-
-
Save anonymous/5e951dca547fdad11472264c40e7ee8e to your computer and use it in GitHub Desktop.
Patch for 72849
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| commit 4e4934f83e2dc03874ca93df840e733b739a0703 | |
| Author: Stanislav Malyshev <stas@php.net> | |
| Date: Tue Aug 16 15:58:05 2016 -0700 | |
| Fixed bug #72849 - integer overflow in urlencode | |
| diff --git a/ext/standard/url.c b/ext/standard/url.c | |
| index 4b52000..8e471e1 100644 | |
| --- a/ext/standard/url.c | |
| +++ b/ext/standard/url.c | |
| @@ -520,6 +520,12 @@ PHPAPI char *php_url_encode(char const *s, int len, int *new_length) | |
| *to++ = c; | |
| } | |
| } | |
| + | |
| + if ((to-start) > INT_MAX) { | |
| + /* E_ERROR since most clients won't check for error, and this is rather rare condition */ | |
| + php_error_docref(NULL TSRMLS_CC, E_ERROR, "String overflow, max length is %d", INT_MAX); | |
| + } | |
| + | |
| *to = 0; | |
| if (new_length) { | |
| *new_length = to - start; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment