]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2625be4)
Improved offset validation
authorIlia Alshanetsky <iliaa@php.net>
Thu, 8 Mar 2007 00:06:41 +0000 (00:06 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Thu, 8 Mar 2007 00:06:41 +0000 (00:06 +0000)
ext/standard/string.c patch | blob | history

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 97fe4612c384eb20bb63052c2d1fb89632361696..9c55575bb0a56edd7fef4525e1c0370ad1c9f482 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4642,11 +4642,13 @@ PHP_FUNCTION(substr_count)
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset should be greater than or equal to 0.");
                        RETURN_FALSE;           
                }
-               p += Z_LVAL_PP(offset);
-               if (p > endp) {
+
+               if (Z_LVAL_PP(offset) > Z_STRLEN_PP(haystack)) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset value %ld exceeds string length.", Z_LVAL_PP(offset));
                        RETURN_FALSE;           
                }
+               p += Z_LVAL_PP(offset);
+
                if (ac == 4) {
                        convert_to_long_ex(length);
                        if (Z_LVAL_PP(length) <= 0) {
Unnamed repository; edit this file 'description' to name the repository.