42 changed files with 19716 additions and 5659 deletions
-
11.appveyor.yml
-
1UPGRADING
-
2Zend/zend_hash.c
-
8113Zend/zend_language_scanner.c
-
2Zend/zend_language_scanner_defs.h
-
2Zend/zend_portability.h
-
2appveyor/build_task.bat
-
4configure.in
-
2ext/exif/exif.c
-
12ext/exif/tests/bug73737.phpt
-
BINext/exif/tests/bug73737.tiff
-
4ext/mysqli/mysqli_nonapi.c
-
41ext/mysqli/tests/bug73462.phpt
-
4ext/mysqlnd/mysqlnd_wireprotocol.c
-
1ext/opcache/tests/basic_logging.phpt
-
16ext/opcache/tests/issue0115.phpt
-
4ext/opcache/tests/issue0149.phpt
-
1ext/opcache/tests/log_verbosity_bug.phpt
-
7ext/phar/phar.c
-
BINext/phar/tests/bug73764.phar
-
16ext/phar/tests/bug73764.phpt
-
BINext/phar/tests/bug73768.phar
-
16ext/phar/tests/bug73768.phpt
-
550ext/standard/browscap.c
-
8ext/standard/crypt.c
-
214ext/standard/pack.c
-
2ext/standard/php_crypt_r.c
-
11018ext/standard/tests/misc/browscap_lite_2016_12_06.ini
-
2238ext/standard/tests/misc/get_browser_variation3.phpt
-
1112ext/standard/tests/misc/user_agents.txt
-
12ext/standard/tests/serialize/bug73825.phpt
-
312ext/standard/tests/strings/pack_float.phpt
-
4ext/standard/tests/strings/unpack_error.phpt
-
1441ext/standard/var_unserializer.c
-
22ext/standard/var_unserializer.re
-
6ext/sysvsem/tests/nowait.phpt
-
23ext/wddx/tests/bug73831.phpt
-
36ext/wddx/wddx.c
-
43main/explicit_bzero.c
-
8main/php.h
-
37main/strlcat.c
-
28main/strlcpy.c
8113
Zend/zend_language_scanner.c
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,12 @@ |
|||
--TEST-- |
|||
Bug #73737 (Crash when parsing a tag format) |
|||
--SKIPIF-- |
|||
<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> |
|||
--FILE-- |
|||
<?php |
|||
$exif = exif_thumbnail(__DIR__ . '/bug73737.tiff'); |
|||
var_dump($exif); |
|||
?> |
|||
--EXPECTF-- |
|||
Warning: exif_thumbnail(bug73737.tiff): Error in TIFF: filesize(x0030) less than start of IFD dir(x10102) in %s line %d |
|||
bool(false) |
|||
@ -0,0 +1,41 @@ |
|||
--TEST-- |
|||
Bug #73462 (Persistent connections don't set $connect_errno) |
|||
--SKIPIF-- |
|||
<?php |
|||
require_once('skipif.inc'); |
|||
require_once('skipifemb.inc'); |
|||
require_once('skipifconnectfailure.inc'); |
|||
?> |
|||
--FILE-- |
|||
<?php |
|||
require_once("connect.inc"); |
|||
|
|||
/* Initial persistent connection */ |
|||
$mysql_1 = new mysqli('p:'.$host, $user, $passwd, $db); |
|||
$result = $mysql_1->query("SHOW STATUS LIKE 'Connections'"); |
|||
$c1 = $result->fetch_row(); |
|||
$result->free(); |
|||
$mysql_1->close(); |
|||
|
|||
/* Failed connection to invalid host */ |
|||
$mysql_2 = @new mysqli(' !!! invalid !!! ', $user, $passwd, $db); |
|||
@$mysql_2->close(); |
|||
|
|||
/* Re-use persistent connection */ |
|||
$mysql_3 = new mysqli('p:'.$host, $user, $passwd, $db); |
|||
$error = mysqli_connect_errno(); |
|||
$result = $mysql_3->query("SHOW STATUS LIKE 'Connections'"); |
|||
$c3 = $result->fetch_row(); |
|||
$result->free(); |
|||
$mysql_3->close(); |
|||
|
|||
if (end($c1) !== end($c3)) |
|||
printf("[001] Expected '%d' got '%d'.\n", end($c1), end($c3)); |
|||
|
|||
if ($error !== 0) |
|||
printf("[002] Expected '0' got '%d'.\n", $error); |
|||
|
|||
print "done!"; |
|||
?> |
|||
--EXPECTF-- |
|||
done! |
|||
@ -0,0 +1,16 @@ |
|||
--TEST-- |
|||
Phar: PHP bug #73764: Crash while loading hostile phar archive |
|||
--SKIPIF-- |
|||
<?php if (!extension_loaded("phar")) die("skip"); ?> |
|||
--FILE-- |
|||
<?php |
|||
chdir(__DIR__); |
|||
try { |
|||
$p = Phar::LoadPhar('bug73764.phar', 'alias.phar'); |
|||
echo "OK\n"; |
|||
} catch(PharException $e) { |
|||
echo $e->getMessage(); |
|||
} |
|||
?> |
|||
--EXPECTF-- |
|||
internal corruption of phar "%sbug73764.phar" (truncated manifest entry) |
|||
@ -0,0 +1,16 @@ |
|||
--TEST-- |
|||
Phar: PHP bug #73768: Memory corruption when loading hostile phar |
|||
--SKIPIF-- |
|||
<?php if (!extension_loaded("phar")) die("skip"); ?> |
|||
--FILE-- |
|||
<?php |
|||
chdir(__DIR__); |
|||
try { |
|||
$p = Phar::LoadPhar('bug73768.phar', 'alias.phar'); |
|||
echo "OK\n"; |
|||
} catch(PharException $e) { |
|||
echo $e->getMessage(); |
|||
} |
|||
?> |
|||
--EXPECTF-- |
|||
cannot load phar "%sbug73768.phar" with implicit alias "" under different alias "alias.phar" |
|||
11018
ext/standard/tests/misc/browscap_lite_2016_12_06.ini
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
2238
ext/standard/tests/misc/get_browser_variation3.phpt
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
1112
ext/standard/tests/misc/user_agents.txt
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,12 @@ |
|||
--TEST-- |
|||
Bug #73825 Heap out of bounds read on unserialize in finish_nested_data() |
|||
--FILE-- |
|||
<?php |
|||
$obj = unserialize('O:8:"00000000":'); |
|||
var_dump($obj); |
|||
?> |
|||
--EXPECTF-- |
|||
Warning: Bad unserialize data in %sbug73825.php on line %d |
|||
|
|||
Notice: unserialize(): Error at offset 13 of 15 bytes in %sbug73825.php on line %d |
|||
bool(false) |
|||
@ -0,0 +1,312 @@ |
|||
--TEST-- |
|||
pack()/unpack(): float/double tests |
|||
--FILE-- |
|||
<?php |
|||
var_dump( |
|||
'pack e', |
|||
bin2hex(pack("e", "")), |
|||
bin2hex(pack("e", "a")), |
|||
bin2hex(pack("e", " ")), |
|||
bin2hex(pack("e", NULL)), |
|||
bin2hex(pack("e", 0)), |
|||
bin2hex(pack("e", 1)), |
|||
bin2hex(pack("e", 1.0)), |
|||
bin2hex(pack("e", 10000000000000000)), |
|||
bin2hex(pack("e", 0.591234709823149)), |
|||
bin2hex(pack("e", 12345678901234567890.1234567898765432123456789)), |
|||
bin2hex(pack("e", -1)), |
|||
bin2hex(pack("e", -1.0)), |
|||
bin2hex(pack("e", -10000000000000000)), |
|||
bin2hex(pack("e", -0.591234709823149)), |
|||
bin2hex(pack("e", -12345678901234567890.1234567898765432123456789)), |
|||
|
|||
'pack E', |
|||
bin2hex(pack("E", "")), |
|||
bin2hex(pack("E", "a")), |
|||
bin2hex(pack("E", " ")), |
|||
bin2hex(pack("E", NULL)), |
|||
bin2hex(pack("E", 0)), |
|||
bin2hex(pack("E", 1)), |
|||
bin2hex(pack("E", 1.0)), |
|||
bin2hex(pack("E", 10000000000000000)), |
|||
bin2hex(pack("E", 0.591234709823149)), |
|||
bin2hex(pack("E", 12345678901234567890.1234567898765432123456789)), |
|||
bin2hex(pack("E", -1)), |
|||
bin2hex(pack("E", -1.0)), |
|||
bin2hex(pack("E", -10000000000000000)), |
|||
bin2hex(pack("E", -0.591234709823149)), |
|||
bin2hex(pack("E", -12345678901234567890.1234567898765432123456789)), |
|||
|
|||
'pack g', |
|||
bin2hex(pack("g", "")), |
|||
bin2hex(pack("g", "a")), |
|||
bin2hex(pack("g", " ")), |
|||
bin2hex(pack("g", NULL)), |
|||
bin2hex(pack("g", 0)), |
|||
bin2hex(pack("g", 1)), |
|||
bin2hex(pack("g", 1.0)), |
|||
bin2hex(pack("g", 10000000000000000)), |
|||
bin2hex(pack("g", 0.591234709823149)), |
|||
bin2hex(pack("g", 12345678901234567890.1234567898765432123456789)), |
|||
bin2hex(pack("g", -1)), |
|||
bin2hex(pack("g", -1.0)), |
|||
bin2hex(pack("g", -10000000000000000)), |
|||
bin2hex(pack("g", -0.591234709823149)), |
|||
bin2hex(pack("g", -12345678901234567890.1234567898765432123456789)), |
|||
|
|||
'pack G', |
|||
bin2hex(pack("G", "")), |
|||
bin2hex(pack("G", "a")), |
|||
bin2hex(pack("G", " ")), |
|||
bin2hex(pack("G", NULL)), |
|||
bin2hex(pack("G", 0)), |
|||
bin2hex(pack("G", 1)), |
|||
bin2hex(pack("G", 1.0)), |
|||
bin2hex(pack("G", 10000000000000000)), |
|||
bin2hex(pack("G", 0.591234709823149)), |
|||
bin2hex(pack("G", 12345678901234567890.1234567898765432123456789)), |
|||
bin2hex(pack("G", -1)), |
|||
bin2hex(pack("G", -1.0)), |
|||
bin2hex(pack("G", -10000000000000000)), |
|||
bin2hex(pack("G", -0.591234709823149)), |
|||
bin2hex(pack("G", -12345678901234567890.1234567898765432123456789)), |
|||
|
|||
'unpack e', |
|||
unpack('e', hex2bin('0000000000000000')), |
|||
unpack('e', hex2bin('000000000000f03f')), |
|||
unpack('e', hex2bin('0080e03779c34143')), |
|||
unpack('e', hex2bin('4a6ade0d65ebe23f')), |
|||
unpack('e', hex2bin('000000000000f0bf')), |
|||
unpack('e', hex2bin('0080e03779c341c3')), |
|||
unpack('e', hex2bin('4a6ade0d65ebe2bf')), |
|||
unpack('e', hex2bin('e1639d31956ae5c3')), |
|||
|
|||
'unpack E', |
|||
unpack('E', hex2bin('3ff0000000000000')), |
|||
unpack('E', hex2bin('4341c37937e08000')), |
|||
unpack('E', hex2bin('3fe2eb650dde6a4a')), |
|||
unpack('E', hex2bin('43e56a95319d63e1')), |
|||
unpack('E', hex2bin('bff0000000000000')), |
|||
unpack('E', hex2bin('c341c37937e08000')), |
|||
unpack('E', hex2bin('bfe2eb650dde6a4a')), |
|||
unpack('E', hex2bin('c3e56a95319d63e1')), |
|||
|
|||
'unpack g', |
|||
unpack('g', hex2bin('0000803f')), |
|||
unpack('g', hex2bin('ca1b0e5a')), |
|||
unpack('g', hex2bin('285b173f')), |
|||
unpack('g', hex2bin('aa542b5f')), |
|||
unpack('g', hex2bin('000080bf')), |
|||
unpack('g', hex2bin('ca1b0eda')), |
|||
unpack('g', hex2bin('285b17bf')), |
|||
unpack('g', hex2bin('aa542bdf')), |
|||
|
|||
'unpack G', |
|||
unpack('G', hex2bin('3f800000')), |
|||
unpack('G', hex2bin('5a0e1bca')), |
|||
unpack('G', hex2bin('3f175b28')), |
|||
unpack('G', hex2bin('5f2b54aa')), |
|||
unpack('G', hex2bin('bf800000')), |
|||
unpack('G', hex2bin('da0e1bca')), |
|||
unpack('G', hex2bin('bf175b28')), |
|||
unpack('G', hex2bin('df2b54aa')) |
|||
|
|||
); |
|||
?> |
|||
--EXPECTF-- |
|||
string(6) "pack e" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "000000000000f03f" |
|||
string(16) "000000000000f03f" |
|||
string(16) "0080e03779c34143" |
|||
string(16) "4a6ade0d65ebe23f" |
|||
string(16) "e1639d31956ae543" |
|||
string(16) "000000000000f0bf" |
|||
string(16) "000000000000f0bf" |
|||
string(16) "0080e03779c341c3" |
|||
string(16) "4a6ade0d65ebe2bf" |
|||
string(16) "e1639d31956ae5c3" |
|||
string(6) "pack E" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "0000000000000000" |
|||
string(16) "3ff0000000000000" |
|||
string(16) "3ff0000000000000" |
|||
string(16) "4341c37937e08000" |
|||
string(16) "3fe2eb650dde6a4a" |
|||
string(16) "43e56a95319d63e1" |
|||
string(16) "bff0000000000000" |
|||
string(16) "bff0000000000000" |
|||
string(16) "c341c37937e08000" |
|||
string(16) "bfe2eb650dde6a4a" |
|||
string(16) "c3e56a95319d63e1" |
|||
string(6) "pack g" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "0000803f" |
|||
string(8) "0000803f" |
|||
string(8) "ca1b0e5a" |
|||
string(8) "285b173f" |
|||
string(8) "aa542b5f" |
|||
string(8) "000080bf" |
|||
string(8) "000080bf" |
|||
string(8) "ca1b0eda" |
|||
string(8) "285b17bf" |
|||
string(8) "aa542bdf" |
|||
string(6) "pack G" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "00000000" |
|||
string(8) "3f800000" |
|||
string(8) "3f800000" |
|||
string(8) "5a0e1bca" |
|||
string(8) "3f175b28" |
|||
string(8) "5f2b54aa" |
|||
string(8) "bf800000" |
|||
string(8) "bf800000" |
|||
string(8) "da0e1bca" |
|||
string(8) "bf175b28" |
|||
string(8) "df2b54aa" |
|||
string(8) "unpack e" |
|||
array(1) { |
|||
[1]=> |
|||
float(0) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1.0E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(0.59123470982315) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.0E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-0.59123470982315) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.2345678901235E+19) |
|||
} |
|||
string(8) "unpack E" |
|||
array(1) { |
|||
[1]=> |
|||
float(1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1.0E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(0.59123470982315) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1.2345678901235E+19) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.0E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-0.59123470982315) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.2345678901235E+19) |
|||
} |
|||
string(8) "unpack g" |
|||
array(1) { |
|||
[1]=> |
|||
float(1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1.0000000272564E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(0.59123468399048) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1.2345679395506E+19) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.0000000272564E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-0.59123468399048) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.2345679395506E+19) |
|||
} |
|||
string(8) "unpack G" |
|||
array(1) { |
|||
[1]=> |
|||
float(1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1.0000000272564E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(0.59123468399048) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(1.2345679395506E+19) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.0000000272564E+16) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-0.59123468399048) |
|||
} |
|||
array(1) { |
|||
[1]=> |
|||
float(-1.2345679395506E+19) |
|||
} |
|||
1441
ext/standard/var_unserializer.c
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,23 @@ |
|||
--TEST-- |
|||
Bug #73831 (NULL Pointer Dereference while unserialize php object) |
|||
--SKIPIF-- |
|||
<?php if (!extension_loaded("wddx")) print "skip"; ?> |
|||
--FILE-- |
|||
<?php |
|||
$xml = <<<EOF |
|||
<?xml version="1.0" ?> |
|||
<wddxPacket version="1.0"> |
|||
<struct> |
|||
<var name="php_class_name"> |
|||
<string>Throwable</string> |
|||
</var> |
|||
</struct> |
|||
</wddxPacket> |
|||
EOF; |
|||
try { |
|||
$wddx = wddx_deserialize($xml); |
|||
} catch(Error $e) { echo $e->getMessage(); } |
|||
?> |
|||
--EXPECTF-- |
|||
Warning: wddx_deserialize(): Class throwable can not be instantiated in %sbug73831.php on line %d |
|||
Cannot instantiate interface Throwable |
|||
@ -0,0 +1,43 @@ |
|||
/* |
|||
+----------------------------------------------------------------------+ |
|||
| PHP Version 7 | |
|||
+----------------------------------------------------------------------+ |
|||
| Copyright (c) 1997-2016 The PHP Group | |
|||
+----------------------------------------------------------------------+ |
|||
| This source file is subject to version 3.01 of the PHP license, | |
|||
| that is bundled with this package in the file LICENSE, and is | |
|||
| available through the world-wide-web at the following url: | |
|||
| http://www.php.net/license/3_01.txt | |
|||
| If you did not receive a copy of the PHP license and are unable to | |
|||
| obtain it through the world-wide-web, please send a note to | |
|||
| license@php.net so we can mail you a copy immediately. | |
|||
+----------------------------------------------------------------------+ |
|||
| Author: | |
|||
+----------------------------------------------------------------------+ |
|||
*/ |
|||
|
|||
/* $Id$ */ |
|||
|
|||
#include "php.h" |
|||
|
|||
#ifndef HAVE_EXPLICIT_BZERO |
|||
|
|||
/* $OpenBSD: explicit_bzero.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ |
|||
/* |
|||
* Public domain. |
|||
* Written by Matthew Dempsky. |
|||
*/ |
|||
|
|||
#include <string.h> |
|||
|
|||
__attribute__((weak)) void |
|||
__explicit_bzero_hook(void *dst, size_t siz) |
|||
{ |
|||
} |
|||
|
|||
PHPAPI void php_explicit_bzero(void *dst, size_t siz) |
|||
{ |
|||
memset(dst, 0, siz); |
|||
__explicit_bzero_hook(dst, siz); |
|||
} |
|||
#endif |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue