php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.4'

Browse Source 
* PHP-7.4:
  Fix #78833: Integer overflow in pack causes out-of-bound access
This commit is contained in:
Christoph M. Becker
2019-12-02 11:21:37 +01:00
parent b35acd30f2 4ff242a9a7
commit 0dba3a8e43
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ext/standard/pack.c
View File

@@ -345,10 +345,13 @@ PHP_FUNCTION(pack)
if (arg < 0) {
arg = num_args - currentarg;
}
if (currentarg > INT_MAX - arg) {
goto too_few_args;
}
currentarg += arg;
if (currentarg > num_args) {
too_few_args:
efree(formatcodes);
efree(formatargs);
php_error_docref(NULL, E_WARNING, "Type %c: too few arguments", code);

9
ext/standard/tests/strings/bug78833.phpt Normal file
View File

@@ -0,0 +1,9 @@
--TEST--
Bug #78833 (Integer overflow in pack causes out-of-bound access)
--FILE--
<?php
var_dump(pack("E2E2147483647H*", 0x0, 0x0, 0x0));
?>
--EXPECTF--
Warning: pack(): Type E: too few arguments in %s on line %d
bool(false)