| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| | |
* PHP-7.3:
Fix bug #79787
|
| |
| |
| |
| | |
Closes GH-5807.
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| | |
* PHP-7.3:
Revert "Went to fast and forgot to update tests"
Revert "Fix Bug #79448 0 is a valid Unicode codepoint, but mb_substitute_character(0) fails"
|
| |
| |
| |
| | |
This reverts commit 656eac74fa6074aebc087bb73d2e4651f7dc8c9e.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
mb_substitute_character(0) fails"
This commit brings some substantial changes in behaviour due to the weird implementation.
This will be fixed in master due to BC concerns.
This reverts commit 1333b46d6dc0c293c1fd626803f91bc69743eb79.
|
|\ \
| |/ |
|
| |
| |
| |
| | |
However due to the really lax conversion to integer all strings pass as 0
|
|\ \
| |/ |
|
| |
| |
| |
| | |
mb_substitute_character(0) fails
|
|\ \
| |/ |
|
| | |
|
| |
| |
| |
| | |
We make sure that negative values are properly compared.
|
| |
| |
| |
| | |
We make sure that negative values are properly compared.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.3:
Add SKIPIF to test requiring mbregex
|
| | |
|
| |
| |
| |
| | |
Ideally "c" would be an unsigned integer...
|
| |
| |
| |
| |
| |
| |
| | |
I replaced it with a multiplication overflow check in
18599f9c52959b2e8cbfac57e278644499a3547d. However, we need both,
because the code for restoring the number can't handle numbers
with many leading zeros right now and I don't feel like teaching it.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.3:
Fix mb_ord() crash if internal encoding not supported
|
| |
| |
| |
| |
| | |
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
|
| |
| |
| |
| | |
Check for multiplication overflow rather than number of digits.
|
|\ \
| |/
| |
| |
| | |
* PHP-7.3:
Reset MBREX(search_re) in RSHUTDOWN
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is going to cause a segfault if reused in the next request.
To illustrate the issue, run these two scripts in sequence with
the built-in server:
// script1.php
mb_ereg_search_init('foobar');
mb_ereg_search('foo');
// script2.php
var_dump(mb_ereg_search_init("foobar"));
var_dump(mb_ereg_search_pos());
|
|\ \
| |/
| |
| |
| | |
* PHP-7.3:
Fix use of mb_ereg_search_getregs() after invalid pattern
|
| |
| |
| |
| |
| | |
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Don't mix strlen() and ZSTR_LEN(). If the encoding contains a
NULL byte, this will overflow the buffer.
NULL bytes will still make this behave oddly because the consuming
code will cut off the string there, but let's address that in master...
|
| |
| |
| |
| | |
Make sure we don't overflow the integer.
|
| | |
|
|\ \
| |/
| |
| |
| | |
* PHP-7.3:
Fix #79154: mb_convert_encoding() can modify $from_encoding
|
| |
| |
| |
| | |
We must not modify arrays passed by value.
|
| |
| |
| |
| |
| | |
We must not assume that `hash_entry` `IS_STRING`, but rather use
`encoding_str` which is guaranteed to be.
|
|\ \
| |/
| |
| |
| |
| |
| |
| | |
* PHP-7.3:
Update NEWS
Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
Fix #79099: OOB read in php_strip_tags_ex
Fix #79091: heap use-after-free in session_create_id()
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* PHP-7.2:
Update NEWS
Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
Fix #79099: OOB read in php_strip_tags_ex
Fix #79091: heap use-after-free in session_create_id()
|
| | | |
|
| | |
| | |
| | |
| | | |
Oniguruma 6.9.4 fixes several CVEs.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This partially reverts commit c55d09c2f547634b577aa5aeaa1438d772bc29d1,
because `MB_ONIGURUMA_VERSION` is only available as of PHP 7.4.0, so
that change made no sense for PHP-7.3; we keep it for PHP-7.4, though.
We also stick with the modification to bug78633.phpt.
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.3:
Adapt test cases for Oniguruma 6.9.4
|
| | |
| | |
| | |
| | |
| | |
| | | |
Apparently, bug 78633 has now really been fixed; the former fix only
catered to the buffer overflow, but yielded a wrong result. Also,
the order of the named captures has been fixed.
|
| | |
| | |
| | |
| | |
| | | |
The proper `SIZEOF_SIZE_T` definitions are available as of Oniguruma
6.9.1; no more need to patch.
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.3:
Fix #78633: Heap buffer overflow (read) in mb_eregi
|
| | |
| | |
| | |
| | | |
We backport kkos/oniguruma@15c4228aa2ffa02140a99912dd3177df0b1841c6.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This test is somewhat fragile in that it depends on how well a
particular regex is optimized. Apparently on 6.9.1 this regex
would hit the default retry_limit of 1000000 already. I'm limiting
this to 6.9.3 because that's the version that works for me.
|
| | |
| | |
| | |
| | |
| | |
| | | |
This is very similar to the existing mbstring.regex_stack_limit,
but for backtracking. The default value matches pcre.backtrack_limit.
Only used on libonig >= 2.8.0.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to commit 0eea9a6[1], these tests fail with old Oniguruma
versions; we are not sure which version of Oniguruma is required to let
them pass, but at least 6.9.3 is sufficient.
[1] <http://git.php.net/?p=php-src.git;a=commit;h=0eea9a642941ab5d4c612f8092f186977afbb73e>
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* PHP-7.3:
Fix #78609: mb_check_encoding() no longer supports stringable objects
|
| |\ \
| | |/
| | |
| | |
| | | |
* PHP-7.2:
Fix #78609: mb_check_encoding() no longer supports stringable objects
|