]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b37dafc)
Fix out-of bounds access
authorZenju <zenju@gmx.de>
Sun, 12 Feb 2017 15:47:34 +0000 (16:47 +0100)
committerAnatol Belski <ab@php.net>
Fri, 6 Jul 2018 17:02:19 +0000 (19:02 +0200)
Test case: strnatcmp_ex(L"333", 3, L"333 ", 4, true)
The reason this bug didn't come up earlier is probably because most input strings are null-terminated.

ext/standard/strnatcmp.c patch | blob | history

diff --git a/ext/standard/strnatcmp.c b/ext/standard/strnatcmp.c
index ac8d2a2e917f41f6f7d4fe8949840b5c5fbc2106..64ff8fc37d329761205ed0bf9a4249aaada98baa 100644 (file)
--- a/ext/standard/strnatcmp.c
+++ b/ext/standard/strnatcmp.c
@@ -141,6 +141,10 @@ PHPAPI int strnatcmp_ex(char const *a, size_t a_len, char const *b, size_t b_len
                        else if (ap == aend && bp == bend)
                                /* End of the strings. Let caller sort them out. */
                                return 0;
+                       else if (ap == aend)
+                               return -1;
+                       else if (bp == bend)
+                               return 1;                       
                        else {
                                /* Keep on comparing from the current point. */
                                ca = *ap; cb = *bp;
Unnamed repository; edit this file 'description' to name the repository.