ad750c3b | 31-Aug-2020 |
Nikita Popov |
Fix handling of exception if valid() during yield from Fixes oss-fuzz #25296. |
376bbbdf | 12-Aug-2020 |
Nikita Popov |
Make MAX_IFD_NESTING_LEVEL an actual nesting level Currently we only ever increment ifd_nesting_level, so this ends up being a limit on the total number of IFD tags and we regularly get
Make MAX_IFD_NESTING_LEVEL an actual nesting level Currently we only ever increment ifd_nesting_level, so this ends up being a limit on the total number of IFD tags and we regularly get bug reports of it being exceeded. I think the intention behind this limit was to prevent recursion stack overflow, and for that we only need to check actual recursive usage. I've implemented that here, and dropped the nesting limit down to a smaller value (which still passes our tests). However, it seems that we do also need to have a total limit on the number of tags, as we don't catch some instances of infinite looping otherwise. Add this as a separate limit with a higher value, that should hopefully be sufficient. This is expected to fix a number of bugs: https://bugs.php.net/bug.php?id=78083 https://bugs.php.net/bug.php?id=78701 https://bugs.php.net/bug.php?id=79907 https://bugs.php.net/bug.php?id=80016
show more ...
|
e9481888 | 27-Aug-2020 |
twosee |
Improve error_handing replacement functions We explicitly skip calls to user_error_handler in EH_THROW mode Closes GH-6050. |
62dce979 | 27-Aug-2020 |
Nikita Popov |
Require non-negative length in stream_get_contents() If the length is not -1, require it to be non-negative. Using such lengths doesn't make sense (as only -1 is special-case to
Require non-negative length in stream_get_contents() If the length is not -1, require it to be non-negative. Using such lengths doesn't make sense (as only -1 is special-case to read in chunks, anything else will end up doing a huge upfront allocation) and can lead to string allocation overflow. A similar check is already in place for file_get_contents(). That one does not allow -1 (and uses null instead), but this function is explicitly specified to accept -1, so stick to that behavior.
show more ...
|
1b7ee6db | 26-Aug-2020 |
Christoph M. Becker |
Fix com_safearray_proxy related memory management issues |
75ac3f1c | 25-Aug-2020 |
Christoph M. Becker |
Separate COM::__construct()s $server_name array This may otherwise be modified. |
5ff15e26 | 26-Aug-2020 |
Christoph M. Becker |
Fix #64130: COM obj parameters passed by reference are not updated `ITypeInfo_GetIDsOfNames()` is supposed to fail with `E_NOTIMPL` for out-of-process servers, thus we should not remove
Fix #64130: COM obj parameters passed by reference are not updated `ITypeInfo_GetIDsOfNames()` is supposed to fail with `E_NOTIMPL` for out-of-process servers, thus we should not remove the already available typeinfo of the object in this case. We also properly free the `byref_vals`.
show more ...
|
d179e34e | 26-Aug-2020 |
Nikita Popov |
Fix memory leak when yielding from non-iterable |
3324bb89 | 25-Aug-2020 |
Christoph M. Becker |
Avoid double-free As of commit b2e3fd1[1] the `authid.User` is no longer newly allocated, so we must not free it. [1] <http://git.php.net/?p=php-src.git;a=commit;h=b2e3fd1e691b1
Avoid double-free As of commit b2e3fd1[1] the `authid.User` is no longer newly allocated, so we must not free it. [1] <http://git.php.net/?p=php-src.git;a=commit;h=b2e3fd1e691b1dc82aaaf4150461db97bd5acf4a>
show more ...
|
06308204 | 25-Aug-2020 |
Nikita Popov |
Remove bogus REGISTER_LONG_CONSTANT This shouldn't be in this function, probably a copy/paste mistake... |
74de17f2 | 24-Aug-2020 |
Christoph M. Becker |
Fix potential integer overflow detected by oss-fuzz We port the respective fix from upstream[1]. [1] <https://github.com/libgd/libgd/commit/9ed642764cf0b4585d135eb738812a43265cb2d3> |
844a2dd6 | 18-Aug-2020 |
Christoph M. Becker |
Fix #79986: str_ireplace bug with diacritics characters `tolower()` returns an `int`, so we must not convert to `char` which may be `signed` and as such may be subject to overflow (actua
Fix #79986: str_ireplace bug with diacritics characters `tolower()` returns an `int`, so we must not convert to `char` which may be `signed` and as such may be subject to overflow (actually, implementation defined behavior). Closes GH-6007
show more ...
|
fcd26ffc | 20-Aug-2020 |
Christoph M. Becker |
Fix #80002: calc free space for new interned string is wrong We need to calculate the free size in bytes. Patch contributed by t-matsuno. Closes GH-6024 |
b2a33ab0 | 21-Aug-2020 |
Andy Postnikov |
Fix #80007: Potential type confusion in unixtojd() parameter parsing Also it fixes test on 32-bit armv7 and x86 - Test unixtojd() function : error conditions [ext/calendar/tests/unixtojd
Fix #80007: Potential type confusion in unixtojd() parameter parsing Also it fixes test on 32-bit armv7 and x86 - Test unixtojd() function : error conditions [ext/calendar/tests/unixtojd_error1.phpt] Closes GH-6033
show more ...
|
46d62e54 | 21-Aug-2020 |
Manuel Mausz |
Fix wrong datatype ini_entry->modifiable is of type uint8_t and so should be the temp. variable. Especially important after 4b77a158. Closes GH-6028 |
f7c43b8c | 18-Aug-2020 |
Matteo Beccati |
Fix #47021: SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked" |
ff14b7ad | 18-Aug-2020 |
Christoph M. Becker |
7.3.23 is next |
1ae80f8c | 17-Aug-2020 |
Christoph M. Becker |
Fix HTTP response status code |
f6d7af21 | 14-Aug-2020 |
Nikita Popov |
Null terminate the sodium_crypto_kx_keypair() result |
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10, php-7.4.0RC2, php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1 |
|
2fe2e5b4 | 17-Feb-2019 |
Ahmed Abdou |
Fix #64705 errorInfo property of PDOException is null when PDO::__construct() fails PDO driver constructors are throwing PdoException without setting errorInfo, so create a new reusable
Fix #64705 errorInfo property of PDOException is null when PDO::__construct() fails PDO driver constructors are throwing PdoException without setting errorInfo, so create a new reusable function that throws exceptions for PDO and will also set the errorInfo. Use this function in pdo_mysql, pdo_sqlite, and pdo_pgsql.
show more ...
|
2fa4ca95 | 12-Jul-2020 |
Nawarian |
Fix bug #75785 by attempt switching endianness on Maker's Note Different manufacturer models may come with a different endianness (motorola/intel) format. In order to avoid a big ref
Fix bug #75785 by attempt switching endianness on Maker's Note Different manufacturer models may come with a different endianness (motorola/intel) format. In order to avoid a big refactor and a gigantic lookup table, this commit simply attempts to switch the endianness and proceed when values are acceptable. Closes GH-5849.
show more ...
|
dc108fea | 04-Aug-2020 |
Christoph M. Becker |
Fix #48585: com_load_typelib holds reference, fails on second call Whether the type library is cached is actually irrelevant here; what matters is that the symbols are imported, and sinc
Fix #48585: com_load_typelib holds reference, fails on second call Whether the type library is cached is actually irrelevant here; what matters is that the symbols are imported, and since these are not cached, we have to import them for every request. And we cannot cache the symbols, because the import depends on the current codepage, but the codepage is a `PHP_INI_ALL` setting.
show more ...
|
9d9dffe6 | 11-Aug-2020 |
Nikita Popov |
Fixed bug #79951 One branch did not release tmp_replace_entry_str. Also reduce the scope of some variables. |
07cb2755 | 10-Aug-2020 |
George Wang |
Make sure string is NUL byte terminated. |
4723bd4f | 10-Aug-2020 |
Nikita Popov |
Check the correct list This was supposed to check mx_list, not weight_list... oops. |