-
-
Save anonymous/64e09c9dd01524d8c2a9f7e7e0ce32df to your computer and use it in GitHub Desktop.
Patch for 72848
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| commit a29edf505ad1562ed1e468babf0b104d5c2fda9b | |
| Author: Stanislav Malyshev <stas@php.net> | |
| Date: Tue Aug 16 15:48:31 2016 -0700 | |
| Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption | |
| diff --git a/ext/standard/quot_print.c b/ext/standard/quot_print.c | |
| index 3b8c0ec..b85cf42 100644 | |
| --- a/ext/standard/quot_print.c | |
| +++ b/ext/standard/quot_print.c | |
| @@ -275,6 +275,11 @@ PHP_FUNCTION(quoted_printable_encode) | |
| } | |
| new_str = (char *)php_quot_print_encode((unsigned char *)str, (size_t)str_len, &new_str_len); | |
| + if (new_str_len > INT_MAX)) { | |
| + php_error_docref(NULL TSRMLS_CC, E_WARNING, "String too long, max length is %d", INT_MAX); | |
| + efree(new_str); | |
| + RETURN_FALSE; | |
| + } | |
| RETURN_STRINGL(new_str, new_str_len, 0); | |
| } | |
| /* }}} */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment