[pull] master from php:master#1028
Merged
Merged
Conversation
Avoid hash-based lookup if we already know the offset in the table anyway.
Strip a leading "\\" before lowercasing, mirroring zend_lookup_class_ex(), so both spellings resolve identically.
_php_ldap_control_from_array() allocated the sort_keys array with safe_emalloc() and only wrote its NULL terminator after the per-key loop finished. A sort key missing the "attr" entry makes the loop bail out early, leaving the array partially uninitialized; the failure cleanup then walks it as a NULL-terminated list and calls efree() on the uninitialized slots. Zero the array after allocation so the unwritten slots are NULL. Reachable from userland via the $controls argument of ldap_search() and the other control-taking LDAP functions. Closes GH-22342
* PHP-8.4: Fix freeing uninitialized memory in LDAP sort control parsing
* PHP-8.5: Fix freeing uninitialized memory in LDAP sort control parsing
…21658) The from and user_agent INI settings and the user_agent stream context option were written into HTTP request headers without stripping CR/LF characters, allowing header injection. Truncate at the first \r or \n and emit E_WARNING. The from and user_agent globals are stored as zend_string so the check scans the full length and a NUL byte no longer pre-truncates the value before the CR/LF scan. Fixes GH-17976
php_posix_passwd_to_array() passed pw_name, pw_passwd, pw_gecos, pw_dir and pw_shell straight to add_assoc_string() with no NULL guard, so a NULL field segfaults via zend_string_init(). glibc's files NSS backend normalizes empty fields to "", but third-party NSS modules (nss-systemd, nss-ldap, sssd and other directory backends) populate struct passwd directly and may leave fields NULL. Guard each string field and emit null instead, mirroring the existing pw/gr handling in php_posix_group_to_array(). Closes GH-22426
* PHP-8.4: Fix posix_getpwnam()/posix_getpwuid() crash on NULL passwd fields
* PHP-8.5: Fix posix_getpwnam()/posix_getpwuid() crash on NULL passwd fields
intl_charFromString() computed the UTF-8 output capacity as from.length() * 3 in int32_t arithmetic. For a UnicodeString longer than INT32_MAX/3 UTF-16 units the multiply overflows (UB); capacity can go negative, making zend_string_alloc() request a near-SIZE_MAX block, or wrap small, undersizing the buffer that u_strToUTF8WithSub() then writes into. Reject the over-long input with U_BUFFER_OVERFLOW_ERROR up front, mirroring the existing INT32_MAX guard in the sibling intl_stringFromChar(). Closes GH-22427
* PHP-8.4: Fix int32_t overflow in intl_charFromString() capacity calculation
* PHP-8.5: Fix int32_t overflow in intl_charFromString() capacity calculation
This fixes some typos and inconsistencies (e.g. markdown backticks which are not used, since these are not markdown) and reflows the lines (some of them were too wide).
imageloadfont_short_read packed the font header with pack('V4', ...)
(little-endian), but imageloadfont() reads the header as native-endian
ints. On big-endian hosts (PPC64 nightly) the byte-swapped values
overflow the INT_MAX guard before the FLIPWORD fallback runs, so the
font is rejected and the test fails. Pack the fields with 'i' to keep
the header valid regardless of host endianness.
Closes GH-22416
* PHP-8.4: ext/gd: pack imageloadfont short-read test in native byte order
* PHP-8.5: ext/gd: pack imageloadfont short-read test in native byte order
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )