| #
a65ad951 |
| 01-Jan-2017 |
Nikita Popov |
FIx bug #70213
|
| #
16b3003f |
| 31-Dec-2016 |
Stanislav Malyshev |
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
|
| #
6a7cc8ff |
| 12-Sep-2016 |
Stanislav Malyshev |
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
|
| #
09f7bb20 |
| 06-Sep-2016 |
Nikita Popov |
Followup for bug #72785
Fix incorrect handling of nesting ... need to reset to the old
value afterwards.
|
| #
747d21cf |
| 06-Sep-2016 |
Stanislav Malyshev |
Fix bug #72785 - allowed_classes only applies to outermost unserialize()
|
| #
61f2f5a0 |
| 10-Aug-2016 |
Nikita Popov |
Bug #72663 - part 2
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializati
Bug #72663 - part 2
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializations in the same context.
show more ...
|
| #
2135fdef |
| 08-Aug-2016 |
Nikita Popov |
Bug #72663 - part 1
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call
Bug #72663 - part 1
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call fails (e.g. by throwing).
This basically treats __wakeup() as a form of constructor and
aligns us with the usual behavior that if the constructor call
fails the destructor should not be called.
The security aspect here is that people use __wakeup() to prevent
unserialization of objects with dangerous __destruct() methods,
but this is ineffective if __destruct() can still be called while
__wakeup() was skipped.
show more ...
|
| #
639f7fde |
| 07-Aug-2016 |
Stanislav Malyshev |
Improve fix for #72663
|
| #
f1a0b7d6 |
| 04-Aug-2016 |
Stanislav Malyshev |
Update comment
|
| #
448c9be1 |
| 02-Aug-2016 |
Stanislav Malyshev |
Fix bug #72663 - destroy broken object when unserializing
|
| #
f7caa2bd |
| 10-Aug-2016 |
Nikita Popov |
Hide (un)serialize data from ABI
The (UN)SERIALIZE_INIT/DESTROY macros now go through non-inlined
functions, so any changes to them will apply to extensions without
rebuilds.
Hide (un)serialize data from ABI
The (UN)SERIALIZE_INIT/DESTROY macros now go through non-inlined
functions, so any changes to them will apply to extensions without
rebuilds.
Additionally, the (un)serialize_data structures are now no longer
exported.
This means that we are allowed to change these structures in patch
releases without breaking the ABI.
show more ...
|
| #
16160386 |
| 21-Jun-2016 |
Dmitry Stogov |
Added ZEND_ATTRIBUTE_FORMAT to some middind functions.
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
|
|
Revision tags: php-7.0.6, php-5.6.21, php-5.5.35 |
|
| #
c89b7a48 |
| 27-Apr-2016 |
Xinchen Hui |
Use zend_string_safe_alloc
|
|
Revision tags: php-5.6.21RC1, php-7.0.6RC1 |
|
| #
c8590768 |
| 07-Apr-2016 |
Xinchen Hui |
Improved fix for #71940
|
| #
7e042224 |
| 07-Apr-2016 |
Xinchen Hui |
Fixed bug #71940 (Unserialize crushes on restore object reference)
|
|
Revision tags: php-5.6.20, php-5.5.34, php-7.0.5 |
|
| #
1c1e20d7 |
| 20-Mar-2016 |
Andrea Faulds |
Deduplicate NAN/INF portability, move to Zend
|
| #
6f241f5f |
| 17-Mar-2016 |
Xinchen Hui |
Fixed bug #71840 (Unserialize accepts wrongly data)
|
|
Revision tags: php-5.6.20RC1, php-7.0.5RC1 |
|
| #
5602f642 |
| 03-Mar-2016 |
Nikita Popov |
Eliminate usages of _PP macros
These are either in debug code (fix them), commented out (drop
them) or in dead compatibility macros (drop them).
One usage was in php_stream_get_
Eliminate usages of _PP macros
These are either in debug code (fix them), commented out (drop
them) or in dead compatibility macros (drop them).
One usage was in php_stream_get_from_zval(), which we have not used
since at least PHP 5.2 and, judging from the fact that nobody
complained about it causing compile errors in PHP 7, nobody else
uses it either, so drop it.
There are still remaining uses in mysqli embedded and odbc birdstep.
These probably need to be dropped outright.
show more ...
|
|
Revision tags: php-5.6.19, php-5.5.33, php-7.0.4, php-5.6.19RC1, php-7.0.4RC1, php-5.6.18, php-7.0.3, php-5.5.32, php-5.6.18RC1, php-7.0.3RC1 |
|
| #
bcd64a9b |
| 18-Jan-2016 |
Stanislav Malyshev |
Fixed bug #71311: Use-after-free vulnerability in SPL(ArrayObject, unserialize)
|
|
Revision tags: php-5.6.17, php-5.5.31, php-7.0.2 |
|
| #
49493a2d |
| 01-Jan-2016 |
Lior Kaplan |
Happy new year (Update copyright to 2016)
|
|
Revision tags: php-7.0.2RC1, php-5.6.17RC1, php-7.0.1RC1, php-7.0.0, php-5.6.16, php-7.0.0RC8 |
|
| #
fd545f4f |
| 24-Nov-2015 |
Xinchen Hui |
Also fixed 'r'
|
| #
3e0b2ba5 |
| 24-Nov-2015 |
Xinchen Hui |
Indent (not sure why it was messed)
|
| #
91fb1edb |
| 24-Nov-2015 |
Xinchen Hui |
Fixed bug #70963 (Unserialize shows UNKNOW in result)
Thanks to ryat for reportinig
|
|
Revision tags: php-7.0.0RC7, php-5.6.16RC1, php-5.6.15, php-7.0.0RC6, php-7.0.1, php-5.6.15RC1, php-7.0.0RC5, php-5.5.30, php-5.6.14, php-7.0.0RC4 |
|
| #
e2e99f16 |
| 22-Sep-2015 |
Dmitry Stogov |
Cleanup: removed deprecated commented code
|
| #
8fe171a3 |
| 17-Sep-2015 |
Dmitry Stogov |
Don't allocate memory for empty HashTables.
|
