Home
last modified time | relevance | path

Searched refs:buffer (Results 1 – 25 of 323) sorted by last modified time

12345678910>>...13

/PHP-7.4/
H A DNEWS13 . Fixed bug #81738: buffer overflow in hash_update() on long parameter.
265 . Fixed bug #76448: Stack buffer overflow in firebird_info_cb.
1145 . Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).
1659 . Fixed bug #78510 (Partially uninitialized buffer returned by
1704 with fixed length buffer). (Albert Casademont)
1842 . Fixed bug #78559 (Heap buffer overflow in mb_eregi). (cmb)
1855 . Fixed bug #78510 (Partially uninitialized buffer returned by
1901 with fixed length buffer). (Albert Casademont)
2029 . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
2402 . Fixed bug #77371 (heap buffer overflow in mb regex functions
[all …]
/PHP-7.4/ext/phar/
H A Dphar.c505 (buffer) += 4
509 (buffer) += 2
513 buffer += 4
516 buffer += 2
694 buffer = b32; in phar_parse_pharfile()
700 if ((*buffer == ' ' || *buffer == '\n') && *(buffer + 1) == '?' && *(buffer + 2) == '>') { in phar_parse_pharfile()
726 buffer = b32; in phar_parse_pharfile()
757 buffer += 2; in phar_parse_pharfile()
1043 buffer += len; in phar_parse_pharfile()
1128 buffer += len; in phar_parse_pharfile()
[all …]
/PHP-7.4/ext/pgsql/
H A Dpgsql.c4481 unsigned char *buffer, local
4490 buffer = (unsigned char *) emalloc(buflen); /* isn't NULL terminated */
4491 for (bp = buffer, sp = strtext; *sp != '\0'; bp++, sp++)
4552 buffer = erealloc(buffer, buflen+1);
4553 buffer[buflen] = '\0';
4556 return buffer;
/PHP-7.4/ext/mysqlnd/
H A Dmysqlnd_wireprotocol.c254 header->size = uint3korr(buffer); in mysqlnd_read_header()
539 if (sizeof(buffer) < (packet->auth_data_len + (p - buffer))) { in php_mysqlnd_auth_write()
567 len = MIN(strlen(packet->auth_plugin_name), sizeof(buffer) - (p - buffer) - 1); in php_mysqlnd_auth_write()
653 zend_uchar *buf = pfc->cmd_buffer.buffer? (zend_uchar *) pfc->cmd_buffer.buffer : local_buf; in php_mysqlnd_auth_response_read()
791 if (buffer != pfc->cmd_buffer.buffer) { in php_mysqlnd_change_auth_response_write()
792 mnd_efree(buffer); in php_mysqlnd_change_auth_response_write()
1377 MYSQLND_ROW_BUFFER * buffer, in php_mysqlnd_read_row_ex() argument
1409 p = buffer->ptr; in php_mysqlnd_read_row_ex()
1433 if (!buffer->ptr) { in php_mysqlnd_read_row_ex()
1452 buffer->ptr = NULL; in php_mysqlnd_read_row_ex()
[all …]
/PHP-7.4/main/streams/
H A Dstreams.c244 char *buffer = NULL; in php_stream_wrapper_log_error() local
247 vspprintf(&buffer, 0, fmt, args); in php_stream_wrapper_log_error()
251 php_error_docref(NULL, E_WARNING, "%s", buffer); in php_stream_wrapper_log_error()
252 efree(buffer); in php_stream_wrapper_log_error()
264 zend_llist_init(&new_list, sizeof(buffer), wrapper_error_dtor, 0); in php_stream_wrapper_log_error()
270 zend_llist_add_element(list, &buffer); in php_stream_wrapper_log_error()
H A Dcast.c61 static int stream_cookie_reader(void *cookie, char *buffer, int size) in stream_cookie_reader() argument
65 ret = php_stream_read((php_stream*)cookie, buffer, size); in stream_cookie_reader()
69 static int stream_cookie_writer(void *cookie, const char *buffer, int size) in stream_cookie_writer() argument
72 return php_stream_write((php_stream *)cookie, (char *)buffer, size); in stream_cookie_writer()
91 static ssize_t stream_cookie_reader(void *cookie, char *buffer, size_t size) in stream_cookie_reader() argument
95 ret = php_stream_read(((php_stream *)cookie), buffer, size); in stream_cookie_reader()
99 static ssize_t stream_cookie_writer(void *cookie, const char *buffer, size_t size) in stream_cookie_writer() argument
102 return php_stream_write(((php_stream *)cookie), (char *)buffer, size); in stream_cookie_writer()
/PHP-7.4/ext/libxml/
H A Dlibxml.c382 static int php_libxml_streams_IO_read(void *context, char *buffer, int len) in php_libxml_streams_IO_read() argument
384 return php_stream_read((php_stream*)context, buffer, len); in php_libxml_streams_IO_read()
387 static int php_libxml_streams_IO_write(void *context, const char *buffer, int len) in php_libxml_streams_IO_write() argument
389 return php_stream_write((php_stream*)context, buffer, len); in php_libxml_streams_IO_write()
/PHP-7.4/ext/mbstring/
H A Dmbstring.c4584 str_headers = zend_string_init((char *)device.buffer, strlen((char *)device.buffer), 0); in PHP_FUNCTION()
5020 if (dev.pos < 1 || filter->num_illegalchar || dev.buffer[0] >= MBFL_WCSGROUP_UCS4MAX) { in php_mb_ord()
5026 cp = dev.buffer[0]; in php_mb_ord()
/PHP-7.4/sapi/fpm/fpm/
H A Dfpm_status.c148 char *buffer, *time_format, time_buffer[64]; in fpm_status_handle_request() local
456 spprintf(&buffer, 0, short_syntax, in fpm_status_handle_request()
474 PUTS(buffer); in fpm_status_handle_request()
475 efree(buffer); in fpm_status_handle_request()
540 spprintf(&buffer, 0, full_syntax, in fpm_status_handle_request()
558 PUTS(buffer); in fpm_status_handle_request()
559 efree(buffer); in fpm_status_handle_request()
H A Dfpm_main.c433 static size_t sapi_cgi_read_post(char *buffer, size_t count_bytes) /* {{{ */ in sapi_cgi_read_post() argument
460 tmp_read_bytes = fcgi_read(request, buffer + read_bytes, count_bytes - read_bytes); in sapi_cgi_read_post()
462 tmp_read_bytes = read(request_body_fd, buffer + read_bytes, count_bytes - read_bytes); in sapi_cgi_read_post()
/PHP-7.4/ext/date/
H A Dphp_date.c1198 length = slprintf(buffer, sizeof(buffer), "%03d", retval); in date_format()
1213 case 'O': length = slprintf(buffer, sizeof(buffer), "%c%02d%s%02d", in date_format()
1222 length = slprintf(buffer, sizeof(buffer), "%s", "UTC"); in date_format()
1226 length = slprintf(buffer, sizeof(buffer), "%s", t->tz_info->name); in date_format()
1229 length = slprintf(buffer, sizeof(buffer), "%s", offset->abbr); in date_format()
1232 length = slprintf(buffer, sizeof(buffer), "%c%02d:%02d", in date_format()
1265 default: buffer[0] = format[i]; buffer[1] = '\0'; length = 1; break; in date_format()
4597 length = slprintf(buffer, sizeof(buffer), "%d", (int) t->days); in date_interval_format()
4599 length = slprintf(buffer, sizeof(buffer), "(unknown)"); in date_interval_format()
4605 case '%': length = slprintf(buffer, sizeof(buffer), "%%"); break; in date_interval_format()
[all …]
/PHP-7.4/main/
H A Dmain.c964 char *buffer; in php_printf() local
969 ret = PHPWRITE(buffer, size); in php_printf()
970 efree(buffer); in php_printf()
1008 efree(buffer); in php_verror()
1014 buffer = ""; in php_verror()
1169 efree(buffer); in php_verror()
1257 char *buffer; in php_error_cb() local
1304 efree(buffer); in php_error_cb()
1469 efree(buffer); in php_error_cb()
1480 efree(buffer); in php_error_cb()
[all …]
H A Doutput.c376 ZVAL_STRINGL(p, OG(active)->buffer.data, OG(active)->buffer.used); in php_output_get_contents()
874 handler->buffer.data = emalloc(handler->buffer.size); in php_output_handler_init()
887 if ((handler->buffer.size - handler->buffer.used) <= buf->used) { in php_output_handler_append()
892 handler->buffer.data = safe_erealloc(handler->buffer.data, 1, handler->buffer.size, grow_max); in php_output_handler_append()
895 memcpy(handler->buffer.data + handler->buffer.used, buf->data, buf->used); in php_output_handler_append()
929 handler->buffer.used?handler->buffer.data:"", in php_output_handler_op()
930 handler->buffer.used, in php_output_handler_op()
931 handler->buffer.size, in php_output_handler_op()
956 ZVAL_STRINGL(&ob_data, handler->buffer.data, handler->buffer.used); in php_output_handler_op()
984 …php_output_context_feed(context, handler->buffer.data, handler->buffer.size, handler->buffer.used,… in php_output_handler_op()
[all …]
/PHP-7.4/ext/standard/
H A Duser_filters.c506 char *buffer; in PHP_FUNCTION() local
513 Z_PARAM_STRING(buffer, buffer_len) in PHP_FUNCTION()
520 memcpy(pbuffer, buffer, buffer_len); in PHP_FUNCTION()
H A Dimage.c182 static unsigned long int php_swf_get_bits (unsigned char* buffer, unsigned int pos, unsigned int co… in php_swf_get_bits() argument
190 ((((buffer[loop / 8]) >> (7 - (loop % 8))) & 0x01) << (count - (loop - pos) - 1)); in php_swf_get_bits()
442 char *buffer; in php_read_APP() local
452 buffer = emalloc((size_t)length); in php_read_APP()
454 if (php_stream_read(stream, buffer, (size_t) length) != length) { in php_read_APP()
455 efree(buffer); in php_read_APP()
463 add_assoc_stringl(info, markername, buffer, length); in php_read_APP()
466 efree(buffer); in php_read_APP()
/PHP-7.4/ext/zip/
H A Dphp_zip.c1313 zend_string *buffer; in PHP_NAMED_FUNCTION() local
1330 n = zip_fread(zr_rsrc->zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer)); in PHP_NAMED_FUNCTION()
1333 ZSTR_LEN(buffer) = n; in PHP_NAMED_FUNCTION()
1334 RETURN_NEW_STR(buffer); in PHP_NAMED_FUNCTION()
1828 zend_string *buffer; local
1853 memcpy(ze_obj->buffers[pos], ZSTR_VAL(buffer), ZSTR_LEN(buffer) + 1);
2709 zend_string *buffer; local
2745 n = zip_fread(zf, ZSTR_VAL(buffer), ZSTR_LEN(buffer));
2747 zend_string_efree(buffer);
2753 ZSTR_LEN(buffer) = n;
[all …]
/PHP-7.4/ext/fileinfo/tests/
H A Dbug78987.phpt26 $finfo->buffer($content);
/PHP-7.4/ext/fileinfo/
H A Dlibmagic.patch392 + char buffer[BUFSIZ + 1];
662 * handle a buffer containing a compiled file.
1006 diff -u libmagic.orig/buffer.c libmagic/buffer.c
1008 +++ libmagic/buffer.c 2021-09-17 21:27:42.796508107 +0200
1037 buffer_fini(struct buffer *b)
1741 struct buffer {
1819 protected void buffer_fini(struct buffer *);
1820 protected int buffer_fill(const struct buffer *);
2249 - * Like printf, only we append to a buffer.
2375 struct buffer b;
[all …]
/PHP-7.4/ext/fileinfo/libmagic/
H A Dencoding.c70 file_encoding(struct magic_set *ms, const struct buffer *b, unichar **ubuf, in file_encoding()
/PHP-7.4/ext/curl/
H A Dinterface.c2108 static size_t read_cb(char *buffer, size_t size, size_t nitems, void *arg) /* {{{ */ in read_cb() argument
2118 numread = php_stream_read(cb_arg->stream, buffer, nitems * size); in read_cb()
/PHP-7.4/ext/mysqli/
H A Dmysqli_api.c211 bind[ofs].buffer = &Z_DVAL_P(param); in mysqli_stmt_bind_param_do_bind()
221 bind[ofs].buffer = &Z_LVAL_P(param); in mysqli_stmt_bind_param_do_bind()
422 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind()
433 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind()
459 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind()
472 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind()
530 bind[ofs].buffer = stmt->result.buf[ofs].val; in mysqli_stmt_bind_result_do_bind()
908 stmt->stmt->params[i].buffer = Z_STRVAL_P(param);
913 stmt->stmt->params[i].buffer = &Z_DVAL_P(param);
918 stmt->stmt->params[i].buffer = &Z_LVAL_P(param);
/PHP-7.4/ext/openssl/
H A Dopenssl.c1299 char buffer[MAXPATHLEN]; in php_openssl_load_rand_file() local
1305 file = RAND_file_name(buffer, sizeof(buffer)); in php_openssl_load_rand_file()
1329 char buffer[MAXPATHLEN]; in php_openssl_write_rand_file() local
1338 file = RAND_file_name(buffer, sizeof(buffer)); in php_openssl_write_rand_file()
3210 memcpy(buffer, type, len); in php_openssl_make_REQ()
3211 buffer[len] = '\0'; in php_openssl_make_REQ()
3212 type = buffer; in php_openssl_make_REQ()
6955 zend_string *buffer = NULL; in php_openssl_random_pseudo_bytes() local
6986 return buffer; in php_openssl_random_pseudo_bytes()
6993 zend_string *buffer = NULL; in PHP_FUNCTION() local
[all …]
/PHP-7.4/sapi/cgi/
H A Dcgi_main.c478 static size_t sapi_cgi_read_post(char *buffer, size_t count_bytes) in sapi_cgi_read_post() argument
494 tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, to_read); in sapi_cgi_read_post()
496 tmp_read_bytes = read(STDIN_FILENO, buffer + read_bytes, count_bytes - read_bytes); in sapi_cgi_read_post()
506 static size_t sapi_fcgi_read_post(char *buffer, size_t count_bytes) in sapi_fcgi_read_post() argument
520 tmp_read_bytes = fcgi_read(request, buffer + read_bytes, to_read); in sapi_fcgi_read_post()
/PHP-7.4/sapi/cli/
H A Dphp_cli_server.c975 buffer->first = NULL; in php_cli_server_buffer_ctor()
976 buffer->last = NULL; in php_cli_server_buffer_ctor()
983 if (!buffer->last) { in php_cli_server_buffer_append()
988 buffer->last = last; in php_cli_server_buffer_append()
996 if (!buffer->last) { in php_cli_server_buffer_prepend()
997 buffer->last = last; in php_cli_server_buffer_prepend()
999 buffer->first = chunk; in php_cli_server_buffer_prepend()
2058 if (!buffer.s) { in php_cli_server_send_error_page()
2069 chunk = php_cli_server_chunk_heap_new(buffer.s, ZSTR_VAL(buffer.s), ZSTR_LEN(buffer.s)); in php_cli_server_send_error_page()
2151 if (!buffer.s) { in php_cli_server_begin_send_static()
[all …]
/PHP-7.4/ext/pdo_firebird/tests/
H A Dbug_76448.phpt2 Bug #76448 (Stack buffer overflow in firebird_info_cb)

Completed in 175 milliseconds

12345678910>>...13