| #
5e9b4c26 |
| 21-Nov-2016 |
Anatol Belski |
remove TSRMLS_* |
|
Revision tags: php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27 |
|
| #
1a512eed |
| 13-Oct-2016 |
Andrea Faulds |
Move utf8_encode and utf8_decode to ext/standard |
|
Revision tags: php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1 |
|
| #
9988863d |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
| #
39172d44 |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0
|
| #
52793c14 |
| 20-Aug-2016 |
Christoph M. Becker |
Improvements to fix #72714, suggested by nikic |
| #
76c796fb |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
| #
db1ef5cb |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0
|
|
Revision tags: php-7.1.0beta3, php-5.6.25, php-7.0.10 |
|
| #
9164dc11 |
| 16-Aug-2016 |
Christoph M. Becker |
Fix #72714: _xml_startElementHandler() segmentation fault
The issue is caused by an integer overflow when the `long` passed as
XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffse
Fix #72714: _xml_startElementHandler() segmentation fault
The issue is caused by an integer overflow when the `long` passed as
XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is
declared as `int`. We can simply work around this issue, by clipping
resulting negative values to 0 (and raising a notice in this case), because
the reasonable range for this value is certainly catered to by positive
`int`s.
However, there still remains the issue that `xml_parser::toffset` is later
added to `char *`s, which can cause OOB reads, so we make sure that the
upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART`
wrt. to the potentially duplicate strlen() call, because that code path is
unexpected anyway.
show more ...
|
| #
f3231a7c |
| 17-Aug-2016 |
Xinchen Hui |
Unused var |
| #
1d24ac46 |
| 16-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
| #
6202b47e |
| 16-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0
|
| #
1bb92d52 |
| 16-Aug-2016 |
Christoph M. Becker |
#72085: SEGV on unknown address zif_xml_parse
We better make sure that the ZVALs we're accessing as arrays are indeed
arrays. |
|
Revision tags: php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1 |
|
| #
0ac51448 |
| 28-Jun-2016 |
Stanislav Malyshev |
Fix bug #72099: xml_parse_into_struct segmentation fault |
| #
adc95c51 |
| 23-Jun-2016 |
Dmitry Stogov |
Fixed compilation warnings |
|
Revision tags: php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37 |
|
| #
8c41df54 |
| 14-Jun-2016 |
Xinchen Hui |
Unused var |
|
Revision tags: php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7 |
|
| #
4a42fbbb |
| 14-May-2016 |
Joe Watkins |
fix #72206 (xml_parser_create/xml_parser_free leaks mem) |
| #
b1651140 |
| 14-May-2016 |
Joe Watkins |
fix #72206 (xml_parser_create/xml_parser_free leaks mem) |
|
Revision tags: php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35 |
|
| #
f0a2e8eb |
| 27-Apr-2016 |
Dmitry Stogov |
Removed "zend_fcall_info.function_table". It was assigned in many places, but is never used. |
| #
33d41da3 |
| 27-Apr-2016 |
Anatol Belski |
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
show more ...
|
| #
e315a162 |
| 27-Apr-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Fix memory leak
Fix bug #72099: xml_parse_into_struct segmentation fault
5.5.36 now
Fix bug #72094 - Out of bounds heap read access in exif header processing
Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition
Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
Fix for bug #71912 (libgd: signedness vulnerability)
Typo in NEWS
Conflicts:
configure.in
main/php_version.h
show more ...
|
| #
dccda88f |
| 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72099: xml_parse_into_struct segmentation fault |
|
Revision tags: php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1 |
|
| #
f57c0b32 |
| 03-Mar-2016 |
Nikita Popov |
Merge branch 'PHP-7.0'
|
| #
1ac15293 |
| 03-Mar-2016 |
Nikita Popov |
Move semicolon into TSRMLS_CACHE_EXTERN/DEFINE
Also re bug #71575. |
|
Revision tags: php-5.6.19 |
|
| #
c67c166f |
| 02-Mar-2016 |
Dmitry Stogov |
Removed zend_fcall_info.symbol_table |
|
Revision tags: php-5.5.33, php-7.0.4 |
|
| #
2e874114 |
| 02-Mar-2016 |
Stanislav Malyshev |
Merge branch 'PHP-7.0'
* PHP-7.0: (25 commits)
Update NEWS
update NEWS
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71610: Type Confus
Merge branch 'PHP-7.0'
* PHP-7.0: (25 commits)
Update NEWS
update NEWS
fix test file
Fix version
update NEWS
Update NEWS
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
extend check for add_flag
Fixed another segfault with file_cache_only now
set version
fix nmake clean in phpize mode
Fixed segfault with file_cache_only
Fixed possible crash at PCRE on MSHUTDOWN
Fixed more synchronisation issues during SHM reload
Set proper type flags (REFCOUNTED and COPYABLE) according to interned or regular string
sync with improvements in NEWS
Fixed process synchronisation problem, that may cause crashes after opcache restart
Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request()
Fix bug #71637: Multiple Heap Overflow due to integer overflows
...
show more ...
|
