| #
d02f953f |
| 25-Jun-2017 |
Nikita Popov |
Fixed bug #74101 and bug #74614
|
| #
10dc9249 |
| 29-Jun-2017 |
Dmitry Stogov |
Use inlined version of zval_ptr_dytor() in var_destroy() loop
|
| #
a08723d3 |
| 18-May-2017 |
Dmitry Stogov |
Use interned empty and "one char" strings.
|
|
Revision tags: php-7.1.4, php-7.0.18, php-7.1.4RC1, php-7.0.18RC1 |
|
| #
8522e289 |
| 23-Mar-2017 |
Nikita Popov |
Make sure lengths and refs are unsigned in unserialize()
|
| #
6a1d4cd4 |
| 23-Mar-2017 |
xKhorasan |
Fixed bug #74300
|
|
Revision tags: php-7.1.3, php-7.0.17, php-7.1.3RC1, php-7.0.17RC1, php-7.1.2, php-7.0.16, php-7.0.16RC1, php-7.1.2RC1, php-5.6.30, php-7.0.15, php-5.6.30RC1, php-7.1.1RC1, php-7.0.15RC1, php-7.1.1, php-5.6.29, php-7.0.14, php-7.1.0, php-5.6.29RC1, php-7.0.14RC1, php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27, php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1, php-7.1.0beta3, php-5.6.25, php-7.0.10, php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1, php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37, php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7, php-5.6.22RC1, php-7.0.7RC1 |
|
| #
fd402506 |
| 05-May-2016 |
Nikita Popov |
Enable HT RC assertions with escape-hatch
HT functions that modify the array now assert that rc=1. As we don't
respect this COW constraint everywhere, either for a good reason or
bec
Enable HT RC assertions with escape-hatch
HT functions that modify the array now assert that rc=1. As we don't
respect this COW constraint everywhere, either for a good reason or
because fixing it would take more work, we provide an escape hatch
in the form of HT_ALLOW_COW_VIOLATION(ht). If this macro is called
assertions on this ht are disabled. The macro is a no-op in release
mode.
show more ...
|
| #
49d90dcc |
| 04-Jan-2017 |
Nikita Popov |
Add Z_EXTRA macro
For use with u2 values which don't deserve a custom macro...
|
| #
0426b916 |
| 04-Jan-2017 |
Nikita Popov |
Implement delayed __wakeup
|
| #
dac6c639 |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
| #
478f119a |
| 04-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
| #
68ac602b |
| 03-Jan-2017 |
Stanislav Malyshev |
Use correct string release function
|
| #
ea6e54af |
| 03-Jan-2017 |
Stanislav Malyshev |
Fix error reporting
|
| #
9e29f841 |
| 02-Jan-2017 |
Sammy Kaye Powers |
Update copyright headers to 2017
|
| #
a65ad951 |
| 01-Jan-2017 |
Nikita Popov |
FIx bug #70213
|
| #
16b3003f |
| 31-Dec-2016 |
Stanislav Malyshev |
Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data()
|
| #
6a7cc8ff |
| 12-Sep-2016 |
Stanislav Malyshev |
Fix bug #73052 - Memory Corruption in During Deserialized-object Destruction
|
| #
09f7bb20 |
| 06-Sep-2016 |
Nikita Popov |
Followup for bug #72785
Fix incorrect handling of nesting ... need to reset to the old
value afterwards.
|
| #
747d21cf |
| 06-Sep-2016 |
Stanislav Malyshev |
Fix bug #72785 - allowed_classes only applies to outermost unserialize()
|
| #
61f2f5a0 |
| 10-Aug-2016 |
Nikita Popov |
Bug #72663 - part 2
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializati
Bug #72663 - part 2
If a (nested) unserialize() call fails, we remove all the values
that were inserted into var_hash during that call. This prevents
their use in other unserializations in the same context.
show more ...
|
| #
2135fdef |
| 08-Aug-2016 |
Nikita Popov |
Bug #72663 - part 1
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call
Bug #72663 - part 1
Don't call __destruct() on an unserialized object that has a
__wakeup() method if either
a) unserialization of its properties fails or
b) the __wakeup() call fails (e.g. by throwing).
This basically treats __wakeup() as a form of constructor and
aligns us with the usual behavior that if the constructor call
fails the destructor should not be called.
The security aspect here is that people use __wakeup() to prevent
unserialization of objects with dangerous __destruct() methods,
but this is ineffective if __destruct() can still be called while
__wakeup() was skipped.
show more ...
|
| #
639f7fde |
| 07-Aug-2016 |
Stanislav Malyshev |
Improve fix for #72663
|
| #
448c9be1 |
| 02-Aug-2016 |
Stanislav Malyshev |
Fix bug #72663 - destroy broken object when unserializing
|
| #
f7caa2bd |
| 10-Aug-2016 |
Nikita Popov |
Hide (un)serialize data from ABI
The (UN)SERIALIZE_INIT/DESTROY macros now go through non-inlined
functions, so any changes to them will apply to extensions without
rebuilds.
Hide (un)serialize data from ABI
The (UN)SERIALIZE_INIT/DESTROY macros now go through non-inlined
functions, so any changes to them will apply to extensions without
rebuilds.
Additionally, the (un)serialize_data structures are now no longer
exported.
This means that we are allowed to change these structures in patch
releases without breaking the ABI.
show more ...
|
| #
16160386 |
| 21-Jun-2016 |
Dmitry Stogov |
Added ZEND_ATTRIBUTE_FORMAT to some middind functions.
"%p" replaced by ZEND_LONG_FMT to avoid compilation warnings.
Fixed most incorrect use cases of format specifiers.
|
|
Revision tags: php-7.0.6, php-5.6.21, php-5.5.35 |
|
| #
c89b7a48 |
| 27-Apr-2016 |
Xinchen Hui |
Use zend_string_safe_alloc
|
