]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ad27ade)
Fixed bug #70239 Creating a huge array doesn't result in exhausted, but segfault
authorAnatol Belski <ab@php.net>
Thu, 13 Aug 2015 16:16:26 +0000 (18:16 +0200)
committerAnatol Belski <ab@php.net>
Fri, 14 Aug 2015 12:34:47 +0000 (14:34 +0200)
ext/standard/array.c patch | blob | history

diff --git a/ext/standard/array.c b/ext/standard/array.c
index 14c4ef531125e53c5ab57aa5a1a308e7d7016e4e..ddbbe4cafefd1992915556f3d3e6935b90a1a4bb 100644 (file)
--- a/ext/standard/array.c
+++ b/ext/standard/array.c
@@ -1740,6 +1740,11 @@ double_str:
                high = zval_get_double(zhigh);
                i = 0;
 
+               if (zend_isinf(high) || zend_isinf(low)) {
+                       php_error_docref(NULL, E_WARNING, "Invalid range supplied: start=%0.0f end=%0.0f", low, high);
+                       RETURN_FALSE;
+               }
+
                Z_TYPE_INFO(tmp) = IS_DOUBLE;
                if (low > high) {               /* Negative steps */
                        if (low - high < step || step <= 0) {
Unnamed repository; edit this file 'description' to name the repository.