smalyshev/gist:498c26052eb24b763888cf0fce5decd5 Secret

## gistfile1.txt
commit d4f58f35c369e5831fad27401cd9fe0d5aef62d5
Author: Stanislav Malyshev <stas@php.net>
Date:   Tue Jan 1 17:15:20 2019 -0800

    Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)

diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c
index 5ebdf31f7a..a4fa19327b 100644
--- a/ext/xmlrpc/libxmlrpc/base64.c
+++ b/ext/xmlrpc/libxmlrpc/base64.c
@@ -77,7 +77,7 @@ void base64_encode_xmlrpc(struct buffer_st *b, const char *source, int length)

   while (!hiteof) {
     unsigned char igroup[3], ogroup[4];
-    int c, n;
+	int c, n;

     igroup[0] = igroup[1] = igroup[2] = 0;
     for (n = 0; n < 3; n++) {
@@ -169,7 +169,7 @@ void base64_decode_xmlrpc(struct buffer_st *bfr, const char *source, int length)
 		return;
 	    }

-	    if (dtable[c] & 0x80) {
+	    if (dtable[(unsigned char)c] & 0x80) {
 	      /*
 	      fprintf(stderr, "Offset %i length %i\n", offset, length);
 	      fprintf(stderr, "character '%c:%x:%c' in input file.\n", c, c, dtable[c]);
diff --git a/ext/xmlrpc/tests/bug77380.phpt b/ext/xmlrpc/tests/bug77380.phpt
new file mode 100644
index 0000000000..8559c07a5a
--- /dev/null
+++ b/ext/xmlrpc/tests/bug77380.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #77380 (Global out of bounds read in xmlrpc base64 code)
+--SKIPIF--
+<?php
+if (!extension_loaded("xmlrpc")) print "skip";
+?>
+--FILE--
+<?php
+var_dump(xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo=")));
+?>
+--EXPECT--
+object(stdClass)#1 (2) {
+  ["scalar"]=>
+  string(0) ""
+  ["xmlrpc_type"]=>
+  string(6) "base64"
+}
	commit d4f58f35c369e5831fad27401cd9fe0d5aef62d5
	Author: Stanislav Malyshev <stas@php.net>
	Date: Tue Jan 1 17:15:20 2019 -0800

	Fix bug #77380 (Global out of bounds read in xmlrpc base64 code)

	diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c
	index 5ebdf31f7a..a4fa19327b 100644
	--- a/ext/xmlrpc/libxmlrpc/base64.c
	+++ b/ext/xmlrpc/libxmlrpc/base64.c
	@@ -77,7 +77,7 @@ void base64_encode_xmlrpc(struct buffer_st b, const char source, int length)

	while (!hiteof) {
	unsigned char igroup[3], ogroup[4];
	- int c, n;
	+ int c, n;

	igroup[0] = igroup[1] = igroup[2] = 0;
	for (n = 0; n < 3; n++) {
	@@ -169,7 +169,7 @@ void base64_decode_xmlrpc(struct buffer_st bfr, const char source, int length)
	return;
	}

	- if (dtable[c] & 0x80) {
	+ if (dtable[(unsigned char)c] & 0x80) {
	/*
	fprintf(stderr, "Offset %i length %i\n", offset, length);
	fprintf(stderr, "character '%c:%x:%c' in input file.\n", c, c, dtable[c]);
	diff --git a/ext/xmlrpc/tests/bug77380.phpt b/ext/xmlrpc/tests/bug77380.phpt
	new file mode 100644
	index 0000000000..8559c07a5a
	--- /dev/null
	+++ b/ext/xmlrpc/tests/bug77380.phpt
	@@ -0,0 +1,17 @@
	+--TEST--
	+Bug #77380 (Global out of bounds read in xmlrpc base64 code)
	+--SKIPIF--
	+<?php
	+if (!extension_loaded("xmlrpc")) print "skip";
	+?>
	+--FILE--
	+<?php
	+var_dump(xmlrpc_decode(base64_decode("PGJhc2U2ND7CkzwvYmFzZTY0Pgo=")));
	+?>
	+--EXPECT--
	+object(stdClass)#1 (2) {
	+ ["scalar"]=>
	+ string(0) ""
	+ ["xmlrpc_type"]=>
	+ string(6) "base64"
	+}