Commit Graph

172 Commits

Author SHA1 Message Date
Xinchen Hui
ccd4716ec7 year++ 2018-01-02 12:53:31 +08:00
Sammy Kaye Powers
dac6c639bb Update copyright headers to 2017 2017-01-04 11:23:42 -06:00
Stanislav Malyshev
f7f8aae33c Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0:
  More int->size_t and string overflow fixes
2016-11-05 13:59:35 -07:00
Stanislav Malyshev
669763d88a More int->size_t and string overflow fixes 2016-11-05 13:22:17 -07:00
Anatol Belski
83255b1e8c Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0:
  Improve fix for bug #72837
2016-08-19 12:52:13 +02:00
Anatol Belski
2d123a916d Improve fix for bug #72837 2016-08-19 12:50:32 +02:00
Xinchen Hui
ce6ad9bdd9 Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c
2016-08-17 17:14:30 +08:00
Anatol Belski
67d0fe39ee Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
Conflicts:
	ext/bz2/bz2.c
2016-08-16 12:34:25 +02:00
Stanislav Malyshev
70d6ce3368 Merge branch 'PHP-7.0'
* PHP-7.0: (27 commits)
  fix #72519, possible OOB using imagegif
  fix #72512, invalid read or write for palette image when invalid transparent index is used
  Apparently some envs miss SIZE_MAX
  Fix tests
  Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
  Partial fix for bug #72613 - do not allow reading past error read
  Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
  Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
  Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
  Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
  update NEWS
  Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
  Fix bug #72562 - destroy var_hash properly
  Fix bug #72551 and bug #72552 - check before converting size_t->int
  Fix bug #72541 - size_t overflow lead to heap corruption
  Fix bug #72533 (locale_accept_from_http out-of-bounds access)
  Fix fir bug #72520
  Fix for bug #72513
  Fix for bug #72513
  CS fix and comments with bug ID
  ...

Conflicts:
	ext/standard/basic_functions.c
2016-07-19 01:44:14 -07:00
Stanislav Malyshev
5faa15c4ce Partial fix for bug #72613 - do not allow reading past error read 2016-07-18 23:01:36 -07:00
Anatol Belski
b6259fc91f Merge branch 'PHP-7.0'
* PHP-7.0:
  fix dir separator in test
2016-06-22 11:45:30 +02:00
Anatol Belski
98f6248dcf Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  fix dir separator in test
2016-06-22 11:44:14 +02:00
Anatol Belski
de1c407348 fix dir separator in test 2016-06-22 11:41:05 +02:00
Dmitry Stogov
323b2733f6 Fixed compilation warnings 2016-06-22 00:40:50 +03:00
Dmitry Stogov
1616038698 Added ZEND_ATTRIBUTE_FORMAT to some middind functions.
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
2016-06-21 16:00:37 +03:00
Anatol Belski
3d3f11ede4 Fixed the UTF-8 and long path support in the streams on Windows.
Since long the default PHP charset is UTF-8, however the Windows part is
out of step with this important point. The current implementation in PHP
doesn't technically permit to handle UTF-8 filepath and several other
things. Till now, only the ANSI compatible APIs are being used. Here is more
about it

https://msdn.microsoft.com/en-us/library/windows/desktop/dd317752%28v=vs.85%29.aspx

The patch fixes not only issues with multibyte filenames under
incompatible codepages, but indirectly also issues with some other multibyte
encodings like BIG5, Shift-JIS, etc. by providing a clean way to access
filenames in UTF-8. Below is a small list of issues from the bug tracker,
that are getting fixed:

https://bugs.php.net/63401
https://bugs.php.net/41199
https://bugs.php.net/50203
https://bugs.php.net/71509
https://bugs.php.net/64699
https://bugs.php.net/64506
https://bugs.php.net/30195
https://bugs.php.net/65358
https://bugs.php.net/61315
https://bugs.php.net/70943
https://bugs.php.net/70903
https://bugs.php.net/63593
https://bugs.php.net/54977
https://bugs.php.net/54028
https://bugs.php.net/43148
https://bugs.php.net/30730
https://bugs.php.net/33350
https://bugs.php.net/35300
https://bugs.php.net/46990
https://bugs.php.net/61309
https://bugs.php.net/69333
https://bugs.php.net/45517
https://bugs.php.net/70551
https://bugs.php.net/50197
https://bugs.php.net/72200
https://bugs.php.net/37672

Yet more related tickets can for sure be found - on bugs.php.net, Stackoverflow
and Github. Some of the bugs are pretty recent, some descend to early
2000th, but  the user comments in there last even till today. Just for example,
bug #30195 was opened in 2004, the latest comment in there was made in 2014. It
is certain, that these bugs descend not only to pure PHP use cases, but get also
redirected from the popular PHP based projects. Given the modern systems (and
those supported by PHP) are always based on NTFS, there is no excuse to keep
these issues unresolved.

The internalization approach on Windows is in many ways different from
UNIX and Linux, while it supports and is based on Unicode. It depends on the
current system code page, APIs used and exact kind how the binary was compiled
The locale doesn't affect the way Unicode or ANSI API work. PHP in particular
is being compiled without _UNICODE defined and this is conditioned by the
way we handle strings. Here is more about it

https://msdn.microsoft.com/en-us/library/tsbaswba.aspx

However, with any system code page ANSI functions automatically convert
paths to UTF-16. Paths in some encodings incompatible with the
current system code page, won't work correctly with ANSI APIs. PHP
till now only uses the ANSI Windows APIs.

For example, on a system with the current code page 1252, the paths
in cp1252 are supported and transparently converted to UTF-16 by the
ANSI functions. Once one wants to handle a filepath encoded with cp932 on
that particular system, an ANSI or a POSIX compatible function used in
PHP will produce an erroneous result. When trying to convert that cp932 path
to UTF-8 and passing to the ANSI functions, an ANSI function would
likely interpret the UTF-8 string as some string in the current code page and
create a filepath that represents every single byte of the UTF-8 string.
These behaviors are not only broken but also disregard the documented
INI settings.

This patch solves the issies with the multibyte paths on Windows by
intelligently enforcing the usage of the Unicode aware APIs. For
functions expect Unicode (fe CreateFileW, FindFirstFileW, etc.), arguments
will be converted to UTF-16 wide chars. For functions returning Unicode
aware data (fe GetCurrentDirectoryW, etc.), resulting wide string is
converted back to char's depending on the current PHP charset settings,
either to the current ANSI codepage (this is the behavior prior to this patch)
or to UTF-8 (the default behavior).

In a particular case, users might have to explicitly set
internal_encoding or default_charset, if filenames in ANSI codepage are
necessary. Current tests show no regressions and witness that this will be an
exotic case, the current default UTF-8 encoding is compatible with any
supported system. The dependency libraries are long switching to Unicode APIs,
so some tests were also added for extensions not directly related to streams.
At large, the patch brings over 150 related tests into the core. Those target
and was run on various environments with European, Asian, etc. codepages.
General PHP frameworks was tested and showed no regressions.

The impact on the current C code base is low, the most places affected
are the Windows only places in the three files tsrm_win32.c, zend_virtual_cwd.c
and plain_wrapper.c. The actual implementation of the most of the wide
char supporting functionality is in win32/ioutil.* and win32/codepage.*,
several  low level functionsare extended in place to avoid reimplementation for
now. No performance impact was sighted. As previously mentioned, the ANSI APIs
used prior the patch perform Unicode conversions internally. Using the
Unicode  APIs directly while doing custom conversions just retains the status
quo. The ways to optimize it are open (fe. by implementing caching for the
strings converted to wide variants).

The long path implementation is user transparent. If a path exceeds the
length of _MAX_PATH, it'll be automatically prefixed with \\?\. The MAXPATHLEN
is set to 2048 bytes.

Appreciation to Pierre Joye, Matt Ficken, @algo13 and others for tips, ideas
and testing.

Thanks.
2016-06-20 12:45:39 +02:00
Stanislav Malyshev
8c0133f0eb Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  Fix bug #72447: Type Confusion in php_bz2_filter_create()

Conflicts:
	ext/bz2/bz2_filter.c
2016-06-18 22:11:23 -07:00
Stanislav Malyshev
42b2d7fec5 Fix bug #72447: Type Confusion in php_bz2_filter_create() 2016-06-18 22:10:22 -07:00
Lior Kaplan
ed35de784f Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
  Happy new year (Update copyright to 2016)
2016-01-01 19:48:25 +02:00
Lior Kaplan
49493a2dcf Happy new year (Update copyright to 2016) 2016-01-01 19:21:47 +02:00
Dmitry Stogov
4a2e40bb86 Use ZSTR_ API to access zend_string elements (this is just renaming without semantick changes). 2015-06-30 04:05:24 +03:00
Kalle Sommer Nielsen
db22946b25 Remove these old references to the DSP files we don't use anymore 2015-06-22 13:29:42 +02:00
Nikita Popov
40e465e357 Clean up some type conversions
While at it also fix some type checks in iconv and drop dead and
unported code in standard/filters.
2015-04-27 18:50:08 +02:00
Dmitry Stogov
4d9a1883aa Fixed bug #68887 (resources are not freed correctly) 2015-04-08 13:29:42 +03:00
Anatol Belski
ec89c85054 cleaning up the version macros 2015-03-23 20:13:59 +01:00
Stanislav Malyshev
62859309b0 silence warning 2015-03-22 21:43:05 -07:00
Dmitry Stogov
8633685675 Use specialized macro for string zval creation 2015-03-12 16:53:51 +03:00
Xinchen Hui
fffd173b7a indent 2015-03-04 12:10:23 +08:00
Xinchen Hui
a6ba7966de Fixed memleak 2015-03-04 12:08:54 +08:00
Dmitry Stogov
2fa8d67a5c Use zend_string* instead of char* for opened_patch handling. Avoid reallocations and improve string reuse. 2015-03-04 02:05:28 +03:00
Xinchen Hui
fc33f52d8c bump year 2015-01-15 23:27:30 +08:00
Xinchen Hui
0579e8278d bump year 2015-01-15 23:26:37 +08:00
Stanislav Malyshev
b7a7b1a624 trailing whitespace removal 2015-01-10 15:07:38 -08:00
Anatol Belski
e112f6a04e second shot on removing TSRMLS_* 2014-12-14 14:07:59 +01:00
Anatol Belski
bdeb220f48 first shot remove TSRMLS_* things 2014-12-13 23:06:14 +01:00
Anatol Belski
edfabf19a7 fix datatype mismatch warnings 2014-10-30 20:06:49 +01:00
Anatol Belski
05bad6a957 fix some datatype mismatches in ext/bz2
Additionally, as bz2 read/write routines expect int for sizes, it could
overflow. So fixed the logic. Things in compress/decompress are more
complicated so they was left as they are yet.
2014-10-30 20:06:48 +01:00
Anatol Belski
4b3e198023 removed *.dsw and *.dsp files 2014-09-28 19:02:09 +02:00
Florian MARGAINE
8eb7e7bf7f Merge branch 'master' into issue-67910
Conflicts:
	README.PARAMETER_PARSING_API
	ext/gmp/tests/001.phpt
2014-09-20 10:09:21 +02:00
Florian MARGAINE
cf0303e782 Replaces php5 with php7, without whitespace changes. 2014-09-20 10:01:44 +02:00
Johannes Schlüter
d0cb715373 s/PHP 5/PHP 7/ 2014-09-19 18:33:14 +02:00
Anatol Belski
571537afe0 remove useless check 2014-09-19 08:35:01 +02:00
Anatol Belski
f8d75839aa reduce the struct size by 8 byte on 64 bit 2014-09-12 23:27:55 +02:00
Anatol Belski
257ed4061a 's' works with size_t round 2 2014-08-27 20:49:33 +02:00
Anatol Belski
3234480827 first show to make 's' work with size_t 2014-08-27 20:49:31 +02:00
Anatol Belski
af59e92b24 master renames phase 7 2014-08-25 21:51:49 +02:00
Anatol Belski
4d997f63d9 master renames phase 3 2014-08-25 20:22:49 +02:00
Anatol Belski
c3e3c98ec6 master renames phase 1 2014-08-25 19:24:55 +02:00
Anatol Belski
70de6180d5 fixes to %pd format usage 2014-08-24 02:35:34 +02:00
Anatol Belski
29dc15b0bb fixes to ext/bz2 2014-08-19 10:33:32 +02:00