archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-20 01:14:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
103071 commits 526 branches 1434 tags 880 MiB
Commit graph

12767 commits

Author SHA1 Message Date
Christoph M. Becker
5d394b3bb4 Merge branch 'PHP-7.0' into PHP-7.1 2016-09-06 12:16:42 +02:00
Christoph M. Becker
af3031d755 Merge branch 'PHP-5.6' into PHP-7.0 2016-09-06 12:11:24 +02:00
Christoph M. Becker
dad793630d Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c 
`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.

We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.
 2016-09-06 12:05:58 +02:00
Nikita Popov
daa2b75c76 Fix some sizeof(zend_long) > sizeof(size_t) issues 
Fix a couple of mistakes that are only relevant if
sizeof(zend_long) > sizeof(size_t).

* Fix cast order in string offset check: Negation should happen
  after the (zend_long) cast, otherwise sign extension does not
  occur.
* Use Z_UL in zend_inference.
* Use aligned size for HT_USED_SIZE in zend_persist: The issue is
  that on x86-32 uint64_t is considered to be 4-aligned, so the
  alignment assumption does not hold.
 2016-09-05 15:33:02 +02:00
Nikita Popov
e0e5063173 Drop some pieces of commented-out code 2016-09-04 12:56:06 +02:00
Nikita Popov
bbdff7ea24 Sync convert_to_null with VM cast behavior 
Do not call cast_object, this is useless and we haven't been doing
it in the VM as of 7.0.
 2016-09-04 12:36:16 +02:00
Christoph M. Becker
727b422ad9 Fix #72948: Uncatchable "Catchable" fatal error for class to string conversions 
E_RECOVERABLE errors are reported as "Catchable fatal error". This is
misleading, because they actually can't be caught via try-catch statements.
Therefore we change the wording to "Recoverable fatal error" as suggested by
Nikita.
 2016-09-03 13:05:37 +02:00
Anatol Belski
edc4de58b7 Merge branch 'PHP-7.1' 
* PHP-7.1:
  fix useless assignment
  avoid needless function call
  remove useless assignment
  remove unused assignment
  rewrite the getcwd part
  fix leak
  fix unused assignment
  remove duplicated symbol
 2016-09-01 23:54:33 +02:00
Anatol Belski
0382a64fdf remove unused assignment 2016-09-01 23:45:31 +02:00
Anatol Belski
ac82a34185 rewrite the getcwd part 
Also fixes a possible memory leak. Still not ideal, as seems CWD
longer than MAX_PATH is still not supported. But a heap allocation
is not needed anyway, as MAXPATHLEN value is the maximum supported.
 2016-09-01 23:45:31 +02:00
Anatol Belski
0a50cbabf6 fix unused assignment 2016-09-01 23:45:31 +02:00
Anatol Belski
c563db6b44 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Update NEWS
  Implement \ArgumentCountError exception
 2016-08-31 12:07:38 +02:00
Davey Shafik
12ee17d5e0 Implement \ArgumentCountError exception 2016-08-30 19:35:56 -07:00
Dmitry Stogov
6318c80347 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed bug #72944 (Null pointer deref in zval_delref_p).
 2016-08-29 12:15:37 +03:00
Dmitry Stogov
b5bab0fce8 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #72944 (Null pointer deref in zval_delref_p).
 2016-08-29 12:07:54 +03:00
Dmitry Stogov
b66039db33 Fixed bug #72944 (Null pointer deref in zval_delref_p). 2016-08-29 12:02:50 +03:00
Xinchen Hui
727571c630 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed bug #72936 (Zend API's zend_symtable_str_update() asserts key should end with '\0')
 2016-08-29 00:11:09 +08:00
Xinchen Hui
01701912c7 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #72936 (Zend API's zend_symtable_str_update() asserts key should end with '\0')
 2016-08-29 00:10:57 +08:00
Xinchen Hui
986d0f87ec Fixed bug #72936 (Zend API's zend_symtable_str_update() asserts key should end with '\0') 2016-08-29 00:10:31 +08:00
Anatol Belski
f407707bd6 Merge branch 'PHP-7.1' 
* PHP-7.1:
  fix leak
  add parentheses
  fix clang compat
  fix leak
 2016-08-27 22:30:06 +02:00
Anatol Belski
d58202853d fix leak 2016-08-27 22:24:24 +02:00
Xinchen Hui
5ac49731cf Merge branch 'PHP-7.1' 
* PHP-7.1:
  Fixed bug #72943 (assign_dim on string doesn't reset hval)
 2016-08-26 18:33:10 +08:00
Xinchen Hui
557f1ccf0c Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug #72943 (assign_dim on string doesn't reset hval)

Conflicts:
	Zend/zend_execute.c
 2016-08-26 18:32:54 +08:00
Xinchen Hui
c67fa3c91d Fixed bug #72943 (assign_dim on string doesn't reset hval) 2016-08-26 18:30:08 +08:00
Xinchen Hui
aefd3e4d8b Merge branch 'PHP-7.1' 
* PHP-7.1:
  Remove redundant \t
 2016-08-25 13:29:55 +08:00
Xinchen Hui
38f7d595c0 Remove redundant \t 2016-08-25 13:29:22 +08:00
Dmitry Stogov
0e3e3ec7b6 Merge branch 'PHP-7.1' 
* PHP-7.1:
  Added tests and NEWS entry Fixed bug #72598 (Reference is lost after array_slice())
 2016-08-23 12:16:36 +03:00
Dmitry Stogov
62ab40bc96 Added tests and NEWS entry 
Fixed bug #72598 (Reference is lost after array_slice())
 2016-08-23 12:14:31 +03:00
Dmitry Stogov
93b8592092 Merge branch 'PHP-7.1' 
* PHP-7.1:
  call_user_func(_array): Don't abort on reference warning
 2016-08-23 10:56:55 +03:00
Nikita Popov
906456c410 call_user_func(_array): Don't abort on reference warning 
Change zend_call_function() to not abort the call if a non-reference
is passed to a reference argument. The usual warning will still be
thrown, but the call will proceed as usual.
 2016-08-23 10:29:15 +03:00
Xinchen Hui
9121c872e9 Merge branch 'PHP-7.1' 
* PHP-7.1:
  This is unecessary for 7.1 (IS_ERROR is an internal type)
  Fixed bug  #72911 (Memleak in zend_binary_assign_op_obj_helper)
  Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260))
 2016-08-21 17:40:45 +08:00
Xinchen Hui
e849e65d89 This is unecessary for 7.1 (IS_ERROR is an internal type) 2016-08-21 17:40:10 +08:00
Xinchen Hui
e572035ecf Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0:
  Fixed bug  #72911 (Memleak in zend_binary_assign_op_obj_helper)
  Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260))
 2016-08-21 17:39:52 +08:00
Xinchen Hui
0476bb1de5 Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper) 2016-08-21 17:38:03 +08:00
Xinchen Hui
b740bb3987 Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)) 2016-08-21 17:10:10 +08:00
Aaron Piotrowski
83bdcf075b Merge branch 'PHP-7.1' 
# Conflicts:
#	NEWS
#	UPGRADING
 2016-08-21 00:34:00 -05:00
Aaron Piotrowski
08c5d77027 Revert "Fix closure tests using ReflectionType::__toString()" 
This reverts commit 6fcedc96fb.
 2016-08-20 23:26:01 -05:00
Kalle Sommer Nielsen
5b30f08809 Fixed master build, decls first please! 2016-08-17 20:33:07 +02:00
Kalle Sommer Nielsen
447e57a1e1 Fixed 7.1 build, decls first please! 2016-08-17 20:26:32 +02:00
Kalle Sommer Nielsen
8a1fbdda43 Fixed C89 build 2016-08-17 13:43:50 +02:00
Xinchen Hui
660d8f1622 Merge branch 'PHP-7.1' 
* PHP-7.1: (49 commits)
  Update NEWs
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  ...
 2016-08-17 17:15:11 +08:00
Xinchen Hui
ce6ad9bdd9 Merge branch 'PHP-7.0' into PHP-7.1 
* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c
 2016-08-17 17:14:30 +08:00
Stanislav Malyshev
75d7666968 Merge branch 'PHP-7.0.10' into PHP-7.0 
* PHP-7.0.10:
  Fix bug #72749: wddx_deserialize allows illegal memory access
  Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
  fix tests
  Fix bug#72697 - select_colors write out-of-bounds
  Fix bug #72708 - php_snmp_parse_oid integer overflow in memory allocation
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  Fix bug #72750: wddx_deserialize null dereference
  Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack
  fix tests
  add missing skipif section
  Fix for bug #72790 and bug #72799
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72742 - memory allocator fails to realloc small block to large one
  Use size_t for path length
  Check for string overflow
  Fix for bug #72782: mcrypt accepts only ints, so don't pass anything else
  Fix bug #72674 - check both curl_escape and curl_unescape
 2016-08-16 23:52:22 -07:00
Stanislav Malyshev
f8a75d4eee Merge branch 'PHP-7.0' into PHP-7.0.10 
* PHP-7.0: (34 commits)
  Fix URL rewriter partially
  Support "git worktree"
  Add NEWS
  Fix ASSERT logic
  Bugfix 72791: fix memory leak in PDO persistent connections
  Don't copy mime types in CLI server
  Remove obsolete Id tags
  Bump version in OCI8 test
  Fixed bug #72788 (Invalid memory access when using persistent PDO connection)
  Remove typo'd commit
  Fix bug 72788: Invalid memory access when database_object_handle is undefined. Also fix memory leak in dbh_free when using persistent PDO connections.
  Replace dead branch with ZEND_ASSERT()
  Add test for bug #69107: finfo no longer detects PHP files
  Fix bug #55451
  Fix stream_socket_enable_crypto() test
  Remove old $Id$ tags
  Sync with 7.1 branch changes from Nikita & Dimitri to keep OCI8 code identical
  Fix bug #72524 (Binding null values triggers ORA-24816 error)
  Fix the fix (Nikita), thanks!
  Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.
  ...

Conflicts:
	ext/standard/ftp_fopen_wrapper.c
 2016-08-16 23:50:42 -07:00
Stanislav Malyshev
1cd6bc6463 Fix for bug #72807 - do not produce strings with negative length 2016-08-16 22:55:41 -07:00
Nikita Popov
339cafa035 Merge branch 'PHP-7.1' 2016-08-16 21:07:46 +02:00
Nikita Popov
7384fcff0a Merge branch 'PHP-7.0' into PHP-7.1 2016-08-16 21:05:57 +02:00
Nikita Popov
e2230c17d3 Fix bug #72854 2016-08-16 21:05:30 +02:00
Aaron Piotrowski
40dcc1b57c Merge branch 'PHP-7.1' 2016-08-16 13:06:06 -05:00
Aaron Piotrowski
6fcedc96fb Fix closure tests using ReflectionType::__toString() 2016-08-16 13:05:51 -05:00