]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f825832) | patch
Fixed bug #74670
authorNikita Popov <nikita.ppv@gmail.com>
Mon, 2 Jul 2018 15:24:35 +0000 (17:24 +0200)
committerNikita Popov <nikita.ppv@gmail.com>
Mon, 2 Jul 2018 15:27:43 +0000 (17:27 +0200)
commitc793885b7624be4e2a95c69a2b8b3fee969b312f
treec12cab49984c6e610e31bcb5a9efc54c6ac8b70ctree | snapshot
parentf8258325b4a6a45d111e429fea64591a5c8273d8commit | diff
Fixed bug #74670

Validate that "C" serialization payload is followed by "}" prior to
calling the unserialize() handler. This mitigates issues caused by
unserialize() not correctly handling strings that are not NUL
terminated. Making sure that there is a "}" at the end avoids the
problem.
NEWS diff | blob | history
ext/gmp/bug74670.phpt [new file with mode: 0644] blob
ext/gmp/tests/serialize.phpt diff | blob | history
ext/standard/tests/serialize/bug71311.phpt diff | blob | history
ext/standard/tests/serialize/bug73341.phpt diff | blob | history
ext/standard/var_unserializer.c diff | blob | history
ext/standard/var_unserializer.re diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.