mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-12 11:23:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
83,561 Commits 503 Branches 1,384 Tags 800 MiB
3c5742ebd7
Commit Graph

8372 Commits

Author SHA1 Message Date
Christoph M. Becker
9acfb1a3a5 Fix #73213: Integer overflow in imageline() with antialiasing 
We port the respective fixes <https://github.com/libgd/libgd/commit/eca37d620>
and <https://github.com/libgd/libgd/commit/837b7327> to our bundled libgd.
 2016-09-30 23:38:13 +02:00
Christoph M. Becker
e72165bb86 Fix #73203: passing additional_parameters causes mail to fail 
We make sure that there's no unsigned underflow, which happened for `y==0`.
 2016-09-30 11:38:09 +02:00
Ferenc Kovacs
703c247c7d 5.6.28 is next 2016-09-29 00:55:36 +02:00
Christoph M. Becker
8f5eda4bf6 Fix #73161: imagecreatefromgd2() may leak memory 2016-09-24 12:36:54 +02:00
Christoph M. Becker
709731797c Fix #73159: imagegd2(): unrecognized formats may result in corrupted files 
We must not apply the format correction twice for truecolor images.
 2016-09-24 11:28:20 +02:00
Christoph M. Becker
c7936ead8f Fix #73155: imagegd2() writes wrong chunk sizes on boundaries 2016-09-24 10:33:49 +02:00
Christoph M. Becker
1da79a6c6e Fix #73157 (again): imagegd2() ignores 3rd param if 4 are given 
Obviously, there was a bad merge.
 2016-09-24 00:35:24 +02:00
Christoph M. Becker
9a2a45c1df Update NEWS 2016-09-23 16:23:58 +02:00
Christoph M. Becker
6682673070 Fix #73100: session_destroy null dereference in ps_files_path_create 2016-09-16 23:41:10 +02:00
Xinchen Hui
01c7c6b152 Updte NEWS 2016-09-16 20:55:37 +08:00
Christoph M. Becker
46df064261 Fix #73003: Integer Overflow in gdImageWebpCtx of gd_webp.c 
We add the missing integer overflow check to avoid potential buffer overflows.
 2016-09-16 11:37:18 +02:00
Ferenc Kovacs
1d7484077a update NEWS 2016-09-15 11:35:46 +02:00
Christoph M. Becker
09eb6ed35e Fix #50194: imagettftext broken on transparent background w/o alphablending 
We must not draw the background pixels of the character glyphs, what has
already been fixed in GD 2.0.26.
 2016-09-14 15:47:32 +02:00
Jakub Zelenka
05baa92727 Fix bug #73072 (Invalid path SNI_server_certs causes segfault) 2016-09-13 18:15:34 +01:00
Anatol Belski
6c9d37d059 update NEWS 2016-09-10 11:02:17 +02:00
Christoph M. Becker
23e721fc93 Fix #73054: default option ignored when object passed to int filter 
If an object that can't be converted to string is validated, we must not
bail out early, but rather check for a requested default value.
 2016-09-09 14:30:24 +02:00
Levi Morrison
cb91a51b00 Partially fix bug #67167 - Wrong return value... 
...from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE

The remainer of the fix would require the filter functions to only
convert to string when it makes sense for that particular filter.

(cherry picked from commit 432dc527ad)
 2016-09-09 12:45:46 +02:00
Yasuo Ohgaki
38553e853b Fixed Bug #68015 Session does not report invalid uid for files save handler 2016-09-09 11:31:54 +09:00
Yasuo Ohgaki
fb1c46f013 Update NEWS 2016-09-08 13:35:30 +09:00
Christoph M. Becker
dad793630d Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c 
`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.

We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.
 2016-09-06 12:05:58 +02:00
Yasuo Ohgaki
3a35d43ad9 Update NEWS 2016-09-06 18:29:20 +09:00
Christoph M. Becker
8aad3131a1 Fix #70752: Depacking with wrong password leaves 0 length files 
We should not open the output stream before we have tried to open the
archive entry, as failing the latter could leave an empty file behind.
 2016-09-06 01:03:46 +02:00
Julien Pauli
dd6da58fac Updated NEWS 2016-09-05 17:03:29 +02:00
Julien Pauli
1abbcc8cc5 Updated NEWS 2016-09-05 10:17:56 +02:00
Christoph M. Becker
b7259b71b4 Fix #72994: mbc_to_code() out of bounds read 
We're backporting commit 999a3553 to the still supported PHP 5.6.
 2016-09-04 16:37:06 +02:00
Christoph M. Becker
d582241368 Fix #67325: imagetruecolortopalette: white is duplicated in palette 
gdImageTrueColorToPalette() is sometimes wasteful by putting multiple white
color entries into the palette. This is caused by an obvious typo, where
to avoid a division by zero when `total` is zero, `count` is checked instead
of `total`.

We fix this issue to improve the quality of the color quantization.

Cf. <https://github.com/libgd/libgd/commit/24b4550f>
 2016-09-03 19:50:42 +02:00
Ferenc Kovacs
fbb81dd755 5.6.27 will be next 2016-09-01 20:27:19 +02:00
Yasuo Ohgaki
747b61808b Update NEWS 2016-08-31 21:06:19 +09:00
Christoph M. Becker
2f10db36af Fix #66797: mb_substr only takes 32-bit signed integer 
`from` and `len` are `long`, but get passed to mbfl_substr() which expects
`int`s. Therefore we clamp the values to avoid the undefined conversion
behavior.
 2016-08-30 14:52:47 +02:00
Christoph M. Becker
207dab585a Fix #71882: Negative ftruncate() on php://memory exhausts memory 
We must not pass negative sizes to a size_t parameter.
 2016-08-30 02:05:45 +02:00
Anatol Belski
ae81e8fc32 update NEWS 2016-08-29 21:20:36 +02:00
Christoph M. Becker
2139918ea6 Fix #65550: get_browser() incorrectly parsers entries with "+" sign 
+ signs in the browscap patterns are meant to be literal characters, so we
have to escape them for the regex matching.
 2016-08-27 01:12:01 +02:00
Christoph M. Becker
84512a1177 Fix #70825: Cannot fetch multiple values with group in ini file 
If we have the position already from the last fetch, we also have to preset
the current group, because it won't be read again.
 2016-08-25 18:18:10 +02:00
Christoph M. Becker
bd8112afe0 Fix #71514: Bad dba_replace condition because of wrong API usage 
We're backporting commit 9e309a2d to PHP-5.6, because it is a bugfix.
 2016-08-25 16:20:30 +02:00
Christoph M. Becker
6a232c3604 Fix #68716: possible resource leaks in _php_image_convert() 
We properly clean up after ourselves wrt. to closing opened file pointers
and created images.
 2016-08-21 19:39:58 +02:00
Christoph M. Becker
d65adac2be Fix #72913: imagecopy() loses single-color transparency on palette images 
The proper code to handle true-color to palette copies is already contained
in gdImageCopy(), so we can simply remove the buggy duplicated code.
 2016-08-21 17:39:23 +02:00
Christoph M. Becker
9eb5bbd8bd Fix #66005: imagecopy does not support 1bit transparency on truecolor images 
We must not copy transparent pixels, see
<https://github.com/libgd/libgd/commit/daac285c>.
 2016-08-21 16:08:57 +02:00
Xinchen Hui
b740bb3987 Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer (zend_gc.c:260)) 2016-08-21 17:10:10 +08:00
Christoph M. Becker
48198e4c25 Fix #68302: impossible to compile php with zip support 
We should not let configure succeed, if SIZEOF_OFF_T == 0, just to let the
compilation fail later. Instead we bail out early, giving a hint regarding
the potential issue, namely misconfigured libraries.
 2016-08-17 12:43:29 +02:00
Xinchen Hui
abe00908af Fixed bug #72853 (stream_set_blocking doesn't work) 
Implemented  PHP_STREAM_OPTION_META_DATA_API for plain_wrappers
 2016-08-17 16:54:21 +08:00
Stanislav Malyshev
9e00ad2b09 Update NEWS 2016-08-16 23:44:59 -07:00
Christoph M. Becker
1bb92d5212 #72085: SEGV on unknown address zif_xml_parse 
We better make sure that the ZVALs we're accessing as arrays are indeed
arrays.
 2016-08-17 00:42:45 +02:00
Anatol Belski
5c7f802e7e update NEWS 2016-08-14 20:50:23 +02:00
Jakub Zelenka
9f1d962ed6 Fixed bug #72787 (json_decode reads out of bounds) 2016-08-14 13:52:59 +01:00
Benedict Singer
dfadc5a427 Bug 70195 
Many FTP-S servers now require FTP clients to re-use the SSL session
from the control connection on the data connection, to prove that the
same entity controls both connections. This patch updates PHP's FTP-S
client code to allow that possibility.
 2016-08-13 21:35:03 +02:00
Christoph M. Becker
82df4e2638 Fix #72278: getimagesize returning FALSE on valid jpg 
getimagesize() is rather strict about the length of the marker payload data,
and fails if there are extraneous bytes before the next marker. Only a very
special case reported in bug #13213 is catered to.

libjpeg is rather resilient to such corrupted JPEG files, and raises a
recoverable error in this case. Other image processors also accept such
JPEG files, so we adapt getimagesize() to skip (but warn about) such
extraneous bytes.
 2016-08-13 16:14:34 +02:00
Christoph M. Becker
ae3b2078ea Fix #72823: strtr out-of-bound access 
If php_strtr_array_prepare_repls() reports pattern_len == 0, we return
early to avoid OOB accesses, and because there is nothing to replace anyway.
 2016-08-13 11:40:33 +02:00
Christoph M. Becker
7938ebf6c1 Fix #60665: call to empty() on NULL result using PDO::FETCH_LAZY returns false 
The has_property handler only checked whether a respective column name
exists, but neither whether the column value is set, nor whether it is
empty, respectively. We fix that to match the behavior of POD:FETCH_OBJ in
particular and PHP in general.
 2016-08-13 01:11:13 +02:00
Kalle Sommer Nielsen
5e2b8349b4 Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned. 
Also initialize buffer and buffer2 to NULL, which should fix bug #72039 (Use of uninitialised value on mssql_guid_string).

This only applies to 5.6, as we do not have mssql in 7.0 anymore
 2016-08-06 10:17:49 +02:00
Ville Hukkamaki
65056e9d6c Fix #72764 
Negotiate data channel encryption after NLST command.
This is to prevent issues with IIS and ProFTPD.
 2016-08-05 22:56:54 +02:00