#
61cf1355 |
| 20-Feb-2021 |
Dmitry Stogov |
Remove class validation. zend_lookup_class_ex() performs it anyway.
|
#
e0328473 |
| 18-Feb-2021 |
Nikita Popov |
Initialize property to UNDEF on unserialize overwrite The UNDEF marker here is important to prevent the creation of a reference to the property currently being overwritten, which wou
Initialize property to UNDEF on unserialize overwrite The UNDEF marker here is important to prevent the creation of a reference to the property currently being overwritten, which would then leak. This fixes oss-fuzz 6029559193534464, which was incorrectly merged into oss-fuzz #30584 (which is reported at https://github.com/google/oss-fuzz/issues/5211).
show more ...
|
#
b87080f3 |
| 18-Feb-2021 |
Nikita Popov |
Don't use unmangled name if property not found This restores the previous behavior for this case. We'll continue to use the mangled name, even if it does not correspond to a declared
Don't use unmangled name if property not found This restores the previous behavior for this case. We'll continue to use the mangled name, even if it does not correspond to a declared property. This also fixes an assertion failure for the case of property overwrite, as the add_new was not guaranteed to be "new" previously. Fixes oss-fuzz #31045.
show more ...
|
#
76b36356 |
| 17-Feb-2021 |
Dmitry Stogov |
unserialize() optimization. Omit class name validation before hash lookup, and perform it only before autoloading.
|
#
081349fe |
| 16-Feb-2021 |
Dmitry Stogov |
Improved unserialize() performance. Checks for object propery "visibility change" were moved, to be performed only if name/visibility had been really changed.
|
#
141c4be7 |
| 15-Jan-2021 |
Nikita Popov |
Limit unserialization element count more aggressively This is slightly more aggressive about rejecting obviously incorrect element counts. Previously the number of elements was allowed t
Limit unserialization element count more aggressively This is slightly more aggressive about rejecting obviously incorrect element counts. Previously the number of elements was allowed to match the number of characters. Now it is the number of characters divided by two (this can actually be increased further to at least 4). This doesn't really matter in the grand scheme of things (as it just cuts maximum memory usage by half), but should fix oss-fuzz #29356.
show more ...
|
#
3e01f5af |
| 15-Jan-2021 |
Nikita Popov |
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool
Replace zend_bool uses with bool We're starting to see a mix between uses of zend_bool and bool. Replace all usages with the standard bool type everywhere. Of course, zend_bool is retained as an alias.
show more ...
|
#
2d467abc |
| 07-Dec-2020 |
Nikita Popov |
Fix another typed resource issue in unserialization We also need to discard old entries in the ref_props HT when values are overwritten. We should really forbid these kinds of o
Fix another typed resource issue in unserialization We also need to discard old entries in the ref_props HT when values are overwritten. We should really forbid these kinds of overwrites. I believe they can only occur in manually crafted serialization strings, and cause so many problems... Fixes oss-fuzz #28257.
show more ...
|
#
77325c44 |
| 04-Dec-2020 |
Nikita Popov |
Fix removal of type source during unserialization Missed a check for info in this code. Add it, and add an assertion in type source removal to make it easier to catch this issue.
Fix removal of type source during unserialization Missed a check for info in this code. Add it, and add an assertion in type source removal to make it easier to catch this issue. Fixes oss-fuzz #28208 and #28257.
show more ...
|
#
ed9532cf |
| 30-Nov-2020 |
Nikita Popov |
Fix another ref source management bug in unserialize When we overwrite an existing property during unserialization, we also have to drop the ref source from it.
|
#
f5b93626 |
| 25-Nov-2020 |
Nikita Popov |
Fix unserialization ref source management, again Handle one case the previous patch did not account for: If unserialization of data fails, we should still register a ref source.
Fix unserialization ref source management, again Handle one case the previous patch did not account for: If unserialization of data fails, we should still register a ref source. Also add an extra test for a reference between two typed properties, as this used to be handled incorrectly earlier.
show more ...
|
#
7a3f25e3 |
| 25-Nov-2020 |
Nikita Popov |
Fix ref source management during unserialization Only register the slot for adding ref sources later if we didn't immediately register one. Also avoids leaking a ref source if it is
Fix ref source management during unserialization Only register the slot for adding ref sources later if we didn't immediately register one. Also avoids leaking a ref source if it is added early and the assignment fails. Fixes oss-fuzz #27628.
show more ...
|
#
df5011f5 |
| 28-Aug-2020 |
Nikita Popov |
Export and reuse zend_is_valid_class_name API Unserialization does the same check as zend_lookup_class, so let's share the same optimized implementation.
|
#
c47011ba |
| 28-Aug-2020 |
Nikita Popov |
Use zend_string when storing incomplete class name No need to copy the string here...
|
#
1b2ec73c |
| 26-Aug-2020 |
George Peter Banyard |
Drop various unused macros/APIs Also convert_libmagic_pattern() to return a zend_string* Closes GH-6029
|
#
6e92487f |
| 22-Jul-2020 |
twosee |
Fix warnings of strict-prototypes Closes GH-5887.
|
#
0280b83e |
| 06-Jul-2020 |
Nikita Popov |
Avoid some unnecessary uses of no_separation=0 For the rare cases where references are part of the API, construct them explicitly. Otherwise do not allow separation.
|
#
1314ccbf |
| 26-Jun-2020 |
Nikita Popov |
Cache __unserialize() instead of unserialize() We should use these cache slots for the new object serialization mechanism rather than the old one.
|
Revision tags: php-7.4.7, php-7.3.19 |
|
#
83a77015 |
| 08-Jun-2020 |
twosee |
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast()
Add helper APIs for maybe-interned string creation Add ZVAL_CHAR/RETVAL_CHAR/RETURN_CHAR as a shortcut for using ZVAL_INTERNED_STRING and ZSTR_CHAR. Add zend_string_init_fast() as a helper for the empty string / one char interned string / zend_string_init() pattern. Also add corresponding ZVAL_STRINGL_FAST etc macros. Closes GH-5684.
show more ...
|
Revision tags: php-7.4.7RC1, php-7.3.19RC1, php-7.4.6, php-7.2.31, php-7.4.6RC1, php-7.3.18RC1, php-7.2.30, php-7.4.5, php-7.3.17, php-7.4.5RC1, php-7.3.17RC1, php-7.3.18, php-7.4.4, php-7.2.29, php-7.3.16, php-7.4.4RC1, php-7.3.16RC1, php-7.4.3, php-7.2.28, php-7.3.15RC1, php-7.4.3RC1, php-7.3.15, php-7.2.27, php-7.4.2, php-7.3.14 |
|
#
691880b2 |
| 19-Jan-2020 |
Tyson Andre |
Speed up unserializing object properties Hash table lookups are slow. Don't do one a second time to update the property. The call to zend_hash_update_ind goes back to 8b0deb8cd2
Speed up unserializing object properties Hash table lookups are slow. Don't do one a second time to update the property. The call to zend_hash_update_ind goes back to 8b0deb8cd2d Background: Properties are IS_INDIRECT when they're a declared property, and point to properties_table. See https://nikic.github.io/2015/06/19/Internal-value-representation-in-PHP-7-part-2.html#objects-in-php-7
show more ...
|
Revision tags: php-7.3.14RC1, php-7.4.2RC1, php-7.4.1, php-7.2.26, php-7.3.13, php-7.4.1RC1, php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5 |
|
#
9d48bf51 |
| 27-Oct-2019 |
Tyson Andre |
Fix miscellaneous typos in docs and error messages Closes GH-4863.
|
Revision tags: php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4, php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23 |
|
#
1806ce9c |
| 24-Sep-2019 |
Nikita Popov |
Add max_depth option to unserialize() Add a max_depth option to unserialize and an unserialize_max_depth ini setting, which can be used to control the depth limit. The default value
Add max_depth option to unserialize() Add a max_depth option to unserialize and an unserialize_max_depth ini setting, which can be used to control the depth limit. The default value is 4096. This option is intended to prevent stack overflows during the unserialization of deeply nested structures. This fixes bug #78549 and addresses oss-fuzz #17581, #17589, #17664, and #17788.
show more ...
|
#
5d6e923d |
| 24-Sep-2019 |
Gabriel Caruso |
Remove mention of PHP major version in Copyright headers Closes GH-4732.
|
Revision tags: php-7.3.10 |
|
#
e65adc9c |
| 23-Sep-2019 |
Nikita Popov |
Fix ubsan violation in parse_iv2 This fixes two issues: * Negative the value in an unsigned type to avoid signed overflow. * Treat -0 as 0 rather than an invalid number that gets c
Fix ubsan violation in parse_iv2 This fixes two issues: * Negative the value in an unsigned type to avoid signed overflow. * Treat -0 as 0 rather than an invalid number that gets converted to ZEND_LONG_MIN.
show more ...
|
Revision tags: php-7.4.0RC2 |
|
#
c3376bf7 |
| 16-Sep-2019 |
Nikita Popov |
Fix use-after-free due to packed->mixed conversion with __unserialize()
|