summaryrefslogtreecommitdiff
path: root/ext/xml/xml.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix various int size overflows.Stanislav Malyshev2016-09-151-2/+2
| | | | | Add function for detection of string zvals with length that does not fit INT_MAX.
* Improvements to fix #72714, suggested by nikicChristoph M. Becker2016-08-201-2/+2
|
* Fix #72714: _xml_startElementHandler() segmentation faultChristoph M. Becker2016-08-201-8/+16
| | | | | | | | | | | | | | | The issue is caused by an integer overflow when the `long` passed as XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is declared as `int`. We can simply work around this issue, by clipping resulting negative values to 0 (and raising a notice in this case), because the reasonable range for this value is certainly catered to by positive `int`s. However, there still remains the issue that `xml_parser::toffset` is later added to `char *`s, which can cause OOB reads, so we make sure that the upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART` wrt. to the potentially duplicate strlen() call, because that code path is unexpected anyway.
* #72085: SEGV on unknown address zif_xml_parseChristoph M. Becker2016-08-171-1/+2
| | | | | We better make sure that the ZVALs we're accessing as arrays are indeed arrays.
* Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2016-04-261-53/+53
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap read access in exif header processing Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset Fix for bug #71912 (libgd: signedness vulnerability) Typo in NEWS Conflicts: configure.in main/php_version.h
| * Fix bug #72099: xml_parse_into_struct segmentation faultStanislav Malyshev2016-04-261-53/+53
| |
| * Bump yearXinchen Hui2015-01-151-1/+1
| |
| * Bump yearXinchen Hui2014-01-031-1/+1
| |
* | Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| |
* | bump yearXinchen Hui2015-01-151-1/+1
| |
* | Bump yearXinchen Hui2014-01-031-1/+1
|/
* Eliminate compiler warnings: "warning: pointer targets in initialization ↵Christopher Jones2013-08-201-4/+4
| | | | differ in signedness"
* Merge branch 'PHP-5.3' into PHP-5.4Rob Richards2013-07-061-40/+50
|\ | | | | | | | | | | # By Rob Richards (1) * PHP-5.3: truncate results at depth of 255 to prevent corruption
| * truncate results at depth of 255 to prevent corruptionRob Richards2013-07-061-40/+50
| |
| * Happy New Year~Xinchen Hui2013-01-011-1/+1
| |
| * - Year++Felipe Pena2012-01-011-1/+1
| |
| * Avoiding strcpy, strcat, sprintf usage to make static analyzer happyXinchen Hui2011-08-091-2/+2
| |
| * - Added ZEND_MOD_END macro to use in the end of zend_module_dep[]Felipe Pena2011-08-061-1/+1
| |
| * - Make usage of new PHP_FE_END macroFelipe Pena2011-07-251-1/+1
| |
| * - Year++Felipe Pena2011-01-011-1/+1
| |
| * - Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the numberGustavo André dos Santos Lopes2010-10-271-30/+110
| | | | | | | | | | | | | | | | of reported malformed sequences). (Gustavo) #Made a public interface for get_next_char/utf-8 in trunk to use in utf8_decode. #In PHP 5.3, trunk's get_next_char was copied to xml.c because 5.3's #get_next_char is different and is not prepared to recover appropriately from #errors.
* | Happy New YearXinchen Hui2013-01-011-1/+1
| |
* | - Year++Felipe Pena2012-01-011-1/+1
| |
* | Avoiding strcpy, strcat, sprintf usage to make static analyzer happyXinchen Hui2011-08-091-2/+2
| |
* | - Added ZEND_MOD_END macro to use in the end of zend_module_dep[]Felipe Pena2011-08-061-1/+1
| |
* | - Make usage of new PHP_FE_END macroFelipe Pena2011-07-251-1/+1
| |
* | - Year++Felipe Pena2011-01-011-1/+1
| |
* | - Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the numberGustavo André dos Santos Lopes2010-10-271-30/+10
|/ | | | | | | | of reported malformed sequences). (Gustavo) #Made a public interface for get_next_char/utf-8 in trunk to use in utf8_decode. #In PHP 5.3, trunk's get_next_char was copied to xml.c because 5.3's #get_next_char is different and is not prepared to recover appropriately from #errors.
* Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect).Pierrick Charron2010-01-051-2/+2
|
* sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.phpSebastian Bergmann2010-01-031-1/+1
|
* - Added MAKE_COPY_ZVAL(ppzv, pzv) macroFelipe Pena2009-12-081-3/+1
|
* This needs to be larger to avoid an overflow on the bit-shifting in this ↵Rasmus Lerdorf2009-08-271-1/+1
| | | | function
* MFH: Bump copyright year, 3 of 3.Sebastian Bergmann2008-12-311-1/+1
|
* Fixed bug #46409 (__invoke method called outside of object context when ↵Dmitry Stogov2008-11-271-1/+1
| | | | using array_map)
* - MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macroFelipe Pena2008-11-171-24/+0
|
* - Revert ZEND_BEGIN_ARG_INFO changeFelipe Pena2008-11-021-0/+24
|
* - MFH: Added 'static' into ZEND_BEGIN_ARG_INFO_EX macroFelipe Pena2008-10-241-24/+0
|
* - Removed unnecessary variableFelipe Pena2008-08-241-4/+2
|
* fix foldingAntony Dovgal2008-07-171-1/+2
|
* Support for closuresDmitry Stogov2008-07-171-1/+1
|
* - Removed unnecessary #include "zend_arg_defs.c"Felipe Pena2008-07-051-3/+0
|
* - Added arginfoFelipe Pena2008-07-011-30/+162
|
* fix parameter parsing changeRob Richards2008-06-221-9/+4
|
* - New parameter parsing APIFelipe Pena2008-06-221-120/+115
|
* fix typoRasmus Lerdorf2008-01-301-1/+1
|
* Fixed bug #43957 (utf8_decode() bogus conversion of partial multibyte UTF8 char)Rasmus Lerdorf2008-01-291-3/+15
|
* MFH: Bump copyright year, 2 of 2.Sebastian Bergmann2007-12-311-1/+1
|
* Improved memory usage by movig constants to read only memory. (Dmitry, Pierre)Dmitry Stogov2007-09-271-2/+2
|
* MFH: Bump year.Sebastian Bergmann2007-01-011-1/+1
|
* MFHAntony Dovgal2006-12-261-1/+1
|
View Lorry Controller Status