| #
2d467abc |
| 07-Dec-2020 |
Nikita Popov |
Fix another typed resource issue in unserialization
We also need to discard old entries in the ref_props HT when values
are overwritten.
We should really forbid these kinds of o
Fix another typed resource issue in unserialization
We also need to discard old entries in the ref_props HT when values
are overwritten.
We should really forbid these kinds of overwrites. I believe they
can only occur in manually crafted serialization strings, and
cause so many problems...
Fixes oss-fuzz #28257.
show more ...
|
| #
77325c44 |
| 04-Dec-2020 |
Nikita Popov |
Fix removal of type source during unserialization
Missed a check for info in this code. Add it, and add an assertion
in type source removal to make it easier to catch this issue.
Fix removal of type source during unserialization
Missed a check for info in this code. Add it, and add an assertion
in type source removal to make it easier to catch this issue.
Fixes oss-fuzz #28208 and #28257.
show more ...
|
| #
ed9532cf |
| 30-Nov-2020 |
Nikita Popov |
Fix another ref source management bug in unserialize
When we overwrite an existing property during unserialization,
we also have to drop the ref source from it.
|
| #
f5b93626 |
| 25-Nov-2020 |
Nikita Popov |
Fix unserialization ref source management, again
Handle one case the previous patch did not account for: If
unserialization of data fails, we should still register a ref
source.
Fix unserialization ref source management, again
Handle one case the previous patch did not account for: If
unserialization of data fails, we should still register a ref
source.
Also add an extra test for a reference between two typed properties,
as this used to be handled incorrectly earlier.
show more ...
|
| #
7a3f25e3 |
| 25-Nov-2020 |
Nikita Popov |
Fix ref source management during unserialization
Only register the slot for adding ref sources later if we didn't
immediately register one. Also avoids leaking a ref source if
it is
Fix ref source management during unserialization
Only register the slot for adding ref sources later if we didn't
immediately register one. Also avoids leaking a ref source if
it is added early and the assignment fails.
Fixes oss-fuzz #27628.
show more ...
|
|
Revision tags: php-8.0.0, php-7.3.25, php-7.4.13, php-8.0.0RC5, php-7.4.13RC1, php-8.0.0RC4, php-7.3.25RC1, php-7.4.12, php-8.0.0RC3, php-7.3.24, php-8.0.0RC2, php-7.4.12RC1, php-7.3.24RC1, php-7.2.34, php-8.0.0rc1, php-7.4.11, php-7.3.23, php-8.0.0beta4, php-7.4.11RC1, php-7.3.23RC1, php-8.0.0beta3, php-7.4.10, php-7.3.22 |
|
| #
df5011f5 |
| 28-Aug-2020 |
Nikita Popov |
Export and reuse zend_is_valid_class_name API
Unserialization does the same check as zend_lookup_class, so let's
share the same optimized implementation.
|
| #
c47011ba |
| 28-Aug-2020 |
Nikita Popov |
Use zend_string when storing incomplete class name
No need to copy the string here...
|
| #
1b2ec73c |
| 26-Aug-2020 |
George Peter Banyard |
Drop various unused macros/APIs
Also convert_libmagic_pattern() to return a zend_string*
Closes GH-6029
|
|
Revision tags: php-8.0.0beta2, php-7.3.22RC1, php-7.4.10RC1, php-8.0.0beta1, php-7.4.9, php-7.2.33, php-7.3.21 |
|
| #
6e92487f |
| 22-Jul-2020 |
twosee |
Fix warnings of strict-prototypes
Closes GH-5887.
|
|
Revision tags: php-8.0.0alpha3, php-7.4.9RC1, php-7.3.21RC1, php-7.4.8, php-7.2.32, php-8.0.0alpha2, php-7.3.20 |
|
| #
0280b83e |
| 06-Jul-2020 |
Nikita Popov |
Avoid some unnecessary uses of no_separation=0
For the rare cases where references are part of the API,
construct them explicitly. Otherwise do not allow separation.
|
| #
1314ccbf |
| 26-Jun-2020 |
Nikita Popov |
Cache __unserialize() instead of unserialize()
We should use these cache slots for the new object serialization
mechanism rather than the old one.
|
|
Revision tags: php-8.0.0alpha1, php-7.4.8RC1, php-7.3.20RC1, php-7.4.7, php-7.3.19 |
|
| #
83a77015 |
| 08-Jun-2020 |
twosee |
Add helper APIs for maybe-interned string creation
Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.
Add zend_string_init_fast()
Add helper APIs for maybe-interned string creation
Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using
ZVAL_INTERNED_STRING and ZSTR_CHAR.
Add zend_string_init_fast() as a helper for the empty string /
one char interned string / zend_string_init() pattern.
Also add corresponding ZVAL_STRINGL_FAST etc macros.
Closes GH-5684.
show more ...
|
|
Revision tags: php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28, php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14 |
|
| #
691880b2 |
| 19-Jan-2020 |
Tyson Andre |
Speed up unserializing object properties
Hash table lookups are slow.
Don't do one a second time to update the property.
The call to zend_hash_update_ind goes back to 8b0deb8cd2
Speed up unserializing object properties
Hash table lookups are slow.
Don't do one a second time to update the property.
The call to zend_hash_update_ind goes back to 8b0deb8cd2d
Background: Properties are IS_INDIRECT when they're a declared property,
and point to properties_table.
See https://nikic.github.io/2015/06/19/Internal-value-representation-in-PHP-7-part-2.html#objects-in-php-7
show more ...
|
|
Revision tags: php-7.3.14RC1, php-7.4.2RC1, php-7.4.1, php-7.2.26, php-7.3.13, php-7.4.1RC1, php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5 |
|
| #
9d48bf51 |
| 27-Oct-2019 |
Tyson Andre |
Fix miscellaneous typos in docs and error messages
Closes GH-4863.
|
|
Revision tags: php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23 |
|
| #
1806ce9c |
| 24-Sep-2019 |
Nikita Popov |
Add max_depth option to unserialize()
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value
Add max_depth option to unserialize()
Add a max_depth option to unserialize and an unserialize_max_depth
ini setting, which can be used to control the depth limit. The
default value is 4096.
This option is intended to prevent stack overflows during the
unserialization of deeply nested structures.
This fixes bug #78549 and addresses oss-fuzz #17581, #17589, #17664,
and #17788.
show more ...
|
| #
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers
Closes GH-4732.
|
|
Revision tags: php-7.3.10 |
|
| #
e65adc9c |
| 23-Sep-2019 |
Nikita Popov |
Fix ubsan violation in parse_iv2
This fixes two issues:
* Negative the value in an unsigned type to avoid signed overflow.
* Treat -0 as 0 rather than an invalid number that gets c
Fix ubsan violation in parse_iv2
This fixes two issues:
* Negative the value in an unsigned type to avoid signed overflow.
* Treat -0 as 0 rather than an invalid number that gets converted
to ZEND_LONG_MIN.
show more ...
|
|
Revision tags: php-7.4.0RC2 |
|
| #
c3376bf7 |
| 16-Sep-2019 |
Nikita Popov |
Fix use-after-free due to packed->mixed conversion with __unserialize()
|
| #
0d3da6ac |
| 16-Sep-2019 |
Nikita Popov |
Fix segfault when unserializing abstract class
|
| #
4377a8ea |
| 16-Sep-2019 |
Nikita Popov |
Sanity-check array/object lengths during unserialization
Avoid OOM conditions in unserialize due to overly large array or
object length specifications.
|
|
Revision tags: php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9 |
|
| #
ca265eb5 |
| 23-Aug-2019 |
Christoph M. Becker |
Fix #78438: Corruption when __unserializing deeply nested structures
When storing two temporary variables for delayed __unserialize() calls,
we have to make sure that both fit into the s
Fix #78438: Corruption when __unserializing deeply nested structures
When storing two temporary variables for delayed __unserialize() calls,
we have to make sure that both fit into the same linked list element.
To that end we introduce the internal API `tmp_var` which allows to
reserve `num` slots in the same list element.
We also fix the `var_dtor_entries` struct definition to use the proper
size, namely `VAR_DTOR_ENTRIES_MAX`.
show more ...
|
| #
69ba2b98 |
| 22-Aug-2019 |
Christoph M. Becker |
Fix var_unserializer debug code
At least it now compiles and should be free of warnings.
|
|
Revision tags: php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8, php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3, php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30, php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5, php-7.2.18RC1, php-7.3.5RC1 |
|
| #
e2ea0f10 |
| 09-Apr-2019 |
Nikita Popov |
Fix bug #77866: Port Serializable SPL classes to use __unserialize()
Payloads created using Serializable are still supported.
|
| #
b870685c |
| 09-Apr-2019 |
Nikita Popov |
Fix leak on error in new serialization mechanism
|
|
Revision tags: php-7.2.17, php-7.3.4, php-7.1.28, php-7.3.4RC1, php-7.2.17RC1, php-7.1.27, php-7.3.3, php-7.2.16, php-7.3.3RC1, php-7.2.16RC1, php-7.2.15, php-7.3.2, php-7.2.15RC1 |
|
| #
d373c11e |
| 22-Jan-2019 |
Nikita Popov |
Implement new custom object serialization mechanism
RFC: https://wiki.php.net/rfc/custom_object_serialization
|
