- fix possible Dechunking Filter Buffer Overflow

author Pierre Joye <pajoye@php.net>

Wed, 28 Apr 2010 14:10:01 +0000 (14:10 +0000)

committer Pierre Joye <pajoye@php.net>

Wed, 28 Apr 2010 14:10:01 +0000 (14:10 +0000)
author Pierre Joye <pajoye@php.net>
Wed, 28 Apr 2010 14:10:01 +0000 (14:10 +0000)
committer Pierre Joye <pajoye@php.net>
Wed, 28 Apr 2010 14:10:01 +0000 (14:10 +0000)
diff --git a/ext/standard/filters.c b/ext/standard/filters.c

index 9fa3a1719903ae39fc64b0e35fb1e9e85cd0aa67..ae7e03022f80963a23d5f9c89bac97ee4a5d9937 100644 (file)
--- a/ext/standard/filters.c
+++ b/ext/standard/filters.c
@@ -1914,7 +1914,7 @@ typedef enum _php_chunked_filter_state {
  
  typedef struct _php_chunked_filter_data {
         php_chunked_filter_state state;
-       int chunk_size;
+       size_t chunk_size;
         int persistent;
  } php_chunked_filter_data;
  
@@ -1991,7 +1991,7 @@ static int php_dechunk(char *buf, int len, php_chunked_filter_data *data)
                                         continue;
                                 }
                         case CHUNK_BODY:
-                               if (end - p >= data->chunk_size) {
+                               if ((size_t) (end - p) >= data->chunk_size) {
                                         if (p != out) {
                                                 memmove(out, p, data->chunk_size);
                                         }
author	Pierre Joye <pajoye@php.net>
	Wed, 28 Apr 2010 14:10:01 +0000 (14:10 +0000)
committer	Pierre Joye <pajoye@php.net>
	Wed, 28 Apr 2010 14:10:01 +0000 (14:10 +0000)