| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
We must not access memory outside of the allocated buffer.
(cherry picked from commit 7df594b9437aa4f127581e4c88da99e7c41a9b14)
|
| |
|
|
| |
(cherry picked from commit 409965fe1cfa013abd377a5b567e2d19aac163e8)
|
| |
|
|
|
|
| |
all-access permissions
(cherry picked from commit 6facfa59a5273a7084fabe13f215bb17215218c4)
|
| |
|
|
|
|
| |
Not all systems support the discard protocol (TCP port 9), and since
there is no particular reason to use it, we switch to using actual
server testing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The culprit is the too restrictive fix for bug #71536, which prevents
`php_libxml_streams_IO_write()` from properly executing when unclean
shutdown is flagged. A *more* suitable solution is to move the
`xmlwriter_free_resource_ptr()` call from the `free_obj` handler to an
added `dtor_obj` handler, to avoid to write to a closed stream in case
of late object freeing. This makes the `EG(active)` guard superfluous.
We also fix bug79029.phpt which has to use different variables for the
three parts to actually check the original shutdown issue.
Thanks to bwoebi and daverandom for helping to investigate this issue.
|
| |
|
|
|
|
|
| |
Since we're dealing with floating point numbers, precision issues may
hit us, and actually it's not necessary to check for the exact number
anyway, because it is not exact in the first place. Therefore, we
relax the test expectations.
|
| |
|
|
|
|
|
|
|
|
|
| |
We have to convert to number *before* detecting the type, to cater to
internal objects implementing `cast_object`.
We also get rid of the fallback behavior of using `FORMAT_TYPE_INT32`,
because that can no longer happen; after `convert_scalar_to_number_ex`
the type is either `IS_LONG` or `IS_DOUBLE`. We cater explicitly to
the `IS_ARRAY` case what also avoids triggering a type confusion when
`::TYPE_INT64` is passed as `$type`.
|
| |
|
|
|
|
|
|
|
| |
The fix for bug #49634 solved a double-free by copying the node with
`xmlDocCopyNodeList()`, but the copied node is later freed by calling
`xmlFreeNode()` instead of `xmlFreeNodeList()`, thus leaking memory.
However, there is no need to treat the node as node list, i.e. to copy
also the node's siblings; just creating a recursive copy of the node
with `xmlDocCopyNode()` is sufficient, while that also avoids the leak.
|
| | |
|
| | |
|
| |
|
|
|
| |
enc_name can be NULL here. Take the name from the mbfl_encoding
instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is going to cause a segfault if reused in the next request.
To illustrate the issue, run these two scripts in sequence with
the built-in server:
// script1.php
mb_ereg_search_init('foobar');
mb_ereg_search('foo');
// script2.php
var_dump(mb_ereg_search_init("foobar"));
var_dump(mb_ereg_search_pos());
|
| |
|
|
|
| |
This segfaulted because we assumed that if there are matches,
there must be a regular expression as well.
|
| |
|
|
| |
We actually have to decompress, when told to do so.
|
| |
|
|
|
| |
Set CLI exit code to 1 when invalid parameters are passed,
and print error to stderr.
|
| | |
|
| |
|
|
|
|
| |
The test still needs to access <http://www.w3.org/2009/01/xml.xsd>, but
at least we no longer depend on <http://x-road.eu/xsd/x-road.xsd>,
which may be moved again.
|
| | |
|
| |
|
|
|
|
|
|
| |
Adjust for URL change in XSD file and mark as online test.
Is it possible for use to store http://x-road.eu/xsd/xroad.xsd
locally instead? Do relative file system paths work here?
I'm not familiar with this.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Make sure we also NULL out next/prev of the removed element on
pop/shift. This only matter is that element is still being referenced
by an iterator.
|
| |\
| |
| |
| |
| | |
* PHP-7.2:
More checks for php_strip_tags_ex
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
We must not modify arrays passed by value.
|
| | |
| |
| |
| |
| |
| | |
We must increase the refcount of `return_value` only if `cert` is a
resource; this is already done in `php_openssl_evp_from_zval()`,
though.
|
| |\ \
| |/
| |
| |
| |
| |
| |
| | |
* PHP-7.2:
Update NEWS
Fix bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
Fix #79099: OOB read in php_strip_tags_ex
Fix #79091: heap use-after-free in session_create_id()
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
If the `new_id` is released, we must not use it again.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Column names can be numeric strings, so we have to make sure to insert
the column values with the appropriate numeric keys, instead of adding
them.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We use the portable {TMP} instead of the hard-coded /tmp, and skip
mysqli_debug_append.phpt on Windows, because unlinking the trace file
while the connection is still open won't work there.
(cherry picked from commit 60081ca20d5701111de5f94ae64909b1cc265f1e)
|
| | |
| |
| |
| | |
Cf. <https://bugs.php.net/bug.php?id=61685#1578672905>.
|
| | |
| |
| |
| |
| | |
To avoid this, we have to verify the handlers already in
`curl_multi_add_handle()`, not only in `curl_multi_exec()`.
|
| | |
| |
| |
| |
| |
| | |
This reverts commit 17a9f1401aeb35fe1e3657b38102a410d151d42f, because
this commit would break ABI, and also due to bug #79013.
We keep the commit for PHP 7.4+, though.
|
| | |
| |
| |
| |
| | |
If the header string is empty, we pass `NULL` to `php_mail()` to avoid
further checks on the string length.
|
| | |
| |
| |
| |
| | |
We port
<https://github.com/libgd/libgd/commit/9088591eae437358ee5b929adf82865e37e3001e>.
|
| | |
| |
| |
| |
| | |
We port
<https://github.com/libgd/libgd/commit/7a06c1669c563917bc48c464521e3de962ddb4e8>.
|
| | |
| |
| |
| |
| |
| |
| | |
We implement support for a fifth parameter, which allows to specify the
mapsize. The parameter defaults to zero, in which case the compiled in
default mapsize (usually 1048576) will be used. The mapsize should be
a multiple of the page size of the OS.
|
| | |
| |
| |
| |
| |
| | |
We check that the given microsecond fraction is in the valid range
[0, 1000000[, and otherwise mark it as invalid. We also drop the
useless do loop; a plain block is sufficient here.
|
| | |
| |
| |
| |
| |
| |
| | |
We must not use the same shared memory OPcache instance for different
SAPIs, since their memory layout is different. To avoid this, we add
the SAPI name (truncated to at most 20 characters) to the names of the
memory base file, the mutex and the file mapping.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
We must not set an empty mime structure as `CURLOPT_MIMEPOST`; instead
we set it to `NULL` if `CURLOPT_POSTFIELDS` has been set to an empty
array.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
We backport the fix PHP 7.3, since this branch is affected as well.
(cherry picked from commit b5e004379647bd1ebb75eb2eac8826fb6abdd3d8)
(cherry picked from commit e36daa6927c05d2e687bb77495ef206cde118b33)
(cherry picked from commit 2704ee6844c03348de9d15e74646d09007ef0f7c)
|
| | |
| |
| |
| | |
Call PQconsumeInput() before PQstatus() to update the status.
|
| | |
| |
| |
| | |
pgsqlGetNotify() didn't check result of PQconsumeInput().
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some functions in libmagic (distributed with fileinfo extension) perform this sequence of calls:
func() {
setlocale(LC_TYPE, "C")
.. do some work ..
setlocale(LC_TYPE, "")
}
It effectively resets LC_TYPE if it that was set before the function call.
To avoid manipulations with current locale at all, the problematic functions
were modified to use locale-independent functions.
|
| | |
| |
| |
| |
| | |
An error message can be misleading when a handler
passed to pcntl_signal() is not callable.
|
