/0001-Fix-78875-Long-filenames-cause-OOM-and-temp-files-ar.patch Secret
Created Mar 18, 2020
PHP bug #78875
From 8e8990b69bd90e9292e944a597c13a592813d92c Mon Sep 17 00:00:00 2001 | |
From: "Christoph M. Becker" <cmbecker69@gmx.de> | |
Date: Wed, 18 Mar 2020 10:26:53 +0100 | |
Subject: [PATCH] Fix #78875: Long filenames cause OOM and temp files are not | |
cleaned | |
We must not cast `size_t` to `int` (unless the `size_t` value is | |
guaranteed to be less than or equal to `INT_MAX`). In this case we can | |
declare `array_len` as `size_t` in the first place. | |
--- | |
main/rfc1867.c | 5 +++-- | |
1 file changed, 3 insertions(+), 2 deletions(-) | |
diff --git a/main/rfc1867.c b/main/rfc1867.c | |
index 8a8e335ef4..617a94d0ef 100644 | |
--- a/main/rfc1867.c | |
+++ b/main/rfc1867.c | |
@@ -690,7 +690,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ | |
char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL; | |
char *lbuf = NULL, *abuf = NULL; | |
zend_string *temp_filename = NULL; | |
- int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; | |
+ int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0; | |
+ size_t array_len = 0; | |
int64_t total_bytes = 0, max_file_size = 0; | |
int skip_upload = 0, anonindex = 0, is_anonymous; | |
HashTable *uploaded_files = NULL; | |
@@ -1124,7 +1125,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ | |
is_arr_upload = (start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']'); | |
if (is_arr_upload) { | |
- array_len = (int)strlen(start_arr); | |
+ array_len = strlen(start_arr); | |
if (array_index) { | |
efree(array_index); | |
} | |
-- | |
2.25.1.windows.1 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment