Sie sind hier: PHP-Versionen > PHP 7 > PHP 7.0

PHP 7.0.12 wurde am 13.10.2016 herausgebracht. Im folgenden erhalten Sie einen kurzen Überblick welche Änderungen in diesem Patch enthalten waren. Bei Interesse kann auch das ausführliche Änderungsprotokoll eingesehen werden.

Fehlerbehebung

Core

Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c

Out of bounds global memory read in BF_crypt triggered by password_verify

crypt broken when salt is 'too' long

Invalid free in extension trait

segfault on undefined function

PHP hangs if error handler throws while accessing undef const in default value

parse error: Invalid numeric literal

Write out of bounds at number_format

Use After Free in PHP7 unserialize()

Memcpy negative size parameter php_resolve_path

BCmath

memcpy negative parameter _bc_new_num_ex

COM

Cannot pass parameter 1 by reference

Date

Unserializing DateInterval object may lead to __toString invocation

DOM

missing NULL check in dom_document_save_html

Filter

Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE

default option ignored when object passed to int filter

GD

imagetruecolortopalette: white is duplicated in palette

imagettftext broken on transparent background w/o alphablending

Integer Overflow in gdImageWebpCtx of gd_webp.c

imagettfbbox gives incorrect values for bounding box

imagegd2() ignores 3rd param if 4 are given

imagegd2() writes wrong chunk sizes on boundaries

imagegd2(): unrecognized formats may result in corrupted files

imagecreatefromgd2() may leak memory

Intl

add mitigation for ICU int overflow

Mbstring

mb_substr only takes 32-bit signed integer

mb_convert_variables() cannot detect recursion

mbstring.internal_encoding doesn't inherit default_charset

Mysqlnd

PHP Crashes When Modifying Array Containing MySQLi Result Data

Opcache

Memory leak in zend_accel_blacklist_update_regexp() function

OpenSSL

Invalid path SNI_server_certs causes segfault

crash in openssl_random_pseudo_bytes function

crash in openssl_encrypt function

PCRE

Bundled PCRE doesn't compile because JIT isn't supported on s390

heap overflow in php_pcre_replace_impl

PDO_DBlib

Never quote values as raw binary data

PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched

phpdbg

phpdbg_prompt.c undefined reference to DL_LOAD

next command not stopping when leaving function

Session

Session does not report invalid uid for files save handler

session_destroy null dereference in ps_files_path_create

SimpleXML

NULL pointer dereference in SimpleXMLElement::asXML()

SOAP

Soap Server Member variables reference bug

Using references in arrays doesn't work like expected

SPL

SplObjectStorage unserialize allows use of non-object as key

Zip

Depacking with wrong password leaves 0 length files

Neuerung

PDO_DBlib

Allow PDO::setAttribute() to set query timeouts

Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions

Add common PDO test suite

Free error and message strings when cleaning up PDO instances

Ignore potentially misleading dberr values

SQLite3

Updated bundled SQLite3 to 3.14.2

Changelog Quelle php.net