summaryrefslogtreecommitdiff
path: root/ext/standard/var_unserializer.c
Commit message (Collapse)AuthorAgeFilesLines
* Use interned empty and "one char" strings.Dmitry Stogov2017-05-181-448/+428
|
* Make sure lengths and refs are unsigned in unserialize()Nikita Popov2017-03-231-194/+138
|
* Fixed bug #74300xKhorasan2017-03-231-19/+8
|
* Enable HT RC assertions with escape-hatchNikita Popov2017-01-231-9/+15
| | | | | | | | | HT functions that modify the array now assert that rc=1. As we don't respect this COW constraint everywhere, either for a good reason or because fixing it would take more work, we provide an escape hatch in the form of HT_ALLOW_COW_VIOLATION(ht). If this macro is called assertions on this ht are disabled. The macro is a no-op in release mode.
* Merge branch 'PHP-7.1'Nikita Popov2017-01-051-3/+3
|\
| * Add Z_EXTRA macroNikita Popov2017-01-051-3/+3
| | | | | | | | For use with u2 values which don't deserve a custom macro...
* | Merge branch 'PHP-7.1'Nikita Popov2017-01-051-501/+547
|\ \ | |/
| * Merge branch 'PHP-7.0' into PHP-7.1Nikita Popov2017-01-051-500/+546
| |\
| | * Merge branch 'PHP-5.6' into PHP-7.0Nikita Popov2017-01-051-500/+546
| | |\
| | | * Implement delayed __wakeupNikita Popov2017-01-051-509/+564
| | | |
| | * | Update copyright headers to 2017Sammy Kaye Powers2017-01-041-1/+1
| | | |
| * | | Update copyright headers to 2017Sammy Kaye Powers2017-01-041-1/+1
| | | |
| * | | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2017-01-021-1/+1
| |\ \ \ | | |/ / | | | | | | | | | | | | * PHP-7.0: Use correct string release function
| | * | Use correct string release functionStanislav Malyshev2017-01-021-1/+1
| | | |
| * | | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2017-01-021-2/+2
| |\ \ \ | | |/ / | | | | | | | | | | | | * PHP-7.0: Fix error reporting
| | * | Fix error reportingStanislav Malyshev2017-01-021-2/+2
| | | |
* | | | Re-add var_unserializer.cStanislav Malyshev2017-01-031-0/+1432
| | | |
* | | | Merge branch 'PHP-7.1'Stanislav Malyshev2017-01-021-1441/+0
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.1: Fix bug #73737 FPE when parsing a tag format Fix bug #73773 - Seg fault when loading hostile phar Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() Fix bug #73768 - Memory corruption when loading hostile phar Fix int overflows in phar (bug #73764)
| * | | Merge branch 'PHP-7.0' into PHP-7.1Stanislav Malyshev2017-01-021-506/+497
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.0: Fix bug #73737 FPE when parsing a tag format Fix bug #73773 - Seg fault when loading hostile phar Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() Fix bug #73768 - Memory corruption when loading hostile phar Fix int overflows in phar (bug #73764)
| | * | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2017-01-021-506/+497
| | |\ \ | | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix bug #73737 FPE when parsing a tag format Fix bug #73773 - Seg fault when loading hostile phar Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() Fix bug #73768 - Memory corruption when loading hostile phar Fix int overflows in phar (bug #73764)
| | | * Merge branch 'PHP-5.6.30' into PHP-5.6Stanislav Malyshev2017-01-021-503/+494
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6.30: Fix bug #73737 FPE when parsing a tag format Fix bug #73773 - Seg fault when loading hostile phar Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() Fix bug #73768 - Memory corruption when loading hostile phar Fix int overflows in phar (bug #73764)
| | | | * Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()Stanislav Malyshev2016-12-301-33/+47
| | | | |
* | | | | Merge branch 'PHP-7.1'Nikita Popov2017-01-011-477/+503
|\ \ \ \ \ | |/ / / /
| * | | | Merge branch 'PHP-7.0' into PHP-7.1Nikita Popov2017-01-011-9/+11
| |\ \ \ \ | | |/ / /
| | * | | Merge branch 'PHP-5.6' into PHP-7.0Nikita Popov2017-01-011-480/+505
| | |\ \ \ | | | |/ /
| | | * | FIx bug #70213Nikita Popov2017-01-011-474/+499
| | | |/
| | | * Fix bug #73052 - Memory Corruption in During Deserialized-object DestructionStanislav Malyshev2016-09-121-30/+31
| | | |
* | | | Merge branch 'DedupNANINF'Andrea Faulds2016-10-261-505/+482
|\ \ \ \ | |/ / / |/| | |
| * | | Deduplicate NAN/INF portability, move to ZendAndrea Faulds2016-03-201-35/+36
| | | |
* | | | Followup for bug #72785Nikita Popov2016-09-061-482/+508
| | | | | | | | | | | | | | | | | | | | Fix incorrect handling of nesting ... need to reset to the old value afterwards.
* | | | Fix bug #72785 - allowed_classes only applies to outermost unserialize()Stanislav Malyshev2016-09-051-46/+48
| | | |
* | | | Merge branch 'PHP-7.0' into PHP-7.1Xinchen Hui2016-08-171-512/+524
|\ \ \ \ | | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.0: (48 commits) Update NEWs Unused label Fixed bug #72853 (stream_set_blocking doesn't work) fix test Bug #72663 - part 3 Bug #72663 - part 2 Bug #72663 - part 1 Update NEWS BLock test with memory leak fix tests Fix TSRM build Fix bug #72850 - integer overflow in uuencode Fixed bug #72849 - integer overflow in urlencode Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase Fix bug #72837 - integer overflow in bzdecompress caused heap corruption Fix bug #72836 - integer overflow in base64_decode caused heap corruption Fix for bug #72807 - do not produce strings with negative length Fix for bug #72790 and bug #72799 Fix bug #72730 - imagegammacorrect allows arbitrary write access ... Conflicts: ext/standard/var_unserializer.c
| * | | Bug #72663 - part 2Nikita Popov2016-08-171-4/+32
| | | | | | | | | | | | | | | | | | | | | | | | If a (nested) unserialize() call fails, we remove all the values that were inserted into var_hash during that call. This prevents their use in other unserializations in the same context.
| * | | Bug #72663 - part 1Nikita Popov2016-08-171-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't call __destruct() on an unserialized object that has a __wakeup() method if either a) unserialization of its properties fails or b) the __wakeup() call fails (e.g. by throwing). This basically treats __wakeup() as a form of constructor and aligns us with the usual behavior that if the constructor call fails the destructor should not be called. The security aspect here is that people use __wakeup() to prevent unserialization of objects with dangerous __destruct() methods, but this is ineffective if __destruct() can still be called while __wakeup() was skipped.
| * | | Merge branch 'PHP-5.6' into PHP-7.0Stanislav Malyshev2016-08-171-14/+15
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: (24 commits) Update NEWS BLock test with memory leak fix tests Fix TSRM build Fix bug #72850 - integer overflow in uuencode Fixed bug #72849 - integer overflow in urlencode Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption Fix bug #72838 - Integer overflow lead to heap corruption in sql_regcase Fix bug #72837 - integer overflow in bzdecompress caused heap corruption Fix bug #72836 - integer overflow in base64_decode caused heap corruption Fix for bug #72807 - do not produce strings with negative length Fix for bug #72790 and bug #72799 Fix bug #72730 - imagegammacorrect allows arbitrary write access Fix bug#72697 - select_colors write out-of-bounds Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF Fix bug #72750: wddx_deserialize null dereference Fix bug #72771: ftps:// opendir wrapper is vulnerable to protocol downgrade attack Improve fix for #72663 Fix bug #70436: Use After Free Vulnerability in unserialize() Fix bug #72749: wddx_deserialize allows illegal memory access ... Conflicts: Zend/zend_API.h ext/bz2/bz2.c ext/curl/interface.c ext/ereg/ereg.c ext/exif/exif.c ext/gd/gd.c ext/gd/tests/imagetruecolortopalette_error3.phpt ext/gd/tests/imagetruecolortopalette_error4.phpt ext/session/session.c ext/snmp/snmp.c ext/standard/base64.c ext/standard/ftp_fopen_wrapper.c ext/standard/quot_print.c ext/standard/url.c ext/standard/uuencode.c ext/standard/var.c ext/standard/var_unserializer.c ext/standard/var_unserializer.re ext/wddx/tests/bug72790.phpt ext/wddx/tests/bug72799.phpt ext/wddx/wddx.c sapi/cli/generate_mime_type_map.php
| | * | Improve fix for #72663Stanislav Malyshev2016-08-161-31/+37
| | | |
| | * | Update commentStanislav Malyshev2016-08-161-1/+1
| | | |
| | * | Fix bug #72663 - destroy broken object when unserializingStanislav Malyshev2016-08-161-33/+37
| | | |
* | | | Hide (un)serialize data from ABINikita Popov2016-08-151-482/+541
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The (UN)SERIALIZE_INIT/DESTROY macros now go through non-inlined functions, so any changes to them will apply to extensions without rebuilds. Additionally, the (un)serialize_data structures are now no longer exported. This means that we are allowed to change these structures in patch releases without breaking the ABI.
* | | | Added ZEND_ATTRIBUTE_FORMAT to some middind functions.Dmitry Stogov2016-06-211-1/+1
|/ / / | | | | | | | | | | | | "%p" replaced by ZEND_LONG_FMT to avoid compilation warnings. Fixed most incorrect use cases of format specifiers.
* | | Use zend_string_safe_allocXinchen Hui2016-04-271-1/+1
| | |
* | | Improved fix for #71940Xinchen Hui2016-04-071-17/+15
| | |
* | | Fixed bug #71940 (Unserialize crushes on restore object reference)Xinchen Hui2016-04-071-17/+19
| |/ |/|
* | Merge branch 'PHP-5.6' into PHP-7.0Xinchen Hui2016-03-171-16/+27
|\ \ | |/ | | | | | | | | | | | | | | | | | | * PHP-5.6: Fixed bug #71841 (EG(error_zval) is not handled well) Fixed bug #71840 (Unserialize accepts wrongly data) Conflicts: Zend/zend_vm_def.h Zend/zend_vm_execute.h ext/standard/var_unserializer.c
| * Fixed bug #71840 (Unserialize accepts wrongly data)Xinchen Hui2016-03-171-22/+32
| |
* | Eliminate usages of _PP macrosNikita Popov2016-03-031-17/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | These are either in debug code (fix them), commented out (drop them) or in dead compatibility macros (drop them). One usage was in php_stream_get_from_zval(), which we have not used since at least PHP 5.2 and, judging from the fact that nobody complained about it causing compile errors in PHP 7, nobody else uses it either, so drop it. There are still remaining uses in mysqli embedded and odbc birdstep. These probably need to be dropped outright.
* | Fixed bug #71311: Use-after-free vulnerability in SPL(ArrayObject, unserialize)Stanislav Malyshev2016-01-171-27/+32
| |
* | Merge branch 'PHP-5.6' into PHP-7.0Lior Kaplan2016-01-011-1/+1
|\ \ | |/ | | | | | | * PHP-5.6: Happy new year (Update copyright to 2016)
| * Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| |
* | Also fixed 'r'Xinchen Hui2015-11-241-40/+52
| |
View Lorry Controller Status