On Tue, Dec 10, 2013 at 1:41 PM, Anatol Belski <a...@php.net> wrote: > Commit: a697297f5f328442994c6321c9661d1351036c4e > Author: Anatol Belski <a...@php.net> Tue, 10 Dec 2013 13:41:49 > +0100 > Parents: 5acc0c0c5bf5afbd2b103a99adf51539874ccc48 > Branches: str_size_and_int64 > > Link: > http://git.php.net/?p=php-src.git;a=commitdiff;h=a697297f5f328442994c6321c9661d1351036c4e > > Log: > more range checks for ext/tidy > > Changed paths: > M ext/tidy/tidy.c > > > Diff: > diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c > index 94daef4..69cd19e 100644 > --- a/ext/tidy/tidy.c > +++ b/ext/tidy/tidy.c > @@ -604,6 +604,11 @@ static void > php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_fil > if (data) { > TidyBuffer buf; > > + if (data_len > UINT_MAX) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input > data is too long"); > + RETVAL_FALSE; > + } >
RETVAL over RETURN intentional? Nikita