-
-
Save anonymous/6533bffdda9cabb14319103fa1c3aefb to your computer and use it in GitHub Desktop.
Patch for 72541
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 2ca8d85dd4ac6d5f8c046f339f9636e3099b0f08 | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Tue Jul 12 22:59:19 2016 -0700 | |
Fix bug #72541 - size_t overflow lead to heap corruption | |
diff --git a/ext/curl/interface.c b/ext/curl/interface.c | |
index 6a61641..7d085de 100644 | |
--- a/ext/curl/interface.c | |
+++ b/ext/curl/interface.c | |
@@ -3595,6 +3595,10 @@ PHP_FUNCTION(curl_unescape) | |
RETURN_FALSE; | |
} | |
+ if (str_len > INT_MAX) { | |
+ RETURN_FALSE; | |
+ } | |
+ | |
if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) { | |
RETVAL_STRINGL(out, out_len); | |
curl_free(out); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment