Correcting bounds check before someone uses this code

author Stefan Esser <sesser@php.net>

Wed, 23 Feb 2005 18:26:39 +0000 (18:26 +0000)

committer Stefan Esser <sesser@php.net>

Wed, 23 Feb 2005 18:26:39 +0000 (18:26 +0000)
author Stefan Esser <sesser@php.net>
Wed, 23 Feb 2005 18:26:39 +0000 (18:26 +0000)
committer Stefan Esser <sesser@php.net>
Wed, 23 Feb 2005 18:26:39 +0000 (18:26 +0000)
diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c

index 0c07a60700d03d31e5df37b23085ce072c1498fb..376536e538b898faea447de9988baaff8598b62c 100644 (file)
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -290,7 +290,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
  
         (*p) += 2;
  
-       if((*p) + datalen >= max) {
+       if(datalen < 0 || (*p) + datalen >= max) {
                 zend_error(E_WARNING, "Unsifficient data for unserializing - %d required, %d present", datalen, max - (*p));
                 return 0;
         }
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re

index d1757317861933e6a7a96c4efadb268ad12cb308..cd04a3b111f2c326a0837a4971bd2f661d4a5943 100644 (file)
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -294,7 +294,7 @@ static inline int object_custom(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
  
         (*p) += 2;
  
-       if((*p) + datalen >= max) {
+       if(datalen < 0 || (*p) + datalen >= max) {
                 zend_error(E_WARNING, "Unsifficient data for unserializing - %d required, %d present", datalen, max - (*p));
                 return 0;
         }
author	Stefan Esser <sesser@php.net>
	Wed, 23 Feb 2005 18:26:39 +0000 (18:26 +0000)
committer	Stefan Esser <sesser@php.net>
	Wed, 23 Feb 2005 18:26:39 +0000 (18:26 +0000)
ext/standard/var_unserializer.c		patch \| blob \| history
ext/standard/var_unserializer.re		patch \| blob \| history