Fix # 79171: heap-buffer-overflow in phar_extract_file

author Christoph M. Becker <cmbecker69@gmx.de>

Sun, 26 Jan 2020 15:03:35 +0000 (16:03 +0100)

committer Stanislav Malyshev <stas@php.net>

Mon, 17 Feb 2020 08:20:04 +0000 (00:20 -0800)
author Christoph M. Becker <cmbecker69@gmx.de>
Sun, 26 Jan 2020 15:03:35 +0000 (16:03 +0100)
committer Stanislav Malyshev <stas@php.net>
Mon, 17 Feb 2020 08:20:04 +0000 (00:20 -0800)
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c

index 14b4a795d01edb8581d80c537c4fbee05debd1b3..82c7c376edd7246f2701470f5d1b63018cd33d0c 100644 (file)
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -4153,7 +4153,7 @@ static int phar_extract_file(zend_bool overwrite, phar_entry_info *entry, char *
                         if ('\\' == filename[cnt]) {
                                 filename[cnt] = '/';
                         }
-               } while (cnt++ <= filename_len);
+               } while (cnt++ < filename_len);
         }
  #endif
author	Christoph M. Becker <cmbecker69@gmx.de>
	Sun, 26 Jan 2020 15:03:35 +0000 (16:03 +0100)
committer	Stanislav Malyshev <stas@php.net>
	Mon, 17 Feb 2020 08:20:04 +0000 (00:20 -0800)