]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 697945a) | patch
Fix signed integer overflow in SplObjectStorage unserialization
authorNikita Popov <nikita.ppv@gmail.com>
Mon, 23 Sep 2019 11:16:58 +0000 (13:16 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Mon, 23 Sep 2019 11:18:27 +0000 (13:18 +0200)
commit8509970e6a392de42b81882d7c81fa96a3c972e1
treea48516787f3915b934cf47384872dbeecaffb97etree | snapshot
parent697945aa89c060548e003d8ca6785faf5a35e898commit | diff
Fix signed integer overflow in SplObjectStorage unserialization

If count is ZEND_LONG_MIN the count-- loop underflows. This is
ultimately harmless, but results in a ubsan warning.

Fix this by adding a sanity check that the count isn't negative,
because that doesn't make sense...
ext/spl/spl_observer.c diff | blob | history
ext/standard/tests/serialize/splobjectstorage_negative_count.phpt [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.