/PHP-7.4/ |
H A D | NEWS | 13 . Fixed bug #81738: buffer overflow in hash_update() on long parameter. 265 . Fixed bug #76448: Stack buffer overflow in firebird_info_cb. 1145 . Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). 1659 . Fixed bug #78510 (Partially uninitialized buffer returned by 1704 with fixed length buffer). (Albert Casademont) 1842 . Fixed bug #78559 (Heap buffer overflow in mb_eregi). (cmb) 1855 . Fixed bug #78510 (Partially uninitialized buffer returned by 1901 with fixed length buffer). (Albert Casademont) 2029 . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16). 2402 . Fixed bug #77371 (heap buffer overflow in mb regex functions [all …]
|
/PHP-7.4/ext/phar/ |
H A D | phar.c | 505 (buffer) += 4 509 (buffer) += 2 513 buffer += 4 516 buffer += 2 694 buffer = b32; in phar_parse_pharfile() 700 if ((*buffer == ' ' || *buffer == '\n') && *(buffer + 1) == '?' && *(buffer + 2) == '>') { in phar_parse_pharfile() 726 buffer = b32; in phar_parse_pharfile() 757 buffer += 2; in phar_parse_pharfile() 1043 buffer += len; in phar_parse_pharfile() 1128 buffer += len; in phar_parse_pharfile() [all …]
|
/PHP-7.4/ext/pgsql/ |
H A D | pgsql.c | 4481 unsigned char *buffer, local 4490 buffer = (unsigned char *) emalloc(buflen); /* isn't NULL terminated */ 4491 for (bp = buffer, sp = strtext; *sp != '\0'; bp++, sp++) 4552 buffer = erealloc(buffer, buflen+1); 4553 buffer[buflen] = '\0'; 4556 return buffer;
|
/PHP-7.4/ext/mysqlnd/ |
H A D | mysqlnd_wireprotocol.c | 254 header->size = uint3korr(buffer); in mysqlnd_read_header() 539 if (sizeof(buffer) < (packet->auth_data_len + (p - buffer))) { in php_mysqlnd_auth_write() 567 len = MIN(strlen(packet->auth_plugin_name), sizeof(buffer) - (p - buffer) - 1); in php_mysqlnd_auth_write() 653 zend_uchar *buf = pfc->cmd_buffer.buffer? (zend_uchar *) pfc->cmd_buffer.buffer : local_buf; in php_mysqlnd_auth_response_read() 791 if (buffer != pfc->cmd_buffer.buffer) { in php_mysqlnd_change_auth_response_write() 792 mnd_efree(buffer); in php_mysqlnd_change_auth_response_write() 1377 MYSQLND_ROW_BUFFER * buffer, in php_mysqlnd_read_row_ex() argument 1409 p = buffer->ptr; in php_mysqlnd_read_row_ex() 1433 if (!buffer->ptr) { in php_mysqlnd_read_row_ex() 1452 buffer->ptr = NULL; in php_mysqlnd_read_row_ex() [all …]
|
/PHP-7.4/main/streams/ |
H A D | streams.c | 244 char *buffer = NULL; in php_stream_wrapper_log_error() local 247 vspprintf(&buffer, 0, fmt, args); in php_stream_wrapper_log_error() 251 php_error_docref(NULL, E_WARNING, "%s", buffer); in php_stream_wrapper_log_error() 252 efree(buffer); in php_stream_wrapper_log_error() 264 zend_llist_init(&new_list, sizeof(buffer), wrapper_error_dtor, 0); in php_stream_wrapper_log_error() 270 zend_llist_add_element(list, &buffer); in php_stream_wrapper_log_error()
|
H A D | cast.c | 61 static int stream_cookie_reader(void *cookie, char *buffer, int size) in stream_cookie_reader() argument 65 ret = php_stream_read((php_stream*)cookie, buffer, size); in stream_cookie_reader() 69 static int stream_cookie_writer(void *cookie, const char *buffer, int size) in stream_cookie_writer() argument 72 return php_stream_write((php_stream *)cookie, (char *)buffer, size); in stream_cookie_writer() 91 static ssize_t stream_cookie_reader(void *cookie, char *buffer, size_t size) in stream_cookie_reader() argument 95 ret = php_stream_read(((php_stream *)cookie), buffer, size); in stream_cookie_reader() 99 static ssize_t stream_cookie_writer(void *cookie, const char *buffer, size_t size) in stream_cookie_writer() argument 102 return php_stream_write(((php_stream *)cookie), (char *)buffer, size); in stream_cookie_writer()
|
/PHP-7.4/ext/libxml/ |
H A D | libxml.c | 382 static int php_libxml_streams_IO_read(void *context, char *buffer, int len) in php_libxml_streams_IO_read() argument 384 return php_stream_read((php_stream*)context, buffer, len); in php_libxml_streams_IO_read() 387 static int php_libxml_streams_IO_write(void *context, const char *buffer, int len) in php_libxml_streams_IO_write() argument 389 return php_stream_write((php_stream*)context, buffer, len); in php_libxml_streams_IO_write()
|
/PHP-7.4/ext/mbstring/ |
H A D | mbstring.c | 4584 str_headers = zend_string_init((char *)device.buffer, strlen((char *)device.buffer), 0); in PHP_FUNCTION() 5020 if (dev.pos < 1 || filter->num_illegalchar || dev.buffer[0] >= MBFL_WCSGROUP_UCS4MAX) { in php_mb_ord() 5026 cp = dev.buffer[0]; in php_mb_ord()
|
/PHP-7.4/sapi/fpm/fpm/ |
H A D | fpm_status.c | 148 char *buffer, *time_format, time_buffer[64]; in fpm_status_handle_request() local 456 spprintf(&buffer, 0, short_syntax, in fpm_status_handle_request() 474 PUTS(buffer); in fpm_status_handle_request() 475 efree(buffer); in fpm_status_handle_request() 540 spprintf(&buffer, 0, full_syntax, in fpm_status_handle_request() 558 PUTS(buffer); in fpm_status_handle_request() 559 efree(buffer); in fpm_status_handle_request()
|
H A D | fpm_main.c | 433 static size_t sapi_cgi_read_post(char *buffer, size_t count_bytes) /* {{{ */ in sapi_cgi_read_post() argument 460 tmp_read_bytes = fcgi_read(request, buffer + read_bytes, count_bytes - read_bytes); in sapi_cgi_read_post() 462 tmp_read_bytes = read(request_body_fd, buffer + read_bytes, count_bytes - read_bytes); in sapi_cgi_read_post()
|
/PHP-7.4/ext/date/ |
H A D | php_date.c | 1198 length = slprintf(buffer, sizeof(buffer), "%03d", retval); in date_format() 1213 case 'O': length = slprintf(buffer, sizeof(buffer), "%c%02d%s%02d", in date_format() 1222 length = slprintf(buffer, sizeof(buffer), "%s", "UTC"); in date_format() 1226 length = slprintf(buffer, sizeof(buffer), "%s", t->tz_info->name); in date_format() 1229 length = slprintf(buffer, sizeof(buffer), "%s", offset->abbr); in date_format() 1232 length = slprintf(buffer, sizeof(buffer), "%c%02d:%02d", in date_format() 1265 default: buffer[0] = format[i]; buffer[1] = '\0'; length = 1; break; in date_format() 4597 length = slprintf(buffer, sizeof(buffer), "%d", (int) t->days); in date_interval_format() 4599 length = slprintf(buffer, sizeof(buffer), "(unknown)"); in date_interval_format() 4605 case '%': length = slprintf(buffer, sizeof(buffer), "%%"); break; in date_interval_format() [all …]
|
/PHP-7.4/main/ |
H A D | main.c | 964 char *buffer; in php_printf() local 969 ret = PHPWRITE(buffer, size); in php_printf() 970 efree(buffer); in php_printf() 1008 efree(buffer); in php_verror() 1014 buffer = ""; in php_verror() 1169 efree(buffer); in php_verror() 1257 char *buffer; in php_error_cb() local 1304 efree(buffer); in php_error_cb() 1469 efree(buffer); in php_error_cb() 1480 efree(buffer); in php_error_cb() [all …]
|
H A D | output.c | 376 ZVAL_STRINGL(p, OG(active)->buffer.data, OG(active)->buffer.used); in php_output_get_contents() 874 handler->buffer.data = emalloc(handler->buffer.size); in php_output_handler_init() 887 if ((handler->buffer.size - handler->buffer.used) <= buf->used) { in php_output_handler_append() 892 handler->buffer.data = safe_erealloc(handler->buffer.data, 1, handler->buffer.size, grow_max); in php_output_handler_append() 895 memcpy(handler->buffer.data + handler->buffer.used, buf->data, buf->used); in php_output_handler_append() 929 handler->buffer.used?handler->buffer.data:"", in php_output_handler_op() 930 handler->buffer.used, in php_output_handler_op() 931 handler->buffer.size, in php_output_handler_op() 956 ZVAL_STRINGL(&ob_data, handler->buffer.data, handler->buffer.used); in php_output_handler_op() 984 …php_output_context_feed(context, handler->buffer.data, handler->buffer.size, handler->buffer.used,… in php_output_handler_op() [all …]
|
/PHP-7.4/ext/standard/ |
H A D | user_filters.c | 506 char *buffer; in PHP_FUNCTION() local 513 Z_PARAM_STRING(buffer, buffer_len) in PHP_FUNCTION() 520 memcpy(pbuffer, buffer, buffer_len); in PHP_FUNCTION()
|
H A D | image.c | 182 static unsigned long int php_swf_get_bits (unsigned char* buffer, unsigned int pos, unsigned int co… in php_swf_get_bits() argument 190 ((((buffer[loop / 8]) >> (7 - (loop % 8))) & 0x01) << (count - (loop - pos) - 1)); in php_swf_get_bits() 442 char *buffer; in php_read_APP() local 452 buffer = emalloc((size_t)length); in php_read_APP() 454 if (php_stream_read(stream, buffer, (size_t) length) != length) { in php_read_APP() 455 efree(buffer); in php_read_APP() 463 add_assoc_stringl(info, markername, buffer, length); in php_read_APP() 466 efree(buffer); in php_read_APP()
|
/PHP-7.4/ext/zip/ |
H A D | php_zip.c | 1313 zend_string *buffer; in PHP_NAMED_FUNCTION() local 1330 n = zip_fread(zr_rsrc->zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer)); in PHP_NAMED_FUNCTION() 1333 ZSTR_LEN(buffer) = n; in PHP_NAMED_FUNCTION() 1334 RETURN_NEW_STR(buffer); in PHP_NAMED_FUNCTION() 1828 zend_string *buffer; local 1853 memcpy(ze_obj->buffers[pos], ZSTR_VAL(buffer), ZSTR_LEN(buffer) + 1); 2709 zend_string *buffer; local 2745 n = zip_fread(zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer)); 2747 zend_string_efree(buffer); 2753 ZSTR_LEN(buffer) = n; [all …]
|
/PHP-7.4/ext/fileinfo/tests/ |
H A D | bug78987.phpt | 26 $finfo->buffer($content);
|
/PHP-7.4/ext/fileinfo/ |
H A D | libmagic.patch | 392 + char buffer[BUFSIZ + 1]; 662 * handle a buffer containing a compiled file. 1006 diff -u libmagic.orig/buffer.c libmagic/buffer.c 1008 +++ libmagic/buffer.c 2021-09-17 21:27:42.796508107 +0200 1037 buffer_fini(struct buffer *b) 1741 struct buffer { 1819 protected void buffer_fini(struct buffer *); 1820 protected int buffer_fill(const struct buffer *); 2249 - * Like printf, only we append to a buffer. 2375 struct buffer b; [all …]
|
/PHP-7.4/ext/fileinfo/libmagic/ |
H A D | encoding.c | 70 file_encoding(struct magic_set *ms, const struct buffer *b, unichar **ubuf, in file_encoding()
|
/PHP-7.4/ext/curl/ |
H A D | interface.c | 2108 static size_t read_cb(char *buffer, size_t size, size_t nitems, void *arg) /* {{{ */ in read_cb() argument 2118 numread = php_stream_read(cb_arg->stream, buffer, nitems * size); in read_cb()
|
/PHP-7.4/ext/mysqli/ |
H A D | mysqli_api.c | 211 bind[ofs].buffer = &Z_DVAL_P(param); in mysqli_stmt_bind_param_do_bind() 221 bind[ofs].buffer = &Z_LVAL_P(param); in mysqli_stmt_bind_param_do_bind() 422 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind() 433 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind() 459 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind() 472 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind() 530 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind() 908 stmt->stmt->params[i].buffer = Z_STRVAL_P(param); 913 stmt->stmt->params[i].buffer = &Z_DVAL_P(param); 918 stmt->stmt->params[i].buffer = &Z_LVAL_P(param);
|
/PHP-7.4/ext/openssl/ |
H A D | openssl.c | 1299 char buffer[MAXPATHLEN]; in php_openssl_load_rand_file() local 1305 file = RAND_file_name(buffer, sizeof(buffer)); in php_openssl_load_rand_file() 1329 char buffer[MAXPATHLEN]; in php_openssl_write_rand_file() local 1338 file = RAND_file_name(buffer, sizeof(buffer)); in php_openssl_write_rand_file() 3210 memcpy(buffer, type, len); in php_openssl_make_REQ() 3211 buffer[len] = '\0'; in php_openssl_make_REQ() 3212 type = buffer; in php_openssl_make_REQ() 6955 zend_string *buffer = NULL; in php_openssl_random_pseudo_bytes() local 6986 return buffer; in php_openssl_random_pseudo_bytes() 6993 zend_string *buffer = NULL; in PHP_FUNCTION() local [all …]
|
/PHP-7.4/sapi/cgi/ |
H A D | cgi_main.c | 478 static size_t sapi_cgi_read_post(char *buffer, size_t count_bytes) in sapi_cgi_read_post() argument 494 tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, to_read); in sapi_cgi_read_post() 496 tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, count_bytes - read_bytes); in sapi_cgi_read_post() 506 static size_t sapi_fcgi_read_post(char *buffer, size_t count_bytes) in sapi_fcgi_read_post() argument 520 tmp_read_bytes = fcgi_read(request, buffer + read_bytes, to_read); in sapi_fcgi_read_post()
|
/PHP-7.4/sapi/cli/ |
H A D | php_cli_server.c | 975 buffer->first = NULL; in php_cli_server_buffer_ctor() 976 buffer->last = NULL; in php_cli_server_buffer_ctor() 983 if (!buffer->last) { in php_cli_server_buffer_append() 988 buffer->last = last; in php_cli_server_buffer_append() 996 if (!buffer->last) { in php_cli_server_buffer_prepend() 997 buffer->last = last; in php_cli_server_buffer_prepend() 999 buffer->first = chunk; in php_cli_server_buffer_prepend() 2058 if (!buffer.s) { in php_cli_server_send_error_page() 2069 chunk = php_cli_server_chunk_heap_new(buffer.s, ZSTR_VAL(buffer.s), ZSTR_LEN(buffer.s)); in php_cli_server_send_error_page() 2151 if (!buffer.s) { in php_cli_server_begin_send_static() [all …]
|
/PHP-7.4/ext/pdo_firebird/tests/ |
H A D | bug_76448.phpt | 2 Bug #76448 (Stack buffer overflow in firebird_info_cb)
|