-
-
Save anonymous/2dc768478ae23eb898e6534fbae5b687 to your computer and use it in GitHub Desktop.
Patch for 73218
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit d946d102936525bc7dcd01f3827d0a6e0bb971b0 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Tue Oct 4 22:40:09 2016 -0700 | |
Bug #73218: add mitigation for ICU int overflow | |
diff --git a/ext/intl/resourcebundle/resourcebundle_class.c b/ext/intl/resourcebundle/resourcebundle_class.c | |
index dc12124..90aebd4 100644 | |
--- a/ext/intl/resourcebundle/resourcebundle_class.c | |
+++ b/ext/intl/resourcebundle/resourcebundle_class.c | |
@@ -105,6 +105,13 @@ static void resourcebundle_ctor(INTERNAL_FUNCTION_PARAMETERS) | |
locale = intl_locale_get_default(TSRMLS_C); | |
} | |
+ if (bundlename_len >= MAXPATHLEN) { | |
+ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "Bundle name too long", 0 TSRMLS_CC ); | |
+ zval_dtor(return_value); | |
+ ZVAL_NULL(return_value); | |
+ RETURN_NULL(); | |
+ } | |
+ | |
if (fallback) { | |
rb->me = ures_open(bundlename, locale, &INTL_DATA_ERROR_CODE(rb)); | |
} else { | |
@@ -327,6 +334,11 @@ PHP_FUNCTION( resourcebundle_locales ) | |
RETURN_FALSE; | |
} | |
+ if (bundlename_len >= MAXPATHLEN) { | |
+ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "resourcebundle_locales: bundle name too long", 0 TSRMLS_CC ); | |
+ RETURN_FALSE; | |
+ } | |
+ | |
if(bundlename_len == 0) { | |
// fetch default locales list | |
bundlename = NULL; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment