summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* fix ZTS buildphp-5.6.26PHP-5.6.26Remi Collet2016-09-151-1/+1
|
* 5.6.26Ferenc Kovacs2016-09-153-6/+35
|
* add test for bug #73068Anatol Belski2016-09-151-0/+37
|
* missed semicolonAnatol Belski2016-09-151-1/+1
|
* fix C89 conformityAnatol Belski2016-09-151-3/+3
|
* Fix bug #72293 - Heap overflow in mysqlnd related to BIT fieldsStanislav Malyshev2016-09-151-1/+7
|
* Fix testStanislav Malyshev2016-09-151-0/+5
|
* Fix bug #73065: Out-Of-Bounds Read in php_wddx_push_element of wddx.cStanislav Malyshev2016-09-152-9/+108
|
* Fix bug #73035 (Out of bound when verify signature of tar phar in ↵Stanislav Malyshev2016-09-153-1/+19
| | | | phar_parse_tarfile)
* Fix bug #73052 - Memory Corruption in During Deserialized-object DestructionStanislav Malyshev2016-09-154-33/+53
|
* Add check in fgetcsv in case sizeof(unit) != sizeof(size_t)Stanislav Malyshev2016-09-151-0/+4
|
* Fix bug #73029 - Missing type check when unserializing SplArrayStanislav Malyshev2016-09-152-4/+22
|
* Fix bug #72860: wddx_deserialize use-after-freeStanislav Malyshev2016-09-152-1/+29
|
* Also fix overflow in wordwrapStanislav Malyshev2016-09-151-1/+1
|
* Fix bug #73007: add locale length checkStanislav Malyshev2016-09-151-0/+2
|
* Add more checks for int overflowStanislav Malyshev2016-09-152-14/+14
|
* Fix bug #72928 - Out of bound when verify signature of zip phar in ↵Stanislav Malyshev2016-09-154-1/+47
| | | | phar_parse_zipfile
* Fix various int size overflows.Stanislav Malyshev2016-09-1511-143/+210
| | | | | Add function for detection of string zvals with length that does not fit INT_MAX.
* Same issue as #72926 in another place.Stanislav Malyshev2016-09-151-1/+4
|
* Sync fix for bug #72910 with current upstreamStanislav Malyshev2016-09-151-3/+5
|
* fix double freeAnatol Belski2016-09-151-1/+0
|
* Fix bug #72910Stanislav Malyshev2016-09-151-1/+1
| | | | Merge upstream patch from https://github.com/kkos/oniguruma/commit/65bdf2a0d160d06556415e5f396a75f6b11bad5c
* Revert "Fixed bug #72703 Out of bounds global memory read in BF_crypt ↵Ferenc Kovacs2016-09-152-25/+0
| | | | | | triggered by password_verify" This reverts commit 295303b59059536079caf68b4d76acf2149bd42c.
* PHP-5.6.26RC1php-5.6.26RC1Ferenc Kovacs2016-09-013-7/+7
|
* Fix #71882 amendment 2: Negative ftruncate() on php://memory exhausts memoryChristoph M. Becker2016-08-311-2/+2
|
* Fix #71882 amendment: Negative ftruncate() on php://memory exhausts memoryChristoph M. Becker2016-08-311-1/+1
| | | | To avoid BC breaks, we do not raise a warning for now.
* Update NEWSYasuo Ohgaki2016-08-311-0/+2
|
* Fix #66797: mb_substr only takes 32-bit signed integerChristoph M. Becker2016-08-303-0/+33
| | | | | | `from` and `len` are `long`, but get passed to mbfl_substr() which expects `int`s. Therefore we clamp the values to avoid the undefined conversion behavior.
* Test case for bug #72771Ville Hukkamäki2016-08-302-1/+31
|
* Fix #71882: Negative ftruncate() on php://memory exhausts memoryChristoph M. Becker2016-08-303-0/+18
| | | | We must not pass negative sizes to a size_t parameter.
* fix HANDLE leakAnatol Belski2016-08-291-0/+6
|
* update NEWSAnatol Belski2016-08-291-0/+2
|
* ensure null terminationAnatol Belski2016-08-291-2/+3
|
* Fixed bug #72703 Out of bounds global memory read in BF_crypt triggered by ↵Anatol Belski2016-08-292-0/+25
| | | | password_verify
* fix double freeAnatol Belski2016-08-291-4/+3
|
* fix leakAnatol Belski2016-08-291-0/+1
|
* Added .user.ini support.George Wang2016-08-281-32/+489
| | | | | Added LSPHPRC support. update LiteSpeed SAPI version to 6.10 .
* Fix #65550: get_browser() incorrectly parsers entries with "+" signChristoph M. Becker2016-08-273-0/+25
| | | | | + signs in the browscap patterns are meant to be literal characters, so we have to escape them for the regex matching.
* Fix #70825: Cannot fetch multiple values with group in ini fileChristoph M. Becker2016-08-253-0/+74
| | | | | If we have the position already from the last fetch, we also have to preset the current group, because it won't be read again.
* Fix #71514: Bad dba_replace condition because of wrong API usageChristoph M. Becker2016-08-253-5/+37
| | | | We're backporting commit 9e309a2d to PHP-5.6, because it is a bugfix.
* backport relevant part from bug #72858 patch in 7.0Anatol Belski2016-08-251-2/+12
|
* Fix #68716: possible resource leaks in _php_image_convert()Christoph M. Becker2016-08-212-2/+22
| | | | | We properly clean up after ourselves wrt. to closing opened file pointers and created images.
* Fix #72913: imagecopy() loses single-color transparency on palette imagesChristoph M. Becker2016-08-213-20/+31
| | | | | The proper code to handle true-color to palette copies is already contained in gdImageCopy(), so we can simply remove the buggy duplicated code.
* Fix #66005: imagecopy does not support 1bit transparency on truecolor imagesChristoph M. Becker2016-08-213-1/+42
| | | | | We must not copy transparent pixels, see <https://github.com/libgd/libgd/commit/daac285c>.
* Merge branch 'PHP-5.6' of git.php.net:/php-src into PHP-5.6Xinchen Hui2016-08-217-14/+76
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | * 'PHP-5.6' of git.php.net:/php-src: Improvements to fix #72714, suggested by nikic Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequence Fix #72714: _xml_startElementHandler() segmentation fault update NEWS Fixed bug #72852 imap_mail null dereference Revert "Fix dba configuration for Windows" Fix dba configuration for Windows Fix broken test include fix NEWS Add myself as PDO_OCI maintainer
| * Improvements to fix #72714, suggested by nikicChristoph M. Becker2016-08-202-3/+3
| |
| * Fix #65732: grapheme_*() is not Unicode compliant on CR LF sequenceChristoph M. Becker2016-08-203-1/+24
| | | | | | | | | | | | | | | | | | According to the Unicode specification (at least as of 5.1), CRLF sequences are considered to be a single grapheme. We cater to that special case by letting grapheme_ascii_check() fail. While it would be trivial to fix grapheme_ascii_check() wrt. grapheme_strlen(), grapheme_substr() and grapheme_strrpos() would be much harder to handle, so we accept the slight performance penalty if CRLF is involved.
| * Fix #72714: _xml_startElementHandler() segmentation faultChristoph M. Becker2016-08-203-8/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The issue is caused by an integer overflow when the `long` passed as XML_OPTION_SKIP_TAGSTART is assigned to `xml_parser::toffset` which is declared as `int`. We can simply work around this issue, by clipping resulting negative values to 0 (and raising a notice in this case), because the reasonable range for this value is certainly catered to by positive `int`s. However, there still remains the issue that `xml_parser::toffset` is later added to `char *`s, which can cause OOB reads, so we make sure that the upper bound never exceeds the strlen(). We eschew optimizing `SKIP_TAGSTART` wrt. to the potentially duplicate strlen() call, because that code path is unexpected anyway.
| * update NEWSAnatol Belski2016-08-201-0/+3
| |
| * Fixed bug #72852 imap_mail null dereferenceAnatol Belski2016-08-201-3/+3
| |
View Lorry Controller Status