strings explode_bug.phpt Zend zend_multibyte.c

Derick Rethans Wed, 06 Aug 2008 01:09:22 -0700

derick          Wed Aug  6 08:09:07 2008 UTC

  Added files:                 (Branch: PHP_4_4)
    /php-src/ext/standard/tests/strings explode_bug.phpt


  Modified files:              
    /php-src    NEWS 
    /Zend       zend_multibyte.c 
    /php-src/ext/standard       php_string.h 
  Log:
  - MFH (manually): Fixed overflow in memnstr().
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.253&r2=1.1247.2.920.2.254&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.253 php-src/NEWS:1.1247.2.920.2.254
--- php-src/NEWS:1.1247.2.920.2.253     Tue Jul 22 07:38:38 2008
+++ php-src/NEWS        Wed Aug  6 08:09:06 2008
@@ -1,6 +1,7 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Aug 2008, Version 4.4.9
+- Fixed overflow in memnstr(). (Reported by Laurent Gaffie, Derick)
        
 22 Jul 2008, Version 4.4.9RC1
 - Updated PCRE to version 7.7. (Nuno)
http://cvs.php.net/viewvc.cgi/Zend/zend_multibyte.c?r1=1.4.2.1.8.2&r2=1.4.2.1.8.3&diff_format=u
Index: Zend/zend_multibyte.c
diff -u Zend/zend_multibyte.c:1.4.2.1.8.2 Zend/zend_multibyte.c:1.4.2.1.8.3
--- Zend/zend_multibyte.c:1.4.2.1.8.2   Sun Jan  1 13:46:49 2006
+++ Zend/zend_multibyte.c       Wed Aug  6 08:09:07 2008
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
 */
 
-/*     $Id: zend_multibyte.c,v 1.4.2.1.8.2 2006/01/01 13:46:49 sniper Exp $ */
+/*     $Id: zend_multibyte.c,v 1.4.2.1.8.3 2008/08/06 08:09:07 derick Exp $ */
 
 #include "zend.h"
 #include "zend_compile.h"
@@ -654,6 +654,9 @@
        char first = *needle;
 
        /* let end point to the last character where needle may start */
+       if (needle_len > end - haystack) {
+               return NULL;
+       }
        end -= needle_len;
        
        while (p <= end) {
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/php_string.h?r1=1.65.2.5.2.3&r2=1.65.2.5.2.4&diff_format=u
Index: php-src/ext/standard/php_string.h
diff -u php-src/ext/standard/php_string.h:1.65.2.5.2.3 
php-src/ext/standard/php_string.h:1.65.2.5.2.4
--- php-src/ext/standard/php_string.h:1.65.2.5.2.3      Mon Dec 31 07:22:52 2007
+++ php-src/ext/standard/php_string.h   Wed Aug  6 08:09:07 2008
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: php_string.h,v 1.65.2.5.2.3 2007/12/31 07:22:52 sebastian Exp $ */
+/* $Id: php_string.h,v 1.65.2.5.2.4 2008/08/06 08:09:07 derick Exp $ */
 
 /* Synced with php 3.0 revision 1.43 1999-06-16 [ssb] */
 
@@ -137,6 +137,10 @@
        char *p = haystack;
        char ne = needle[needle_len-1];
 
+
+       if (needle_len > end - haystack) {
+               return NULL;
+       }
        end -= needle_len;
 
        while (p <= end) {

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/explode_bug.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/strings/explode_bug.phpt
+++ php-src/ext/standard/tests/strings/explode_bug.phpt



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/standard php_string.h /ext/standard/tests/strings explode_bug.phpt Zend zend_multibyte.c

Reply via email to