- Fix bug #55622, better fix for this issue, old fix can break if sizeof(size_t)...

author Pierre Joye <pajoye@php.net>

Mon, 26 Sep 2011 08:36:33 +0000 (08:36 +0000)

committer Pierre Joye <pajoye@php.net>

Mon, 26 Sep 2011 08:36:33 +0000 (08:36 +0000)
author Pierre Joye <pajoye@php.net>
Mon, 26 Sep 2011 08:36:33 +0000 (08:36 +0000)
committer Pierre Joye <pajoye@php.net>
Mon, 26 Sep 2011 08:36:33 +0000 (08:36 +0000)
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c

index b3e7a10811da73a5ead4b408ff58c64f2de22c45..aecefa3d94746a15551bd5197842898e59ceefa0 100644 (file)
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -6022,7 +6022,7 @@ PHP_FUNCTION(parse_ini_file)
  PHP_FUNCTION(parse_ini_string)
  {
         char *string = NULL, *str = NULL;
-       size_t str_len = 0;
+       int str_len = 0;
         zend_bool process_sections = 0;
         long scanner_mode = ZEND_INI_SCANNER_NORMAL;
         zend_ini_parser_cb_t ini_parser_cb;
@@ -6031,6 +6031,10 @@ PHP_FUNCTION(parse_ini_string)
                 RETURN_FALSE;
         }
  
+       if (INT_MAX - str_len < ZEND_MMAP_AHEAD) {
+               RETVAL_FALSE;
+       }
+
         /* Set callback function */
         if (process_sections) {
                 BG(active_ini_file_section) = NULL;
author	Pierre Joye <pajoye@php.net>
	Mon, 26 Sep 2011 08:36:33 +0000 (08:36 +0000)
committer	Pierre Joye <pajoye@php.net>
	Mon, 26 Sep 2011 08:36:33 +0000 (08:36 +0000)