Skip to content

Instantly share code, notes, and snippets.

/72262.diff Secret
Created Jun 16, 2016

Embed
What would you like to do?
Patch for 72262
commit 7245bff300d3fa8bacbef7897ff080a6f1c23eba
Author: Stanislav Malyshev <stas@php.net>
Date: Wed Jun 15 21:58:26 2016 -0700
Fix bug #72262 - do not overflow int
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index e20a80a..7718fe4 100644
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -2872,6 +2872,10 @@ SPL_METHOD(SplFileObject, fread)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be greater than 0");
RETURN_FALSE;
}
+ if (length > INT_MAX) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length parameter must be no more than %d", INT_MAX);
+ RETURN_FALSE;
+ }
Z_STRVAL_P(return_value) = emalloc(length + 1);
Z_STRLEN_P(return_value) = php_stream_read(intern->u.file.stream, Z_STRVAL_P(return_value), length);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.