Commit Graph

8151 Commits

Author SHA1 Message Date
Nikita Popov
e19423f3cb Improve previous fix
Don't forbid null binding on plain functions.
2015-10-09 23:28:24 +02:00
Nikita Popov
bbae7ddf29 Fixed bug #70681 2015-10-09 23:01:23 +02:00
Xinchen Hui
2fb8bb1157 Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer) 2015-10-03 20:33:24 -07:00
Tjerk Meesters
0d7159d26d Fixed #70157 parse_ini_string() segmentation fault with INI_SCANNER_TYPED 2015-08-15 15:10:34 +08:00
Stanislav Malyshev
568a35f84f Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  __wakeup doesn't have to be final
2015-08-04 16:13:53 -07:00
Stanislav Malyshev
f2f8ea9ac5 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  __wakeup doesn't have to be final
2015-08-04 16:13:43 -07:00
Stanislav Malyshev
f1acac154a __wakeup doesn't have to be final 2015-08-04 16:13:26 -07:00
Stanislav Malyshev
ed709d5aa0 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  update NEWS
  fix test
  update NEWS
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	ext/soap/php_http.c
	ext/spl/spl_observer.c
2015-08-04 15:29:13 -07:00
Stanislav Malyshev
69ed3969dd Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  Fix bug #70019 - limit extracted files to given directory
  Do not do convert_to_* on unserialize, it messes up references
  Fix #69793 - limit what we accept when unserializing exception
  Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList)
  Fixed bug #70166 - Use After Free Vulnerability in unserialize() with SPLArrayObject
  ignore signatures for packages too
  Fix bug #70168 - Use After Free Vulnerability in unserialize() with SplObjectStorage
  Fixed bug #69892
  Fix bug #70014 - use RAND_bytes instead of deprecated RAND_pseudo_bytes
  Improved fix for Bug #69441
  Fix bug #70068 (Dangling pointer in the unserialization of ArrayObject items)
  Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref)
  Fix bug #70081: check types for SOAP variables

Conflicts:
	.gitignore
	ext/date/php_date.c
	ext/spl/spl_array.c
	ext/spl/spl_observer.c
2015-08-04 14:10:57 -07:00
Stanislav Malyshev
51f9a00b47 Merge branch 'PHP-5.4' into PHP-5.4.44
* PHP-5.4:
  Fixed bug #69892
  Adjust Git-Rules
2015-08-04 14:04:24 -07:00
Stanislav Malyshev
4d2278143a Fix #69793 - limit what we accept when unserializing exception 2015-08-01 22:02:26 -07:00
Nikita Popov
7fc04937f5 Fixed bug #69892 2015-08-01 20:47:43 -07:00
Stanislav Malyshev
e488690d95 Fix bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref) 2015-07-26 17:10:24 -07:00
Bob Weinand
37e03f6b32 Fix test; this should properly emit a fatal error, just as every other by-ref assignment to an overloaded object 2015-07-16 09:29:43 +02:00
Bob Weinand
f57cb13c56 Backport fix for bug #70083 to PHP-5.6 2015-07-15 22:46:53 +02:00
Xinchen Hui
ca30d5bf39 Fixed bug #70012 (Exception lost with nested finally block) 2015-07-08 17:14:19 +08:00
Anatol Belski
c0142de470 fix C89 compat 2015-07-07 18:39:33 +02:00
Julien Pauli
c22da81b71 Fixed double ZEND_TICKS opcode generation for declare() 2015-07-07 14:56:05 +02:00
Nikita Popov
e09d3155a1 Merge branch 'PHP-5.5' into PHP-5.6 2015-06-20 16:40:53 +02:00
Nikita Popov
5fe078abba Fixed bug #69892 2015-06-20 16:40:14 +02:00
Nikita Popov
8405265578 Fix bug #69740 2015-06-11 17:40:10 +02:00
Anatol Belski
b1f3403c98 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  regenerated the ini scanner
2015-06-10 13:16:29 +02:00
Anatol Belski
f14141aca2 regenerated the ini scanner
follow up fix for bug #69551
2015-06-10 13:15:01 +02:00
Anatol Belski
ca467d5117 Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  updated NEWS
  fixed bug, where a linebreak immediately after an opening quote of a value caused a segfault
  made failing test more meaningful
  added failing test
2015-06-10 10:43:23 +02:00
Christoph M. Becker
36222eb4cc fixed bug, where a linebreak immediately after an opening quote of a value caused a segfault 2015-06-10 10:39:37 +02:00
Christoph M. Becker
2ba9681e8e made failing test more meaningful 2015-06-10 10:39:36 +02:00
Christoph M. Becker
616b932ab0 added failing test 2015-06-10 10:39:35 +02:00
Dmitry Stogov
f863d89b5c Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  Fixed bug #69732 (can induce segmentation fault with basic php code).

Conflicts:
	Zend/zend_vm_execute.h
2015-06-01 12:17:32 +03:00
Dmitry Stogov
9031a902e3 Fixed bug #69732 (can induce segmentation fault with basic php code). 2015-06-01 11:40:14 +03:00
Nikita Popov
e7d0ca39e5 Preserve VARIADIC flag for Closure::__invoke()
The 13 arguments are for the benefit of PHP 7, where the first
twelve use the bitmask.
2015-05-29 11:07:23 +02:00
Kalle Sommer Nielsen
c4e9651b58 Merge the fix for #69703 to 5.5 per request from Julien 2015-05-28 16:54:02 +02:00
Kalle Sommer Nielsen
424005a301 Shouldn't have been committed, so revert 2015-05-28 14:37:52 +02:00
Kalle Sommer Nielsen
de696d851f Fixed bug #69703 (Use __builtin_clzl on PowerPC) -- Patch by dja at axtens dot net
# Julien, even though 5.5 is still non security mode I don't think we should merge this patch but I leave the choice with you
2015-05-28 14:30:18 +02:00
Stanislav Malyshev
587ddf6ddc Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  fix format
  update NEWS
  Add test for bug #69522
  Update tests
  Fix bug #69522 - do not allow int overflow
  Forgot test file
  Fix bug #69403 and other int overflows
  Fixed bug #69418 - more s->p fixes for filenames
  Fixed bug #69364 - use smart_str to assemble strings
  Fix bug #69453 - don't try to cut empty string
  Fix bug #69545 - avoid overflow when reading list

Conflicts:
	ext/standard/pack.c
2015-05-12 14:26:06 -07:00
Stanislav Malyshev
c08f9c2c78 Merge branch 'PHP-5.4' into PHP-5.5
* PHP-5.4:
  fix format
  update NEWS
  Add test for bug #69522
  Update tests
  Fix bug #69522 - do not allow int overflow
  Forgot test file
  Fix bug #69403 and other int overflows
  Fixed bug #69418 - more s->p fixes for filenames
  Fixed bug #69364 - use smart_str to assemble strings
  Fix bug #69453 - don't try to cut empty string
  Fix bug #69545 - avoid overflow when reading list

Conflicts:
	ext/pcntl/pcntl.c
	ext/standard/basic_functions.c
	ext/standard/pack.c
	ext/standard/tests/dir/opendir_variation1-win32.phpt
2015-05-12 14:24:15 -07:00
Nikita Popov
e1cb22a23e Fix bug #69599 2015-05-12 15:08:12 +02:00
Stanislav Malyshev
c591f022f8 Fix bug #69403 and other int overflows 2015-05-10 02:20:08 -07:00
Xinchen Hui
7289981c61 Merge branch 'PHP-5.5' into PHP-5.6 2015-05-04 19:22:22 +08:00
Xinchen Hui
7af9ba23a7 Saving the latter checking in most cases 2015-05-04 19:21:54 +08:00
John Boehr
9708378d13 Fix uninitialized value with extension traits 2015-05-04 10:33:39 +08:00
John Boehr
56fdae9018 Fix uninitialized value with extension traits 2015-05-04 10:33:26 +08:00
Anatol Belski
4af9ca544e Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
  backported patch for bug #69472
2015-04-28 15:32:22 +02:00
Xinchen Hui
29c449ce98 Merge branch 'PHP-5.5' into PHP-5.6 2015-04-21 22:44:45 +08:00
Xinchen Hui
a508693874 Remove tail blank which is committed by accident 2015-04-21 22:44:22 +08:00
Xinchen Hui
9d9ba493a2 Merge branch 'PHP-5.5' into PHP-5.6 2015-04-21 22:37:00 +08:00
Xinchen Hui
c667c26f61 Fixed Bug #69467 (Wrong checked for the interface by using Trait) 2015-04-21 22:36:32 +08:00
Xinchen Hui
0d562a8f44 Fixed res leak 2015-04-14 21:15:50 -07:00
Xinchen Hui
caf4beab2d Merge branch 'PHP-5.5' into PHP-5.6 2015-04-15 10:39:17 +08:00
Xinchen Hui
82ec0d5fc5 Fixed res leak 2015-04-15 10:38:55 +08:00
Nikita Popov
ed7e6d4758 Merge branch 'PHP-5.5' into PHP-5.6 2015-04-14 16:36:36 +02:00