Beware of negative indices

author Stefan Esser <sesser@php.net>

Wed, 1 Dec 2004 22:42:00 +0000 (22:42 +0000)

committer Stefan Esser <sesser@php.net>

Wed, 1 Dec 2004 22:42:00 +0000 (22:42 +0000)
author Stefan Esser <sesser@php.net>
Wed, 1 Dec 2004 22:42:00 +0000 (22:42 +0000)
committer Stefan Esser <sesser@php.net>
Wed, 1 Dec 2004 22:42:00 +0000 (22:42 +0000)
diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c

index de544cbe90bb97e13a61a07fe736902b14e2e0c5..ad65fafe7ddd201602372079072040eb50a86795 100644 (file)
--- a/ext/standard/var_unserializer.c
+++ b/ext/standard/var_unserializer.c
@@ -83,7 +83,7 @@ static int var_access(php_unserialize_data_t *var_hashx, int id, zval ***store)
  
         if (!var_hash) return !SUCCESS;
  
-       if (id >= var_hash->used_slots) return !SUCCESS;
+       if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
  
         *store = &var_hash->data[id];
  
diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re

index c57de7ae03f4e8f51aaec905c0b7ecc9af955d2a..5da3eb3e1bf3b62e11d562f91ec0864998e8942a 100644 (file)
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -81,7 +81,7 @@ static int var_access(php_unserialize_data_t *var_hashx, int id, zval ***store)
  
         if (!var_hash) return !SUCCESS;
  
-       if (id >= var_hash->used_slots) return !SUCCESS;
+       if (id < 0 || id >= var_hash->used_slots) return !SUCCESS;
  
         *store = &var_hash->data[id];
author	Stefan Esser <sesser@php.net>
	Wed, 1 Dec 2004 22:42:00 +0000 (22:42 +0000)
committer	Stefan Esser <sesser@php.net>
	Wed, 1 Dec 2004 22:42:00 +0000 (22:42 +0000)
ext/standard/var_unserializer.c		patch \| blob \| history
ext/standard/var_unserializer.re		patch \| blob \| history