Skip to content

Instantly share code, notes, and snippets.

/72275.diff Secret
Created Jun 14, 2016

Embed
What would you like to do?
Patch for 72275
commit f64a911775186f14463155aa4d72c254f72a4a19
Author: Stanislav Malyshev <stas@php.net>
Date: Mon Jun 13 23:12:47 2016 -0700
Fix bug #72275: don't allow smart_str to overflow int
diff --git a/ext/standard/php_smart_str.h b/ext/standard/php_smart_str.h
index 1872fa8..9ba08fb 100644
--- a/ext/standard/php_smart_str.h
+++ b/ext/standard/php_smart_str.h
@@ -63,6 +63,9 @@
newlen = (d)->len + (n); \
if (newlen >= (d)->a) { \
(d)->a = newlen + SMART_STR_PREALLOC; \
+ if (UNEXPECTED((d)->a > INT_MAX)) { \
+ zend_error(E_ERROR, "String size overflow"); \
+ } \
SMART_STR_DO_REALLOC(d, what); \
} \
} \
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.