php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

uri: Fix RFC3986 to_string implementation with ExcludeFragment returning non-terminated strings (#20811)

Browse Source 
zend_string_truncate() doesn't put a NUL byte.
Right now this doesn't matter as this code path is only hittable via the
equals() method, but if other extension (or future other code) starts
using this code path, then it can be problematic as all user-exposed
zend_strings need to end with a NUL byte.
This commit is contained in:
Niels Dossche
2026-01-02 06:00:47 -08:00
committed by GitHub
parent d9b02e43c3
commit 3f7bfaf3ae
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ext/uri/uri_parser_rfc3986.c
View File

@@ -595,6 +595,7 @@ ZEND_ATTRIBUTE_NONNULL static zend_string *php_uri_parser_rfc3986_to_string(void
const char *pos = zend_memrchr(ZSTR_VAL(uri_string), '#', ZSTR_LEN(uri_string)); const char *pos = zend_memrchr(ZSTR_VAL(uri_string), '#', ZSTR_LEN(uri_string));
if (pos != NULL) { if (pos != NULL) {
uri_string = zend_string_truncate(uri_string, (pos - ZSTR_VAL(uri_string)), false); uri_string = zend_string_truncate(uri_string, (pos - ZSTR_VAL(uri_string)), false);
ZSTR_VAL(uri_string)[ZSTR_LEN(uri_string)] = '\0';
} }
} }