archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 08:49:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
105643 commits 526 branches 1434 tags 878 MiB
Commit graph

275 commits

Author SHA1 Message Date
Dmitry Stogov
2205631209 Optimized parse_iv2() 2017-11-09 14:20:09 +03:00
Dmitry Stogov
cf67a421e9 Use per-request heap instead of system one 2017-10-27 14:45:54 +03:00
Dmitry Stogov
9cf87aa196 Avoid HashTable allocations for empty arrays (using zend_empty_array). 2017-10-24 17:27:31 +03:00
Dmitry Stogov
f26fc527da Fixed unzserialize(), to disable creation of unsupported data structures through manually crafted strings. (Dmitry) 2017-10-13 15:53:11 +03:00
Xinchen Hui
4b12a438e7 Merge branch 'PHP-7.2' 
* PHP-7.2:
  Update NEWS
  Fixed bug #75152 (signed integer overflow in parse_iv)
 2017-09-11 12:48:16 +08:00
Xinchen Hui
82d4727dbb Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fixed bug #75152 (signed integer overflow in parse_iv)

Conflicts:
	ext/standard/var_unserializer.c
 2017-09-11 12:47:47 +08:00
Xinchen Hui
6b2813c3a7 Fixed bug #75152 (signed integer overflow in parse_iv) 2017-09-11 12:46:11 +08:00
Kalle Sommer Nielsen
4fbff82c10 Kill compiler warnings in ext/standard 2017-08-24 01:36:14 +02:00
Nikita Popov
a871badf2a Merge branch 'PHP-7.1' into PHP-7.2 2017-08-12 13:17:24 +02:00
Nikita Popov
4fb7665c09 Merge branch 'PHP-7.0' into PHP-7.1 2017-08-12 13:15:48 +02:00
Nikita Popov
1a23ebc1ff Fixed bug #74103 and bug #75054 
Directly fail unserialization when trying to acquire an r/R
reference to an UNDEF HT slot. Previously this left an UNDEF and
later deleted the index/key from the HT.

What actually caused the issue here is a combination of two
factors: First, the key deletion was performed using the hash API,
rather than the symtable API, such that the element was not actually
removed if it used an integral string key. Second, a subsequent
deletion operation, while collecting trailing UNDEF ranges, would
mark the element as available for reuse (leaving a corrupted HT
state with nNumOfElemnts > nNumUsed).

Fix this by failing early and dropping the deletion code.
 2017-08-12 13:11:35 +02:00
Remi Collet
d5f7e01f7c restore file deleted by mistake in a merge commit 2017-07-11 13:07:51 +02:00
Stanislav Malyshev
d75dbb0e31 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Improve fix for #74145
  Fix wddx
  Fix tests
  Fixed bug #74111
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #74087
  Fixed parsing of strange formats with mixed month/day and time strings
  Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
  Fixed bug #74111
  Fix #74435: Buffer over-read into uninitialized memory
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #73807
 2017-07-04 21:23:16 -07:00
Stanislav Malyshev
0ba04f7737 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Improve fix for #74145
  Fix wddx
  Fix tests
  Fixed bug #74111
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #74087
  Fixed parsing of strange formats with mixed month/day and time strings
  Fix bug #74145 - wddx parsing empty boolean tag leads to SIGSEGV
  Fixed bug #74111
  Fix #74435: Buffer over-read into uninitialized memory
  Fix bug #74603 - use correct buffer size
  Fix bug #74651 - check EVP_SealInit as it can return -1
  Update NEWS
  Fix bug #73807
 2017-07-04 21:18:10 -07:00
Nikita Popov
3a25a56a92 Fixed bug #74111 2017-07-04 19:38:42 -07:00
Anatol Belski
a0203ea143 fix datatype 2017-07-04 16:41:29 +02:00
Anatol Belski
41ba98f02d Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  fix datatype
 2017-07-04 16:38:12 +02:00
Anatol Belski
a29264eb8c fix datatype 2017-07-04 16:37:17 +02:00
Anatol Belski
b28c6515a6 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed bug #74101 and bug #74614
 2017-07-04 10:44:50 +02:00
Anatol Belski
2dc24005d9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #74101 and bug #74614
 2017-07-04 10:42:48 +02:00
Nikita Popov
d02f953faf Fixed bug #74101 and bug #74614 2017-07-04 10:39:41 +02:00
Dmitry Stogov
10dc924999 Use inlined version of zval_ptr_dytor() in var_destroy() loop 2017-06-29 12:16:52 +03:00
Dmitry Stogov
a08723d3d3 Use interned empty and "one char" strings. 2017-05-18 17:59:59 +03:00
Nikita Popov
8522e2894e Make sure lengths and refs are unsigned in unserialize() 2017-03-23 22:34:15 +01:00
xKhorasan
6a1d4cd47a Fixed bug #74300 2017-03-23 22:06:46 +01:00
Nikita Popov
fd4025069d
Enable HT RC assertions with escape-hatch 
HT functions that modify the array now assert that rc=1. As we don't
respect this COW constraint everywhere, either for a good reason or
because fixing it would take more work, we provide an escape hatch
in the form of HT_ALLOW_COW_VIOLATION(ht). If this macro is called
assertions on this ht are disabled. The macro is a no-op in release
mode.
 2017-01-23 17:19:06 +00:00
Nikita Popov
fc89c5d7f8 Merge branch 'PHP-7.1' 2017-01-05 00:50:12 +01:00
Nikita Popov
49d90dcc4d Add Z_EXTRA macro 
For use with u2 values which don't deserve a custom macro...
 2017-01-05 00:49:19 +01:00
Nikita Popov
2a12895018 Merge branch 'PHP-7.1' 2017-01-05 00:36:53 +01:00
Nikita Popov
8d8e949369 Merge branch 'PHP-7.0' into PHP-7.1 2017-01-05 00:28:21 +01:00
Nikita Popov
b47c49d7a0 Merge branch 'PHP-5.6' into PHP-7.0 2017-01-05 00:24:25 +01:00
Nikita Popov
0426b916df Implement delayed __wakeup 2017-01-05 00:21:48 +01:00
Sammy Kaye Powers
dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Stanislav Malyshev
5fbf3be13b Re-add var_unserializer.c 2017-01-03 09:44:31 -08:00
Stanislav Malyshev
b9837dc183 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Use correct string release function
 2017-01-02 22:08:42 -08:00
Stanislav Malyshev
68ac602b28 Use correct string release function 2017-01-02 22:08:25 -08:00
Stanislav Malyshev
0f0406a1c9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix error reporting
 2017-01-02 21:59:59 -08:00
Stanislav Malyshev
ea6e54aff3 Fix error reporting 2017-01-02 21:59:44 -08:00
Stanislav Malyshev
0de25147d3 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)
 2017-01-02 21:26:20 -08:00
Stanislav Malyshev
2075fb2b73 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)
 2017-01-02 21:07:01 -08:00
Stanislav Malyshev
7f0de1a138 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)
 2017-01-02 21:01:35 -08:00
Stanislav Malyshev
fa2125df67 Merge branch 'PHP-5.6.30' into PHP-5.6 
* PHP-5.6.30:
  Fix bug #73737 FPE when parsing a tag format
  Fix bug #73773 - Seg fault when loading hostile phar
  Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
  Fix bug #73768 - Memory corruption when loading hostile phar
  Fix int overflows in phar (bug #73764)
 2017-01-02 20:56:32 -08:00
Nikita Popov
489d5ac2fc Merge branch 'PHP-7.1' 2017-01-01 14:14:00 +01:00
Nikita Popov
878b8f0465 Merge branch 'PHP-7.0' into PHP-7.1 2017-01-01 14:13:29 +01:00
Nikita Popov
9f560baef5 Merge branch 'PHP-5.6' into PHP-7.0 2017-01-01 14:12:26 +01:00
Nikita Popov
a65ad951ad FIx bug #70213 2017-01-01 14:10:49 +01:00
Stanislav Malyshev
16b3003ffc Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() 2016-12-30 16:59:46 -08:00
Andrea Faulds
d8f27b2be8 Merge branch 'DedupNANINF' 2016-10-26 16:46:36 +01:00
Stanislav Malyshev
6a7cc8ff85 Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction 2016-09-12 21:04:23 -07:00