Fixed offset/length parameter validation in substr_compare() function.

author Ilia Alshanetsky <iliaa@php.net>

Tue, 14 Mar 2006 14:55:13 +0000 (14:55 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Tue, 14 Mar 2006 14:55:13 +0000 (14:55 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Tue, 14 Mar 2006 14:55:13 +0000 (14:55 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Tue, 14 Mar 2006 14:55:13 +0000 (14:55 +0000)
diff --git a/NEWS b/NEWS

index ac8aa97208303efa10f49337f013208f57234d20..d869deecfba017eb1d86bad5a8b4fa241053aec0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
  PHP                                                                        NEWS
  |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
  ?? Mar 2006, PHP 5.1.3RC2
+- Fixed offset/length parameter validation in substr_compare() function. (Ilia)
  - Added overflow checks to wordwrap() function. (Ilia)
  - Removed the E_STRICT deprecation notice from "var". (Ilia)
  - Fixed debug_zval_dump() to support private and protected members. (Dmitry)
diff --git a/ext/standard/string.c b/ext/standard/string.c

index 4f2897ce53d85f379ba47e26734ec09eb0a63865..e12d5d6a0fcbddb9aa1aee0b95740d04d7c112c7 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4884,7 +4884,7 @@ PHP_FUNCTION(substr_compare)
                 RETURN_FALSE;
         }
  
-       if (len && offset >= s1_len) {
+       if (offset + len >= s1_len) {
                 php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length.");
                 RETURN_FALSE;
         }
author	Ilia Alshanetsky <iliaa@php.net>
	Tue, 14 Mar 2006 14:55:13 +0000 (14:55 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Tue, 14 Mar 2006 14:55:13 +0000 (14:55 +0000)
NEWS		patch \| blob \| history
ext/standard/string.c		patch \| blob \| history