php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-25 08:58:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.0'

Browse Source 
* PHP-8.0:
  Avoid signed integer overflow in substr()
This commit is contained in:
Nikita Popov
2021-02-18 10:35:17 +01:00
parent b87080f3c2 85ffe8dcdc
commit 4fdaf84cc3
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ext/standard/string.c
+2 -2
View File
@@ -2177,7 +2177,7 @@ PHP_FUNCTION(substr)
/* if "from" position is negative, count start position from the end
* of the string
*/
if ((size_t)-f > ZSTR_LEN(str)) {
if (-(size_t)f > ZSTR_LEN(str)) {
f = 0;
} else {
f = (zend_long)ZSTR_LEN(str) + f;
@@ -2191,7 +2191,7 @@ PHP_FUNCTION(substr)
/* if "length" position is negative, set it to the length
* needed to stop that many chars from the end of the string
*/
if ((size_t)(-l) > ZSTR_LEN(str) - (size_t)f) {
if (-(size_t)l > ZSTR_LEN(str) - (size_t)f) {
l = 0;
} else {
l = (zend_long)ZSTR_LEN(str) - f + l;
ext/standard/tests/strings/substr_int_min.phpt
+10
View File
@@ -0,0 +1,10 @@
--TEST--
substr() with PHP_INT_MIN offset or length
--FILE--
<?php
var_dump(substr('x', PHP_INT_MIN));
var_dump(substr('x', 0, PHP_INT_MIN));
?>
--EXPECT--
string(1) "x"
string(0) ""