]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42ff70e)
Improved length parameter validation
authorIlia Alshanetsky <iliaa@php.net>
Thu, 8 Mar 2007 00:18:10 +0000 (00:18 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Thu, 8 Mar 2007 00:18:10 +0000 (00:18 +0000)
ext/standard/string.c patch | blob | history

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 9c55575bb0a56edd7fef4525e1c0370ad1c9f482..4b39d4904b737c6c610ea2bf64718c12d9a4c3a2 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4655,7 +4655,7 @@ PHP_FUNCTION(substr_count)
                                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length should be greater than 0.");
                                RETURN_FALSE;           
                        }
-                       if ((p + Z_LVAL_PP(length)) > endp) {
+                       if ((p + Z_LVAL_PP(length)) <= p || (p + Z_LVAL_PP(length)) > endp) {
                                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Length value %ld exceeds string length.", Z_LVAL_PP(length));
                                RETURN_FALSE;
                        }
Unnamed repository; edit this file 'description' to name the repository.