iliaa Mon, 23 Nov 2009 04:12:36 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=291172
Log: Extend the previously added large string concatenation validation Changed paths: U php/php-src/branches/PHP_5_2/Zend/zend_operators.c U php/php-src/branches/PHP_5_3/Zend/zend_operators.c Modified: php/php-src/branches/PHP_5_2/Zend/zend_operators.c =================================================================== --- php/php-src/branches/PHP_5_2/Zend/zend_operators.c 2009-11-23 04:11:01 UTC (rev 291171) +++ php/php-src/branches/PHP_5_2/Zend/zend_operators.c 2009-11-23 04:12:36 UTC (rev 291172) @@ -1203,7 +1203,7 @@ if (result==op1) { /* special case, perform operations on result */ uint res_len = op1->value.str.len + op2->value.str.len; - if (Z_STRLEN_P(result) < 0) { + if (Z_STRLEN_P(result) < 0 || (int) (Z_STRLEN_P(op1) + Z_STRLEN_P(op2)) < 0) { efree(Z_STRVAL_P(result)); ZVAL_EMPTY_STRING(result); zend_error(E_ERROR, "String size overflow"); Modified: php/php-src/branches/PHP_5_3/Zend/zend_operators.c =================================================================== --- php/php-src/branches/PHP_5_3/Zend/zend_operators.c 2009-11-23 04:11:01 UTC (rev 291171) +++ php/php-src/branches/PHP_5_3/Zend/zend_operators.c 2009-11-23 04:12:36 UTC (rev 291172) @@ -1227,7 +1227,7 @@ if (result==op1) { /* special case, perform operations on result */ uint res_len = Z_STRLEN_P(op1) + Z_STRLEN_P(op2); - if (Z_STRLEN_P(result) < 0) { + if (Z_STRLEN_P(result) < 0 || (int) (Z_STRLEN_P(op1) + Z_STRLEN_P(op2)) < 0) { efree(Z_STRVAL_P(result)); ZVAL_EMPTY_STRING(result); zend_error(E_ERROR, "String size overflow");
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php