[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/shmop/shmop.c trunk/ext/shmop/shmop.c

Tue, 08 Mar 2011 05:11:36 -0800 

felipe                                   Tue, 08 Mar 2011 13:11:14 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=309018

Log:
- Fixed bug #54193 (Integer overflow in shmop_read())

Bug: http://bugs.php.net/54193 (error getting bug information)
      
Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/shmop/shmop.c
    U   php/php-src/trunk/ext/shmop/shmop.c

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-03-08 12:58:22 UTC (rev 309017)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-03-08 13:11:14 UTC (rev 309018)
@@ -1,6 +1,8 @@
 PHP                                                                        
NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2011, PHP 5.3.6
+- Shmop extension:
+  . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)

 03 Mar 2011, PHP 5.3.6RC2
 - Zend Engine:

Modified: php/php-src/branches/PHP_5_3/ext/shmop/shmop.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/shmop/shmop.c      2011-03-08 12:58:22 UTC 
(rev 309017)
+++ php/php-src/branches/PHP_5_3/ext/shmop/shmop.c      2011-03-08 13:11:14 UTC 
(rev 309018)
@@ -256,7 +256,7 @@
                RETURN_FALSE;
        }

-       if (start + count > shmop->size || count < 0) {
+       if (count < 0 || start > (INT_MAX - count) || start + count > 
shmop->size) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of 
range");
                RETURN_FALSE;
        }

Modified: php/php-src/trunk/ext/shmop/shmop.c
===================================================================
--- php/php-src/trunk/ext/shmop/shmop.c 2011-03-08 12:58:22 UTC (rev 309017)
+++ php/php-src/trunk/ext/shmop/shmop.c 2011-03-08 13:11:14 UTC (rev 309018)
@@ -256,7 +256,7 @@
                RETURN_FALSE;
        }

-       if (start + count > shmop->size || count < 0) {
+       if (count < 0 || start > (INT_MAX - count) || start + count > 
shmop->size) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of 
range");
                RETURN_FALSE;
        }


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to