fix datatype and add range check

author Anatol Belski <ab@php.net>

Tue, 5 Jul 2016 08:03:40 +0000 (10:03 +0200)

committer Anatol Belski <ab@php.net>

Tue, 5 Jul 2016 08:04:23 +0000 (10:04 +0200)
author Anatol Belski <ab@php.net>
Tue, 5 Jul 2016 08:03:40 +0000 (10:03 +0200)
committer Anatol Belski <ab@php.net>
Tue, 5 Jul 2016 08:04:23 +0000 (10:04 +0200)
diff --git a/ext/intl/uchar/uchar.c b/ext/intl/uchar/uchar.c

index abb3e59671ff8b702717f7684080bd27fd982caa..272cb22157aff24f75f23e8998c88e51df1260cc 100644 (file)
--- a/ext/intl/uchar/uchar.c
+++ b/ext/intl/uchar/uchar.c
@@ -8,10 +8,17 @@
  
  static inline int convert_cp(UChar32* pcp, zval *zcp) {
         zend_long cp = -1;
+
+       if (ZEND_SIZE_T_INT_OVFL(Z_STRLEN_P(zcp))) {
+               intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR);
+               intl_error_set_custom_msg(NULL, "Input string is too long.", 0);
+               return FAILURE;
+       }
+
         if (Z_TYPE_P(zcp) == IS_LONG) {
                 cp = Z_LVAL_P(zcp);
         } else if (Z_TYPE_P(zcp) == IS_STRING) {
-               size_t i = 0;
+               int32_t i = 0;
                 U8_NEXT(Z_STRVAL_P(zcp), i, Z_STRLEN_P(zcp), cp);
                 if (i != Z_STRLEN_P(zcp)) {
                         intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR);
author	Anatol Belski <ab@php.net>
	Tue, 5 Jul 2016 08:03:40 +0000 (10:03 +0200)
committer	Anatol Belski <ab@php.net>
	Tue, 5 Jul 2016 08:04:23 +0000 (10:04 +0200)