summaryrefslogtreecommitdiff
path: root/ext
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTEStanislav Malyshev2016-07-173-2/+31
|
* Fix bug #72562 - destroy var_hash properlyStanislav Malyshev2016-07-122-1/+46
|
* Fix bug #72533 (locale_accept_from_http out-of-bounds access)Stanislav Malyshev2016-07-122-0/+48
|
* Fix fir bug #72520Stanislav Malyshev2016-07-121-4/+4
|
* Fix for HTTP_PROXY issue.Stanislav Malyshev2016-07-101-7/+10
| | | | | | | | | The following changes are made: - _SERVER/_ENV only has HTTP_PROXY if the local environment has it, and only one from the environment. - getenv('HTTP_PROXY') only returns one from the local environment - getenv has optional second parameter, telling it to only consider local environment
* add tests for bug #72512Anatol Belski2016-07-062-0/+36
|
* Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read ↵Pierre Joye2016-07-041-5/+8
| | | | access
* Fixed bug #72479 - same as #72434Stanislav Malyshev2016-06-262-40/+84
|
* remove the huge test file, generate it on the fly insteadAnatol Belski2016-06-212-1/+23
|
* iFixed bug #72446 - Integer Overflow in gdImagePaletteToTrueColor() ↵Stanislav Malyshev2016-06-201-9/+13
| | | | resulting in heap overflow
* Merge branch 'PHP-5.5.37' into PHP-5.5Stanislav Malyshev2016-06-2019-245/+448
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * PHP-5.5.37: fix tests fix build Fix bug #72455: Heap Overflow due to integer overflows Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and unserialize Fix bug #72407: NULL Pointer Dereference at _gdScaleVert Fix bug #72402: _php_mb_regex_ereg_replace_exec - double free Fix bug #72298 pass2_no_dither out-of-bounds access Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflow Fix bug #72262 - do not overflow int Fix bug #72400 and #72403 - prevent signed int overflows for string lengths Fix bug #72275: don't allow smart_str to overflow int Fix bug #72340: Double Free Courruption in wddx_deserialize
| * fix testsStanislav Malyshev2016-06-201-1/+1
| |
| * fix buildStanislav Malyshev2016-06-201-1/+1
| |
| * Fix bug #72455: Heap Overflow due to integer overflowsStanislav Malyshev2016-06-201-42/+50
| |
| * Fix bug #72434: ZipArchive class Use After Free Vulnerability in PHP's GC ↵Stanislav Malyshev2016-06-202-0/+42
| | | | | | | | algorithm and unserialize
| * Fixed ##72433: Use After Free Vulnerability in PHP's GC algorithm and ↵Stanislav Malyshev2016-06-202-0/+43
| | | | | | | | unserialize
| * Fix bug #72407: NULL Pointer Dereference at _gdScaleVertStanislav Malyshev2016-06-181-0/+3
| |
| * Fix bug #72402: _php_mb_regex_ereg_replace_exec - double freeStanislav Malyshev2016-06-182-33/+49
| |
| * Fix bug #72298 pass2_no_dither out-of-bounds accessStanislav Malyshev2016-06-182-7/+22
| |
| * Fixed #72339 Integer Overflow in _gd2GetHeader() resulting in heap overflowPierre Joye2016-06-183-0/+18
| |
| * Fix bug #72262 - do not overflow intStanislav Malyshev2016-06-151-107/+111
| |
| * Fix bug #72400 and #72403 - prevent signed int overflows for string lengthsStanislav Malyshev2016-06-152-49/+72
| |
| * Fix bug #72275: don't allow smart_str to overflow intStanislav Malyshev2016-06-141-7/+10
| |
| * Fix bug #72340: Double Free Courruption in wddx_deserializeStanislav Malyshev2016-06-122-0/+28
| |
* | Fix #66387: Stack overflow with imagefilltoborderChristoph M. Becker2016-06-132-0/+19
|/ | | | | | | The stack overflow is caused by the recursive algorithm in combination with a very large negative coordinate passed to gdImageFillToBorder(). As there is already a clipping for large positive coordinates to the width and height of the image, it seems to be consequent to clip to zero also.
* Skip test which is 64bits onlyRemi Collet2016-05-251-0/+2
| | | | | | Diff from test output 001+ Warning: fread(): Length parameter must be greater than 0 in ... 001- Warning: fread(): Length parameter must be no more than 2147483647 in ...
* Fix memory leak in imagescale()Stanislav Malyshev2016-05-241-3/+3
|
* Better fix for bug #72135Stanislav Malyshev2016-05-241-4/+5
|
* Fixed bug #72227: imagescale out-of-bounds readStanislav Malyshev2016-05-232-8/+23
| | | | Ported from https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a
* Fix bug #72241: get_icu_value_internal out-of-bounds readStanislav Malyshev2016-05-222-117/+132
|
* Fix bug #72135 - don't create strings with lengths outside int rangeStanislav Malyshev2016-05-151-23/+27
|
* Fix bug #72114 - int/size_t confusion in freadStanislav Malyshev2016-05-092-0/+18
|
* Fixed bug #71331 - Uninitialized pointer in phar_make_dirstream()Stanislav Malyshev2016-04-284-2/+18
|
* Fix memory leakStanislav Malyshev2016-04-261-0/+3
|
* Fix bug #72099: xml_parse_into_struct segmentation faultStanislav Malyshev2016-04-262-53/+70
|
* Fix bug #72094 - Out of bounds heap read access in exif header processingStanislav Malyshev2016-04-246-2/+76
|
* Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definitionStanislav Malyshev2016-04-242-19/+54
| | | | | We can not modify result since it can be copy of _zero_ or _one_, etc. and "copy" in bcmath is just bumping the refcount.
* Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative ↵Stanislav Malyshev2016-04-242-5/+22
| | | | offset
* Fix for bug #71912 (libgd: signedness vulnerability)Stanislav Malyshev2016-04-183-0/+19
|
* fix borked mainstream patchAnatol Belski2016-03-311-1/+1
|
* fix dir separator in testAnatol Belski2016-03-291-2/+2
|
* Fixed bug #71527 Buffer over-write in finfo_open with malformed magic fileAnatol Belski2016-03-293-1/+21
| | | | | The actual fix is applying the upstream patch from https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
* Fixed bug #71704 php_snmp_error() Format String VulnerabilityAnatol Belski2016-03-281-1/+1
| | | | | Conflicts: ext/snmp/snmp.c
* Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcutStanislav Malyshev2016-03-281-17/+17
|
* Fix bug #71798 - Integer Overflow in php_raw_url_encodeStanislav Malyshev2016-03-271-1/+1
|
* Fix bug #71860: Require valid paths for phar filenamesStanislav Malyshev2016-03-209-37/+41
|
* fix test fileStanislav Malyshev2016-03-011-0/+0
|
* Fix bug #71498: Out-of-Bound Read in phar_parse_zipfile()Stanislav Malyshev2016-02-214-3/+21
|
* Fixed bug #71587 - Use-After-Free / Double-Free in WDDX DeserializeStanislav Malyshev2016-02-142-4/+58
|
* add error check to sysconf callAnatol Belski2016-02-021-0/+11
|
View Lorry Controller Status