ID: 15849
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Open
+Status: Closed
Bug Type: Unknown/Other Function
PHP Version: 4.1.2
New Comment:
Yes, you're right and this has already been fixed.
Previous Comments:
------------------------------------------------------------------------
[2002-03-03 17:11:03] [EMAIL PROTECTED]
The following was found by source code inspection:
You can't add 1 to the result of a memchr() and then
still expect to be able to check for a NULL result.
Regards,
Wolfram.
--- php4-4.1.2/main/rfc1867.c.orig Thu Feb 21 19:46:45 2002
+++ php4-4.1.2/main/rfc1867.c Sun Mar 3 22:11:42 2002
@@ -162,15 +162,15 @@
SAFE_RETURN;
}
/* some other headerfield
found, skip it
*/
- loc = (char *) memchr(ptr,
'\n', rem)+1;
+ loc = (char *) memchr(ptr,
'\n', rem);
if (!loc) {
/* broken */
php_error(E_WARNING,
"File Uploa
d Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr +
2), *(ptr +
3), *(ptr + 4));
SAFE_RETURN;
}
- while (*loc == ' ' || *loc ==
'\t') {
+ while (*++loc == ' ' || *loc ==
'\t') {
/* other field is
folded, skip i
t */
- loc = (char *)
memchr(loc, '\n',
rem-(loc-ptr))+1;
+ loc = (char *)
memchr(loc, '\n',
rem-(loc-ptr));
if (!loc) {
/* broken */
php_error(E_WARNING, "Fi
le Upload Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1),
*(ptr + 2),
*(ptr + 3), *(ptr + 4));
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15849&edit=1
