Skip to content

Instantly share code, notes, and snippets.

/72541.diff Secret
Created Jul 13, 2016

Embed
What would you like to do?
Patch for 72541
commit 2ca8d85dd4ac6d5f8c046f339f9636e3099b0f08
Author: Stanislav Malyshev <stas@php.net>
Date: Tue Jul 12 22:59:19 2016 -0700
Fix bug #72541 - size_t overflow lead to heap corruption
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 6a61641..7d085de 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -3595,6 +3595,10 @@ PHP_FUNCTION(curl_unescape)
RETURN_FALSE;
}
+ if (str_len > INT_MAX) {
+ RETURN_FALSE;
+ }
+
if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) {
RETVAL_STRINGL(out, out_len);
curl_free(out);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.