]> granicus.if.org Git - php/commit
projects / php / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3a35d43) | patch
Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c
authorChristoph M. Becker <cmbecker69@gmx.de>
Tue, 6 Sep 2016 10:05:22 +0000 (12:05 +0200)
committerChristoph M. Becker <cmbecker69@gmx.de>
Tue, 6 Sep 2016 10:05:58 +0000 (12:05 +0200)
commitdad793630d5966a9c22f3fcd7f24b7937bd1a36f
tree23f86bbecf4a3ee50d9e946165750376990e8824tree | snapshot
parent3a35d43ad9000d1a573d08784aead356e2ae3535commit | diff
Fix #73025: Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c

`command_length` is retrieved via strlen() and later passed to emalloc()
and memcpy(), so the appropriate type is `size_t`.

We don't add a regression test, because that would need to allocate a string
of at least 2 GiB.
NEWS diff | blob | history
Zend/zend_virtual_cwd.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.