| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| | |
* PHP-5.6:
Workaround for GCC-4.9.2 bug
oops, changed in wrong place
|
| | | |
|
| |\ \
| |/
| |
| |
| | |
* PHP-5.6:
Fix #68447: grapheme_extract take an extra trailing character
|
| | |\
| | |
| | |
| | |
| | | |
* pull-request/1974:
Fix #68447: grapheme_extract take an extra trailing character
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
grapheme_extract() converts UTF-8 string in the argument to UTF-16 to
iterate through graphemes, and count each UTF-16 character as one Unicode
character, which is not correct for UTF-16 surrogate pairs.
The patch removes the conversion and counts UTF-8 directly if needed.
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
* PHP-5.6:
More string length checks & fixes
|
| | |/ / |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
(cherry picked from commit d946d102936525bc7dcd01f3827d0a6e0bb971b0)
|
| | | |
| | |
| | |
| | | |
(cherry picked from commit d3eb58332af433982f1e2ae9095fb087974a95f2)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
(cherry picked from commit 9e07089626f373d0e7b24b7aeb8b8459aae5f5f8)
Conflicts:
ext/intl/msgformat/msgformat_format.c
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-5.6:
fix double free
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to the Unicode specification (at least as of 5.1), CRLF sequences
are considered to be a single grapheme. We cater to that special case by
letting grapheme_ascii_check() fail. While it would be trivial to fix
grapheme_ascii_check() wrt. grapheme_strlen(), grapheme_substr() and
grapheme_strrpos() would be much harder to handle, so we accept the slight
performance penalty if CRLF is involved.
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | |
| | | |
Again, off-by-1000 is expected if we're late in the second. Add an
extra 1000 to account for actual delta in call times.
|
| |\ \ \
| |/ / |
|
| | | |
| | |
| | |
| | |
| | | |
Due to the *1000 factor the two values may be off-by-1000 even
without any actual delay, so increase the check to 2000.
|
| | | |
| | |
| | |
| | | |
IntlCalendar and adds a property)
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6:
fix #72519, possible OOB using imagegif
fix #72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
5.6.24RC1
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
Zend/zend_virtual_cwd.c
ext/bz2/bz2.c
ext/exif/exif.c
ext/session/session.c
ext/snmp/snmp.c
ext/standard/basic_functions.c
main/SAPI.c
main/php_variables.c
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* PHP-5.5:
fix #72519, possible OOB using imagegif
fix #72512, invalid read or write for palette image when invalid transparent index is used
Apparently some envs miss SIZE_MAX
Fix tests
Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
Fix bug #72562 - destroy var_hash properly
Fix bug #72533 (locale_accept_from_http out-of-bounds access)
Fix fir bug #72520
Fix for bug #72513
CS fix and comments with bug ID
Fix for HTTP_PROXY issue.
add tests for bug #72512
Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
Fixed bug #72479 - same as #72434
Conflicts:
ext/bz2/bz2.c
main/SAPI.c
main/php_variables.c
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
# Resolved conflicts:
# ext/intl/idn/idn.c
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We don't actually fix this issue wrt. the empty $info array, because it is
not clear what this array should contain and we're concerned about the
potential BC break, but at least we fix the inconsistent handling of
resulting domains with 255 bytes (which raise an error), and longer domains
(which just return FALSE), what has to be considered a very minor BC break
if at all.
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-5.6:
Add test for bug #53735
|
| | | | |
|
| | | | |
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227: imagescale out-of-bounds read
Fix bug #72241: get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
Zend/zend_operators.c
ext/phar/dirstream.c
ext/phar/tests/bug71331.phpt
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Fix memory leak in imagescale()
Update NEWS
Better fix for bug #72135
Fixed bug #72227: imagescale out-of-bounds read
Fix bug #72241: get_icu_value_internal out-of-bounds read
Fix bug #72135 - don't create strings with lengths outside int range
Add check for string overflow to all string add operations
Fix bug #72114 - int/size_t confusion in fread
Updated NEWS
Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()
Conflicts:
Zend/zend_operators.c
ext/intl/locale/locale_methods.c
ext/phar/dirstream.c
ext/phar/tests/bug71331.phpt
ext/standard/file.c
ext/standard/html.c
|
| | | | |
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.6:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-5.5:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
Conflicts:
configure.in
main/php_version.h
|
| | | |
| | |
| | |
| | | |
offset
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
