#
5e9b4c26 |
| 21-Nov-2016 |
Anatol Belski |
remove TSRMLS_* |
Revision tags: php-7.1.0RC6, php-5.6.28, php-7.0.13, php-5.6.28RC1, php-7.1.0RC5, php-7.0.13RC1, php-7.1.0RC4, php-5.6.27 |
|
#
1a512eed |
| 13-Oct-2016 |
Andrea Faulds |
Move utf8_encode and utf8_decode to ext/standard |
Revision tags: php-7.0.12, php-7.1.0RC3, php-5.6.27RC1, php-7.0.12RC1, php-5.6.26, php-7.1.0RC2, php-7.0.11, php-5.6.26RC1, php-7.1.0RC1, php-7.0.11RC1 |
|
#
9988863d |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
#
39172d44 |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0
|
#
52793c14 |
| 20-Aug-2016 |
Christoph M. Becker |
Improvements to fix #72714, suggested by nikic |
#
76c796fb |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
#
db1ef5cb |
| 20-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0
|
Revision tags: php-7.1.0beta3, php-5.6.25, php-7.0.10 |
|
#
9164dc11 |
| 16-Aug-2016 |
Christoph M. Becker |
Fix #72714: _xml_startElementHandler() segmentation fault The issue is caused by an integer overflow when the `long` passed as XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffse
Fix #72714: _xml_startElementHandler() segmentation fault The issue is caused by an integer overflow when the `long` passed as XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is declared as `int`. We can simply work around this issue, by clipping resulting negative values to 0 (and raising a notice in this case), because the reasonable range for this value is certainly catered to by positive `int`s. However, there still remains the issue that `xml_parser::toffset` is later added to `char *`s, which can cause OOB reads, so we make sure that the upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART` wrt. to the potentially duplicate strlen() call, because that code path is unexpected anyway.
show more ...
|
#
f3231a7c |
| 17-Aug-2016 |
Xinchen Hui |
Unused var |
#
1d24ac46 |
| 16-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-7.0' into PHP-7.1
|
#
6202b47e |
| 16-Aug-2016 |
Christoph M. Becker |
Merge branch 'PHP-5.6' into PHP-7.0
|
#
1bb92d52 |
| 16-Aug-2016 |
Christoph M. Becker |
#72085: SEGV on unknown address zif_xml_parse We better make sure that the ZVALs we're accessing as arrays are indeed arrays. |
Revision tags: php-7.1.0beta2, php-5.6.25RC1, php-7.0.10RC1, php-7.1.0beta1, php-5.6.24, php-7.0.9, php-5.5.38, php-5.6.24RC1, php-7.1.0alpha3, php-7.0.9RC1 |
|
#
0ac51448 |
| 28-Jun-2016 |
Stanislav Malyshev |
Fix bug #72099: xml_parse_into_struct segmentation fault |
#
adc95c51 |
| 23-Jun-2016 |
Dmitry Stogov |
Fixed compilation warnings |
Revision tags: php-7.1.0alpha2, php-7.0.8, php-5.6.23, php-5.5.37 |
|
#
8c41df54 |
| 14-Jun-2016 |
Xinchen Hui |
Unused var |
Revision tags: php-5.6.23RC1, php-7.0.8RC1, php-7.1.0alpha1, php-5.6.22, php-5.5.36, php-7.0.7 |
|
#
4a42fbbb |
| 14-May-2016 |
Joe Watkins |
fix #72206 (xml_parser_create/xml_parser_free leaks mem) |
#
b1651140 |
| 14-May-2016 |
Joe Watkins |
fix #72206 (xml_parser_create/xml_parser_free leaks mem) |
Revision tags: php-5.6.22RC1, php-7.0.7RC1, php-7.0.6, php-5.6.21, php-5.5.35 |
|
#
f0a2e8eb |
| 27-Apr-2016 |
Dmitry Stogov |
Removed "zend_fcall_info.function_table". It was assigned in many places, but is never used. |
#
33d41da3 |
| 27-Apr-2016 |
Anatol Belski |
Merge branch 'PHP-5.6' into PHP-7.0 * PHP-5.6: Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap
Merge branch 'PHP-5.6' into PHP-7.0 * PHP-5.6: Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap read access in exif header processing Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset Fix for bug #71912 (libgd: signedness vulnerability) Typo in NEWS
show more ...
|
#
e315a162 |
| 27-Apr-2016 |
Stanislav Malyshev |
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap
Merge branch 'PHP-5.5' into PHP-5.6 * PHP-5.5: Fix memory leak Fix bug #72099: xml_parse_into_struct segmentation fault 5.5.36 now Fix bug #72094 - Out of bounds heap read access in exif header processing Fix bug #72093: bcpowmod accepts negative scale and corrupts _one_ definition Fix bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset Fix for bug #71912 (libgd: signedness vulnerability) Typo in NEWS Conflicts: configure.in main/php_version.h
show more ...
|
#
dccda88f |
| 25-Apr-2016 |
Stanislav Malyshev |
Fix bug #72099: xml_parse_into_struct segmentation fault |
Revision tags: php-5.6.21RC1, php-7.0.6RC1, php-5.6.20, php-5.5.34, php-7.0.5, php-5.6.20RC1, php-7.0.5RC1 |
|
#
f57c0b32 |
| 03-Mar-2016 |
Nikita Popov |
Merge branch 'PHP-7.0'
|
#
1ac15293 |
| 03-Mar-2016 |
Nikita Popov |
Move semicolon into TSRMLS_CACHE_EXTERN/DEFINE Also re bug #71575. |
Revision tags: php-5.6.19 |
|
#
c67c166f |
| 02-Mar-2016 |
Dmitry Stogov |
Removed zend_fcall_info.symbol_table |
Revision tags: php-5.5.33, php-7.0.4 |
|
#
2e874114 |
| 02-Mar-2016 |
Stanislav Malyshev |
Merge branch 'PHP-7.0' * PHP-7.0: (25 commits) Update NEWS update NEWS fix test file Fix version update NEWS Update NEWS Fix bug #71610: Type Confus
Merge branch 'PHP-7.0' * PHP-7.0: (25 commits) Update NEWS update NEWS fix test file Fix version update NEWS Update NEWS Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request() Fix bug #71637: Multiple Heap Overflow due to integer overflows extend check for add_flag Fixed another segfault with file_cache_only now set version fix nmake clean in phpize mode Fixed segfault with file_cache_only Fixed possible crash at PCRE on MSHUTDOWN Fixed more synchronisation issues during SHM reload Set proper type flags (REFCOUNTED and COPYABLE) according to interned or regular string sync with improvements in NEWS Fixed process synchronisation problem, that may cause crashes after opcache restart Fix bug #71610: Type Confusion Vulnerability - SOAP / make_http_soap_request() Fix bug #71637: Multiple Heap Overflow due to integer overflows ...
show more ...
|