diff options
Diffstat (limited to 'bug72849.patch')
-rw-r--r-- | bug72849.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/bug72849.patch b/bug72849.patch new file mode 100644 index 0000000..f2cd26f --- /dev/null +++ b/bug72849.patch @@ -0,0 +1,51 @@ +Backported from 5.6.25 by Remi. + +From dc223e524d640167c0f12e942eb52cabd6f89ee4 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Tue, 16 Aug 2016 15:58:05 -0700 +Subject: [PATCH] Fixed bug #72849 - integer overflow in urlencode + +--- + ext/standard/url.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/ext/standard/url.c b/ext/standard/url.c +index 4b52000..8e471e1 100644 +--- a/ext/standard/url.c ++++ b/ext/standard/url.c +@@ -520,6 +520,12 @@ PHPAPI char *php_url_encode(char const *s, int len, int *new_length) + *to++ = c; + } + } ++ ++ if ((to-start) > INT_MAX) { ++ /* E_ERROR since most clients won't check for error, and this is rather rare condition */ ++ php_error_docref(NULL TSRMLS_CC, E_ERROR, "String overflow, max length is %d", INT_MAX); ++ } ++ + *to = 0; + if (new_length) { + *new_length = to - start; + +From f01446dacf3eeab888b500115f0d71df7918c353 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Tue, 16 Aug 2016 16:34:35 -0700 +Subject: [PATCH] Fix TSRM build + +--- + ext/standard/base64.c | 1 + + ext/standard/url.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/ext/standard/url.c b/ext/standard/url.c +index 8e471e1..dd861a5 100644 +--- a/ext/standard/url.c ++++ b/ext/standard/url.c +@@ -522,6 +522,7 @@ PHPAPI char *php_url_encode(char const *s, int len, int *new_length) + } + + if ((to-start) > INT_MAX) { ++ TSRMLS_FETCH(); + /* E_ERROR since most clients won't check for error, and this is rather rare condition */ + php_error_docref(NULL TSRMLS_CC, E_ERROR, "String overflow, max length is %d", INT_MAX); + } |