avoid possible buffer overruns when write returns a value larger than the buffer

diff --git a/main/user_streams.c b/main/user_streams.c
index b5d3701e20f60ab43c6570b9fe1dbb77ac99aee2..f6195b2ab603ad3accac284c464572860f4275ca 100644 (file)
--- a/main/user_streams.c
+++ b/main/user_streams.c
@@ -249,6 +249,13 @@ static size_t php_userstreamop_write(php_stream *stream, const char *buf, size_t
                didwrite = Z_LVAL_P(retval);
        else
                didwrite = 0;
+
+       /* don't allow strange buffer overruns due to bogus return */
+       if (didwrite > count) {
+               zend_error(E_WARNING, "%s::" USERSTREAM_READ " - wrote more data than requested",
+                               us->wrapper->classname);
+               didwrite = count;
+       }
        
        if (retval)
                zval_ptr_dtor(&retval);