Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* PHP-5.6: Fix bug #73737 FPE when parsing a tag format Fix bug #73773 - Seg fault when loading hostile phar Fix bug #73825 - Heap out of bounds read on unserialize in finish_nested_data() Fix bug #73768 - Memory corruption when loading hostile phar Fix int overflows in phar (bug #73764)
- Loading branch information
Showing
11 changed files
with
648 additions
and
588 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--TEST-- | ||
Bug #73737 (Crash when parsing a tag format) | ||
--SKIPIF-- | ||
<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> | ||
--FILE-- | ||
<?php | ||
$exif = exif_thumbnail(__DIR__ . '/bug73737.tiff'); | ||
var_dump($exif); | ||
?> | ||
--EXPECTF-- | ||
Warning: exif_thumbnail(bug73737.tiff): Error in TIFF: filesize(x0030) less than start of IFD dir(x10102) in %s line %d | ||
bool(false) |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--TEST-- | ||
Phar: PHP bug #73764: Crash while loading hostile phar archive | ||
--SKIPIF-- | ||
<?php if (!extension_loaded("phar")) die("skip"); ?> | ||
--FILE-- | ||
<?php | ||
chdir(__DIR__); | ||
try { | ||
$p = Phar::LoadPhar('bug73764.phar', 'alias.phar'); | ||
echo "OK\n"; | ||
} catch(PharException $e) { | ||
echo $e->getMessage(); | ||
} | ||
?> | ||
--EXPECTF-- | ||
internal corruption of phar "%sbug73764.phar" (truncated manifest entry) |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--TEST-- | ||
Phar: PHP bug #73768: Memory corruption when loading hostile phar | ||
--SKIPIF-- | ||
<?php if (!extension_loaded("phar")) die("skip"); ?> | ||
--FILE-- | ||
<?php | ||
chdir(__DIR__); | ||
try { | ||
$p = Phar::LoadPhar('bug73768.phar', 'alias.phar'); | ||
echo "OK\n"; | ||
} catch(PharException $e) { | ||
echo $e->getMessage(); | ||
} | ||
?> | ||
--EXPECTF-- | ||
cannot load phar "%sbug73768.phar" with implicit alias "" under different alias "alias.phar" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
--TEST-- | ||
Bug #73825 Heap out of bounds read on unserialize in finish_nested_data() | ||
--FILE-- | ||
<?php | ||
$obj = unserialize('O:8:"00000000":'); | ||
var_dump($obj); | ||
?> | ||
--EXPECTF-- | ||
Warning: Bad unserialize data in %sbug73825.php on line %d | ||
|
||
Notice: unserialize(): Error at offset 13 of 15 bytes in %sbug73825.php on line %d | ||
bool(false) |
Oops, something went wrong.