]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c631e8)
Fixed search on uninitialized data
authorDmitry Stogov <dmitry@php.net>
Thu, 17 Jul 2008 14:05:07 +0000 (14:05 +0000)
committerDmitry Stogov <dmitry@php.net>
Thu, 17 Jul 2008 14:05:07 +0000 (14:05 +0000)
ext/phar/phar.c patch | blob | history

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index db5b80f1e13403740f68f42c5768b5f224ded551..ac370af532674b30649269bb61d4f1f94d7a682e 100644 (file)
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1427,7 +1427,9 @@ static inline char *phar_strnstr(const char *buf, int buf_len, const char *searc
        const char *c;
        int so_far = 0;
 
-       /* this assumes buf_len > search_len */
+       if (buf_len < search_len) {
+               return NULL;
+       }
        c = buf - 1;
        do {
                if (!(c = memchr(c + 1, search[0], buf_len - search_len - so_far))) {
@@ -1579,7 +1581,7 @@ static int phar_open_from_fp(php_stream* fp, char *fname, int fname_len, char *a
                                }
                        }
                }
-               if ((pos = phar_strnstr(buffer, 1024 + sizeof(token), token, sizeof(token)-1)) != NULL) {
+               if (got > 0 && (pos = phar_strnstr(buffer, got + sizeof(token), token, sizeof(token)-1)) != NULL) {
                        halt_offset += (pos - buffer); /* no -tokenlen+tokenlen here */
                        return phar_parse_pharfile(fp, fname, fname_len, alias, alias_len, halt_offset, pphar, compression, error TSRMLS_CC);
                }
Unnamed repository; edit this file 'description' to name the repository.