archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 17:04:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
114128 commits 526 branches 1434 tags 879 MiB
Commit graph

1657 commits

Author SHA1 Message Date
Nikita Popov
a73f98eda9 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Add SKIPIF to test requiring mbregex
 2020-01-30 11:21:26 +01:00
Nikita Popov
6ccd675776 Add SKIPIF to test requiring mbregex 2020-01-30 11:20:42 +01:00
Nikita Popov
43465768f1 Fix shift ub in mbstring 
Ideally "c" would be an unsigned integer...
 2020-01-30 10:07:25 +01:00
Nikita Popov
9aadcb18e1 Restore digit check in mb_decode_numericentity() 
I replaced it with a multiplication overflow check in
18599f9c52. However, we need both,
because the code for restoring the number can't handle numbers
with many leading zeros right now and I don't feel like teaching it.
 2020-01-30 10:07:01 +01:00
Nikita Popov
acc616c455 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix mb_ord() crash if internal encoding not supported
 2020-01-29 16:19:14 +01:00
Nikita Popov
a62c06c4cf Fix mb_ord() crash if internal encoding not supported 
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
 2020-01-29 16:18:46 +01:00
Nikita Popov
18599f9c52 Better overflow check for entity decoding 
Check for multiplication overflow rather than number of digits.
 2020-01-29 16:08:46 +01:00
Nikita Popov
085371b299 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Reset MBREX(search_re) in RSHUTDOWN
 2020-01-29 16:05:38 +01:00
Nikita Popov
560ff9725e Reset MBREX(search_re) in RSHUTDOWN 
This is going to cause a segfault if reused in the next request.
To illustrate the issue, run these two scripts in sequence with
the built-in server:

// script1.php
mb_ereg_search_init('foobar');
mb_ereg_search('foo');

// script2.php
var_dump(mb_ereg_search_init("foobar"));
var_dump(mb_ereg_search_pos());
 2020-01-29 16:05:11 +01:00
Nikita Popov
b3f07afabc Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix use of mb_ereg_search_getregs() after invalid pattern
 2020-01-29 12:50:40 +01:00
Nikita Popov
392ad206a4 Fix use of mb_ereg_search_getregs() after invalid pattern 
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
 2020-01-29 12:50:18 +01:00
Nikita Popov
5589bf4d4a Fix length inconsistency in mb_convert_encoding 
Don't mix strlen() and ZSTR_LEN(). If the encoding contains a
NULL byte, this will overflow the buffer.

NULL bytes will still make this behave oddly because the consuming
code will cut off the string there, but let's address that in master...
 2020-01-29 12:19:28 +01:00
Nikita Popov
91f878779c Fix recovery of large entities in mb_decode_numericentity() 
Make sure we don't overflow the integer.
 2020-01-29 11:48:34 +01:00
Nikita Popov
9fcaf25c93 Fix memory leak in mb_str_split 2020-01-28 17:39:49 +01:00
Christoph M. Becker
f1bf4bf6eb Don't leak encoding_str 2020-01-22 11:15:16 +01:00
Christoph M. Becker
ab846173e2 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #79154: mb_convert_encoding() can modify $from_encoding
 2020-01-22 10:30:25 +01:00
Christoph M. Becker
9be31a582a Fix #79154: mb_convert_encoding() can modify $from_encoding 
We must not modify arrays passed by value.
 2020-01-22 10:28:07 +01:00
Christoph M. Becker
94c9dc498f Fix #79149: SEGV in mb_convert_encoding with non-string encodings 
We must not assume that `hash_entry` `IS_STRING`, but rather use
`encoding_str` which is guaranteed to be.
 2020-01-22 09:43:51 +01:00
Stanislav Malyshev
a29c793381 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:47:01 -08:00
Stanislav Malyshev
25ec7eb346 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Update NEWS
  Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
  Fix #79099: OOB read in php_strip_tags_ex
  Fix #79091: heap use-after-free in session_create_id()
 2020-01-20 22:46:29 -08:00
Stanislav Malyshev
2bcbc95f03 Fix bug #79037 (global buffer-overflow in mbfl_filt_conv_big5_wchar) 2020-01-20 21:43:42 -08:00
Christoph M. Becker
1979c5d16f Upgrade to Oniguruma 6.9.4 
Oniguruma 6.9.4 fixes several CVEs.
 2019-11-30 14:00:41 +01:00
Christoph M. Becker
8c4b0ddde5 Add missing skip checks 2019-11-29 23:50:05 +01:00
Christoph M. Becker
ff2140c49d Partially revert "Adapt test cases for Oniguruma 6.9.4" 
This partially reverts commit c55d09c2f5,
because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so
that change made no sense for PHP-7.3; we keep it for PHP-7.4, though.
We also stick with the modification to bug78633.phpt.
 2019-11-29 23:40:30 +01:00
Christoph M. Becker
2b700841c5 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Adapt test cases for Oniguruma 6.9.4
 2019-11-29 17:00:11 +01:00
Christoph M. Becker
c55d09c2f5 Adapt test cases for Oniguruma 6.9.4 
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result.  Also,
the order of the named captures has been fixed.
 2019-11-29 16:59:19 +01:00
Christoph M. Becker
85874af404 Remove obsolete oniguruma.patch 
The proper `SIZEOF_SIZE_T` definitions are available as of Oniguruma
6.9.1; no more need to patch.
 2019-11-05 10:16:22 +01:00
Stanislav Malyshev
d517c559fc Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #78633: Heap buffer overflow (read) in mb_eregi
 2019-10-20 23:20:16 -07:00
Christoph M. Becker
4f50d58cab Fix #78633: Heap buffer overflow (read) in mb_eregi 
We backport kkos/oniguruma@15c4228aa2.
 2019-10-20 22:47:38 -07:00
Nikita Popov
5b067163be Limit retry_limit test to oniguruma >= 6.9.3 
This test is somewhat fragile in that it depends on how well a
particular regex is optimized. Apparently on 6.9.1 this regex
would hit the default retry_limit of 1000000 already. I'm limiting
this to 6.9.3 because that's the version that works for me.
 2019-10-07 10:49:34 +02:00
Nikita Popov
6623e7ac51 Add support for mbstring.regex_retry_limit 
This is very similar to the existing mbstring.regex_stack_limit,
but for backtracking. The default value matches pcre.backtrack_limit.
Only used on libonig >= 2.8.0.
 2019-10-06 10:06:33 +02:00
Christoph M. Becker
3d89f92784 Skip tests for old versions instead of marking them XFAIL 
According to commit 0eea9a6[1], these tests fail with old Oniguruma
versions; we are not sure which version of Oniguruma is required to let
them pass, but at least 6.9.3 is sufficient.

[1] <http://git.php.net/?p=php-src.git;a=commit;h=0eea9a642941ab5d4c612f8092f186977afbb73e>
 2019-09-30 14:14:23 +02:00
Christoph M. Becker
70f367d48a Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #78609: mb_check_encoding() no longer supports stringable objects
 2019-09-30 13:06:57 +02:00
Christoph M. Becker
2046b3ce4f Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #78609: mb_check_encoding() no longer supports stringable objects
 2019-09-30 13:04:54 +02:00
Christoph M. Becker
45db6fa567 Fix #78609: mb_check_encoding() no longer supports stringable objects 
We apply type juggling for other types than array.
 2019-09-30 12:42:04 +02:00
Stanislav Malyshev
e7befd38d4 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #78559: Heap buffer overflow in mb_eregi
 2019-09-23 21:51:12 -07:00
Christoph M. Becker
8f949eba80 Fix #78559: Heap buffer overflow in mb_eregi 
We backport kkos/oniguruma@d3e402928b.
 2019-09-23 21:49:55 -07:00
Christoph M. Becker
6dea11acd8 Merge branch 'PHP-7.3' into PHP-7.4 
* PHP-7.3:
  Fix #78579: mb_decode_numericentity: args number inconsistency
 2019-09-21 16:17:45 +02:00
Christoph M. Becker
698088ca7c Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix #78579: mb_decode_numericentity: args number inconsistency
 2019-09-21 16:16:52 +02:00
Christoph M. Becker
398b308316 Fix #78579: mb_decode_numericentity: args number inconsistency 
mb_decode_numericentity() accepts a fourth optional parameter, which is
unused, however.  Since this parameter doesn't do any harm, and to avoid
the small BC break, we're keeping this parameter for PHP 7, but adjust
the arginfo.

For PHP 8, we will remove this parameter.
 2019-09-21 16:15:23 +02:00
Fabien Villepinte
db4f5e44e1 Add missing SKIPIF (mbstring) 2019-09-04 08:51:03 +02:00
Stanislav Malyshev
5748cec3ee Upgrade oniguruma lib to 6.9.3 2019-08-27 23:40:46 -07:00
Stanislav Malyshev
d3f2cfe20a Update Oniguruma to 6.9.1 2019-08-25 00:02:32 -07:00
Stanislav Malyshev
5704eca6f7 Merge branch 'PHP-7.2' into PHP-7.3 
* PHP-7.2:
  Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe()
  set version for release
 2019-08-24 23:16:09 -07:00
Stanislav Malyshev
087cb7bab2 Merge branch 'PHP-7.1' into PHP-7.2 
* PHP-7.1:
  Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe()
  set version for release
 2019-08-24 23:15:36 -07:00
Stanislav Malyshev
1258303e66 Fix CVE-2019-13224: don't allow different encodings for onig_new_deluxe() 
Backport from 0f7f61ed1b
 2019-08-24 23:11:45 -07:00
Nikita Popov
7b152990b6 Don't short-circuit MBFL_OUTPUTFILTER_ILLEGAL_MODE_NONE 
Make sure we always go through mbfl_filt_conv_illegal_output(), so
that the number of illegal characters gets counted.
 2019-08-09 16:33:21 +02:00
Nikita Popov
39e756e7fe Deprecate encoding as 3rd param to mb_strrpos() 2019-07-22 11:39:52 +02:00
Christoph M. Becker
737c1b492c Put oniguruma include path to proper CFLAGS 2019-07-19 20:04:47 +02:00
Christoph M. Becker
504cd03fc3 Move Oniguruma related config stuff to where it belongs 
Oniguruma is exclusively used by ext/mbstring, and only if mbregex is
enabled.  Therefore it is unnecessary and confusing to have Oniguruma
related config stuff scattered elsewhere.

While we're at it, we also remove the referral to the bundled libonig
which is removed as of PHP 7.4.0, and the duplicated call to
`PHP_INSTALL_HEADERS()`.
 2019-07-19 19:30:41 +02:00