From: Stanislav Malyshev <stas@php.net>
Date: Tue, 19 Jul 2016 07:53:08 +0000 (-0700)
Subject: Merge branch 'PHP-5.5' into PHP-5.6
X-Git-Tag: php-7.1.0beta1~28^2^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4d0565b5bad444b0652379668c5116b74ee13747;p=php

Merge branch 'PHP-5.5' into PHP-5.6

* PHP-5.5:
  fix #72519, possible OOB using imagegif
  fix #72512, invalid read or write for palette image when invalid transparent index is used
  Apparently some envs miss SIZE_MAX
  Fix tests
  Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
  Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
  Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
  Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
  Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
  Fix bug #72562 - destroy var_hash properly
  Fix bug #72533 (locale_accept_from_http out-of-bounds access)
  Fix fir bug #72520
  Fix for bug #72513
  CS fix and comments with bug ID
  Fix for HTTP_PROXY issue.
  add tests for bug #72512
  Fixed bug #72512 gdImageTrueColorToPaletteBody allows arbitrary write/read access
  Fixed bug #72479 - same as #72434

Conflicts:
	ext/bz2/bz2.c
	main/SAPI.c
	main/php_variables.c
---

4d0565b5bad444b0652379668c5116b74ee13747
diff --cc ext/bz2/bz2.c
index a93493fd3e,7cfcaa8f58..54b59f75d4
--- a/ext/bz2/bz2.c
+++ b/ext/bz2/bz2.c
@@@ -192,11 -195,11 +196,11 @@@ php_stream_ops php_stream_bz2io_ops = 
  };
  
  /* {{{ Bzip2 stream openers */
 -PHP_BZ2_API php_stream *_php_stream_bz2open_from_BZFILE(BZFILE *bz,
 -														char *mode, php_stream *innerstream STREAMS_DC TSRMLS_DC)
 +PHP_BZ2_API php_stream *_php_stream_bz2open_from_BZFILE(BZFILE *bz, 
 +														const char *mode, php_stream *innerstream STREAMS_DC TSRMLS_DC)
  {
  	struct php_bz2_stream_data_t *self;
- 	
+ 
  	self = emalloc(sizeof(*self));
  
  	self->stream = innerstream;
@@@ -243,16 -246,16 +247,16 @@@ PHP_BZ2_API php_stream *_php_stream_bz2
  		*opened_path = estrdup(path_copy);
  	}
  #ifdef VIRTUAL_DIR
 -	free(path_copy);
 +	efree(path_copy);
  #endif
  	path_copy = NULL;
- 	
+ 
  	if (bz_file == NULL) {
  		/* that didn't work, so try and get something from the network/wrapper */
  		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
- 	
+ 
  		if (stream) {
 -			int fd;
 +			php_socket_t fd;
  			if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD, (void **) &fd, REPORT_ERRORS)) {
  				bz_file = BZ2_bzdopen(fd, mode);
  			}