cmb69/.diff Secret

## .diff
 ext/mbstring/libmbfl/filters/mbfilter_big5.c |  4 +++-
 ext/mbstring/tests/bug79037.phpt             | 14 ++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/ext/mbstring/libmbfl/filters/mbfilter_big5.c b/ext/mbstring/libmbfl/filters/mbfilter_big5.c
index 0fc57d62b1..afacb218f7 100644
--- a/ext/mbstring/libmbfl/filters/mbfilter_big5.c
+++ b/ext/mbstring/libmbfl/filters/mbfilter_big5.c
@@ -208,7 +208,9 @@ mbfl_filt_conv_big5_wchar(int c, mbfl_convert_filter *filter)
 							break;
 						}
 					}
-
+					if (k >= sizeof(cp950_pua_tbl)/(sizeof(unsigned short)*4)) {
+						return (-1);
+					}
 					if ((cp950_pua_tbl[k][2] & 0xff) == 0x40) {
 						w = 157*(c1 - (cp950_pua_tbl[k][2]>>8)) + c - (c >= 0xa1 ? 0x62 : 0x40)
 							+ cp950_pua_tbl[k][0];
diff --git a/ext/mbstring/tests/bug79037.phpt b/ext/mbstring/tests/bug79037.phpt
new file mode 100644
index 0000000000..4a1931b124
--- /dev/null
+++ b/ext/mbstring/tests/bug79037.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
+--SKIPIF--
+<?php
+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
+?>
+--FILE--
+<?php
+$string = 'uVVDUy3/KT0/Q1A5NTA/cT////////////////+sIT0/P3E6/////6y8vOTkPz8dc3Nzc3Nzc3Nzc3Fzc9Vzy/X1kjIwMjItSlAtMjAwND9xP3G4uNHtPz8/Pz/tve287ay8AQdKPT9VVEYtMTY/cT8/P97e0dHR//8kGyQoUCT/////JBskKLi4PwgI2v7eON7ePdbe3t7e3t5oaGFuvLzgPwpxuTe5ubwhPT9IWi1BU0NJST8/Pz+BgUkBHJY/Uy1TSkltYWM/cT8KIbycIT0/QZvYPzhDSQEcliqBgYGBgYGBgYF8gYH//////8DAwMDAwCQbJEBKSko6dGNpPd7e3iowMDAwMDAwMDAwMD09PT09PT09KD3e3pTe3t7IyLy8vNq8PT09PT09PT09PT09PT05PT09PT09PUJU////X19DMDA9PT05PT09PT09PUJU////X19DsDAwMdnZ2dnZ2XMyIT0/RVVDP3E/2dkyNTc52tnZ2dnZ2dnZ2dnZ2bnZ2dk2NjcyLy8vLy8vL///////////////////////i4uLi4uLi///3t7e3t4bKEhKSkovLy8vLy8vL2ltZf9GueCPO49udI/x4C0yfuT//////yQk//87/Ly8vD09MDAwMdnZ2TtVVD0hPT9DUDUwMjIwP3E/Pz+5QxsoSkpK/////////xSCSgoKCv//vLzyg6+18uG8vLzyvOHhvLwvLy89PT2APYA9QkpKSjopLy8g4LnAuMDAwDvAwGVlvr6f/8BlZbycIUFqampqampqwCfAwMDAwJn///+8vLy8vLy8vLy8vLy87bxJU7y87b1DvO28vLy8vLy8vLy8vLy8vLxEMbmsIT0/SdNtdHRsPT9TSklTLW1hYz9xPwohTdTCU08tODg1OS0xMz9xP21lcmdlXwMb/8pwjzuPbnSP8eAtMn7k//////8kJP//O/y8vLw9PTAwMDHZ2dk7VVQ9IT0/Q1A1MDIyMD9xPz8/uUMbKEpKSv////////8UgkoKCgr//7y88oOvtfLhvLy88rzh4by8Ly8vPT09gD2APUJKSko6KS8vIOC5wLjAwMA7wMBlZb6+n//AZWW8nCFBampqampqasAnwMDAwMCZ////vLy8vLy8vLy8vLy8vO28SVO8vO29Q7ztvLy8vLy8vLy8vLy8vLy8RDG5rCE9P0lTTy04ODU5LTEzP3E/bWVyZ2VfAxv/ynByaW50X2luYWxfc3RhdHNnZ2c/Pz8/P8LAPVM/cT8gICD/////ID87///////////////ExMTEIcTExMTExMTExMTExMTEIbycIT0/QVJNU0NJSTg/Yj8/Pz8oPz+8YLy8vJxlcjRyb0knP2I/IT8/oKCgoKCgoKCgoKCgoKCgoCugoKCgoKCgoKCgoF9lY21lcmdlKcBlZbycIUFqampqampqwMDAwMDAwJn///+8vLy8vCG8vLzgvOC88fH//////3yBgYGBgYGBgYGBgYE/QYGBgZKBO4GSkkGBkmVyvJeBgYGBgfT0Vf//+/9JKG1fY29udGw/cT0/U0pJUzhDSQEclj9TSklTLW1hSUlJSUlJSUlJSUlJSShJSUlJSUnR0dHR0dHR0dHR0SG8nCE9P0FSTVNDP1UhPT9BgYGBkpJURv+SkvRV////yM/Pz8/Pz8/P3t5KSkov4Q==';
+mb_decode_mimeheader(base64_decode($string));
+echo "done\n";
+?>
+--EXPECT--
+done
	ext/mbstring/libmbfl/filters/mbfilter_big5.c \| 4 +++-
	ext/mbstring/tests/bug79037.phpt \| 14 ++++++++++++++
	2 files changed, 17 insertions(+), 1 deletion(-)

	diff --git a/ext/mbstring/libmbfl/filters/mbfilter_big5.c b/ext/mbstring/libmbfl/filters/mbfilter_big5.c
	index 0fc57d62b1..afacb218f7 100644
	--- a/ext/mbstring/libmbfl/filters/mbfilter_big5.c
	+++ b/ext/mbstring/libmbfl/filters/mbfilter_big5.c
	@@ -208,7 +208,9 @@ mbfl_filt_conv_big5_wchar(int c, mbfl_convert_filter *filter)
	break;
	}
	}
	-
	+ if (k >= sizeof(cp950_pua_tbl)/(sizeof(unsigned short)*4)) {
	+ return (-1);
	+ }
	if ((cp950_pua_tbl[k][2] & 0xff) == 0x40) {
	w = 157*(c1 - (cp950_pua_tbl[k][2]>>8)) + c - (c >= 0xa1 ? 0x62 : 0x40)
	+ cp950_pua_tbl[k][0];
	diff --git a/ext/mbstring/tests/bug79037.phpt b/ext/mbstring/tests/bug79037.phpt
	new file mode 100644
	index 0000000000..4a1931b124
	--- /dev/null
	+++ b/ext/mbstring/tests/bug79037.phpt
	@@ -0,0 +1,14 @@
	+--TEST--
	+Bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`)
	+--SKIPIF--
	+<?php
	+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
	+?>
	+--FILE--
	+<?php
	+$string = 'uVVDUy3/KT0/Q1A5NTA/cT////////////////+sIT0/P3E6/////6y8vOTkPz8dc3Nzc3Nzc3Nzc3Fzc9Vzy/X1kjIwMjItSlAtMjAwND9xP3G4uNHtPz8/Pz/tve287ay8AQdKPT9VVEYtMTY/cT8/P97e0dHR//8kGyQoUCT/////JBskKLi4PwgI2v7eON7ePdbe3t7e3t5oaGFuvLzgPwpxuTe5ubwhPT9IWi1BU0NJST8/Pz+BgUkBHJY/Uy1TSkltYWM/cT8KIbycIT0/QZvYPzhDSQEcliqBgYGBgYGBgYF8gYH//////8DAwMDAwCQbJEBKSko6dGNpPd7e3iowMDAwMDAwMDAwMD09PT09PT09KD3e3pTe3t7IyLy8vNq8PT09PT09PT09PT09PT05PT09PT09PUJU////X19DMDA9PT05PT09PT09PUJU////X19DsDAwMdnZ2dnZ2XMyIT0/RVVDP3E/2dkyNTc52tnZ2dnZ2dnZ2dnZ2bnZ2dk2NjcyLy8vLy8vL///////////////////////i4uLi4uLi///3t7e3t4bKEhKSkovLy8vLy8vL2ltZf9GueCPO49udI/x4C0yfuT//////yQk//87/Ly8vD09MDAwMdnZ2TtVVD0hPT9DUDUwMjIwP3E/Pz+5QxsoSkpK/////////xSCSgoKCv//vLzyg6+18uG8vLzyvOHhvLwvLy89PT2APYA9QkpKSjopLy8g4LnAuMDAwDvAwGVlvr6f/8BlZbycIUFqampqampqwCfAwMDAwJn///+8vLy8vLy8vLy8vLy87bxJU7y87b1DvO28vLy8vLy8vLy8vLy8vLxEMbmsIT0/SdNtdHRsPT9TSklTLW1hYz9xPwohTdTCU08tODg1OS0xMz9xP21lcmdlXwMb/8pwjzuPbnSP8eAtMn7k//////8kJP//O/y8vLw9PTAwMDHZ2dk7VVQ9IT0/Q1A1MDIyMD9xPz8/uUMbKEpKSv////////8UgkoKCgr//7y88oOvtfLhvLy88rzh4by8Ly8vPT09gD2APUJKSko6KS8vIOC5wLjAwMA7wMBlZb6+n//AZWW8nCFBampqampqasAnwMDAwMCZ////vLy8vLy8vLy8vLy8vO28SVO8vO29Q7ztvLy8vLy8vLy8vLy8vLy8RDG5rCE9P0lTTy04ODU5LTEzP3E/bWVyZ2VfAxv/ynByaW50X2luYWxfc3RhdHNnZ2c/Pz8/P8LAPVM/cT8gICD/////ID87///////////////ExMTEIcTExMTExMTExMTExMTEIbycIT0/QVJNU0NJSTg/Yj8/Pz8oPz+8YLy8vJxlcjRyb0knP2I/IT8/oKCgoKCgoKCgoKCgoKCgoCugoKCgoKCgoKCgoF9lY21lcmdlKcBlZbycIUFqampqampqwMDAwMDAwJn///+8vLy8vCG8vLzgvOC88fH//////3yBgYGBgYGBgYGBgYE/QYGBgZKBO4GSkkGBkmVyvJeBgYGBgfT0Vf//+/9JKG1fY29udGw/cT0/U0pJUzhDSQEclj9TSklTLW1hSUlJSUlJSUlJSUlJSShJSUlJSUnR0dHR0dHR0dHR0SG8nCE9P0FSTVNDP1UhPT9BgYGBkpJURv+SkvRV////yM/Pz8/Pz8/P3t5KSkov4Q==';
	+mb_decode_mimeheader(base64_decode($string));
	+echo "done\n";
	+?>
	+--EXPECT--
	+done