mirror of
https://github.com/php/php-src.git
synced 2025-08-15 21:48:51 +02:00
Merge branch 'PHP-7.4'
* PHP-7.4: Fix #78833: Integer overflow in pack causes out-of-bound access
This commit is contained in:
Christoph M. Becker
commit
0dba3a8e43
2 changed files with 13 additions and 1 deletions
|
|
@ -345,10 +345,13 @@ PHP_FUNCTION(pack)
|
|||
if (arg < 0) {
|
||||
arg = num_args - currentarg;
|
||||
}
|
||||
|
||||
if (currentarg > INT_MAX - arg) {
|
||||
goto too_few_args;
|
||||
}
|
||||
currentarg += arg;
|
||||
|
||||
if (currentarg > num_args) {
|
||||
too_few_args:
|
||||
efree(formatcodes);
|
||||
efree(formatargs);
|
||||
php_error_docref(NULL, E_WARNING, "Type %c: too few arguments", code);
|
||||
|
|
|
|||
9
ext/standard/tests/strings/bug78833.phpt
Normal file
9
ext/standard/tests/strings/bug78833.phpt
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
--TEST--
|
||||
Bug #78833 (Integer overflow in pack causes out-of-bound access)
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump(pack("E2E2147483647H*", 0x0, 0x0, 0x0));
|
||||
?>
|
||||
--EXPECTF--
|
||||
Warning: pack(): Type E: too few arguments in %s on line %d
|
||||
bool(false)
|
||||
Loading…
Add table
Add a link
Reference in a new issue