Commit: d44a3839861113dee10c7041d589096b82f23cc5 Author: Felipe Pena <[email protected]> Sun, 29 Apr 2012 19:12:12 -0300 Parents: dc6d283b1c277c2c99a794d17a2e2540a9f2e60e Branches: PHP-5.3 PHP-5.4 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=d44a3839861113dee10c7041d589096b82f23cc5 Log: - Added missing bound check in iptcparse() (path by chris at chiappa.net) Changed paths: M ext/standard/iptc.c Diff: diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c index efd4e44..d1cf42f 100644 --- a/ext/standard/iptc.c +++ b/ext/standard/iptc.c @@ -342,13 +342,13 @@ PHP_FUNCTION(iptcparse) len = (((unsigned short) buffer[ inx ])<<8) | (unsigned short)buffer[ inx+1 ]; inx += 2; } - - snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, (unsigned int) recnum); - - if ((len > str_len) || (inx + len) > str_len) { + + if ((len < 0) || (len > str_len) || (inx + len) > str_len) { break; } + snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, (unsigned int) recnum); + if (tagsfound == 0) { /* found the 1st tag - initialize the return array */ array_init(return_value); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
