]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dbe6a23)
fix datatypes and add range checks
authorAnatol Belski <ab@php.net>
Tue, 5 Jul 2016 13:43:01 +0000 (15:43 +0200)
committerAnatol Belski <ab@php.net>
Tue, 5 Jul 2016 13:54:57 +0000 (15:54 +0200)
ext/intl/dateformat/dateformat_parse.c patch | blob | history

diff --git a/ext/intl/dateformat/dateformat_parse.c b/ext/intl/dateformat/dateformat_parse.c
index 2ba5e3089d5c09a0563c377efec4502a199866ea..81a432e1afdb7f1be562c7c24cca882dc13006b0 100644 (file)
--- a/ext/intl/dateformat/dateformat_parse.c
+++ b/ext/intl/dateformat/dateformat_parse.c
@@ -130,7 +130,7 @@ PHP_FUNCTION(datefmt_parse)
        char*           text_to_parse = NULL;
        size_t          text_len =0;
        zval*           z_parse_pos = NULL;
-       zend_long               parse_pos = -1;
+       int32_t         parse_pos = -1;
 
        DATE_FORMAT_METHOD_INIT_VARS;
 
@@ -147,7 +147,12 @@ PHP_FUNCTION(datefmt_parse)
        if (z_parse_pos) {
                ZVAL_DEREF(z_parse_pos);
                convert_to_long(z_parse_pos);
-               parse_pos = Z_LVAL_P(z_parse_pos);
+               if (ZEND_LONG_INT_OVFL(Z_LVAL_P(z_parse_pos))) {
+                       intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR);
+                       intl_error_set_custom_msg(NULL, "Input string is too long.", 0);
+                       RETURN_FALSE;
+               }
+               parse_pos = (int32_t)Z_LVAL_P(z_parse_pos);
                if((size_t)parse_pos > text_len) {
                        RETURN_FALSE;
                }
@@ -169,7 +174,7 @@ PHP_FUNCTION(datefmt_localtime)
        char*           text_to_parse = NULL;
        size_t          text_len =0;
        zval*           z_parse_pos = NULL;
-       zend_long               parse_pos = -1;
+       int32_t         parse_pos = -1;
 
        DATE_FORMAT_METHOD_INIT_VARS;
 
@@ -186,7 +191,12 @@ PHP_FUNCTION(datefmt_localtime)
        if (z_parse_pos) {
                ZVAL_DEREF(z_parse_pos);
                convert_to_long(z_parse_pos);
-               parse_pos = Z_LVAL_P(z_parse_pos);
+               if (ZEND_LONG_INT_OVFL(Z_LVAL_P(z_parse_pos))) {
+                       intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR);
+                       intl_error_set_custom_msg(NULL, "Input string is too long.", 0);
+                       RETURN_FALSE;
+               }
+               parse_pos = (int32_t)Z_LVAL_P(z_parse_pos);
                if((size_t)parse_pos > text_len) {
                        RETURN_FALSE;
                }
Unnamed repository; edit this file 'description' to name the repository.