Skip to content

Instantly share code, notes, and snippets.

/72262.diff Secret

Created June 16, 2016 05:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/8614d3d2afaf85b1fa6acb93a5bfff49 to your computer and use it in GitHub Desktop.
Save anonymous/8614d3d2afaf85b1fa6acb93a5bfff49 to your computer and use it in GitHub Desktop.
Download ZIP
Patch for 72262
Raw
72262.diff
commit 7245bff300d3fa8bacbef7897ff080a6f1c23eba
Author: Stanislav Malyshev <stas@php.net>
Date: Wed Jun 15 21:58:26 2016 -0700
Fix bug #72262 - do not overflow int
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index e20a80a..7718fe4 100644
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -2872,6 +2872,10 @@ SPL_METHOD(SplFileObject, fread)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be greater than 0");
RETURN_FALSE;
}
+ if (length > INT_MAX) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
+ RETURN_FALSE;
+ }
Z_STRVAL_P(return_value) = emalloc(length + 1);
Z_STRLEN_P(return_value) = php_stream_read(intern->u.file.stream, Z_STRVAL_P(return_value), length);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment