On Tue, Dec 10, 2013 at 1:41 PM, Anatol Belski <a...@php.net> wrote:

> Commit:    a697297f5f328442994c6321c9661d1351036c4e
> Author:    Anatol Belski <a...@php.net>         Tue, 10 Dec 2013 13:41:49
> +0100
> Parents:   5acc0c0c5bf5afbd2b103a99adf51539874ccc48
> Branches:  str_size_and_int64
>
> Link:
> http://git.php.net/?p=php-src.git;a=commitdiff;h=a697297f5f328442994c6321c9661d1351036c4e
>
> Log:
> more range checks for ext/tidy
>
> Changed paths:
>   M  ext/tidy/tidy.c
>
>
> Diff:
> diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c
> index 94daef4..69cd19e 100644
> --- a/ext/tidy/tidy.c
> +++ b/ext/tidy/tidy.c
> @@ -604,6 +604,11 @@ static void
> php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_fil
>         if (data) {
>                 TidyBuffer buf;
>
> +               if (data_len > UINT_MAX) {
> +                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input
> data is too long");
> +                       RETVAL_FALSE;
> +               }
>

RETVAL over RETURN intentional?

Nikita

Reply via email to