summaryrefslogtreecommitdiff
path: root/ext/xml/xml.c
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'PHP-7.0' into PHP-7.1Christoph M. Becker2016-08-201-2/+2
|\
| * Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-08-201-2/+2
| |\
| | * Improvements to fix #72714, suggested by nikicChristoph M. Becker2016-08-201-2/+2
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Christoph M. Becker2016-08-201-6/+14
|\ \ \ | |/ /
| * | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-08-201-6/+14
| |\ \ | | |/
| | * Fix #72714: _xml_startElementHandler() segmentation faultChristoph M. Becker2016-08-201-8/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The issue is caused by an integer overflow when the `long` passed as XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is declared as `int`. We can simply work around this issue, by clipping resulting negative values to 0 (and raising a notice in this case), because the reasonable range for this value is certainly catered to by positive `int`s. However, there still remains the issue that `xml_parser::toffset` is later added to `char *`s, which can cause OOB reads, so we make sure that the upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART` wrt. to the potentially duplicate strlen() call, because that code path is unexpected anyway.
| * | Unused varXinchen Hui2016-08-171-1/+0
| | |
* | | Merge branch 'PHP-7.0' into PHP-7.1Christoph M. Becker2016-08-171-1/+2
|\ \ \ | |/ /
| * | Merge branch 'PHP-5.6' into PHP-7.0Christoph M. Becker2016-08-171-1/+2
| |\ \ | | |/
| | * #72085: SEGV on unknown address zif_xml_parseChristoph M. Becker2016-08-171-1/+2
| | | | | | | | | | | | | | | We better make sure that the ZVALs we're accessing as arrays are indeed arrays.
| * | fix #72206 (xml_parser_create/xml_parser_free leaks mem)Joe Watkins2016-05-141-3/+4
| | |
| * | Merge branch 'PHP-5.6' into PHP-7.0Anatol Belski2016-04-271-30/+30
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.6: Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap read access in exif header processing Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset Fix for bug #71912 (libgd: signedness vulnerability) Typo in NEWS
| | * Merge branch 'PHP-5.5' into PHP-5.6Stanislav Malyshev2016-04-261-53/+53
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5: Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap read access in exif header processing Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset Fix for bug #71912 (libgd: signedness vulnerability) Typo in NEWS Conflicts: configure.in main/php_version.h
| | | * Fix bug #72099: xml_parse_into_struct segmentation faultStanislav Malyshev2016-04-261-53/+53
| | | |
| | | * Bump yearXinchen Hui2015-01-151-1/+1
| | | |
| | | * Bump yearXinchen Hui2014-01-031-1/+1
| | | |
* | | | Fix bug #72099: xml_parse_into_struct segmentation faultStanislav Malyshev2016-06-281-1/+1
| | | |
* | | | Fixed compilation warningsDmitry Stogov2016-06-231-2/+2
| | | |
* | | | Unused varXinchen Hui2016-06-141-1/+0
| | | |
* | | | fix #72206 (xml_parser_create/xml_parser_free leaks mem)Joe Watkins2016-05-141-3/+4
| | | |
* | | | Removed "zend_fcall_info.function_table". It was assigned in many places, ↵Dmitry Stogov2016-04-271-1/+0
| | | | | | | | | | | | | | | | but is never used.
* | | | Merge branch 'PHP-7.0'Nikita Popov2016-03-031-1/+1
|\ \ \ \ | |/ / /
| * | | Move semicolon into TSRMLS_CACHE_EXTERN/DEFINENikita Popov2016-03-031-1/+1
| | | | | | | | | | | | | | | | Also re bug #71575.
* | | | Removed zend_fcall_info.symbol_tableDmitry Stogov2016-03-021-1/+0
| | | |
* | | | Merge branch 'PHP-7.0'Stanislav Malyshev2016-03-011-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-7.0: (25 commits) Update NEWS update NEWS fix test file Fix version update NEWS Update NEWS Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request() Fix bug #71637: Multiple Heap Overflow due to integer overflows extend check for add_flag Fixed another segfault with file_cache_only now set version fix nmake clean in phpize mode Fixed segfault with file_cache_only Fixed possible crash at PCRE on MSHUTDOWN Fixed more synchronisation issues during SHM reload Set proper type flags (REFCOUNTED and COPYABLE) according to interned or regular string sync with improvements in NEWS Fixed process synchronisation problem, that may cause crashes after opcache restart Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request() Fix bug #71637: Multiple Heap Overflow due to integer overflows ...
| * | | Fix bug #71637: Multiple Heap Overflow due to integer overflowsStanislav Malyshev2016-02-211-1/+1
| | | |
* | | | Remove version checksNikita Popov2016-01-301-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PHP_VERSION_ID PHP_API_VERSION ZEND_MODULE_API_NO PHP_MAJOR_VERSION, PHP_MINOR_VERSION ZEND_ENGINE_2 I've left litespeed alone, as it seems to genuinely maintain support for many PHP versions.
* | | | Merge branch 'PHP-7.0'Lior Kaplan2016-01-011-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | * PHP-7.0: Update header to PHP Version 7 Happy new year (Update copyright to 2016) Happy new year (Update copyright to 2016)
| * | | Merge branch 'PHP-5.6' into PHP-7.0Lior Kaplan2016-01-011-1/+1
| |\ \ \ | | |/ / | | | | | | | | | | | | * PHP-5.6: Happy new year (Update copyright to 2016)
| | * | Happy new year (Update copyright to 2016)Lior Kaplan2016-01-011-1/+1
| | | |
| | * | bump yearXinchen Hui2015-01-151-1/+1
| | | |
* | | | Merge branch 'PHP-7.0'Xinchen Hui2015-12-121-3/+3
|\ \ \ \ | |/ / /
| * | | Internal function argumensts cleanup (strict_types)Xinchen Hui2015-12-121-3/+3
| | | |
* | | | Make 2nd arg of xml_set_object by valueNikita Popov2015-12-101-2/+2
|/ / / | | | | | | | | | | | | The argument is not being modified. Probably holdover from PHP 4 days.
* | | Use ZSTR_ API to access zend_string elements (this is just renaming without ↵Dmitry Stogov2015-06-301-35/+35
| | | | | | | | | | | | semantick changes).
* | | cleanup mod version macros and mod defs, round xAnatol Belski2015-03-231-1/+1
| | |
* | | fix exportsAnatol Belski2015-03-231-3/+3
| | |
* | | Optimize zend_string_realloc() add more specialized versions ↵Dmitry Stogov2015-03-201-4/+4
| | | | | | | | | | | | zend_string_extend() and zend_string_truncate()
* | | made ZEND_TSRMLS_CACHE_* macros look like function callsAnatol Belski2015-02-161-2/+2
| | | | | | | | | | | | which also comply with the current semantics for such macros
* | | Cleanup resource handling APIsXinchen Hui2015-02-021-20/+62
| | |
* | | bump yearXinchen Hui2015-01-151-1/+1
| | |
* | | first shot remove TSRMLS_* thingsAnatol Belski2014-12-131-39/+36
| | |
* | | ext/libxml, ext/xml and ext/soap use static tsrmls pointerAnatol Belski2014-10-171-0/+6
| | |
* | | bring back all the TSRMLS_FETCH() stuffAnatol Belski2014-10-151-0/+3
| | | | | | | | | | | | for better comparability with the mainstream
* | | cleanup TSRMLS_FETCH in ext/xmlAnatol Belski2014-09-261-3/+0
| | |
* | | s/PHP 5/PHP 7/Johannes Schlüter2014-09-191-1/+1
| | |
* | | make xml_utf8_ encode/decode work with size_tAnatol Belski2014-09-141-4/+4
| | |
* | | 's' works with size_t round 3Anatol Belski2014-08-271-4/+6
| | |
* | | first show to make 's' work with size_tAnatol Belski2014-08-271-4/+4
| | |
* | | fixed several long vs zend_long castsAnatol Belski2014-08-261-1/+1
| | |
View Lorry Controller Status