#
ed9532cf |
| 30-Nov-2020 |
Nikita Popov |
Fix another ref source management bug in unserialize When we overwrite an existing property during unserialization, we also have to drop the ref source from it. |
#
f5b93626 |
| 25-Nov-2020 |
Nikita Popov |
Fix unserialization ref source management, again Handle one case the previous patch did not account for: If unserialization of data fails, we should still register a ref source.
Fix unserialization ref source management, again Handle one case the previous patch did not account for: If unserialization of data fails, we should still register a ref source. Also add an extra test for a reference between two typed properties, as this used to be handled incorrectly earlier.
show more ...
|
#
7a3f25e3 |
| 25-Nov-2020 |
Nikita Popov |
Fix ref source management during unserialization Only register the slot for adding ref sources later if we didn't immediately register one. Also avoids leaking a ref source if it is
Fix ref source management during unserialization Only register the slot for adding ref sources later if we didn't immediately register one. Also avoids leaking a ref source if it is added early and the assignment fails. Fixes oss-fuzz #27628.
show more ...
|
#
df5011f5 |
| 28-Aug-2020 |
Nikita Popov |
Export and reuse zend_is_valid_class_name API Unserialization does the same check as zend_lookup_class, so let's share the same optimized implementation. |
#
c47011ba |
| 28-Aug-2020 |
Nikita Popov |
Use zend_string when storing incomplete class name No need to copy the string here... |
#
1b2ec73c |
| 26-Aug-2020 |
George Peter Banyard |
Drop various unused macros/APIs Also convert_libmagic_pattern() to return a zend_string* Closes GH-6029 |
#
6e92487f |
| 22-Jul-2020 |
twosee |
Fix warnings of strict-prototypes Closes GH-5887. |
#
0280b83e |
| 06-Jul-2020 |
Nikita Popov |
Avoid some unnecessary uses of no_separation=0 For the rare cases where references are part of the API, construct them explicitly. Otherwise do not allow separation. |
#
1314ccbf |
| 26-Jun-2020 |
Nikita Popov |
Cache __unserialize() instead of unserialize() We should use these cache slots for the new object serialization mechanism rather than the old one. |
#
83a77015 |
| 08-Jun-2020 |
twosee |
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast()
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast() as a helper for the empty string / one char interned string / zend_string_init() pattern. Also add corresponding ZVAL_STRINGL_FAST etc macros. Closes GH-5684.
show more ...
|
#
691880b2 |
| 19-Jan-2020 |
Tyson Andre |
Speed up unserializing object properties Hash table lookups are slow. Don't do one a second time to update the property. The call to zend_hash_update_ind goes back to 8b0deb8cd2
Speed up unserializing object properties Hash table lookups are slow. Don't do one a second time to update the property. The call to zend_hash_update_ind goes back to 8b0deb8cd2d Background: Properties are IS_INDIRECT when they're a declared property, and point to properties_table. See https://nikic.github.io/2015/06/19/Internal-value-representation-in-PHP-7-part-2.html#objects-in-php-7
show more ...
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5 |
|
#
9d48bf51 |
| 27-Oct-2019 |
Tyson Andre |
Fix miscellaneous typos in docs and error messages Closes GH-4863. |
Revision tags: php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3 |
|
#
1cde9e85 |
| 30-Sep-2019 |
Nikita Popov |
Merge branch 'PHP-7.4'
|
Revision tags: php-7.2.23 |
|
#
1806ce9c |
| 24-Sep-2019 |
Nikita Popov |
Add max_depth option to unserialize() Add a max_depth option to unserialize and an unserialize_max_depth ini setting, which can be used to control the depth limit. The default value
Add max_depth option to unserialize() Add a max_depth option to unserialize and an unserialize_max_depth ini setting, which can be used to control the depth limit. The default value is 4096. This option is intended to prevent stack overflows during the unserialization of deeply nested structures. This fixes bug #78549 and addresses oss-fuzz #17581, #17589, #17664, and #17788.
show more ...
|
#
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers Closes GH-4732. |
Revision tags: php-7.3.10 |
|
#
3f0cab53 |
| 23-Sep-2019 |
Nikita Popov |
Merge branch 'PHP-7.3' into PHP-7.4
|
#
e65adc9c |
| 23-Sep-2019 |
Nikita Popov |
Fix ubsan violation in parse_iv2 This fixes two issues: * Negative the value in an unsigned type to avoid signed overflow. * Treat -0 as 0 rather than an invalid number that gets c
Fix ubsan violation in parse_iv2 This fixes two issues: * Negative the value in an unsigned type to avoid signed overflow. * Treat -0 as 0 rather than an invalid number that gets converted to ZEND_LONG_MIN.
show more ...
|
Revision tags: php-7.4.0RC2 |
|
#
c3376bf7 |
| 16-Sep-2019 |
Nikita Popov |
Fix use-after-free due to packed->mixed conversion with __unserialize() |
#
0d3da6ac |
| 16-Sep-2019 |
Nikita Popov |
Fix segfault when unserializing abstract class |
#
4377a8ea |
| 16-Sep-2019 |
Nikita Popov |
Sanity-check array/object lengths during unserialization Avoid OOM conditions in unserialize due to overly large array or object length specifications. |
Revision tags: php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9 |
|
#
ca265eb5 |
| 23-Aug-2019 |
Christoph M. Becker |
Fix #78438: Corruption when __unserializing deeply nested structures When storing two temporary variables for delayed __unserialize() calls, we have to make sure that both fit into the s
Fix #78438: Corruption when __unserializing deeply nested structures When storing two temporary variables for delayed __unserialize() calls, we have to make sure that both fit into the same linked list element. To that end we introduce the internal API `tmp_var` which allows to reserve `num` slots in the same list element. We also fix the `var_dtor_entries` struct definition to use the proper size, namely `VAR_DTOR_ENTRIES_MAX`.
show more ...
|
#
69ba2b98 |
| 22-Aug-2019 |
Christoph M. Becker |
Fix var_unserializer debug code At least it now compiles and should be free of warnings. |
Revision tags: php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1 |
|
#
e2ea0f10 |
| 09-Apr-2019 |
Nikita Popov |
Fix bug #77866: Port Serializable SPL classes to use __unserialize() Payloads created using Serializable are still supported. |
#
b870685c |
| 09-Apr-2019 |
Nikita Popov |
Fix leak on error in new serialization mechanism |
Revision tags: php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1 |
|
#
d373c11e |
| 22-Jan-2019 |
Nikita Popov |
Implement new custom object serialization mechanism RFC: https://wiki.php.net/rfc/custom_object_serialization |