Skip to content

Instantly share code, notes, and snippets.

/overflow2.diff Secret
Created Sep 5, 2016

Embed
What would you like to do?
Patch for overflow2
commit aec5ab899f9de6cf11ded9c77b649b34f5fcb643
Author: Stanislav Malyshev <stas@php.net>
Date: Sun Sep 4 22:18:19 2016 -0700
Add more checks for int overflow
diff --git a/ext/recode/recode.c b/ext/recode/recode.c
index 7d141e7..cde03aa 100644
--- a/ext/recode/recode.c
+++ b/ext/recode/recode.c
@@ -171,7 +171,7 @@ PHP_FUNCTION(recode_string)
error_exit:
RETVAL_FALSE;
} else {
- RETVAL_STRINGL(r, r_len, 1);
+ RETVAL_STRINGL_CHECK(r, r_len, 1);
free(r);
}
diff --git a/ext/standard/file.c b/ext/standard/file.c
index f3b6df1..440276a 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1040,7 +1040,7 @@ PHPAPI PHP_FUNCTION(fgets)
}
}
- ZVAL_STRINGL(return_value, buf, line_len, 0);
+ RETVAL_STRINGL_CHECK(buf, line_len, 0);
/* resize buffer if it's much larger than the result.
* Only needed if the user requested a buffer size. */
if (argc > 1 && Z_STRLEN_P(return_value) < len / 2) {
@@ -1124,7 +1124,7 @@ PHPAPI PHP_FUNCTION(fgetss)
retval_len = php_strip_tags(retval, actual_len, &stream->fgetss_state, allowed_tags, allowed_tags_len);
- RETURN_STRINGL(retval, retval_len, 0);
+ RETVAL_STRINGL_CHECK(retval, retval_len, 0);
}
/* }}} */
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.