On Tue, December 10, 2013 13:55, Nikita Popov wrote: > On Tue, Dec 10, 2013 at 1:41 PM, Anatol Belski <a...@php.net> wrote: > > >> Commit: a697297f5f328442994c6321c9661d1351036c4e >> Author: Anatol Belski <a...@php.net> Tue, 10 Dec 2013 13:41:49 >> +0100 >> Parents: 5acc0c0c5bf5afbd2b103a99adf51539874ccc48 >> Branches: str_size_and_int64 >> >> >> Link: >> http://git.php.net/?p=php-src.git;a=commitdiff;h=a697297f5f328442994c632 >> 1c9661d1351036c4e >> >> >> Log: >> more range checks for ext/tidy >> >> Changed paths: >> M ext/tidy/tidy.c >> >> >> >> Diff: >> diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c index 94daef4..69cd19e >> 100644 >> --- a/ext/tidy/tidy.c >> +++ b/ext/tidy/tidy.c >> @@ -604,6 +604,11 @@ static void >> php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_fil if >> (data) { >> TidyBuffer buf; >> >> >> + if (data_len > UINT_MAX) { >> + php_error_docref(NULL TSRMLS_CC, E_WARNING, >> "Input >> data is too long"); + RETVAL_FALSE; >> + } >> >> > > RETVAL over RETURN intentional? > > > Nikita > >
uups, of course not. Thanks for keeping eye on that :) Regards anatol -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php