Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix tests | Stanislav Malyshev | 2017-07-04 | 1 | -2/+2 |
| | |||||
* | Fixed bug #74111 | Nikita Popov | 2017-07-04 | 4 | -517/+501 |
| | |||||
* | fix test for 32bits (int -> float) | Remi Collet | 2017-02-01 | 1 | -2/+2 |
| | | | | (cherry picked from commit 0f1ae93bfa2feb3d0fd0b8d3036148df8ef856e2) | ||||
* | Add additional serialize tests for fixed bugs | Nikita Popov | 2017-01-16 | 3 | -0/+120 |
| | | | | | These have been fixed as a side-effect of the delayed __wakeup patch. | ||||
* | Fix glob-wrapper.phpt to not fail in Windows | Mitch Hagstrand | 2017-01-10 | 1 | -5/+5 |
| | |||||
* | Fix open_basedir check for glob:// opendir wrapper | Sara Golemon | 2017-01-09 | 1 | -0/+35 |
| | | | | | | | | php_check_open_basedir() expects a local filesystem path, but we're handing it a `glob://...` URI instead. Move the check to after the path trim so that we're checking a meaningful pathspec. | ||||
* | add skip when json not loaded | Remi Collet | 2017-01-06 | 1 | -0/+2 |
| | |||||
* | Add tests for delayed __wakeup() | Nikita Popov | 2017-01-05 | 7 | -0/+263 |
| | |||||
* | Implement delayed __wakeup | Nikita Popov | 2017-01-05 | 2 | -535/+622 |
| | |||||
* | Merge branch 'PHP-5.6.30' into PHP-5.6 | Stanislav Malyshev | 2017-01-02 | 3 | -506/+523 |
|\ | | | | | | | | | | | | | | | | | * PHP-5.6.30: Fix bug #73737 FPE when parsing a tag format Fix bug #73773 - Seg fault when loading hostile phar Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() Fix bug #73768 - Memory corruption when loading hostile phar Fix int overflows in phar (bug #73764) | ||||
| * | Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() | Stanislav Malyshev | 2016-12-30 | 3 | -36/+76 |
| | | |||||
* | | FIx bug #70213 | Nikita Popov | 2017-01-01 | 3 | -474/+531 |
|/ | |||||
* | Add more mbfl string size checks (bug #73505) | Stanislav Malyshev | 2016-11-26 | 1 | -2/+0 |
| | |||||
* | Make php_url_parse_ex() respect length argument | Nikita Popov | 2016-11-22 | 1 | -20/+28 |
| | | | | | | This should fix all out-of-bounds reads that could previously occur if the string passed to php_url_parse_ex() is not NUL terminated. | ||||
* | Cleanup parse_url() query/fragment handling | Nikita Popov | 2016-11-22 | 1 | -40/+21 |
| | | | | | | The query/fragment handling was pretty convoluted, with many parts being duplicated. Simplify by checking for fragment, then for query, then for path. | ||||
* | Cleanup parse_url() gotos | Nikita Popov | 2016-11-22 | 1 | -17/+7 |
| | | | | | | Simplify some unnecessarily complicated code. In particular the length updates are unnecessary (length is only used at the very start) and we're goto'ing around a bit too much. | ||||
* | Fix the lchwon error test for Travis CI. | Mitch Hagstrand | 2016-11-18 | 1 | -1/+1 |
| | | | | | | The E_WARNING message from the PHP function lchown is passed from the system function lchown. The error message returned from lchown can be filesystem dependent. | ||||
* | Improvement for bug73297 | Julien Pauli | 2016-11-17 | 1 | -1/+1 |
| | |||||
* | Simplify ext/standard/tests/http/bug73297.phpt | Rowan Collins | 2016-11-17 | 1 | -26/+18 |
| | |||||
* | http_fopen_wrapper.c - bug#73297 Skip past "100 Continue" responses | Rowan Collins | 2016-11-17 | 1 | -0/+18 |
| | |||||
* | Add failing test for bug#73297 | Rowan Collins | 2016-11-17 | 1 | -0/+41 |
| | |||||
* | Merge remote-tracking branch 'phpsec/PHP-5.6.28' into PHP-5.6 | Anatol Belski | 2016-11-08 | 1 | -0/+24 |
|\ | |||||
| * | Fix bug #73144 and bug #73341 - remove extra dtor | Stanislav Malyshev | 2016-10-23 | 1 | -0/+24 |
| | | |||||
* | | fix dir separator in test | Anatol Belski | 2016-11-04 | 1 | -1/+1 |
| | | |||||
* | | More string length checks & fixes | Stanislav Malyshev | 2016-11-03 | 2 | -6/+7 |
| | | |||||
* | | Fix #73436: Setting allow_url_fopen to Off makes several tests fail | Christoph M. Becker | 2016-11-01 | 3 | -0/+6 |
|/ | | | | We make sure that these tests run with allow_url_fopen=1. | ||||
* | Clear FG(user_stream_current_filename) when bailing out | Sara Golemon | 2016-10-11 | 1 | -0/+16 |
| | | | | | | | | | | If a userwrapper opener E_ERRORs then FG(user_stream_current_filename) would remain set until the next request and would not be pointing at unallocated memory. Catch the bailout, clear the variable, then continue bailing. Closes https://bugs.php.net/bug.php?id=73188 | ||||
* | Merge branch 'PHP-5.6.27' into PHP-5.6 | Stanislav Malyshev | 2016-10-11 | 2 | -50/+60 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6.27: Fix tests fix tsrm Fix bug #73284 - heap overflow in php_ereg_replace function Fix bug #73276 - crash in openssl_random_pseudo_bytes function Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML() fix bug #73275 - crash in openssl_encrypt function Fix for #73240 - Write out of bounds at number_format Bug #73218: add mitigation for ICU int overflow Add more locale length checks, due to ICU bugs. Fix bug #73208 - another missing length check Fix bug #73190: memcpy negative parameter _bc_new_num_ex Fix bug #73189 - Memcpy negative size parameter php_resolve_path Fixed bug #73174 - heap overflow in php_pcre_replace_impl Fix bug #73150: missing NULL check in dom_document_save_html Fix bug #73147: Use After Free in PHP7 unserialize() Fix bug #73082 Fix bug #73073 - CachingIterator null dereference when convert to string | ||||
| * | Fix tests | Stanislav Malyshev | 2016-10-11 | 1 | -2/+0 |
| | | |||||
| * | fix tsrm | Stanislav Malyshev | 2016-10-11 | 1 | -2/+2 |
| | | |||||
| * | Fix for #73240 - Write out of bounds at number_format | Stanislav Malyshev | 2016-10-10 | 1 | -48/+60 |
| | | |||||
* | | Fix bug #73192 | Nikita Popov | 2016-10-08 | 11 | -56/+49 |
| | | |||||
* | | Revert "Fixed test" | Nikita Popov | 2016-10-08 | 1 | -2/+32 |
| | | | | | | | | This reverts commit a10d03ac166daba646b6023e0f12e9ee8040c909. | ||||
* | | Revert "Added validation to parse_url() to prohibit restricted characters ↵ | Nikita Popov | 2016-10-08 | 11 | -46/+52 |
| | | | | | | | | | | | | inside login/pass components based on RFC3986" This reverts commit 085dfca02b64588317a233eb191d07a75511fff2. | ||||
* | | Fix bug #73037, second round | Anatol Belski | 2016-10-05 | 1 | -1/+5 |
| | | |||||
* | | Fixed test | Ilia Alshanetsky | 2016-10-04 | 1 | -32/+2 |
| | | |||||
* | | Added validation to parse_url() to prohibit restricted characters inside ↵ | Ilia Alshanetsky | 2016-10-04 | 11 | -52/+46 |
| | | | | | | | | login/pass components based on RFC3986 | ||||
* | | Apparently negative wordwrap is a thing and should work as length = 0. | Stanislav Malyshev | 2016-10-03 | 1 | -1/+5 |
| | | | | | | | | I'll leave it as is for now. | ||||
* | | Really fix bug #73017 | Stanislav Malyshev | 2016-10-03 | 1 | -4/+10 |
| | | |||||
* | | Fix #73203: passing additional_parameters causes mail to fail | Christoph M. Becker | 2016-09-30 | 2 | -2/+26 |
|/ | | | | We make sure that there's no unsigned underflow, which happened for `y==0`. | ||||
* | fix test (32bits) | Remi Collet | 2016-09-15 | 1 | -1/+1 |
| | |||||
* | Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction | Stanislav Malyshev | 2016-09-12 | 3 | -30/+50 |
| | |||||
* | Add check in fgetcsv in case sizeof(unit) != sizeof(size_t) | Stanislav Malyshev | 2016-09-12 | 1 | -0/+4 |
| | |||||
* | Also fix overflow in wordwrap | Stanislav Malyshev | 2016-09-12 | 1 | -1/+1 |
| | |||||
* | Add more checks for int overflow | Stanislav Malyshev | 2016-09-12 | 1 | -2/+2 |
| | |||||
* | Fix various int size overflows. | Stanislav Malyshev | 2016-09-12 | 1 | -13/+10 |
| | | | | | Add function for detection of string zvals with length that does not fit INT_MAX. | ||||
* | Bug #73058 crypt broken when salt is 'too' long | Anatol Belski | 2016-09-10 | 3 | -8/+33 |
| | |||||
* | Fix #71882 amendment 2: Negative ftruncate() on php://memory exhausts memory | Christoph M. Becker | 2016-08-31 | 1 | -2/+2 |
| | |||||
* | Fix #71882 amendment: Negative ftruncate() on php://memory exhausts memory | Christoph M. Becker | 2016-08-31 | 1 | -1/+1 |
| | | | | To avoid BC breaks, we do not raise a warning for now. | ||||
* | Test case for bug #72771 | Ville Hukkamäki | 2016-08-30 | 1 | -0/+23 |
| |