| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
Emitting errors is fairly expensive, to the point that parsing
a file with a huge number of invalid tags can take seconds.
Generating ten thousand errors is unlikely to help anybody, but
constitutes a potential DOS vector.
|
|\ |
|
| |\ |
|
| | | |
|
|\ \ \
| |/ / |
|
| |\ \
| | |/ |
|
| | |
| | |
| | |
| | | |
components is an unsigned number, it cannot be smaller than zero.
|
|\ \ \
| |/ / |
|
| |\ \
| | |/ |
|
| | | |
|
|\ \ \
| |/ / |
|
| |\ \
| | |/ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes two leaks related to duplicate tags, as well as a leak
of zero-length FMT_(S)BYTE with non-null value. This can show up
for MAKERNOTE values where the original length is non-zero, but
the first character is a null byte.
|
|\ \ \
| |/ / |
|
| |\ \
| | |/ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e,
when the restriction that components>0 has been relaxed. We now need
to make sure that any tags that expect at least one component check
that this is the case.
|
|\ \ \
| |/ / |
|
| |\ \
| | |/ |
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | | |
* PHP-7.3:
Fix exif build
NEWS
|
| | |
| | |
| | |
| | | |
As of PHP 7.3.0 the `model` field is removed.
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.3:
Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
|
| |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.2:
Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
|
| | | |
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.3:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.2:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-7.1:
Fix #77919: Potential UAF in Phar RSHUTDOWN
Update NEWS
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Don't dereference float/double values at unknown address, instead
memcpy it into an aligned stack slot and dereference that.
|
|\ \ \ \
| |/ / / |
|
| |\ \ \ |
|
| | |/ /
| | | |
| | | |
| | | |
| | | | |
Don't dereference float/double values at unknown address, instead
memcpy it into an aligned stack slot and dereference that.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The php_stream_read() and php_stream_write() functions now return
an ssize_t value, with negative results indicating failure. Functions
like fread() and fwrite() will return false in that case.
As a special case, EWOULDBLOCK and EAGAIN on non-blocking streams
should not be regarded as error conditions, and be reported as
successful zero-length reads/writes instead. The handling of EINTR
remains unclear and is internally inconsistent (e.g. some code-paths
will automatically retry on EINTR, while some won't).
I'm landing this now to make sure the stream wrapper ops API changes
make it into 7.4 -- however, if the user-facing changes turn out to
be problematic we have the option of clamping negative returns to
zero in php_stream_read() and php_stream_write() to restore the
old behavior in a relatively non-intrusive manner.
|
| | | |
| | | |
| | | |
| | | | |
Maybe should use exp2() but not sure about how supported it is.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
RFC: https://wiki.php.net/rfc/tostring_exceptions
And convert some object to string conversion related recoverable
fatal errors into Error exceptions.
Improve exception safety of internal code performing string
conversions.
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.3:
Fix bug #77988 - heap-buffer-overflow on php_jpg_get16
|
| |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.2:
Fix bug #77988 - heap-buffer-overflow on php_jpg_get16
|
| | |\ \
| | | |/
| | | |
| | | |
| | | | |
* PHP-7.1:
Fix bug #77988 - heap-buffer-overflow on php_jpg_get16
|
| | | | |
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.3:
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
|
| |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.2:
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
|
| | |\ \
| | | |/
| | | |
| | | |
| | | | |
* PHP-7.1:
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
|
| | | |
| | | |
| | | |
| | | | |
by reference
|
| | | | |
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* PHP-7.3:
fix paste issue
|
| |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* PHP-7.2:
fix paste issue
|