archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-17 22:48:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
95777 commits 526 branches 1434 tags 873 MiB
Commit graph

925 commits

Author SHA1 Message Date
Sammy Kaye Powers
478f119ab9 Update copyright headers to 2017 2017-01-04 11:14:55 -06:00
Stanislav Malyshev
58cdd03d92 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Add more mbfl string size checks (bug #73505)
 2016-11-26 14:48:40 -08:00
Stanislav Malyshev
5ee02b207d Add more mbfl string size checks (bug #73505) 2016-11-26 14:47:58 -08:00
Stanislav Malyshev
8ea01d5f19 Apparently negative wordwrap is a thing and should work as length = 0. 
I'll leave it as is for now.
 2016-10-03 19:17:42 -07:00
Stanislav Malyshev
631173aa5c Really fix bug #73017 2016-10-03 18:07:21 -07:00
Anatol Belski
c403b30291 pick up the safe alloc pieces from 
19866fb76c
 2016-09-13 11:50:18 +02:00
Stanislav Malyshev
65c8caafa8 Also fix overflow in wordwrap 2016-09-12 21:04:23 -07:00
Stanislav Malyshev
19866fb76c Fix various int size overflows. 
Add function for detection of string zvals with length that does not fit
INT_MAX.
 2016-09-12 21:04:23 -07:00
Andrea Faulds
d690014bf3 Remove zpp fallback code (always use Fast ZPP) 
Squashed commit of the following:

commit 3e27fbb3d2
Author: Andrea Faulds <ajf@ajf.me>
Date:   Sun Sep 11 19:14:37 2016 +0100

    Keep dummy FAST_ZPP macro for compatibility

commit 8a7cfd00de
Author: Andrea Faulds <ajf@ajf.me>
Date:   Mon Sep 5 22:36:03 2016 +0100

    Remove FAST_ZPP macro and plain zpp fallback code
 2016-09-11 22:44:46 +01:00
Anatol Belski
d80a317c0b fix leak 2016-08-29 15:43:10 +02:00
Christoph M. Becker
ae3b2078ea Fix #72823: strtr out-of-bound access 
If php_strtr_array_prepare_repls() reports pattern_len == 0, we return
early to avoid OOB accesses, and because there is nothing to replace anyway.
 2016-08-13 11:40:33 +02:00
Lauri Kenttä
e616bc8694 Fix bug #55451 
Make substr_compare ignore the length if it's NULL. This allows to
use the last parameter (case_insensitivity) with the default length.
 2016-08-07 18:48:36 +02:00
Julien Pauli
87fe485c35 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Updated NEWS
  Backported bug #71144 (Segmentation fault when using cURL with ZTS)
  fix bug #72024 (microtime() leaks memory)

Conflicts:
	ext/curl/interface.c
 2016-07-08 15:05:13 +02:00
Michael Maroszek
0be13d2dc2 fix bug #72024 (microtime() leaks memory) 2016-07-08 14:36:44 +02:00
Stanislav Malyshev
b8487b6a7d Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix the fix for #72403 on nl2br
  5.5.38 now

Conflicts:
	configure.in
	main/php_version.h
 2016-06-27 12:32:11 -07:00
Stanislav Malyshev
25bd11cf27 Fix the fix for #72403 on nl2br 2016-06-27 12:30:42 -07:00
Stanislav Malyshev
c9b24ef307 Merge branch 'PHP-5.6.23' into PHP-5.6 
* PHP-5.6.23:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  Fix bug #72321 - use efree() for emalloc allocation
  5.6.23RC1

Conflicts:
	configure.in
	main/php_version.h
 2016-06-21 00:02:37 -07:00
Stanislav Malyshev
7dde353ee7 Merge branch 'PHP-5.5' into PHP-5.6.23 
* PHP-5.5:
  Fixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
  update NEWS
  fix tests
  fix build
  Fix bug #72455:  Heap Overflow due to integer overflows
  Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize
  Fix bug #72407: NULL Pointer Dereference at _gdScaleVert
  Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free
  Fix bug #72298	pass2_no_dither out-of-bounds access
  Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow
  Fix bug #72262 - do not overflow int
  Fix bug #72400 and #72403 - prevent signed int overflows for string lengths
  Fix bug #72275: don't allow smart_str to overflow int
  Fix bug #72340: Double Free Courruption in wddx_deserialize
  update NEWS
  Fix #66387: Stack overflow with imagefilltoborder
  Skip test which is 64bits only
  5.5.37 now

Conflicts:
	configure.in
	ext/mcrypt/mcrypt.c
	ext/spl/spl_directory.c
	main/php_version.h
 2016-06-21 00:01:48 -07:00
Stanislav Malyshev
88746d60ab Fix bug #72400 and #72403 - prevent signed int overflows for string lengths 2016-06-15 21:51:28 -07:00
Stanislav Malyshev
4c968c6ddd Fix bug #72138 - Integer Overflow in Length of String-typed ZVAL 2016-06-14 01:03:03 -07:00
Xinchen Hui
c89b7a4860 Use zend_string_safe_alloc 2016-04-27 12:45:02 +08:00
Dmitry Stogov
8f0ceb97cf Fixed bug #72100 (implode() inserts garbage into resulting string when joins very big integer). (Mikhail Galanin) 2016-04-26 13:04:06 +03:00
Xinchen Hui
e95782ed5e Fixed bug #71969 (str_replace returns an incorrect resulting array after a foreach by reference) 2016-04-06 10:19:24 +08:00
Joe Watkins
034e8ec02e fix #71287 (substr_replace bug when length type is string) 2016-03-31 17:10:12 +01:00
Stanislav Malyshev
57b997ebf9 Fix bug #71637: Multiple Heap Overflow due to integer overflows 2016-02-21 23:14:29 -08:00
Nikita Popov
f43fe8cb4c Merge branch 'PHP-5.6' into PHP-7.0 2016-02-13 17:48:17 +01:00
Nikita Popov
4e0134c661 Fix bounds check in strip_tags() 2016-02-13 17:47:30 +01:00
Julien Pauli
0d1d814e1a Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Updated NEWS
  Fix #70720

Conflicts:
	ext/standard/string.c
	ext/standard/tests/strings/bug70720.phpt
 2016-02-02 18:17:16 +01:00
Julien Pauli
6b0b29edd6 Fix #70720 2016-02-02 18:09:54 +01:00
Stanislav Malyshev
c631f1ee2b Merge branch 'PHP-7.0.3' into PHP-7.0 
* PHP-7.0.3: (35 commits)
  fix tests
  update NEWS
  fix tests
  fix NEWS
  Update NEWS
  update NEWS
  Fixed bug #71475: openssl_seal() uninitialized memory usage
  Fixed bug #71488: Stack overflow when decompressing tar archives
  fix tests
  fix wrong gc sequence
  revert the API string as well
  update NEWS
  Revert "Fix #70720"
  sync NEWS
  reset ext/session to the state of 7.0.2
  update NEWS
  update NEWS
  add missing headers for SIZE_MAX
  backport the escapeshell* functions hardening branch
  add tests
  ...

Conflicts:
	configure.in
	ext/session/tests/bug69111.phpt
	main/php_version.h
 2016-02-01 20:45:49 -08:00
Anatol Belski
47af41b785 Revert "Fix #70720" 
This reverts commit ff7ed9021c.
 2016-01-29 12:41:43 +01:00
Stanislav Malyshev
88bd7cb418 Use safe alloc functions when calculations are made on sizes. 
Fixes bug #71449, bug #71450
 2016-01-26 22:33:51 -08:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Happy new year (Update copyright to 2016)
 2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Julien Pauli
332b778d68 Merge branch 'PHP-5.6' into PHP-7.0 
* PHP-5.6:
  Fix #70720
  Align NEWS entry format
 2015-12-22 16:26:30 +01:00
Julien Pauli
ff7ed9021c Fix #70720 2015-12-22 16:25:51 +01:00
Anatol Belski
4037ba5847 release only appropriate string 2015-12-22 14:33:19 +01:00
Xinchen Hui
d63ae2c382 Fixed bug #71190 (substr_replace converts integers in original $search array to strings) 2015-12-22 12:13:28 +08:00
Xinchen Hui
3524849f77 Fixed #71188 (str_replace converts integers in original $search array to strings) 2015-12-22 11:07:30 +08:00
Dmitry Stogov
9af07e7119 Fixed bug #70667 (strtr() causes invalid writes and a crashes) 2015-10-08 14:30:43 +03:00
Dmitry Stogov
560e4fa393 Removed or simplified incorrect SEPARATE_*() macros usage. 2015-09-29 11:17:43 +03:00
Dmitry Stogov
ad4fa8f758 Fixed incorrect usage of HASH_OF() macro. Replaced HASH_OF() with more appropriate Z_ARRVAL_P() or Z_OBJPROP_P(). 2015-09-24 22:39:59 +03:00
Bob Weinand
ad4d139f29 Make bin2hex() and hex2bin() timing safe 2015-08-04 22:07:13 +02:00
Remi Collet
80edd40383 fix memleak 2015-07-27 16:57:38 +02:00
Xinchen Hui
11613a1b58 Cleanup and also include the error path into test 2015-07-27 22:22:13 +08:00
Remi Collet
e811770a68 Fix #70112 RFE Allow dirname to go up various times 2015-07-27 15:23:04 +02:00
Xinchen Hui
6aeee47b2c Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code Execution) 2015-07-27 11:17:05 +08:00
Nikita Popov
42e32c33e2 More warning fixes 2015-07-17 21:12:15 +02:00
Ferenc Kovacs
df499b9108 Merge branch 'PHP-5.6' 
* PHP-5.6:
  add missing second argument for ucfirst to the proto
 2015-07-07 15:50:02 +02:00
Ferenc Kovacs
bdb9c0da86 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  add missing second argument for ucfirst to the proto
 2015-07-07 15:49:44 +02:00