The following changes are made:
- _SERVER/_ENV only has HTTP_PROXY if the local environment has it,
and only one from the environment.
- getenv('HTTP_PROXY') only returns one from the local environment
- getenv has optional second parameter, telling it to only consider
local environment
The SQL Server Native Client 11.0 and maybe other ODBC drivers report
NVARCHAR(MAX) columns as SQL_WVARCHAR with size 0. This causes too small a
buffer to be emalloc'd, likely causing a segfault in the following. As we don't
know the real size of the column data, we treat such colums as
SQL_WLONGVARCHAR.
The related bug #67437 suggests that some drivers report a size of ~4GB. It is
not certain that this is really the case (there might be some integer overflow
involved, and anyway, there has been no feedback), so we do not cater for this
now. However, it would not be hard to treat all sizes above a certain threshold
in a similar way, i.e. as SQL_WLONGVARCHAR.
(cherry picked from commit 16db4d1462)
(cherry picked from commit 344ff5dd4c)
* PHP-5.5.37:
fix tests
fix build
Fix bug #72455: Heap Overflow due to integer overflows
Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
Fix bug #72298 pass2_no_dither out-of-bounds access
Fixed#72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
Fix bug #72262 - do not overflow int
Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
Fix bug #72275: don't allow smart_str to overflow int
Fix bug #72340: Double Free Courruption in wddx_deserialize
The stack overflow is caused by the recursive algorithm in combination with a
very large negative coordinate passed to gdImageFillToBorder(). As there is
already a clipping for large positive coordinates to the width and height of
the image, it seems to be consequent to clip to zero also.
Diff from test output
001+ Warning: fread(): Length parameter must be greater than 0 in ...
001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
