By avoiding integer overflow in the implementation entirely. The
multiplication was already explicitly checked for overflow, so also
add a check for the addition and remove the overflow checks after
the calculation.
A behavior change in revealed by some openssl_decrypt() based test,
where an encrypt API is used with a decrypt context. The EVP_Cipher*
functions will automatically choose the right operation depending on the
context passed.
(cherry picked from commit 19a44ffb7b)
We cannot replace an op1_def opcode with an ASSIGN, if it also has
a used res_def. Usually this doesn't happen because the res_def use
can be eliminated first. The example is a case where operand replacement
on the res_def use fails.
A behavior change in revealed by some openssl_decrypt() based test,
where an encrypt API is used with a decrypt context. The EVP_Cipher*
functions will automatically choose the right operation depending on the
context passed.
The same variable was reused in two nested loops... The test doesn't
fail on 7.2, but I'm fixing this here anyway as the code is clearly
wrong, and probably erroneous in other situations.
We must not check uninitialized values (i.e. `c.value`), and we have to
use proper types for printf-style formats (i.e. `char *` instead of
`zend_string *`).
The ext/date/lib is bundled library and also includes additional
timelib.m4 macros and checks specific for PHP.
All the checks in the timelib.m4 are already done in the PHP's
configure.ac:
- headers except for io.h and strings.h
- two functions checked strftime and gettimeofday
- if size of longint is 8
- if size of int is 4
- int32_t and uint32_t types using the PHP_CHECK_STDINT_TYPES
Macro `AC_TIMELIB_C_BIGENDIAN` defined in timelib.m4 is not used.
The two checkings for strtoll and atoll have been moved to date extension's
config0.m4 file.
Additional check for headers <io.h> and <strings.h> has been added to
config0.m4 of the date extension.
Therefore the timelib.m4 can be simplified and removed from the bundled
library to have easier maintenance in the later branches and also
upstream library.
get_properties() constructs these as fresh objects with no relation
to the internals, there is no need to clone them again. Additionally
the current implementation leaks memory, because the original objects
are never freed (see PR #3121).
The memory leak occurs when more than one UserComment tag is present in
the EXIF data. It's still considered corrupt EXIF data, but this ensures
the memory is freed before trying to set to already allocated memory.
- set default for mysqli.allow_local_infile=0
- explicitly disable PDO::MYSQL_ATTR_LOCAL_INFILE in case of lack of driver options
- add getAttribute support for PDO::MYSQL_ATTR_LOCAL_INFILE
- update existing tests where needed
- add new tests [checking default value and setting on] the 'local infile' in ext/mysqli and ext/pdo_mysql
Bugfix: when using passive mode of FTPS protocol, data channel events
should be polled when creating data connection channel, instead of polling
the event of ftp's self control channel, which may cause ftp transfer
problem while using ftps and passive mode.
The fix for PHP bug 43828[1] changed the algorithm from drawing filled
pies from drawing multiple triangles to drawing a single polygon. Due
to quirks of the filled polygon drawing algorithm, we had to filter out
extraneous vertices. This lead, however, to a bug regarding displaced
starting and ending points near 90° and 270° degrees, which we fix by
reinserting these vertices if they had been removed.
This fix is a port of libgd/libgd@1406b1a.
[1] <https://bugs.php.net/bug.php?id=43828>
In f904830012, support for GNU Hurd was added to the opcache and
the configure check to ensure the opcache knows the flock struct
layout prior to building was changed check for two cases: BSD layout
and Linux layout. All the existing hard-coded cases in
ZendAccelerator.h follow these two cases, except for 64-bit AIX.
This means that even though building on 64-bit AIX would work,
the configure script refuses to continue.
Add a new configure check for the 64-bit AIX case and a new
compiler definition HAVE_FLOCK_AIX64. Now that all the cases are
covered, simplify the ifdef logic around these three HAVE_FLOCK_*
macros:
- The macOS and the various BSD flavors fall under HAVE_FLOCK_BSD
- Linux, HP-UX, GNU Hurd, 32-bit AIX, and SVR4 environments
fall under HAVE_FLOCK_LINUX
- 64-bit AIX falls under HAVE_FLOCK_AIX64
The only difference between the existing HAVE_FLOCK_LINUX and
the hard-coded Linux/HP-UX/Hurd case is that the latter
initialized the 5th member to 0, but since the C standard already
says that un-initialized members will be initialized to 0,
it's effectively the same.
The idea is to create an easy way to provide a certificate that never
expires. In order to make it cross-platform, PHP is used rather than
openssl CLI app. Using openssl to generate certificates for tests that
test openssl might be not the best idea but pros seem to outweight cons
that this "recursice dependency" adds
`_gdScaleHoriz()` and `_gdScaleVert()` may fail, but don't signal
failure since they are void functions. We change that according to
upstream libgd.
We also remove the unused `Scale()` function, which doesn't exist in
upstream libgd either, right away.
* PHP-7.1:
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
Add NEWS
[ci skip] Add NEWS
Fix more issues with encodilng length
Fix#77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix#77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
* PHP-5.6:
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
[ci skip] Add NEWS
Fix more issues with encodilng length
Fix#77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix#77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
* PHP-7.1:
Fix#77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix#77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix#77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal. We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal. We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.
If an empty $message is passed to imap_mail(), we must not set message
to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
(opposed to pointers to NUL).
* PHP-7.1:
Add DISPLAY_INI_ENTRIES for imap
Disable rsh/ssh functionality in imap by default (bug #77153)
Disable rsh/ssh functionality in imap by default (bug #77153)
* PHP-7.0:
Add DISPLAY_INI_ENTRIES for imap
Disable rsh/ssh functionality in imap by default (bug #77153)
Disable rsh/ssh functionality in imap by default (bug #77153)
Remove invalid assertion: A block can have multiple switch frees,
so if we don't do live range block splitting, it is not necessarily
true that the free is located at the start of a block.
We apply the upstream patch[1], and also fix the erroneous bailout at
the end of `gdImageAutoCrop()`, since `crop.x` and `crop.y` may very
well be zero.
[1] <bda85aaeeb>
The broken JPEG image triggers a notice, two warnings and outputs a
message to stderr directly. The additional notice is pretty useless,
and the direct output to stderr is bad. Therefore, we port the
relevant differences from upstream to our bundled libgd. This leaves
us with two warnings; the first one is triggered by libjpeg and shows
the actual problem, the second one is triggered by our libgd wrapper
whenever an image can't be read, what may not have necessarily
triggered a warning before.
Firstly, we avoid returning NULL from the get_property handler, but
instead return an empty HashTable, which already prevents the crashes.
Secondly, since (de-)serialization obviously makes no sense for COM,
DOTNET and VARIANT objects (at least with the current implementation),
we prohibit it right away.
If the `ICONV_MIME_DECODE_CONTINUE_ON_ERROR` flag is set, parsing
should not fail, if there are illegal characters in the headers;
instead we silently ignore these like before.
Avoid patching where vanilla data suffices. More precisely, avoid data
using [:space:] posix class in regex, as it is likely to cause performance
regressions.
