GH-20582: Heap Buffer Overflow in iptcembed 
If you can extend the file between the file size gathering (resulting in
a buffer allocation), and reading / writing to the file you can trigger a
TOC-TOU where you write out of bounds.
To solve this, add extra bound checks and make sure that write actions
always fail when going out of bounds.
The easiest way to trigger this is via a pipe, which is used in the
test, but it should be possible with a regular file and a quick race
condition as well.

Closes GH-20591.
2025-12-26 22:43:45 +01:00
..
array
Merge branch 'PHP-8.2' into PHP-8.3
2025-12-16 15:34:19 +01:00
assert
standard: Take zend.assertions into account for dynamic calls to assert() (#18521)
2025-05-12 08:44:46 +02:00
class_object
crypt
dir
directory
file
Fix GH-19998: ext/standard/tests/file/bug46347.phpt sometimes fails: racy in parallel
2025-09-30 10:52:59 +02:00
filters
Fix GH-20370: forbid user stream filters to violate typed property constraints (#20373)
2025-12-04 09:09:30 +01:00
general_functions
Fix GH-19801: address leak when calling var_dump() with recursion in __debugInfo() (#19837)
2025-09-16 15:05:45 +02:00
helpers
Harden proc_open() against cmd.exe hijacking
2024-12-08 19:08:02 +01:00
hrtime
http
Tweak values for test on Windows (#20633)
2025-12-02 20:48:24 +01:00
image
Fix GH-20582: Heap Buffer Overflow in iptcembed
2025-12-26 22:43:45 +01:00
ini_info
mail
Merge branch 'PHP-8.2' into PHP-8.3
2025-10-28 00:49:32 +01:00
math
misc
Merge branch 'PHP-8.2' into PHP-8.3
2024-07-06 20:44:20 +01:00
network
Merge branch 'PHP-8.2' into PHP-8.3
2025-12-16 15:34:19 +01:00
password
Merge branch 'PHP-8.1' into PHP-8.2
2024-04-09 23:49:31 -05:00
serialize
Fix shm corruption with coercion in options of unserialize()
2025-10-13 21:40:54 +02:00
streams
Fix GH-20286: use-after-destroy during userland stream_close()
2025-11-23 17:46:28 +01:00
strings
Fix GH-18976: pack with h or H format string overflow.
2025-06-29 16:57:10 +01:00
time
url
versioning
bug49244.phpt
bug64370_var1.phpt
bug64370_var2.phpt
bug71827.phpt
bug75220.phpt
bug79821.phpt
bug80915.phpt
bug81048.phpt
bug81727.phpt
constant_with_typed_class_constant.phpt
forward_static_call_array.phpt
gh10885.phpt
gh11010.phpt
gh13279.phpt
Fix instable array during in-place modification in uksort
2024-01-31 19:25:30 +01:00
gh18209.phpt
Use-after-free in extract() with EXTR_REFS
2025-04-01 16:33:30 +02:00
gh20695.phpt
Fix GH-20695: Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()
2025-12-15 22:46:27 +01:00
ghsa-wpj3-hf5j-x4v4.phpt
Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
2024-04-09 23:37:06 -05:00
oss_fuzz_57392.phpt
php_version_win_const.phpt
setrawcookie_basic_001.phpt
setrawcookie_basic_002.phpt
skipif_root.inc