Skip to content

Instantly share code, notes, and snippets.

/72849.diff Secret
Created Aug 16, 2016

Embed
What would you like to do?
Patch for 72849
commit 4e4934f83e2dc03874ca93df840e733b739a0703
Author: Stanislav Malyshev <stas@php.net>
Date: Tue Aug 16 15:58:05 2016 -0700
Fixed bug #72849 - integer overflow in urlencode
diff --git a/ext/standard/url.c b/ext/standard/url.c
index 4b52000..8e471e1 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -520,6 +520,12 @@ PHPAPI char *php_url_encode(char const *s, int len, int *new_length)
*to++ = c;
}
}
+
+ if ((to-start) > INT_MAX) {
+ /* E_ERROR since most clients won't check for error, and this is rather rare condition */
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "String overflow, max length is %d", INT_MAX);
+ }
+
*to = 0;
if (new_length) {
*new_length = to - start;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.