summaryrefslogtreecommitdiffstats
path: root/bug72275.patch
diff options
context:
space:
mode:
Diffstat (limited to 'bug72275.patch')
-rw-r--r--bug72275.patch59
1 files changed, 59 insertions, 0 deletions
diff --git a/bug72275.patch b/bug72275.patch
new file mode 100644
index 0000000..d28651e
--- /dev/null
+++ b/bug72275.patch
@@ -0,0 +1,59 @@
+Backported from 5.5.37 for 5.4 by Remi Collet
+
+
+From 489fd56fe37bf40a662931c2b4d5baa918f13e37 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 13 Jun 2016 23:12:47 -0700
+Subject: [PATCH] Fix bug #72275: don't allow smart_str to overflow int
+
+---
+ ext/standard/php_smart_str.h | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/ext/standard/php_smart_str.h b/ext/standard/php_smart_str.h
+index 1872fa8..fc1a753 100644
+--- a/ext/standard/php_smart_str.h
++++ b/ext/standard/php_smart_str.h
+@@ -63,6 +63,9 @@
+ newlen = (d)->len + (n); \
+ if (newlen >= (d)->a) { \
+ (d)->a = newlen + SMART_STR_PREALLOC; \
++ if (UNEXPECTED((d)->a >= INT_MAX)) { \
++ zend_error(E_ERROR, "String size overflow"); \
++ } \
+ SMART_STR_DO_REALLOC(d, what); \
+ } \
+ } \
+@@ -148,17 +151,17 @@
+ * for GCC compatible compilers, e.g.
+ *
+ * #define f(..) ({char *r;..;__r;})
+- */
+-
++ */
++
+ static inline char *smart_str_print_long(char *buf, long num) {
+- char *r;
+- smart_str_print_long4(buf, num, unsigned long, r);
++ char *r;
++ smart_str_print_long4(buf, num, unsigned long, r);
+ return r;
+ }
+
+ static inline char *smart_str_print_unsigned(char *buf, long num) {
+- char *r;
+- smart_str_print_unsigned4(buf, num, unsigned long, r);
++ char *r;
++ smart_str_print_unsigned4(buf, num, unsigned long, r);
+ return r;
+ }
+
+@@ -168,7 +171,7 @@ static inline char *smart_str_print_unsigned(char *buf, long num) {
+ smart_str_print##func##4 (__b + sizeof(__b) - 1, (num), vartype, __t); \
+ smart_str_appendl_ex((dest), __t, __b + sizeof(__b) - 1 - __t, (type)); \
+ } while (0)
+-
++
+ #define smart_str_append_unsigned_ex(dest, num, type) \
+ smart_str_append_generic_ex((dest), (num), (type), unsigned long, _unsigned)
+