You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

25 lines
845 B

Index: php5-5.4.45/Zend/zend_operators.c
===================================================================
--- php5-5.4.45.orig/Zend/zend_operators.c 2016-06-19 11:35:10.000000000 +0200
+++ php5-5.4.45/Zend/zend_operators.c 2016-06-19 11:35:10.000000000 +0200
@@ -1199,6 +1199,10 @@
int length = Z_STRLEN_P(op1) + 1;
char *buf;
+ if (UNEXPECTED(length < 0)) {
+ zend_error(E_ERROR, "String size overflow");
+ }
+
if (IS_INTERNED(Z_STRVAL_P(op1))) {
buf = (char *) emalloc(length + 1);
memcpy(buf, Z_STRVAL_P(op1), Z_STRLEN_P(op1));
@@ -1218,6 +1222,9 @@
int length = Z_STRLEN_P(op1) + Z_STRLEN_P(op2);
char *buf;
+ if (UNEXPECTED(length < 0)) {
+ zend_error(E_ERROR, "String size overflow");
+ }
if (IS_INTERNED(Z_STRVAL_P(op1))) {
buf = (char *) emalloc(length+1);
memcpy(buf, Z_STRVAL_P(op1), Z_STRLEN_P(op1));