Heap corruption in next_state_val() due to uninitialized local variable #60
Comments
|
Thanks, please use CVE-2017-9228 to reference this issue. |
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
May 30, 2017
kkos/oniguruma#60 (CVE-2017-9228) Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
May 30, 2017
* PHP-7.0: NEWS Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228) Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227) Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224) Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
May 30, 2017
* PHP-7.1: NEWS NEWS Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228) Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227) Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224) Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
Jul 5, 2017
kkos/oniguruma#60 (CVE-2017-9228) Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
Jul 5, 2017
* PHP-5.6: NEWS for oniguruma Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228) Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227) Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224) Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
Jul 5, 2017
* PHP-7.0: NEWS for oniguruma Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228) Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227) Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224) Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
Jul 5, 2017
* PHP-7.1: NEWS for oniguruma Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228) Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227) Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224) Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
dstogov
added a commit
to dstogov/php-src
that referenced
this issue
Jul 5, 2017
* master: (43 commits) Keep information about SSA variables, that may be modified indirectly. Added constants for known ldap controls OID and tests for ldap_get/set_option for controls Added support for controls to ldap_get_option [ci skip] sync NEWS NEWS for oniguruma Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228) Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227) Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224) Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6 valid_symbol_table removed Improve fix for #74145 Fix wddx Fix tests Fixed bug #74111 Fix bug #74603 - use correct buffer size Fix bug #74651 - check EVP_SealInit as it can return -1 Update NEWS Fix bug #74087 Fixed parsing of strange formats with mixed month/day and time strings ...
k-takata
added a commit
to k-takata/Onigmo
that referenced
this issue
Jul 12, 2017
php-pulls
pushed a commit
to php/php-src
that referenced
this issue
Jul 14, 2017
…A form: SCCP - Sparse Conditional Constant Propagation, DCE - Dead Code Elimination and removing of unused local variablesi. Squashed commit of the following: commit bf5ac05 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 14:26:40 2017 +0300 Added news entry commit 4cfa698 Merge: 1cdaaac 1f261d7 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 13:30:50 2017 +0300 Merge branch 'sccp' into dce * sccp: Bump OCI8 version for recent patch WS Fix test title Ensure that the stream position is kept between reads Turn off EXIF_DEBUG so Travis don't complain at me Don't add a new line to undefined tags in EXIF_DEBUG mode Fix compile error with EXIF_DEBUG update NEWS disable --with-pcre-valgrind on travis fix default args for --with-pcre-valgrind Enable valgrind support for PCRE by default in debug builds add oniguruma.patch to ease future upgrades SIZEOF_SIZE_T doesn't exist on AIX and POWER8 (ppc64le), keep using SIZEOF_LONG commit 1f261d7 Merge: a32a3fb b280ba8 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 13:30:39 2017 +0300 Merge branch 'master' into sccp * master: Bump OCI8 version for recent patch WS Fix test title Ensure that the stream position is kept between reads Turn off EXIF_DEBUG so Travis don't complain at me Don't add a new line to undefined tags in EXIF_DEBUG mode Fix compile error with EXIF_DEBUG update NEWS disable --with-pcre-valgrind on travis fix default args for --with-pcre-valgrind Enable valgrind support for PCRE by default in debug builds add oniguruma.patch to ease future upgrades SIZEOF_SIZE_T doesn't exist on AIX and POWER8 (ppc64le), keep using SIZEOF_LONG commit 1cdaaac Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 13:27:12 2017 +0300 Use generic evalution mechanism for constant functions commit 75bd92a Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 12:39:05 2017 +0300 Fixed use-def chain unlinking for "$a = 1; $a += $a;" commit 7d77468 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 12:38:29 2017 +0300 Enable duplicate predecessors verification commit 6b1667f Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:55:20 2017 +0300 Removed duplicate definitions commit 1415b53 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:51:29 2017 +0300 Enable evaluation of constant functions with 3 arguments commit ab367de Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:45:13 2017 +0300 Removed deprecated check commit c51659e Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:40:42 2017 +0300 Reduce limit commit b1be5a0 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:38:23 2017 +0300 Disable constant array_flip() evaluation commit 7a5b059 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:33:20 2017 +0300 Fixed comments commit 377e48b Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:28:50 2017 +0300 Cast of string to long/double can not produce exception commit 228dd01 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:24:50 2017 +0300 Added missed return commit 0972a21 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:22:36 2017 +0300 objects may be nested in array operands commit bd346bf Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:19:20 2017 +0300 ~$resource is unsupported. commit c77e456 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:15:39 2017 +0300 ws commit 0b64d71 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:14:40 2017 +0300 Call to zend_ssa_unlink_use_chain() shouldn't be dropped commit cb7059f Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:11:58 2017 +0300 Safer check for function name. The previous check is incorrect in ZTS build. commit 7280aba Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 11:02:10 2017 +0300 Missing warning commit 54bc7b5 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 14 10:56:42 2017 +0300 Proper check for successors count commit ea8c004 Merge: 624f76d a32a3fb Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 13 15:56:26 2017 +0300 Merge branch 'sccp' into dce * sccp: fix fold Fixed bug #74866 extension_dir = "./ext" now use current directory for base add next vc15 toolset to the list Revert "Enable whole program optimization for builds without PGO, too" extend comment cleanup discontinued target commit a32a3fb Merge: 2722dbf 5fb2abd Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 13 15:56:14 2017 +0300 Merge branch 'master' into sccp * master: fix fold Fixed bug #74866 extension_dir = "./ext" now use current directory for base add next vc15 toolset to the list Revert "Enable whole program optimization for builds without PGO, too" extend comment cleanup discontinued target commit 624f76d Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 13 12:30:27 2017 +0300 Set RETURN_VALUE_UNUSED instead of additional FREE opcode, if possible. Keep alive dead instructions that have to free two temporary variables. commit 94c9b26 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 13 11:51:14 2017 +0300 More accurate "vararg" handling in DCE commit 665ed84 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 13 09:31:45 2017 +0300 Improved DCE performance, by avoiding redundand checks and repeatable iterations. commit 3f42ce1 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 23:03:11 2017 +0300 Added few more instructions without side effects and exceptions commit b17178f Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 20:39:02 2017 +0300 Temprary enable SSA validation in DEBUG build commit e238a8d Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 20:37:53 2017 +0300 Inegrate SSA validation developed by Nikita commit a247cee Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 20:31:27 2017 +0300 Perform DCE pass before other DFA optimisations, to properly reconstruct "no value" use-def chains. commit a651564 Merge: 06f6eb0 2722dbf Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 18:55:05 2017 +0300 Merge branch 'sccp' into dce * sccp: Resources should be closed during object destructioin, not during freeing. Guard against AppVeyor losing deps issue increase poll timeout as false positives mitigation Value of EG(user_exception_handler) should't relive request boundary sodium ext: remove function names before exception messages sodium ext: update the crypto_kx_*() API to the libsodium one Revert "fix macro redifinitions" commit 2722dbf Merge: 6595ea3 09d3b73 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 18:54:48 2017 +0300 Merge branch 'master' into sccp * master: Resources should be closed during object destructioin, not during freeing. Guard against AppVeyor losing deps issue increase poll timeout as false positives mitigation Value of EG(user_exception_handler) should't relive request boundary sodium ext: remove function names before exception messages sodium ext: update the crypto_kx_*() API to the libsodium one Revert "fix macro redifinitions" commit 06f6eb0 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 14:52:28 2017 +0300 Use zend_ssa_is_no_val_use() instead of zend_has_improper_op1_use() commit 4b64dbb Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 13:07:14 2017 +0300 Check if instruction may throw exception only for instructions without known side effects. Always disable removing ASSIGN and UNSET_VAR that may throw. commit c5aa1f4 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 11:21:07 2017 +0300 Use existing bit commit c2af153 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 11:10:48 2017 +0300 Updated Windows build commit de5e8fc Merge: 8c0de53 6595ea3 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 11:10:12 2017 +0300 Merge branch 'sccp' into dce * sccp: (29 commits) Use existing bit Updated Windows build Fixed compilation error Remove debug code We need to check for the length here too, or we crash and no one likes that! :( * Implemented #65187 (exif_read_data/thumbnail: add support for stream resource) * ext/exif now uses FAST_ZPP Remove extraneous configure flag Revert "remove excessive checks and fix warnings" parametrize zip names Upgrade bundled PCRE to 8.41 Updated NEWS file with LDAP changes Fixed removing all controls by passing an empty array to ldap_set_option Filled in NEWS file with ext/ldap last modifications change order, allow to build as shared extension restore file deleted by mistake in a merge commit Fix segfault in php_stream_context_get_option call remove excessive checks and fix warnings fix macro redifinitions fix symbol availability and ws Remove this for now, as not found ... commit 6595ea3 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 10:27:02 2017 +0300 Use existing bit commit f0bfd36 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 10:21:22 2017 +0300 Updated Windows build commit a9bd7c8 Merge: d1eb5ed 2b7d3fb Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 12 09:51:32 2017 +0300 Merge branch 'master' into sccp * master: (27 commits) Fixed compilation error Remove debug code We need to check for the length here too, or we crash and no one likes that! :( * Implemented #65187 (exif_read_data/thumbnail: add support for stream resource) * ext/exif now uses FAST_ZPP Remove extraneous configure flag Revert "remove excessive checks and fix warnings" parametrize zip names Upgrade bundled PCRE to 8.41 Updated NEWS file with LDAP changes Fixed removing all controls by passing an empty array to ldap_set_option Filled in NEWS file with ext/ldap last modifications change order, allow to build as shared extension restore file deleted by mistake in a merge commit Fix segfault in php_stream_context_get_option call remove excessive checks and fix warnings fix macro redifinitions fix symbol availability and ws Remove this for now, as not found fix authors NEWS for Sodium ... commit 8c0de53 Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 21:54:36 2017 +0300 Initial integration of Dead Code Elimination (DCE) and unused variable removing passes, originally developed in https://github.com/nikic/php-src/tree/opt, into DFA optimization pass. commit d1eb5ed Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 12:19:11 2017 +0300 Proper SSA reconstruction for "$a = $a;" commit 4872d13 Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 11:57:33 2017 +0300 Replace conditions, that should be always true, by ZEND_ASSERT() commit 9915b1f Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 11:56:51 2017 +0300 Fixed pass name commit d26ff1b Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 11:55:47 2017 +0300 Don't create identical predecessors commit 0625fbe Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 09:36:07 2017 +0300 Update unreachable blocks. commit 9d7d409 Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 09:28:49 2017 +0300 Keep consistent cfg.map[] commit 85a86e5 Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 02:36:14 2017 +0300 Remove unusded phi commit d5e0f2d Author: Dmitry Stogov <dmitry@zend.com> Date: Tue Jul 11 02:35:00 2017 +0300 Don't clear phi->spources[] too early. commit a90ed34 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 21:29:39 2017 +0300 Make SCCP to remove dead live ranges. commit 320237f Merge: 63bbed5 7be2637 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 17:35:21 2017 +0300 Merge branch 'master' into sccp * master: Fixed memory leak introduced by 7cb5bdf eliminate casts remove checks for eol dependencies improve test Small fix in ext/ldap, Moved vars definitions to the beginning of the block using them ZipArchive implements countable, added ZipArchive::count() method commit 63bbed5 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 17:01:15 2017 +0300 Evaluation of few more constant functions commit 07f45d8 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 16:22:47 2017 +0300 Properly unlinking dead blocks from predecessors/successors and dominators commit 502002a Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 13:33:14 2017 +0300 Replacel constant JMPZ/NZ/ZNZ by JMP or NOP commit 3253e61 Merge: e7f69f0 161c378 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 12:22:39 2017 +0300 Merge branch 'master' into sccp * master: Revert "Fixed bug #74878" Upgrading note for #74837 Fixed bug #74837 - NEWS Implement Countable for DomNodeList and DOMNamedNodeMap (Request #74837) Fix #49649 - Handle property visibility changes on unserialization commit e7f69f0 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 12:15:08 2017 +0300 Prevent compile-time evaluation of implode() with arguments causing run-time warnings commit 0e882f1 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 11:54:04 2017 +0300 Constant evaluation of ini_get() for some safe cases commit 9e36a74 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 11:13:37 2017 +0300 Constant evaluation of implode() commit e73046e Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 10:51:23 2017 +0300 Fixed uninitialized value commit f5e2e8e Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 10:05:37 2017 +0300 Remove (compact) unused constants after SCCP pass commit f0b7bb8 Merge: e69d4f6 cfacf84 Author: Dmitry Stogov <dmitry@zend.com> Date: Mon Jul 10 09:10:00 2017 +0300 Merge branch 'master' into sccp * master: (37 commits) #73594 tests only check the extra params if dns_get_record is successful Fixed bug #74852 (property_exists returns true on unknown DateInterval property) fix uninitialized var fix comparison warning comply with POSIX signature fix warning remove some casts cleanup casts remove useless cast eliminate casts sync vim mode lines in main [ci skip] update NEWS [ci skip] update NEWS [ci skip] update NEWS Fixed bug #74883 SQLite3::__construct() produces "out of memory" exception with invalid flags Silent compiler warning Fix test Deprecated the read_exif_data() alias Add myself as exif maintainer update libs versions ... commit e69d4f6 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 7 12:51:41 2017 +0300 Avoid in-place modification of referenced data commit 58f7c17 Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 7 12:33:24 2017 +0300 Use arena for temporary data. commit 93d3e7d Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 7 11:54:47 2017 +0300 Made sccp_ctx to be an "extension" of scdf_ctx and remove duplicate data. commit f810c6f Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 7 11:20:48 2017 +0300 Improved SSCP integration commit d17ed88 Merge: d90805a 29653da Author: Dmitry Stogov <dmitry@zend.com> Date: Fri Jul 7 10:22:37 2017 +0300 Merge branch 'master' into sccp * master: Fixed bug #74873 (Minor BC break: PCRE_JIT changes output of preg_match()). Fixed bug #72324 (imap_mailboxmsginfo() return wrong size) Fix redefine warnings Expand sb's name and capitalize my own Write the URL on a new line, so that it is easier copyable commit d90805a Merge: 2e5e03b fc336c7 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 23:07:04 2017 +0300 Merge branch 'master' into sccp * master: Added missed dump of "main" script code replace the stack var by a macro [ci skip] sync NEWS minor fix for web announce add missing NEWS entry for #74087 and also fix the formatting move NEWS entry to the correct place, also bump the version commit 2e5e03b Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 23:03:41 2017 +0300 Call info should be removed, but at least we should prevent incorrect stack adjustment. commit 1ee9110 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 19:34:43 2017 +0300 Remove NOP instructions, introduced bvy SCCP. This commit discloses unrelated issue caused ext/soap/tests/bug70211.phpt failure. commit 9a2f500 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 16:34:02 2017 +0300 Avoid useless iterations for first SSA variablesi, always marked BOT. commit c57dd7c Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 16:33:46 2017 +0300 Use reference-counting commit 90f822d Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 14:00:22 2017 +0300 Support for few more opcodes commit cffee2f Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 12:35:13 2017 +0300 Combined constants substitutaion and dead instruction removing in single pass. This eleminates substitution in dead instructions. commit f890375 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 10:34:48 2017 +0300 Use reference-counting instead of duplication commit db0cd64 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 03:04:27 2017 +0300 Improved SCDF<->SCCP interface - "get_feasible_successors" callback is changed into "mark_feasible_successors" and should mark necessary edges through scdf_mark_edge_feasible() - SCDF takes care about OP_DATA instruction - SCDF code is re-arranged to avoid repeatable checks commit e0ad5dd Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 00:55:40 2017 +0300 Changed representation of "feasible_edges", using one bit per edge. commit afee313 Author: Dmitry Stogov <dmitry@zend.com> Date: Thu Jul 6 00:49:56 2017 +0300 Revert "Don't propagate unused values" This reverts commit 84e5bfd. commit 84e5bfd Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 23:39:42 2017 +0300 Don't propagate unused values commit d4f15b9 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 23:39:10 2017 +0300 Don't visit the same Phi twice commit 2558311 Merge: 722a59d 7bb4ae5 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 21:51:06 2017 +0300 Merge branch 'master' into sccp * master: Fixed final dump "after optimizer" commit 722a59d Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 21:09:29 2017 +0300 SCCP doesn't support VERIFY_RETURN_TYPE (ext/opcache/tests/bug73789.phpt failure) commit 7084fad Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 20:37:21 2017 +0300 Fixed SSA reconstruction commit 37ec4e0 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 19:34:46 2017 +0300 Disable constant propagation for variables that can be modified indirectly commit 4bb9b65 Merge: 6800460 73d5097 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 19:17:04 2017 +0300 Merge branch 'master' into sccp * master: (43 commits) Keep information about SSA variables, that may be modified indirectly. Added constants for known ldap controls OID and tests for ldap_get/set_option for controls Added support for controls to ldap_get_option [ci skip] sync NEWS NEWS for oniguruma Patch from the upstream git kkos/oniguruma#60 (CVE-2017-9228) Patch from the upstream git kkos/oniguruma#59 (CVE-2017-9229) b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 Patch from the upstream git kkos/oniguruma#58 (CVE-2017-9227) Patch from the upstream git kkos/oniguruma#57 (CVE-2017-9224) Patch from the upstream git kkos/oniguruma#55 (CVE-2017-9226) b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6 valid_symbol_table removed Improve fix for #74145 Fix wddx Fix tests Fixed bug #74111 Fix bug #74603 - use correct buffer size Fix bug #74651 - check EVP_SealInit as it can return -1 Update NEWS Fix bug #74087 Fixed parsing of strange formats with mixed month/day and time strings ... commit 6800460 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 16:14:38 2017 +0300 Support for few more internal functions evaluation commit 74a2946 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 13:42:55 2017 +0300 Disabled evaluation of strpos() with empty needle. commit e890894 Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 13:17:30 2017 +0300 Replace calls to in_array() with constant array by IN_ARRAY instruction after SCCP. commit 4e8fa2c Author: Dmitry Stogov <dmitry@zend.com> Date: Wed Jul 5 00:58:12 2017 +0300 Initial integration of Sparse Conditional Constant Propagation (SCCP), originally developed in https://github.com/nikic/php-src/tree/opt, into DFA optimization pass.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following non-deterministic behavior can be triggered from the following code. With ASAN enabled, on 64-bit platform, the crash reproduces within 3-10 runs.
With some add-on:
ASAN report:
The probabilistic reproducer triggers a heap OOB write when the local variable OnigCodePoint vs in parse_char_class() is not initialized, following the call as:
parse_char_class() -> next_state_val() -> bitset_set_range()
resulting in the said crash.
Note the calls to exec() is currently necessary to trigger the crash.
The text was updated successfully, but these errors were encountered: