#
a5e8ac62 |
| 06-Oct-2024 |
David Carlier |
Fix GH-16258 overflow on jddayofweek argument. close GH-16263
|
#
2d05da2e |
| 06-Oct-2024 |
David Carlier |
Fix GH-16260: overflow/underflow on imagerotate degrees argument. close GH-16264
|
#
39ae00fa |
| 05-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
NEWS and UPGRADING for outerHTML Closes GH-15887.
|
#
1e949d18 |
| 04-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix edge-case in DOM parsing decoding There are three connected subtle issues: 1) The fast path didn't correctly handle the case where the decoder requests more data. This caused
Fix edge-case in DOM parsing decoding There are three connected subtle issues: 1) The fast path didn't correctly handle the case where the decoder requests more data. This caused a bogus additional replacement sequence to be outputted when encountering an incomplete sequence at the edges of a buffer. 2) The finishing of decoding incorrectly assumed that the fast path cannot be in a state where the last few bytes were an incomplete sequence, but this is not true as shown by test 08. 3) The finishing of decoding could output bytes twice because it called into dom_process_parse_chunk() twice without clearing the decoded data. However, calling twice is not even necessary as the entire buffer cannot be filled up entirely. Closes GH-16226.
show more ...
|
#
809a58bc |
| 05-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16237: Segmentation fault when cloning SoapServer Bisect points to 94ee4f9, however this only reveals the problem. Cloning an object on a lower branch and trying to call its metho
Fix GH-16237: Segmentation fault when cloning SoapServer Bisect points to 94ee4f9, however this only reveals the problem. Cloning an object on a lower branch and trying to call its methods crashes as well. Cloning the object shouldn't be possible in the first place because there's an engine constraint that when we have a new object handler we should also have a clone handler. This constraint is not fulfilled here. Closes GH-16245.
show more ...
|
#
a3ff092c |
| 05-Oct-2024 |
David Carlier |
Fix GH-16228 overflow on easter_days/easter_date year argument. close GH-16241
|
#
54973c93 |
| 05-Oct-2024 |
David Carlier |
Fix GH-16232: bitshift overflow on wbmp file content reading. backport from https://github.com/libgd/libgd/commit/a8f1d5cab0cad2bca2ed88a49c3f3de8585ff19b close GH-16239
|
#
f4d2dd03 |
| 05-Oct-2024 |
David Carlier |
Fix GH-16231 jdtounix overflow on argument value. Close GH-16240
|
#
331da7e8 |
| 03-Oct-2024 |
Daniel Scherzer |
Fix GH-16187: ReflectionClass::__toString() with packed properties hash table Closes GH-16192.
|
#
3d80d98a |
| 01-Oct-2024 |
David Carlier |
Fix GH-16137: "Deduplicate" http headers values but Set-Cookie. Those are meant to have 1 or plus values separated by a comma even if the client set them separately. close GH-1
Fix GH-16137: "Deduplicate" http headers values but Set-Cookie. Those are meant to have 1 or plus values separated by a comma even if the client set them separately. close GH-16154
show more ...
|
#
c4bb0755 |
| 03-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c libpcre2 can return the special value -1 for a non-match. In this case we get pointer overflow, although it doesn't matter i
Fix GH-16184: UBSan address overflowed in ext/pcre/php_pcre.c libpcre2 can return the special value -1 for a non-match. In this case we get pointer overflow, although it doesn't matter in practice because the pointer will be in bounds and the copy length will be 0. Still, we should fix the UBSAN warning. Closes GH-16205.
show more ...
|
#
d4a4d2e7 |
| 02-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix bugs GH-16150 and GH-16152: intern document mismanagement The reference counts of the internal document pointer are mismanaged. In the case of fragments the refcount may be increased
Fix bugs GH-16150 and GH-16152: intern document mismanagement The reference counts of the internal document pointer are mismanaged. In the case of fragments the refcount may be increased too much, while for other cases the document reference may not be applied to all children. This bug existed for a long time and this doesn't reproduce (easily) on 8.2 due to other bugs. Furthermore 8.2 will enter security mode soon, and this change may be too risky. Fixes GH-16150. Fixed GH-16152. Closes GH-16178.
show more ...
|
#
3be6ff66 |
| 03-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-16190: Using reflection to call Dom\Node::__construct causes assertion failure Closes GH-16193.
|
#
e915ed75 |
| 28-Aug-2024 |
Peter Kokot |
Fix GH-16199: GREP_HEADER() is broken This also fixes the libxml version check when the libxml/xmlversion.h is located elsewhere than libxml2 include directory. Closes GH-15619.
|
#
7c31e5f9 |
| 03-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16055
|
#
e02e6be6 |
| 03-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-15960
|
#
f453d1ae |
| 03-Oct-2024 |
David Carlier |
Fix GH-16189: underflow on preg_match/preg_match_all start_offset. close GH-16191
|
#
f14e5cfa |
| 02-Oct-2024 |
Christoph M. Becker |
Fix GH-16181: phpdbg: exit in exception handler reports fatal error When running PHP code, we must not handle `UnwindExit` exceptions, but rather have to ignore them. Closes GH-
Fix GH-16181: phpdbg: exit in exception handler reports fatal error When running PHP code, we must not handle `UnwindExit` exceptions, but rather have to ignore them. Closes GH-16182.
show more ...
|
#
bd724bdf |
| 01-Oct-2024 |
Niels Dossche <7771979+nielsdos@users.noreply.github.com> |
Fix GH-15169: stack overflow when var serialization in ext/standard/var Adding a stack check here as I consider serialization to be a more sensitive place where erroring out with an exce
Fix GH-15169: stack overflow when var serialization in ext/standard/var Adding a stack check here as I consider serialization to be a more sensitive place where erroring out with an exception seems appropriate. Closes GH-16159.
show more ...
|
#
2bcf3f9e |
| 02-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16061
|
#
ca8888ab |
| 02-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16061
|
#
0516d95a |
| 02-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16061
|
#
cd647807 |
| 02-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16025
|
#
26fd8d2c |
| 02-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16025
|
#
36945ecb |
| 02-Oct-2024 |
Arnaud Le Blanc |
[ci skip] NEWS for GH-16025
|