From df1f46c2cce90b7a90c31ce61cd0383f9de96252 Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 28 Jan 2026 01:37:13 +0100 Subject: [PATCH 1/9] Fix memory exhaustion when reading corrupted FPT memo files Prevents the memo reader from attempting to allocate excessive memory when encountering corrupted FPT files. Added a safety check to limit the maximum memo length to 100MB per column, preventing fatal memory errors (e.g., attempts to allocate ~1.9GB) during file processing. --- src/Memo/FoxproMemo.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Memo/FoxproMemo.php b/src/Memo/FoxproMemo.php index 1c97ff7..b3597c2 100644 --- a/src/Memo/FoxproMemo.php +++ b/src/Memo/FoxproMemo.php @@ -51,6 +51,12 @@ public function get(int $pointer): ?MemoObject $info = unpack('N', $this->fp->read(self::BLOCK_TYPE_LENGTH)); //todo figure out type-enums $memoLength = unpack('N', $this->fp->read(self::BLOCK_LENGTH_LENGTH)); + + // Safety check: prevent reading corrupted/huge memo fields (max 100MB) + if ($memoLength[1] > 104857600) { + throw new \Exception("Corrupted FPT file: memo field size {$memoLength[1]} bytes exceeds 100MB limit"); + } + $result = $this->fp->read($memoLength[1]); $info = $this->guessDataType($result); From 14023f1223b9ebeceec1872464a139cbcd00597c Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 14:36:47 +0100 Subject: [PATCH 2/9] Update ci.yaml Fix CI failing due to an outdated upload-artifact From 6d10228ee2fb02ae67e7c954a9f74049be750646 Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 14:41:11 +0100 Subject: [PATCH 3/9] Fix CI was failing due to an outdated upload-artifact --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e51e7a8..a265a29 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -68,7 +68,7 @@ jobs: run: vendor/bin/phpunit --coverage-clover=clover.xml - name: Upload coverage file artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.php-version }}-${{ matrix.dependencies }} path: clover.xml From d8d7b4bd1024284ae5ccd280bf4fba1d6d180f3b Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 14:55:30 +0100 Subject: [PATCH 4/9] ci: fix Code Climate reporter download and update artifacts to v4 - Update Code Climate test-reporter download logic to use amancevice/setup-codeclimate action, fixing the 404 error caused by outdated download URLs. - Upgrade actions/upload-artifact and actions/download-artifact from v2 to v4. - Implement unique naming for coverage artifacts (clover and cc) to comply with v4 requirements, where artifact names must be unique per job matrix. - Adjust artifact download paths and glob patterns in upload jobs to match the new v4 directory structure. - Upgrade actions/checkout to v4 for better performance and security. --- .github/workflows/ci.yaml | 77 ++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 45 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a265a29..a63550d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,39 +10,27 @@ jobs: phpstan: name: PHPStan runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - uses: php-actions/composer@v5 - + - uses: actions/checkout@v4 + - uses: php-actions/composer@v6 - name: PHPStan uses: chindit/actions-phpstan@master with: - # Arguments to add to PHPStan arguments: 'src/' phpunit: name: PHPUnit runs-on: ubuntu-latest - strategy: matrix: - php-version: - - 7.1 - - 7.2 - - 7.3 - - 7.4 - - 8.0 - dependencies: - - highest + php-version: [7.1, 7.2, 7.3, 7.4, 8.0] + dependencies: [highest] include: - php-version: 7.1 dependencies: lowest - steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install PHP uses: shivammathur/setup-php@v2 @@ -52,65 +40,64 @@ jobs: ini-values: zend.assertions=1 - name: Install dependencies with Composer - uses: ramsey/composer-install@v1 + uses: ramsey/composer-install@v2 with: dependency-versions: ${{ matrix.dependencies }} - - name: Install Codeclimate binary - run: | - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > cc-test-reporter - chmod +x ./cc-test-reporter + # Oprava sťahovania Code Climate binárky cez oficiálnu akciu + - name: Setup Code Climate test-reporter + uses: amancevice/setup-codeclimate@v0 + with: + version: latest - name: Run Codeclimate before-build - run: ./cc-test-reporter before-build + run: cc-test-reporter before-build - name: Run PHPUnit run: vendor/bin/phpunit --coverage-clover=clover.xml - - name: Upload coverage file artifact + - name: Upload clover artifact uses: actions/upload-artifact@v4 with: - name: ${{ matrix.php-version }}-${{ matrix.dependencies }} + name: clover-${{ matrix.php-version }}-${{ matrix.dependencies }} path: clover.xml - name: Run Codeclimate format-coverage - run: ./cc-test-reporter format-coverage -o codeclimate.json + run: cc-test-reporter format-coverage -o codeclimate.json -t clover clover.xml - - name: Upload coverage file artifact + - name: Upload codeclimate artifact uses: actions/upload-artifact@v4 with: - name: ${{ matrix.php-version }}-${{ matrix.dependencies }} + name: cc-${{ matrix.php-version }}-${{ matrix.dependencies }} path: codeclimate.json - codeclimate-upload: name: Upload coverage to Codeclimate runs-on: ubuntu-latest - needs: - - phpunit + needs: phpunit env: CC_TEST_REPORTER_ID: e33b74ed1f59947df361652193b6575db0afc663dcbc73af89a0cf16f2443d24 steps: - - name: Download coverage files - uses: actions/download-artifact@v2 + - name: Download all artifacts + uses: actions/download-artifact@v4 with: path: coverage - - name: Install Codeclimate binary - run: | - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > cc-test-reporter - chmod +x ./cc-test-reporter - - run: ./cc-test-reporter sum-coverage coverage/*/codeclimate.json - - run: ./cc-test-reporter upload-coverage + - name: Setup Code Climate test-reporter + uses: amancevice/setup-codeclimate@v0 + + - name: Upload to Codeclimate + run: | + cc-test-reporter sum-coverage coverage/cc-*/codeclimate.json -p ${{ strategy.job-total || 6 }} + cc-test-reporter upload-coverage coveralls-upload: name: Upload coverage to Coveralls runs-on: ubuntu-latest - needs: - - phpunit + needs: phpunit steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install PHP uses: shivammathur/setup-php@v2 @@ -118,8 +105,8 @@ jobs: php-version: 7.4 coverage: none - - name: Download coverage files - uses: actions/download-artifact@v2 + - name: Download all artifacts + uses: actions/download-artifact@v4 with: path: build/logs @@ -129,4 +116,4 @@ jobs: - name: Upload coverage results to Coveralls env: COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: php-coveralls --coverage_clover=build/logs/*/clover.xml -v + run: php-coveralls --coverage_clover="build/logs/clover-*/clover.xml" -v From 3e30fa4210195f1bdf5ff3168c29d26da74bfeaa Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 15:00:25 +0100 Subject: [PATCH 5/9] ci: fix Code Climate binary download source - Replaced the failing amancevice/setup-codeclimate action with a direct download from the official Code Climate GitHub releases. - Fixed the 404 error by using the stable release URL for the test-reporter binary. - Updated execution commands to use the local path (./cc-test-reporter). --- .github/workflows/ci.yaml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a63550d..2239864 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -44,14 +44,13 @@ jobs: with: dependency-versions: ${{ matrix.dependencies }} - # Oprava sťahovania Code Climate binárky cez oficiálnu akciu - - name: Setup Code Climate test-reporter - uses: amancevice/setup-codeclimate@v0 - with: - version: latest + - name: Install Codeclimate binary + run: | + curl -L https://github.com/codeclimate/test-reporter/releases/latest/download/test-reporter-latest-linux-amd64 > ./cc-test-reporter + chmod +x ./cc-test-reporter - name: Run Codeclimate before-build - run: cc-test-reporter before-build + run: ./cc-test-reporter before-build - name: Run PHPUnit run: vendor/bin/phpunit --coverage-clover=clover.xml @@ -63,7 +62,7 @@ jobs: path: clover.xml - name: Run Codeclimate format-coverage - run: cc-test-reporter format-coverage -o codeclimate.json -t clover clover.xml + run: ./cc-test-reporter format-coverage -o codeclimate.json -t clover clover.xml - name: Upload codeclimate artifact uses: actions/upload-artifact@v4 @@ -83,13 +82,15 @@ jobs: with: path: coverage - - name: Setup Code Climate test-reporter - uses: amancevice/setup-codeclimate@v0 + - name: Install Codeclimate binary + run: | + curl -L https://github.com/codeclimate/test-reporter/releases/latest/download/test-reporter-latest-linux-amd64 > ./cc-test-reporter + chmod +x ./cc-test-reporter - name: Upload to Codeclimate run: | - cc-test-reporter sum-coverage coverage/cc-*/codeclimate.json -p ${{ strategy.job-total || 6 }} - cc-test-reporter upload-coverage + ./cc-test-reporter sum-coverage coverage/cc-*/codeclimate.json -p 6 + ./cc-test-reporter upload-coverage coveralls-upload: name: Upload coverage to Coveralls From 5a6f31c532ddba9418abea64eaafe8ca3ca0476c Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 15:07:52 +0100 Subject: [PATCH 6/9] Bad URL for test reporter --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2239864..b148f94 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -84,7 +84,7 @@ jobs: - name: Install Codeclimate binary run: | - curl -L https://github.com/codeclimate/test-reporter/releases/latest/download/test-reporter-latest-linux-amd64 > ./cc-test-reporter + curl -L -f https://codeclimate.com/downloads/test-reporter/test-reporter-0.11.1-linux-amd64 > ./cc-test-reporter chmod +x ./cc-test-reporter - name: Upload to Codeclimate From a50dc04756a808fc7b803708a420d157b17dcc70 Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 15:12:11 +0100 Subject: [PATCH 7/9] Bad URL for codeclimate tester --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b148f94..fd9d776 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -46,7 +46,7 @@ jobs: - name: Install Codeclimate binary run: | - curl -L https://github.com/codeclimate/test-reporter/releases/latest/download/test-reporter-latest-linux-amd64 > ./cc-test-reporter + curl -L -f https://codeclimate.com/downloads/test-reporter/test-reporter-0.11.1-linux-amd64 > ./cc-test-reporter chmod +x ./cc-test-reporter - name: Run Codeclimate before-build From f2504e61d865f562af0389132373ddc716dd85e8 Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 15:20:47 +0100 Subject: [PATCH 8/9] Change tests to Codecov Code Climate has ended support for the test-reporter binary --- .github/workflows/ci.yaml | 54 ++++++++------------------------------- 1 file changed, 10 insertions(+), 44 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fd9d776..c52e649 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -44,53 +44,22 @@ jobs: with: dependency-versions: ${{ matrix.dependencies }} - - name: Install Codeclimate binary - run: | - curl -L -f https://codeclimate.com/downloads/test-reporter/test-reporter-0.11.1-linux-amd64 > ./cc-test-reporter - chmod +x ./cc-test-reporter - - - name: Run Codeclimate before-build - run: ./cc-test-reporter before-build - - name: Run PHPUnit run: vendor/bin/phpunit --coverage-clover=clover.xml - - name: Upload clover artifact - uses: actions/upload-artifact@v4 + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v4 with: - name: clover-${{ matrix.php-version }}-${{ matrix.dependencies }} - path: clover.xml + token: ${{ secrets.CODECOV_TOKEN }} # Token nájdeš v nastaveniach Codecov.io + files: ./clover.xml + flags: php-${{ matrix.php-version }} + fail_ci_if_error: true - - name: Run Codeclimate format-coverage - run: ./cc-test-reporter format-coverage -o codeclimate.json -t clover clover.xml - - - name: Upload codeclimate artifact + - name: Upload clover artifact for Coveralls uses: actions/upload-artifact@v4 with: - name: cc-${{ matrix.php-version }}-${{ matrix.dependencies }} - path: codeclimate.json - - codeclimate-upload: - name: Upload coverage to Codeclimate - runs-on: ubuntu-latest - needs: phpunit - env: - CC_TEST_REPORTER_ID: e33b74ed1f59947df361652193b6575db0afc663dcbc73af89a0cf16f2443d24 - steps: - - name: Download all artifacts - uses: actions/download-artifact@v4 - with: - path: coverage - - - name: Install Codeclimate binary - run: | - curl -L -f https://codeclimate.com/downloads/test-reporter/test-reporter-0.11.1-linux-amd64 > ./cc-test-reporter - chmod +x ./cc-test-reporter - - - name: Upload to Codeclimate - run: | - ./cc-test-reporter sum-coverage coverage/cc-*/codeclimate.json -p 6 - ./cc-test-reporter upload-coverage + name: clover-${{ matrix.php-version }}-${{ matrix.dependencies }} + path: clover.xml coveralls-upload: name: Upload coverage to Coveralls @@ -114,7 +83,4 @@ jobs: - name: Install php-coveralls run: composer global require php-coveralls/php-coveralls - - name: Upload coverage results to Coveralls - env: - COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: php-coveralls --coverage_clover="build/logs/clover-*/clover.xml" -v + - From 0aa5a7fd754fa02bd18fb09415e0d1f35a4a0200 Mon Sep 17 00:00:00 2001 From: panel-sk Date: Wed, 4 Feb 2026 15:21:49 +0100 Subject: [PATCH 9/9] Fix codecov test --- .github/workflows/ci.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c52e649..8f4c5b9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,6 +5,7 @@ on: push: branches: - master + - '*' jobs: phpstan: @@ -50,12 +51,11 @@ jobs: - name: Upload coverage to Codecov uses: codecov/codecov-action@v4 with: - token: ${{ secrets.CODECOV_TOKEN }} # Token nájdeš v nastaveniach Codecov.io + token: ${{ secrets.CODECOV_TOKEN }} files: ./clover.xml - flags: php-${{ matrix.php-version }} - fail_ci_if_error: true + fail_ci_if_error: false - - name: Upload clover artifact for Coveralls + - name: Upload clover artifact uses: actions/upload-artifact@v4 with: name: clover-${{ matrix.php-version }}-${{ matrix.dependencies }} @@ -83,4 +83,7 @@ jobs: - name: Install php-coveralls run: composer global require php-coveralls/php-coveralls - - + - name: Upload coverage results to Coveralls + env: + COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: php-coveralls --coverage_clover="build/logs/clover-*/clover.xml" -v