php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-27 17:52:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a segfault. (It's possible for large offsets to make strrpos()

Browse Source 
read past the end of the haystack string...)
This commit is contained in:
Jay Smith
2004-05-06 16:11:50 +00:00
parent c6bec7db3b
commit 8f306fd749
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ext/standard/string.c
View File

@@ -1614,7 +1614,9 @@ PHP_FUNCTION(strrpos)
e = haystack + haystack_len - needle_len;
} else {
p = haystack;
if (needle_len > -offset) {
if (-offset > haystack_len) {
e = haystack - needle_len;
} else if (needle_len > -offset) {
e = haystack + haystack_len - needle_len;
} else {
e = haystack + haystack_len + offset;
@@ -1681,7 +1683,11 @@ PHP_FUNCTION(strripos)
e = haystack + haystack_len - 1;
} else {
p = haystack;
e = haystack + haystack_len - offset;
if (-offset > haystack_len) {
e = haystack + haystack_len - 1;
} else {
e = haystack + haystack_len + offset;
}
}
/* Borrow that ord_needle buffer to avoid repeatedly tolower()ing needle */
*ord_needle = tolower(*needle);
@@ -1704,7 +1710,9 @@ PHP_FUNCTION(strripos)
e = haystack_dup + haystack_len - needle_len;
} else {
p = haystack_dup;
if (needle_len > -offset) {
if (-offset > haystack_len) {
e = haystack_dup - needle_len;
} else if (needle_len > -offset) {
e = haystack_dup + haystack_len - needle_len;
} else {
e = haystack_dup + haystack_len + offset;