|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1 |
|
| #
81d95c4c |
| 07-Oct-2019 |
Nikita Popov |
Don't test default serialize max_depth
The default depth is large enough to cause stack overflows in
msan builds, though apparently only on old clang versions. Avoiding
a stack overf
Don't test default serialize max_depth
The default depth is large enough to cause stack overflows in
msan builds, though apparently only on old clang versions. Avoiding
a stack overflow there requires making the depth *much* smaller,
less than 1000. As I don't think that's reasonable for all the other
setups where 4k works fine, I'm just dropping this part of the test.
show more ...
|
|
Revision tags: php-7.4.0RC3, php-7.2.23 |
|
| #
1806ce9c |
| 24-Sep-2019 |
Nikita Popov |
Add max_depth option to unserialize()
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value
Add max_depth option to unserialize()
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value is 4096.
This option is intended to prevent stack overflows during the
unserialization of deeply nested structures.
This fixes bug #78549 and addresses oss-fuzz #17581, #17589, #17664,
and #17788.
show more ...
|
