iliaa Thu Dec 15 03:37:22 2005 EDT
Modified files: (Branch: PHP_4_4)
/php-src/ext/mbstring mbstring.c
Log:
MFH: Fixed possible memory corruption inside mb_strcut().
http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/mbstring.c?r1=1.142.2.47.2.5&r2=1.142.2.47.2.6&diff_format=u
Index: php-src/ext/mbstring/mbstring.c
diff -u php-src/ext/mbstring/mbstring.c:1.142.2.47.2.5
php-src/ext/mbstring/mbstring.c:1.142.2.47.2.6
--- php-src/ext/mbstring/mbstring.c:1.142.2.47.2.5 Mon Nov 21 23:21:19 2005
+++ php-src/ext/mbstring/mbstring.c Thu Dec 15 03:37:22 2005
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mbstring.c,v 1.142.2.47.2.5 2005/11/21 23:21:19 hirokawa Exp $ */
+/* $Id: mbstring.c,v 1.142.2.47.2.6 2005/12/15 03:37:22 iliaa Exp $ */
/*
* PHP4 Multibyte String module "mbstring"
@@ -2485,6 +2485,13 @@
}
}
+ if (from > Z_STRLEN_PP(arg1)) {
+ RETURN_FALSE;
+ }
+ if (((unsigned) from + (unsigned) len) > Z_STRLEN_PP(arg1)) {
+ len = Z_STRLEN_PP(arg1) - from;
+ }
+
ret = mbfl_strcut(&string, &result, from, len);
if (ret != NULL) {
RETVAL_STRINGL(ret->val, ret->len, 0); /* the string
is already strdup()'ed */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
