Nikita Popov [Thu, 21 Feb 2019 12:42:47 +0000 (13:42 +0100)]
Fixed bug #77597
The same variable was reused in two nested loops... The test doesn't
fail on 7.2, but I'm fixing this here anyway as the code is clearly
wrong, and probably erroneous in other situations.
Nikita Popov [Mon, 18 Feb 2019 13:01:45 +0000 (14:01 +0100)]
Make MADV_HUGEPAGE conditional on USE_ZEND_ALLOC_HUGE_PAGES
There have been multiple reports of large slowdowns due to the
use of MADV_HUGEPAGE, so make it conditional on
USE_ZEND_ALLOC_HUGE_PAGES, just like MAP_HUGETLB already is.
Fix #77621: Already defined constants are not properly reported
We must not check uninitialized values (i.e. `c.value`), and we have to
use proper types for printf-style formats (i.e. `char *` instead of
`zend_string *`).
Peter Kokot [Wed, 26 Sep 2018 17:29:25 +0000 (19:29 +0200)]
Refactor timelib.m4
The ext/date/lib is bundled library and also includes additional
timelib.m4 macros and checks specific for PHP.
All the checks in the timelib.m4 are already done in the PHP's
configure.ac:
- headers except for io.h and strings.h
- two functions checked strftime and gettimeofday
- if size of longint is 8
- if size of int is 4
- int32_t and uint32_t types using the PHP_CHECK_STDINT_TYPES
Macro `AC_TIMELIB_C_BIGENDIAN` defined in timelib.m4 is not used.
The two checkings for strtoll and atoll have been moved to date extension's
config0.m4 file.
Additional check for headers <io.h> and <strings.h> has been added to
config0.m4 of the date extension.
Therefore the timelib.m4 can be simplified and removed from the bundled
library to have easier maintenance in the later branches and also
upstream library.
Nikita Popov [Tue, 12 Feb 2019 08:54:52 +0000 (09:54 +0100)]
Remove "defensive copy" of DatePeriod properties
get_properties() constructs these as fresh objects with no relation
to the internals, there is no need to clone them again. Additionally
the current implementation leaks memory, because the original objects
are never freed (see PR #3121).
Ben Ramsey [Sun, 10 Feb 2019 18:25:19 +0000 (12:25 -0600)]
Fixed bug #77564: Memory leak in exif_process_IFD_TAG
The memory leak occurs when more than one UserComment tag is present in
the EXIF data. It's still considered corrupt EXIF data, but this ensures
the memory is freed before trying to set to already allocated memory.
Darek Slusarczyk [Mon, 11 Feb 2019 16:16:49 +0000 (17:16 +0100)]
security fix - by default 'local infile' is disabled:
- set default for mysqli.allow_local_infile=0
- explicitly disable PDO::MYSQL_ATTR_LOCAL_INFILE in case of lack of driver options
- add getAttribute support for PDO::MYSQL_ATTR_LOCAL_INFILE
- update existing tests where needed
- add new tests [checking default value and setting on] the 'local infile' in ext/mysqli and ext/pdo_mysql
YanTao [Fri, 8 Feb 2019 03:41:41 +0000 (11:41 +0800)]
Fix FTPS passive mode of data channel event poll
Bugfix: when using passive mode of FTPS protocol, data channel events
should be polled when creating data connection channel, instead of polling
the event of ftp's self control channel, which may cause ftp transfer
problem while using ftps and passive mode.
Nikita Popov [Thu, 24 Jan 2019 09:56:04 +0000 (10:56 +0100)]
Add flag to disable jumptable optimization
This is useful for coverage. While it is currently safe to just
skip over the SWITCH_* opcodes, this may not be true in the future
due to opcache optimizations, so it's safer to disable emission of
SWITCH_* opcodes entirely.
The fix for PHP bug 43828[1] changed the algorithm from drawing filled
pies from drawing multiple triangles to drawing a single polygon. Due
to quirks of the filled polygon drawing algorithm, we had to filter out
extraneous vertices. This lead, however, to a bug regarding displaced
starting and ending points near 90° and 270° degrees, which we fix by
reinserting these vertices if they had been removed.
Kevin Adler [Thu, 27 Dec 2018 19:54:08 +0000 (13:54 -0600)]
Fix bug #77361 (configure fails on 64-bit AIX when opcache enabled)
In f9048300123, support for GNU Hurd was added to the opcache and
the configure check to ensure the opcache knows the flock struct
layout prior to building was changed check for two cases: BSD layout
and Linux layout. All the existing hard-coded cases in
ZendAccelerator.h follow these two cases, except for 64-bit AIX.
This means that even though building on 64-bit AIX would work,
the configure script refuses to continue.
Add a new configure check for the 64-bit AIX case and a new
compiler definition HAVE_FLOCK_AIX64. Now that all the cases are
covered, simplify the ifdef logic around these three HAVE_FLOCK_*
macros:
- The macOS and the various BSD flavors fall under HAVE_FLOCK_BSD
- Linux, HP-UX, GNU Hurd, 32-bit AIX, and SVR4 environments
fall under HAVE_FLOCK_LINUX
- 64-bit AIX falls under HAVE_FLOCK_AIX64
The only difference between the existing HAVE_FLOCK_LINUX and
the hard-coded Linux/HP-UX/Hurd case is that the latter
initialized the 5th member to 0, but since the C standard already
says that un-initialized members will be initialized to 0,
it's effectively the same.
The idea is to create an easy way to provide a certificate that never
expires. In order to make it cross-platform, PHP is used rather than
openssl CLI app. Using openssl to generate certificates for tests that
test openssl might be not the best idea but pros seem to outweight cons
that this "recursice dependency" adds
* PHP-7.1:
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
Add NEWS
[ci skip] Add NEWS
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
* PHP-5.6:
Fix bug #77418 - Heap overflow in utf32be_mbc_to_code
[ci skip] Add NEWS
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
* PHP-7.1:
Fix #77369 - memcpy with negative length via crafted DNS response
Fix more issues with encodilng length
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)
Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
Fix #77269: Potential unsigned underflow in gdImageScale
Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
Regenerate certs for openssl tests
Fix #77270: imagecolormatch Out Of Bounds Write on Heap
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal. We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.