| #
2b5de6f8 |
| 01-Jul-2020 |
Max Semenik |
Remove proto comments from C files
Closes GH-5758 |
| #
6079bdb2 |
| 23-Jun-2020 |
George Peter Banyard |
Use standard bool type in EXIF extension |
| #
63cb47a8 |
| 13-Jun-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes
|
| #
59e343c7 |
| 13-Jun-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3:
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes
|
| #
5621c5fa |
| 13-Jun-2020 |
Christoph M. Becker |
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes
Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or becaus
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes
Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or because our
expectations do not quite match reality), there is no need to let
parsing fail; we can still go on parsing the other meta information.
show more ...
|
| #
4f9a1122 |
| 12-Jun-2020 |
Nikita Popov |
Avoid out of range float to int cast in exif
Use convert_any_int instead of convert_any_format to directly get
an integer.
Also adjust SRATIONAL handling to not go through a dou
Avoid out of range float to int cast in exif
Use convert_any_int instead of convert_any_format to directly get
an integer.
Also adjust SRATIONAL handling to not go through a double division.
This was introduced to avoid SIGFPE for the INT_MIN / -1 case,
but we can just handle that explicitly.
show more ...
|
| #
f68a64a8 |
| 12-Jun-2020 |
Nikita Popov |
Fix null pointer UB in add_assoc_image_info()
And clean up this function a bit by reducing indentation and
variable scope. |
| #
ece37505 |
| 12-Jun-2020 |
Nikita Popov |
Fix float conversion warning
We are okay with the loss of precision here... |
| #
e37501e6 |
| 12-May-2020 |
George Peter Banyard |
Fix [-Wundef] warning in EXIF extension |
| #
810c5c74 |
| 16-Apr-2020 |
Nikita Popov |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix bug #79336
|
| #
0b709e34 |
| 16-Apr-2020 |
Nikita Popov |
Fix bug #79336
Make reading of floats and doubles host-endian independent. |
| #
7c307873 |
| 04-Apr-2020 |
Máté Kocsis |
Generate function entries from stubs for a couple of extensions
Closes GH-5347 |
| #
ea7cf2eb |
| 17-Mar-2020 |
Christoph M. Becker |
Merge branch 'PHP-7.4'
* PHP-7.4:
[ci skip] Update NEWS
Fix test
Fix bug #79329 - get_headers should not accept \0
Fixed bug #79282
Fix #79283: Segfault in libm
Merge branch 'PHP-7.4'
* PHP-7.4:
[ci skip] Update NEWS
Fix test
Fix bug #79329 - get_headers should not accept \0
Fixed bug #79282
Fix #79283: Segfault in libmagic patch contains a buffer overflow
Fix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow
[ci skip] Update NEWS
Fix test
Fix bug #79329 - get_headers should not accept \0
Fixed bug #79282
Fix #79371: mb_strtolower (UTF-32LE): stack-buffer-overflow
show more ...
|
| #
9ed82b1f |
| 16-Mar-2020 |
Stanislav Malyshev |
Fixed bug #79282 |
| #
b9d32197 |
| 16-Mar-2020 |
Stanislav Malyshev |
Fixed bug #79282 |
| #
25238bdf |
| 16-Mar-2020 |
Stanislav Malyshev |
Fixed bug #79282 |
| #
7a062cf9 |
| 17-Dec-2019 |
Nikita Popov |
Handle EXIF offsets in a principled manner
exif_process_IFD_TAG() currently accepts a dir_entry, offset_base
and IFDlength. However, it's very hard to follow how these values
are rel
Handle EXIF offsets in a principled manner
exif_process_IFD_TAG() currently accepts a dir_entry, offset_base
and IFDlength. However, it's very hard to follow how these values
are related to each other and the addressable memory region. As we
add additional bounds check, this gets further confused.
One of the basic cases is where dir_entry is in
[offset_base, offset_base+IFDlength), in which case the memory
[dir_entry, offset_base+IFDlength) is valid, but the memory
[offset_base, dir_entry) is not necessarily valid. I wasn't able
to understand what exactly is valid if dir_entry is outside
[offset_base, offset_base+IFDlength)
This patch changes everything to use a struct that separately stores
offset_base and the valid memory region and adds helpers to fetch
offsets and check that pointers are in-bounds.
Closes GH-5068.
show more ...
|
| #
99db00b1 |
| 19-Jan-2020 |
Máté Kocsis |
Fix #78880 Another round |
| #
7b4a4d2a |
| 03-Jan-2020 |
Máté Kocsis |
Use RETURN_THROWS() after try_convert_to_string() |
| #
382a038e |
| 30-Dec-2019 |
Máté Kocsis |
Use ZEND_THROWS() during ZPP in enchant, exif, fileinfo, filter, and FTP extensions |
| #
d21ad4d9 |
| 30-Dec-2019 |
Nikita Popov |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fixed bug #79046
|
| #
d1537e50 |
| 30-Dec-2019 |
Nikita Popov |
Fixed bug #79046 |
| #
f0d1a279 |
| 17-Dec-2019 |
Nikita Popov |
Merge branch 'PHP-7.4'
* PHP-7.4:
Avoid float to int cast UB in exif
|
| #
dd997a40 |
| 17-Dec-2019 |
Nikita Popov |
Avoid float to int cast UB in exif |
| #
0dfff646 |
| 16-Dec-2019 |
Stanislav Malyshev |
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix test
Fix bug #78793
Fix build - no model field anymore
Fixed bug #78910
Fix #78878: Buffer underflow in bc_shift_addsub
Merge branch 'PHP-7.4'
* PHP-7.4:
Fix test
Fix bug #78793
Fix build - no model field anymore
Fixed bug #78910
Fix #78878: Buffer underflow in bc_shift_addsub
Fix test
Fix #78862: link() silently truncates after a null byte on Windows
Fix #78863: DirectoryIterator class silently truncates after a null byte
Fix #78943: mail() may release string with refcount==1 twice
show more ...
|
