Commit:    d44a3839861113dee10c7041d589096b82f23cc5
Author:    Felipe Pena <felipe...@gmail.com>         Sun, 29 Apr 2012 19:12:12 
-0300
Parents:   dc6d283b1c277c2c99a794d17a2e2540a9f2e60e
Branches:  PHP-5.3 PHP-5.4 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=d44a3839861113dee10c7041d589096b82f23cc5

Log:
- Added missing bound check in iptcparse() (path by chris at chiappa.net)

Changed paths:
  M  ext/standard/iptc.c


Diff:
diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c
index efd4e44..d1cf42f 100644
--- a/ext/standard/iptc.c
+++ b/ext/standard/iptc.c
@@ -342,13 +342,13 @@ PHP_FUNCTION(iptcparse)
                        len = (((unsigned short) buffer[ inx ])<<8) | (unsigned 
short)buffer[ inx+1 ];
                        inx += 2;
                }
-
-               snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, 
(unsigned int) recnum);
-
-               if ((len > str_len) || (inx + len) > str_len) {
+               
+               if ((len < 0) || (len > str_len) || (inx + len) > str_len) {
                        break;
                }
 
+               snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, 
(unsigned int) recnum);
+
                if (tagsfound == 0) { /* found the 1st tag - initialize the 
return array */
                        array_init(return_value);
                }


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to