summaryrefslogtreecommitdiff
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
* Fix missing type checks in various functionsStanislav Malyshev2014-07-314-9/+22
|
* Fix bug #67492: unserialize() SPL ArrayObject / SPLObjectStorage Type ConfusionStanislav Malyshev2014-07-183-5/+8
| | | | | | Conflicts: ext/spl/spl_array.c ext/spl/tests/SplObjectStorage_unserialize_bad.phpt
* Fixed bug #67359 (Segfault in recursiveDirectoryIterator)Xinchen Hui2014-07-183-0/+32
|
* Fix bug #66127 (Segmentation fault with ArrayObject unset)Stanislav Malyshev2014-07-183-1/+28
|
* Fix test - because of big #67397 we don't allow overlong locales anymoreStanislav Malyshev2014-07-181-3/+4
|
* Fix bug #67397 (Buffer overflow in ↵Stanislav Malyshev2014-07-182-1/+30
| | | | locale_get_display_name->uloc_getDisplayName (libicu 4.8.1))
* Fix bug #67349: Locale::parseLocale Double FreeStanislav Malyshev2014-07-182-5/+8
|
* Fixed bug #67399 (putenv with empty variable may lead to crash)Stanislav Malyshev2014-07-182-55/+63
| | | | | Conflicts: ext/standard/basic_functions.c
* Fixed Bug #67413 fileinfo: cdf_read_property_info insufficient boundary checRemi Collet2014-07-181-1/+5
| | | | | | | Upstream: https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d Adapted for C standard.
* Bug #67412 fileinfo: cdf_count_chain insufficient boundary checkRemi Collet2014-07-181-3/+4
| | | | | Upstream: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
* Fixed Bug #67411 fileinfo: cdf_check_stream_offset insufficient boundary checkRemi Collet2014-07-181-2/+4
| | | | | | | | Upstream: https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67 Conflicts: ext/fileinfo/libmagic/cdf.c
* Fixed Bug #67410 fileinfo: mconvert incorrect handling of truncated pascal ↵Remi Collet2014-07-181-3/+11
| | | | | | | string size Upstream https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
* Fix bug #67498 - phpinfo() Type Confusion Information Leak VulnerabilityStanislav Malyshev2014-07-182-4/+19
|
* Fix bug #67326 fileinfo: cdf_read_short_sector insufficient boundary checkRemi Collet2014-07-181-2/+2
| | | | | Upstream fix https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391.patch Only revelant part applied
* fix bug #67253: timelib_meridian_with_check out-of-bounds readStanislav Malyshev2014-07-184-101/+151
| | | | | Conflicts: ext/date/lib/parse_date.c
* Fix bug #67252: convert_uudecode out-of-bounds readStanislav Malyshev2014-07-182-0/+16
|
* Fix bug #67250 (iptcparse out-of-bounds read)Stanislav Malyshev2014-07-182-0/+11
|
* Fix bug #67247 spl_fixedarray_resize integer overflowStanislav Malyshev2014-07-182-1/+14
|
* Fix bug #67328 (fileinfo: numerous file_printf calls resulting in ↵Stanislav Malyshev2014-07-181-12/+4
| | | | | | performance degradation) Upstream patch: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
* Fix bug #67327: fileinfo: CDF infinite loop in nelements DoSStanislav Malyshev2014-07-181-1/+7
| | | | Upstream fix: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
* backport this piece from 5.6, related to the #66307 fixAnatol Belski2014-07-181-1/+2
| | | | | Conflicts: ext/fileinfo/libmagic/readcdf.c
* Fixed bug #66307 Fileinfo crashes with powerpoint filesAnatol Belski2014-07-183-2/+7
| | | | | | Conflicts: ext/fileinfo/libmagic/readcdf.c ext/fileinfo/tests/finfo_file_002.phpt
* Fixed bug #66060 (Heap buffer over-read in DateInterval)Remi Collet2014-07-182-2/+2
| | | | | Conflicts: ext/date/lib/parse_iso_intervals.c
* Fix bug #65873 - Integer overflow in exif_read_data()Stanislav Malyshev2014-07-181-1/+6
|
* Fix bug #67251 - date_parse_from_format out-of-bounds readStanislav Malyshev2014-06-153-2/+48
| | | | | | Conflicts: ext/date/lib/parse_date.c ext/date/lib/parse_date.re
* Fix bug #67249: printf out-of-bounds readStanislav Malyshev2014-06-132-2/+12
|
* Fix potential segfault in dns_get_record()Sara Golemon2014-06-131-0/+4
| | | | | | If the remote sends us a packet with a malformed TXT record, we could end up trying to over-consume the packet and wander off into overruns.
* fix typo in ODBC codeStanislav Malyshev2014-05-181-1/+1
|
* Revert "Fix #62479: Some chars not parsed in passwords"Will Fitch2014-01-192-85/+2
| | | | This reverts commit e6bb90c66a5306f3db7ca38206b27685177a65cc.
* Fix #62479: Some chars not parsed in passwordsWill Fitch2014-01-182-2/+85
| | | | | This fixes an issue where backslashes and spaces aren't correctly parsed for passwords.
* fix dir separator in cve-2013-6420 testAnatol Belski2013-12-111-1/+1
|
* Fix CVE-2013-6420 - memory corruption in openssl_x509_parseStanislav Malyshev2013-12-103-4/+61
|
* fix using wrong buffer pointerStanislav Malyshev2013-08-191-0/+1
|
* Fix CVE-2013-4073 - handling of certs with null bytesStanislav Malyshev2013-08-133-2/+131
|
* add test for bug #65236Johannes Schlüter2013-07-101-0/+15
|
* truncate results at depth of 255 to prevent corruptionRob Richards2013-07-061-40/+50
|
* ensure the error_reporting level to get expected noticeAnatol Belski2013-06-121-0/+2
|
* fixed testsAnatol Belski2013-06-112-4/+4
|
* missing tests for bug #53437Anatol Belski2013-06-115-0/+251
|
* Backported the fix for bug #53437Anatol Belski2013-06-1011-40/+694
|
* Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits ↵Xinchen Hui2013-06-091-6/+13
| | | | systems)
* Fixed bug #64934 Apache2 TS crash with get_browser()Anatol Belski2013-06-061-4/+17
| | | | | | In favour of reading the browscap.ini into a true global var only once in MINIT, the price for that is to deep copy the any data from it.
* fix CVE-2013-2110 - use correct formula to calculate string sizeStanislav Malyshev2013-06-042-1/+13
|
* Clean up leftover test filesMatteo Beccati2013-06-021-3/+5
|
* Fixed bug #64609 (pg_convert enum type support)Matteo Beccati2013-06-022-5/+66
|
* Fixed bug #62857 (bytea test failures)Matteo Beccati2013-06-014-1/+7
| | | | | | | | | | | Postgres 9.1+ test fixes. Tests were failing due to the default standard_conforming_strings GUC being changed to on. Also the pg_escape_bytea test was encoding the data before estabilishing a connection, thus falling back to the old escaping type which isn't properly handled by the backend when using a default configuration. I haven't updated the NEWS file as it's just test fixes.
* Slightly edited tests and fix for bug #62024Matteo Beccati2013-05-312-5/+8
|
* Fixed bug #62024 (unable to run consecutive prepared querys with null values)Matheus Degiovani2013-05-312-3/+54
| | | | Credits to james@kenjim.com for the patch.
* Fixed bug #64037 (wrong value returned when using a negative numeric field ↵Matheus Degiovani2013-05-312-1/+46
| | | | equal to the scale)
* Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error)Remi Collet2013-05-311-1/+1
| | | | | | | | | | There is a lot of call such as: pdo_pgsql_error(dbh, PGRES_FATAL_ERROR, "Copy command failed"); Where the 3rd paramater is a error message string where a sqlstate (5 chars) is expected. This cause a segfault in copy_from.phpt and copy_to.phpt. This is only a sanity check to avoid buffer overflow, but obviously this calls need to be fixed (using NULL or a correct sqlstate).
View Lorry Controller Status