Commit Graph

95429 Commits

Author SHA1 Message Date
Bob Weinand
671d8054f8 Fix accidental PHPDBG_ABI break 2016-10-12 22:16:11 +02:00
Stanislav Malyshev
c4c2cce37d Fix bug #73189 - Memcpy negative size parameter php_resolve_path
(cherry picked from commit da7e89cde8)
2016-10-12 21:31:37 +02:00
Anatol Belski
58b18892bf update len in fallback cases 2016-10-12 20:52:46 +02:00
Bob Weinand
5aae01104f Add stdin command and -s command line parameter to phpdbg
This allows reading the initial script file from stdin instead of being forced to put the script into a file in order to run it with phpdbg.
Especially important for programmatic execution of phpdbg.

Also adding tests/include_once.phpt and tests/set_exception_handler.phpt as I seem to have forgotten to git add them sometime long ago...
2016-10-12 20:15:49 +02:00
Stanislav Malyshev
74b5662536 Fix bug #73190: memcpy negative parameter _bc_new_num_ex
(cherry picked from commit 40e7baab3c)
2016-10-12 19:48:25 +02:00
Stanislav Malyshev
f42cbd749c Fix bug #73147: Use After Free in PHP7 unserialize()
(cherry picked from commit 0e6fe3a4c9)
2016-10-12 17:51:15 +02:00
Anatol Belski
efc1f33b58 fix typo 2016-10-12 17:12:38 +02:00
Anatol Belski
80eb013a92 Revert "Fix for #73240 - Write out of bounds at number_format"
This reverts commit 01280f8deb.

The fix is already merged by Stas.
2016-10-12 16:12:18 +02:00
Anatol Belski
b135ba3fa9 followup with #73276 merge 2016-10-12 16:03:35 +02:00
Anatol Belski
7c6cb1282d fix test 2016-10-12 16:03:09 +02:00
Stanislav Malyshev
7dc8b5e7ae Fix bug #73276 - crash in openssl_random_pseudo_bytes function
(cherry picked from commit 85a22a0af0)
2016-10-12 15:55:42 +02:00
Stanislav Malyshev
4ef79370a8 Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
(cherry picked from commit 96a8cf8e1b)
2016-10-12 15:40:21 +02:00
Stanislav Malyshev
01280f8deb Fix for #73240 - Write out of bounds at number_format
(cherry picked from commit 8259130b6b)
2016-10-12 14:55:00 +02:00
Anatol Belski
aaa5d07365 avoid strlen 2016-10-12 13:28:23 +02:00
Stanislav Malyshev
b26b02b2df Bug #73218: add mitigation for ICU int overflow
(cherry picked from commit d946d10293)
2016-10-12 13:22:51 +02:00
Stanislav Malyshev
87a8240b5a Add more locale length checks, due to ICU bugs.
(cherry picked from commit d3eb58332a)
2016-10-12 13:11:16 +02:00
Stanislav Malyshev
d1e878f272 Fix bug #73150: missing NULL check in dom_document_save_html
(cherry picked from commit 1c0e9126fb)
2016-10-12 12:19:41 +02:00
Sara Golemon
43ccf23d70 Clear FG(user_stream_current_filename) when bailing out
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188
2016-10-11 21:55:01 -07:00
Sara Golemon
4d11a8eedf Clear FG(user_stream_current_filename) when bailing out
If a userwrapper opener E_ERRORs then FG(user_stream_current_filename)
would remain set until the next request and would not be pointing
at unallocated memory.

Catch the bailout, clear the variable, then continue bailing.

Closes https://bugs.php.net/bug.php?id=73188
2016-10-11 21:44:14 -07:00
Stanislav Malyshev
1bdb30a429 Merge branch 'PHP-7.0.12' into PHP-7.0
* PHP-7.0.12:
  set versions and release date
  sync NEWS
  Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
  Fix for #73240 - Write out of bounds at number_format
  Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key
  set versions
  Fix bug #73091 - Unserializing DateInterval object may lead to __toString invocation
2016-10-11 16:46:51 -07:00
Stanislav Malyshev
9c675607e6 Merge remote-tracking branch 'origin/PHP-7.0.12' into PHP-7.0.12
* origin/PHP-7.0.12: (99 commits)
  set versions and release date
  sync NEWS
  Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
  set versions
  update NEWS
  Ignore potentially misleading dberr values
  update NEWS
  Fixed bug #73172 parse error: Invalid numeric literal
  Fix #53745: cgi.discard_path option is missing from php.ini
  update libs_versions.txt
  update libs_versions.txt
  Fixed bug #73156 (segfault on undefined function)
  Add an include path for freetype which is relevant for cmake builds
  Fix test_image_equals_file() wrt. palette images
  Fixed bug #73163
  Fix #73161: imagecreatefromgd2() may leak memory
  Fix #73159: imagegd2(): unrecognized formats may result in corrupted files
  Fix #73155: imagegd2() writes wrong chunk sizes on boundaries
  Fix #73157 (again): imagegd2() ignores 3rd param if 4 are given
  Fix #73157: imagegd2() ignores 3rd param if 4 are given
  ...
2016-10-11 16:27:13 -07:00
Stanislav Malyshev
689a9b8def Merge branch 'PHP-5.6.27' into PHP-5.6
* PHP-5.6.27:
  Fix tests
  fix tsrm
  Fix bug #73284 - heap overflow in php_ereg_replace function
  Fix bug #73276 - crash in openssl_random_pseudo_bytes function
  Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()
  fix bug #73275 - crash in openssl_encrypt function
  Fix for #73240 - Write out of bounds at number_format
  Bug #73218: add mitigation for ICU int overflow
  Add more locale length checks, due to ICU bugs.
  Fix bug #73208 - another missing length check
  Fix bug #73190: memcpy negative parameter _bc_new_num_ex
  Fix bug #73189 - Memcpy negative size parameter php_resolve_path
  Fixed bug #73174 - heap overflow in php_pcre_replace_impl
  Fix bug #73150: missing NULL check in dom_document_save_html
  Fix bug #73147: Use After Free in PHP7 unserialize()
  Fix bug #73082
  Fix bug #73073 - CachingIterator null dereference when convert to string
2016-10-11 16:26:35 -07:00
Stanislav Malyshev
082d1f2375 Fix tests 2016-10-11 16:18:08 -07:00
Stanislav Malyshev
c1112ff323 fix tsrm 2016-10-11 14:39:16 -07:00
Stanislav Malyshev
21452a5401 Fix bug #73284 - heap overflow in php_ereg_replace function 2016-10-11 14:16:51 -07:00
Stanislav Malyshev
85a22a0af0 Fix bug #73276 - crash in openssl_random_pseudo_bytes function 2016-10-11 13:37:47 -07:00
Stanislav Malyshev
96a8cf8e1b Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML() 2016-10-11 13:30:52 -07:00
Stanislav Malyshev
8822f7c9f0 fix bug #73275 - crash in openssl_encrypt function 2016-10-11 13:19:20 -07:00
Anatol Belski
5899f76a7d update NEWS 2016-10-11 11:41:45 +02:00
Anatol Belski
92c55f1580 set versions and release date 2016-10-11 11:26:32 +02:00
Anatol Belski
a5f40e2656 sync NEWS 2016-10-11 11:25:00 +02:00
Anatol Belski
8c9f639a1d Revert "Fixed bug #73067 (__debugInfo crashes when throwing an exception)"
This reverts commit 2d8ab51576.
2016-10-11 11:24:08 +02:00
Stanislav Malyshev
3b5262ec4c Fix for #73240 - Write out of bounds at number_format 2016-10-10 23:49:28 -07:00
Stanislav Malyshev
8259130b6b Fix for #73240 - Write out of bounds at number_format 2016-10-10 23:42:50 -07:00
Stanislav Malyshev
61cdd1255d Fix bug #73257 and bug #73258 - SplObjectStorage unserialize allows use of non-object as key 2016-10-10 22:54:29 -07:00
Anatol Belski
29a089d3c9 update NEWS 2016-10-10 20:57:57 +02:00
Anatol Belski
bf400108d9 Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  update NEWS
2016-10-10 20:57:23 +02:00
Anatol Belski
4165d97606 update NEWS 2016-10-10 20:55:44 +02:00
Anatol Belski
62c68f7483 Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  add test for bug #73037
2016-10-10 16:02:30 +02:00
Anatol Belski
256b150a96 add test for bug #73037 2016-10-10 15:59:52 +02:00
Nikita Popov
c91f652ddb Fixed bug #73273
As well as a few other $_SESSION separation issues.
2016-10-10 12:20:44 +02:00
Christoph M. Becker
fb08216b08 Merge branch 'PHP-5.6' into PHP-7.0 2016-10-10 11:45:53 +02:00
Christoph M. Becker
fc989fc6e7 Fix #73279: Integer overflow in gdImageScaleBilinearPalette()
The color components are supposed to be in range 0..255, so we must not
cast them to `signed char`, what can be the default for `char`.

Port of <https://github.com/libgd/libgd/commit/77c8d359>.
2016-10-10 11:41:39 +02:00
Christoph M. Becker
c930714cbe Merge branch 'PHP-5.6' into PHP-7.0 2016-10-09 15:14:17 +02:00
Christoph M. Becker
b92216b97d Fix #73272: imagescale() affects imagesetinterpolation()
We must not permanently change the interpolation method, but rather
have to restore the old method after we're done with scaling the image.
2016-10-09 15:10:34 +02:00
Anatol Belski
6f84ac721b Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  fix leak
2016-10-08 19:25:36 +02:00
Anatol Belski
3c5742ebd7 fix leak 2016-10-08 19:07:35 +02:00
Nikita Popov
2a75f5026a Fix bug #66773, #66862
This a partial backport of 8754b19. It
a) fixes the class/function/constant import table confusion in the
   namespaced case, and
b) restricts conflict checks to a single file based on a filename
   pointer comparison.

It does not fix the issues with filename reuse (e.g. due to eval)
and late-bound classes. This part of the change requires globals
changes.
2016-10-08 17:00:27 +02:00
Nikita Popov
159de7723e Merge branch 'PHP-5.6' into PHP-7.0 2016-10-08 01:06:02 +02:00
Nikita Popov
b061fa909d Fix bug #73192 2016-10-08 01:04:22 +02:00