| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
I'll leave it as is for now.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PHP-5.6.27:
Fix tests
fix tsrm
Fix bug #73284 - heap overflow in php_ereg_replace function
Fix bug #73276 - crash in openssl_random_pseudo_bytes function
Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
fix bug #73275 - crash in openssl_encrypt function
Fix for #73240 - Write out of bounds at number_format
Bug #73218: add mitigation for ICU int overflow
Add more locale length checks, due to ICU bugs.
Fix bug #73208 - another missing length check
Fix bug #73190: memcpy negative parameter _bc_new_num_ex
Fix bug #73189 - Memcpy negative size parameter php_resolve_path
Fixed bug #73174 - heap overflow in php_pcre_replace_impl
Fix bug #73150: missing NULL check in dom_document_save_html
Fix bug #73147: Use After Free in PHP7 unserialize()
Fix bug #73082
Fix bug #73073 - CachingIterator null dereference when convert to string
|
| |
|
|
| |
This reverts commit 6a544f2d1e3100dcd998248376eba9b9a9257a8e.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also cgi.check_shebang_line has been missing.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The recently introduced test_image_equals_file() doesn't properly work for
palette images, because in this case only the palette indexes are compared,
what can lead to false positives and negatives as shown in the added test.
To fix that we convert palette images to truecolor, what is supposed to be
faster than calling imagecolorsforindex() for each pixel.
We furthermore rely on PHP's refcounting to free unused images; after all,
this is not C.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The PHP core and extensions are written with the assumption that memory
allocation either succeeds, or the allocator bails out (i.e. the allocator
is infallible). Therefore the result of emalloc() and friends are not checked
for NULL values.
However, with USE_ZEND_ALLOC=0, malloc() and friends are used as allocators,
but these are fallible, i.e. they return NULL instead of bailing out if they
fail. This easily leads to invalid memory accesses in the following, such as
in <https://bugs.php.net/73032>. Some of these cases may constitute
exploitable vulnerabilities.
Therefore we make the infallible __zend_alloc() and friends the default for
USE_ZEND_ALLOC=0.
|
| | | |
|
| | |
| |
| |
| | |
We must not apply the format correction twice for truecolor images.
|
| | | |
|
| | |
| |
| |
| | |
Obviously, there was a bad merge.
|
| | |
| |
| |
| | |
This reverts commit f9a699f6c3aa7acea922242a0f14731f6b829742.
|
| | | |
|
| | |
| |
| |
| | |
(cherry picked from commit 410c68788ae4826807e8ced3f4a02e676142b22a)
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
fix fpm_scoreboard_free
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Firstly, there is no fundamental difference between running the tests on
freetype before and after 2.4.10, so we re-join the respective test cases.
Secondly, there are some minor differences in the results depending on
architecture, freetype versions and config options, so we cater to that
by allowing small deviations from the expectations.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
In case USE_KEY flag is active, RegexIterator->accept() should keep it's
old behavior which is to accept keys mapping arrays.
This broke after PHP 5.5 but was not noticed due to lack of tests for USE_KEY.
|
| | |
| |
| |
| | |
zend_hash_apply()
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
imagettfbbox/imageftbbox
- load glyph with FT_LOAD_IGNORE_TRANSFORM for bbox as final bbox is rotated at once later (fixes "double-rotation" per glyph for calculating bbox)
- reload the rotated glyph for painting after that (only if angle != 0)
- rotate the original bbox at 0,0 and do not throw away xMin/yMin (drawing-rotation is also based at "origin" point - including the bearingX, see http://www.freetype.org/freetype2/docs/glyphs/glyphs-3.html#section-3) - this fixes the "left-shift"-problem also when angle = 0
- removed "xb/yb" and use "x/y" directly for offsetting brect (no need for adding "x1/y1" and substracting "yd" later)
- removed therefore unused "yd" helper var which seems tried to fix parts of the original problems
- initialize x/y with 0 instead of -1 in php_imagettftext_common() to make image*text() and image*bbox() results identical (there was a -1px shift in image*bbox() before)
- fixed gdroundupdown() for negative numbers (-256 / 64 gives -5 instead of -4 before)
- rotate kerning-delta by given angle (fixes completely wrong kerning and therefore wrong bounding box if angle != 0)
- changed 3 tests and added a new one to test for the new (better) coordinates
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
We add the missing integer overflow check to avoid potential buffer overflows.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Apparently, different FreeType versions render the string differently, so
we have to cater to these slight differences. Unfortunately, the testing
framework doesn't yet offer a clean API for this, so we work around the
limitations by parsing and checking the output of test_image_equals_file().
|
| | | |
| | |
| | |
| | |
| | | |
There are apparently issues with the font rendering with different freetype
version; I'll have a look at this issue ASAP.
|
| | | |
| | |
| | |
| | |
| | | |
We must not draw the background pixels of the character glyphs, what has
already been fixed in GD 2.0.26.
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
