diff options
| -rw-r--r-- | README.RELEASE_PROCESS | 53 | ||||
| -rw-r--r-- | ext/gd/gd.c | 8 | ||||
| -rw-r--r-- | ext/gd/tests/bug67248.phpt | 27 | ||||
| -rw-r--r-- | ext/spl/spl_fixedarray.c | 2 | ||||
| -rw-r--r-- | ext/spl/tests/bug67247.phpt | 13 |
5 files changed, 80 insertions, 23 deletions
diff --git a/README.RELEASE_PROCESS b/README.RELEASE_PROCESS index 21305f2993..7a82a5c614 100644 --- a/README.RELEASE_PROCESS +++ b/README.RELEASE_PROCESS @@ -11,17 +11,27 @@ because the sysadmins can not upgrade stuff then. 2. Package two days before a release. So if the release is to be on Thursday, package on Tuesday. Think about timezones as well. -3. Ensure that Windows builds will work before packaging - -4. Follow all steps to the letter. When unclear ask previous RM's (David/Julien/ +3. Ensure that the tests on Travis CI are green. +See: https://travis-ci.org/php/php-src/builds +It is recommended to do so a couple of days before the packaging day, to +have enough time to investigate failures, communicate with the authors and +commit the fixes. +The RM for the branch is also responsible for keeping the CI green on +ongoing bases between the releases. Check the CI status for your branch +periodically and resolve the failures ASAP. See more in: +https://wiki.php.net/rfc/travis_ci + +4. Ensure that Windows builds will work before packaging + +5. Follow all steps to the letter. When unclear ask previous RM's (David/Julien/ Johannes/Stas/Derick/Ilia) before proceeding. Ideally make sure that for the first releases one of the previous RM's is around to answer questions. For the steps related to the php/QA/bug websites try to have someone from the webmaster team (Bjori) on hand. -5. Verify the tags to be extra sure everything was tagged properly. +6. Verify the tags to be extra sure everything was tagged properly. -6. Moving extensions from/to PECL requires write acces to the destination. +7. Moving extensions from/to PECL requires write acces to the destination. Most developers should have this. Moving extensions from php-src to PECL @@ -48,47 +58,49 @@ Rolling a non stable release (alpha/beta/RC) 1. Check windows snapshot builder logs (http://windows.php.net/downloads/snaps/ the last revision) -2. run the "scripts/dev/credits" script in php-src and commit the changes in the +2. Check the tests at https://travis-ci.org/php/php-src/builds + +3. run the "scripts/dev/credits" script in php-src and commit the changes in the credits files in ext/standard. -3. Checkout the release branch for this release (e.g., PHP-5.4.2) from the main branch. +4. Checkout the release branch for this release (e.g., PHP-5.4.2) from the main branch. -4. Bump the version numbers in ``main/php_version.h``, ``configure.in`` and possibly ``NEWS``. +5. Bump the version numbers in ``main/php_version.h``, ``configure.in`` and possibly ``NEWS``. Do not use abbreviations for alpha and beta. Do not use dashes, you should ``#define PHP_VERSION "5.4.22RC1"`` and not ``#define PHP_VERSION "5.4.22-RC1"`` -5. Compile and make test, with and without ZTS, using the right Bison version +6. Compile and make test, with and without ZTS, using the right Bison version (for example, for 5.5, Bison 2.4.1 is used) -6. Check ./sapi/cli/php -v output for version matching. +7. Check ./sapi/cli/php -v output for version matching. -7. If all is right, commit the changes to the release branch with ``git commit -a``. +8. If all is right, commit the changes to the release branch with ``git commit -a``. -8. Tag the repository release branch with the version, e.g.: +9. Tag the repository release branch with the version, e.g.: ``git tag -u YOURKEYID php-5.4.2RC2`` -9. Bump the version numbers in ``main/php_version.h``, ``configure.in`` and ``NEWS`` +10. Bump the version numbers in ``main/php_version.h``, ``configure.in`` and ``NEWS`` in the *main* branch (PHP-5.4 for example) to prepare for the **next** version. F.e. if the RC is "5.4.1RC1" then the new one should be "5.4.2-dev" - regardless if we get a new RC or not. This is to make sure ``version_compare()`` can correctly work. Commit the changes to the main branch. -10. Push the changes to the main repo, the tag, the main branch and the release branch : +11. Push the changes to the main repo, the tag, the main branch and the release branch : ``git push --tags origin HEAD`` ``git push origin {main branch}`` ``git push origin {release branch}`` -11. run: ``PHPROOT=. ./makedist 5.4.2RC2``, this will export the tree, create configure +12. run: ``PHPROOT=. ./makedist 5.4.2RC2``, this will export the tree, create configure and build three tarballs (gz, bz2 and xz). -12. Copy those tarballs (scp, rsync) to downloads.php.net, in your homedir there should be a +13. Copy those tarballs (scp, rsync) to downloads.php.net, in your homedir there should be a directory "downloads/". Copy them into there, so that the system can generate MD5 sums. If you do not have this directory, talk to Derick or Dan. -13. Now the RC can be found on http://downloads.php.net/yourname, +14. Now the RC can be found on http://downloads.php.net/yourname, f.e. http://downloads.php.net/derick/ -14. Once the release has been tagged, contact the PHP Windows development team +15. Once the release has been tagged, contact the PHP Windows development team (internals-win@lists.php.net) so that Windows binaries can be created. Once those are made, they should be placed into the same directory as the source snapshots. @@ -144,7 +156,8 @@ the base branches and merged upwards as usual (f.e commit the CVE fix to 5.3, merge to 5.4, 5.5 etc...). Then you can cherry-pick it in your release branch. Don't forget to update NEWS manually in an extra commit then. -3. Commit those changes +3. Commit those changes. Ensure the tests at https://travis-ci.org/php/php-src/builds are +still passing. 4. run the "scripts/dev/credits" script in php-src and commit the changes in the credits files in ext/standard. @@ -154,7 +167,7 @@ credits files in ext/standard. 6. Check ./sapi/cli/php -v output for version matching. -7. tag the repository with the version f.e. "``git tag -s php-5.4.1``" +7. tag the repository with the version f.e. "``git tag -u YOURKEYID -s php-5.4.1``" 8. Push the tag f.e. "``git push origin php-5.4.1``" diff --git a/ext/gd/gd.c b/ext/gd/gd.c index f54fb9ff8a..f67e80bf8e 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -5274,7 +5274,7 @@ PHP_FUNCTION(imageaffinematrixget) { double affine[6]; long type; - zval *options; + zval *options = NULL; zval **tmp; int res = GD_FALSE, i; @@ -5286,7 +5286,7 @@ PHP_FUNCTION(imageaffinematrixget) case GD_AFFINE_TRANSLATE: case GD_AFFINE_SCALE: { double x, y; - if (Z_TYPE_P(options) != IS_ARRAY) { + if (!options || Z_TYPE_P(options) != IS_ARRAY) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Array expected as options"); RETURN_FALSE; } @@ -5333,6 +5333,10 @@ PHP_FUNCTION(imageaffinematrixget) case GD_AFFINE_SHEAR_VERTICAL: { double angle; + if (!options) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number is expected as option"); + RETURN_FALSE; + } convert_to_double_ex(&options); angle = Z_DVAL_P(options); diff --git a/ext/gd/tests/bug67248.phpt b/ext/gd/tests/bug67248.phpt new file mode 100644 index 0000000000..9c83966a60 --- /dev/null +++ b/ext/gd/tests/bug67248.phpt @@ -0,0 +1,27 @@ +--TEST-- +Bug #67248 (imageaffinematrixget missing check of parameters) +--SKIPIF-- +<?php + if(!extension_loaded('gd')){ die('skip gd extension not available')} + if(!function_exists('imageaffinematrixget')) die('skip imageaffinematrixget() not available'); +?> +--FILE-- +<?php +for($i=0;$i<7;$i++) { + imageaffinematrixget($i); +} +?> +--EXPECTF-- +Warning: imageaffinematrixget(): Array expected as options in %s on line %d + +Warning: imageaffinematrixget(): Array expected as options in %s on line %d + +Warning: imageaffinematrixget(): Number is expected as option in %s on line %d + +Warning: imageaffinematrixget(): Number is expected as option in %s on line %d + +Warning: imageaffinematrixget(): Number is expected as option in %s on line %d + +Warning: imageaffinematrixget(): Invalid type for element 5 in %s on line %d + +Warning: imageaffinematrixget(): Invalid type for element 6 in %s on line %d diff --git a/ext/spl/spl_fixedarray.c b/ext/spl/spl_fixedarray.c index dcd1582d60..2c5d5f626c 100644 --- a/ext/spl/spl_fixedarray.c +++ b/ext/spl/spl_fixedarray.c @@ -116,7 +116,7 @@ static void spl_fixedarray_resize(spl_fixedarray *array, long size TSRMLS_DC) /* array->elements = NULL; } } else if (size > array->size) { - array->elements = erealloc(array->elements, sizeof(zval *) * size); + array->elements = safe_erealloc(array->elements, size, sizeof(zval *), 0); memset(array->elements + array->size, '\0', sizeof(zval *) * (size - array->size)); } else { /* size < array->size */ long i; diff --git a/ext/spl/tests/bug67247.phpt b/ext/spl/tests/bug67247.phpt new file mode 100644 index 0000000000..cb71445d7b --- /dev/null +++ b/ext/spl/tests/bug67247.phpt @@ -0,0 +1,13 @@ +--TEST-- +Bug #67247 (spl_fixedarray_resize integer overflow) +--FILE-- +<?php +$ar = new SplFixedArray(1); +echo "size: ".$ar->getSize()."\n"; +$ar->setSize((PHP_INT_SIZE==8)?0x2000000000000001:0x40000001); +echo "size: ".$ar->getSize()."\n"; +?> +--EXPECTF-- +size: 1 + +Fatal error: Possible integer overflow in memory allocation (%d * %d + 0) in %s on line %d |